aflanigan wrote: 
Oh ye of little humor...

First off, if they give it away, it's not my problem.  Second, Big Business websites tend to be more for the benefit of the code monkeys who continually talk middle management into buying the latest expensive new "must have" toys.  Customers like me are going back to 800 numbers because they're actually easier, faster, and a better source of details.

 Manbird wrote: 
smile

 justlistening wrote: 
Why do you hate allenfunt so much? I see you didn't use that as your password. 

 Servo wrote: 

And if the people who target the things you want to keep secure figure out that this is your MO, they will sooner or later successfully mount a social engineering attack by tricking tech support into sending them your temp password.

The best passwords are:

1. As long as possible.  The longer it is, the longer it takes to crack by brute force.

2.  As random as possible.  This foils even the most sophisticated dictionary attacks.

3.  Using every legal character possible.  If the attacker's character set doesn't have the symbol that Prince used, they're not getting in.

My passwords are, for all intents and purposes, unbreakable.

Of course I couldn't possibly remember any of them.  So my login procedure is to call and say "I forgot my password"  every time.

my password is

allenludden
 
for everything.  except when i use

bettywhite.
 
 
But seriously.  I only have 4 passwords and mnemonically they all make sense to me so I can remember.  I make subtle variations to them all at the same time so that I can figure out the changes. I do this about every 4 months.
 
If I use credit cards on line I use a card that allows "virutal card numbers" that expire.  This way my real card number is never stored anywhere.
 
But I'm an engineer geek
edit:
I agree with the previous post by kurster and never let the browser remember for me

 kurtster wrote: 
keypass (http://keepass.info/) or some other similar encrypted db for passwords is a far better solution that works in a similar fashion. 

I use this...

function random_password($length=10)

 winter wrote: 

Perzackly.  The more secure you make things (from passwords to cyphers to access to money), the less convenient you make them for users.

 kurtster wrote: 

You're safe as long as noone ever gets into your system/hard drive via a trojan or other attack.  Probably fine if you live by yourself or with a trustworthy spouse/partner.  I would not rely on this if you have kids/teens.  Determined hackers who know what they are doing and gain access will not simply look for docs titled "Passwords, KEEP OUT", they'll copy everything they can find, including hidden files.

Maybe keep these docs on a removable drive.

 aflanigan wrote: 
Sure, except for the part where those are a lot harder to memorize. It's a tradeoff.

Plus you could always use words from another language, made-up words that sound real but aren't, proper names - the dictionary attack is less easy than it seems, I think. 

 ptooey wrote: 
I think the math on the above cartoon is wrong.  The four "random" common words would be painfully easy to crack through brute force attack (computer randomly stringing together combos of words from the dictionary).  A password consisting of four actual random words would look like this:

fhbler  beiewsav  xdmwoq   mkzwgagfd

We have all our user names and passwords on a word document and just copy and paste whenever needed.  Passwords can be as easy or as complicated as needed.  We never let our puters remember for easy logins.  The word document is buried pretty deep and does not have an obvious title like passwords for those that might make it into the network.

No worry about key logger stuff, no looking for sticky notes.  Keep all the security question answers there as well.  Can never remember upper or lower case and all that crap.

Been doing this for at least 8 or 9 years and it has worked very, very well.

Even have a seperate user for surfing unknown or crazy places.  Dump cookies and history before and after religiously.  Have our own users for safe places like here so we don't have to dump stuff all the time.

My passwords are so creative I can't remember them. I figure if I can't get into my account nobody else will.

 cc_rider wrote: 
Don't be insecure about your unsecurity. We're all secure enough here.
 

 winter wrote:  Indeed. In the past I have used the same password for lots of sites, which was easy but dangerously insecure. Unsecure. Whatever.

 cc_rider wrote: 
I thought about that, but so many of them are locked into the whole "one symbol, one number, 8 characters, no consecutive characters or parts of your username" routine.

The main thing I dislike about passwords is the need to come up with new ones at every site. What that leads to is the need to keep a list of passwords - which is kind of risky in itself. I wish there was a better way to do security. 

 winter wrote: 
I changed some of my passwords based on it. One site made me jump through their stupid hoops though. Doh!

 ptooey wrote: 
I saw that one this morning, too. Love it!