This didn't seem appropriate to FAQ or the Newbie section, and besides this is obviously not just about AW even though it is. You probably know about the Gawker hack, and if you haven't searched it you should. Here's another fun story about what happens to bad little boys and girls who don't update their Twitter / chat passwords (http://tech.slashdot.org/story/10/09/27/166238/Twitter-Hit-With-Second-Worm-In-a-Week) :ROFL:
So that's turned into my project this afternoon. Over an hour! But until the thumbprint login thing becomes available at Best Buy / Apple store for less than $70, well...

But until the thumbprint login thing becomes available at Best Buy / Apple store for less than $70, well...

As far as I know, that only works for the OS, not Twitter.

Actually you can use a thumbprint scanner for any web site. However all it does is insert the password for you because you have to have a password as a backup. That all it does for logging into your computer as well.

This drove me nuts a few days ago but I don't know if was gawker or what..couldn't find my details on the list and the accounts that were hacked all had different passwords nondic, numbers and special characters so who knows what they all got into. Annoying.

This is actually next on my things to do. Any recommendations?

There are people who use the same "my password" for their ISP account login, their Yahoo mail, their Gmail, their Forum A password, their Forum B password, their Forum W password, twitter, their Forum AW password (ahem), Gawker, Facebook, NaNoWriMo, PayPal, ...

Crackers and cybercriminals know this, and the first thing they do when they get any such username/password combination is try it at every online site they have a list of, starting with banks and brokerage sites.

One rule of passwords: Use a different password for each site. As much as possible, anyway. There are sites that pretty much require the same password, such as blogspot seeing the gmail cookie and prompting for your gmail password.

Don't Use The Same Password For Any Thing.

Ever

If you MUST have a base password, at least have several with small differences added to each base.

Better -- keep a list in hard copy off line in a safe place.

Not taped to your desk, keyboard or the side of your monitor.

Change all your passwords at least once a year.

Don't use any password that is less than 8 characters.

Use letters, numbers, and punctuation.

Did I mention use punctuation?

Using a random punctuation mark in the middle of your password is diabolically clever.

Not the first character, or the last, but somewhere(s) else.

Don't use any name, phrase, or word that is sensible in any language.

Ever.

If you use a name from Star Wars, Star Trek, LOTR, or the word password or the digits 1234 in sequence or the letters fdsajkl; you go straight to password Hell and deservedly so.

or the digits 1234 in sequence

But 12345 is okay, right?

But 12345 is okay, right?

Kuwi

Don't you think your avatar needs a little decoration?

Maybe some sparkles?

Yeah. Having 12345 as part of your password IS okay, if your email is kuwi12345@aol.com.

Everyone knows everyone's password is <pet'sname>1 - mine is Schwarzenegger1

Hee. I have to change passwords for the illiterates who use the dayjob company's websites to a really stupid temp password and then beg, plead, cajole and harass them into changing it into something unique. And of course they all whine that the password changing form won't let them just type 111111 or their bank pin number and be done with it.
Well, we all have our quirks - I have three or four passwords that I rotate around on a regular basis, but how the hell do you keep track over 30 or 40 websites? You can't write them down. I dread having to keep a cheat sheet on my cellphone, with hints on which one has the third number spelled out and which ones end with the period and all that shit, but that is how things gotta be.

Well, we all have our quirks - I have three or four passwords that I rotate around on a regular basis, but how the hell do you keep track over 30 or 40 websites? You can't write them down.Personally, i just use the same simple short extremely unsafe password for stuff that doesn't matter. Like forum logins, or email accounts i use exclusively to sign up for forums. Cuts way down on the number of real passwords i have to remember.
One can also use a password hasher.

A good way to create a password is to select a letter on the keyboard and surround it once holding the shift key down, and once without. Say you select the letter "i". Your password would be U*(OKJu89okj All you need to remember is the letter "i". Your password contains Upper and lower case letters, numbers and symbols. If you surrounded the "r" your password would be E$%TFDe45tfd.

BTW, I learned this from my 7-year-old grandson (who learned it from his father).

Wow, I like that one, RJK.

I use the same password for all the stuff that doesn't matter in a Big Picture way--log-ins at various forums, member sites, and such. It's something my family knows or could guess, but not my closest friends. For sites where money or credit card information changes hands, I have a handful of other passwords I rotate--but I do find it hard sometimes to remember which goes with what site.

Maryn, who hates that this is necessary

I actually used to use a shorthand text for passwords, where everything was in the form of some specific date. For instance, if you got your drivers license in 1998 and your first car was a Mercury Sable, you might use:

dL98.mS

And then your password hint could be 'Independence!' (i.e., when you got your driver's license and car). This makes a meaningful mnemonic for each password, which is thus harder to forget. Unfortunately, after a certain point (say, 20-30 sites), remembering each password becomes horrible; even mnemonics aren't enough at that point.

So nowadays I use 1Password and let it generate secure gibberish passwords for me. Each password is stored in an encrypted keychain, which I can access (with a single 'master password') from Safari. The encrypted keychain is stored on Dropbox, so I can access it from any of my Macs, my PC, or the iPhone or iPad. Thus, updating a password on any of my machines updates it on everything, since I allow 1Password to handle all my logins for me.

You can't write them down.
I write them down in a notebook that only my eyes see.

Then when I change, I rip out the paper and burn it.

I write them down in a notebook that only my eyes see.

Then when I change, I rip out the paper and burn it.

There is a way to do this and make it completely safe, even if you lose the notebook. Let me know if you'd like me to explain.

There is a way to do this and make it completely safe, even if you lose the notebook. Let me know if you'd like me to explain.
If you like, you can. I just write it down because no matter what, a computer isn't always safe. :D You can protect it, but it doesn't guarantee that nothing will get through.

If I lose it, I change all my passwords again.

Sounds like you're happy with your system as is.

Well I'm always looking for new ways to have passwords stored because it is a hassle to change passwords, and if I don't have paper, then I'm pretty much SOL. I have it written in the middle of my notebook that has my writings in it, so it's pretty much "*Story story story RANDOM PAGE OF PASSWORDS story story story*" so anything different would be great.

I just know not to always trust and rely on a computer because something can happen. I don't want my passwords all on a computer that could be taken advantage of by careless me and have it all out in the open, you know?

I yearn for the day when everything is done by retina or fingerprint scans. LOL. Sure, they can still cut off your fingers or eyes, but what are the chances of that? * looks sheepishly around him * But the inherent problems with passwords (hard to remember, easy to guess, easy to capture, etc.) make it an antiquated technology.

Here's a fairly simple way to keep a list of your passwords and still keep them safe.

First, think of some simple things that you would always remember, some of them words, some numbers. DON'T use obvious things like your own phone number, birthday, SSN, address, or things like that.

A simple example:
Your first dog was named Rover
Your best friend's birthday is 4-7-82
Your first little boyfriend was named Jimmy
Your favorite writer is Rawlings
Your number was 13 when you played volleyball in HS
You scored 2146 on the SAT (hey, you're a bright girl! ;-)
Your grandfather's name was Pete

You can make little mnemonics or memory joggers out of them: Dog1, BFF BD, BF1, Author, Jersey No., SAT, Grandpa.

Now you can put these together in all sorts of ways, and then write them down:
Absolute Write, Password: Grandpa+SAT
Absolute Wrong, Password: Dog1+Jersey No.
Bank, Password: BF1+Jersey No.+SAT
Amazon, Password: Dog1+BFF BD+Grandpa
You can make dozens of combinations.

You will know what these mnemonics mean, but no one else will. For the most secure passwords, you can think of things ONLY YOU would know. You want to make so that even if you lost your list, and your best friend found it and even knew the system, they still wouldn't be able to break the code very easily. This way you can even make multiple lists of your passwords; maybe keep one with you, hide the other in your desk.

I yearn for the day when everything is done by retina or fingerprint scans. LOL. Sure, they can still cut off your fingers or eyes, but what are the chances of that? * looks sheepishly around him * But the inherent problems with passwords (hard to remember, easy to guess, easy to capture, etc.) make it an antiquated technology.
Or maybe lift your finger prints off of something you touched, maybe.

And the finger thing: they only need to cut off the top part of your finger. :D You can have the rest of it since it's not important to them.

Sorry about the formatting of the post above. I'm running major backups at the moment (they didn't finish overnight). I need to log off of Firefox and AW and log back in, but the computer is running so slow at the moment I didn't want to take the time. I'll clean up the post later.

It's okay, it happens. My posts will have missing words or the words will have missing letters, but that's because I don't catch it since my keyboard keys don't want to work anymore (like the space bar....good thing I'm getting that new laptop soon. Poor Toshiba; I still love the thing).

The formatting options and line spacing is not working for me at the moment. I just need to log out, clean out the temporary files, and log back in.

Here's a fairly simple way to keep a list of your passwords and still keep them safe. First, think of some simple things that you would always remember, some of them words, some numbers. DON'T use obvious things like your own phone number, birthday, SSN, address, or things like that. A simple example: Your first dog was named Rover, Your best friend's birthday is 4-7-82, Your first little boyfriend was named Jimmy, Your favorite writer is Rawlings, Your number was 13 when you played volleyball in HS, You scored 2146 on the SAT (hey, you're a bright girl! ;-), Your grandfather's name was Pete. You can make little mnemonics or memory joggers out of them: Dog1, BFF BD, BF1, Author, Jersey No., SAT, Grandpa. Now you can put these together in all sorts of ways, and then write them down: Absolute Write, Password: Grandpa+SAT,, Absolute Wrong, Password: Dog1+Jersey No. Bank, Password: BF1+Jersey No.+SAT, Amazon, Password: Dog1+BFF BD+Grandpa. You can make dozens of combinations. You will know what these mnemonics mean, but no one else will. For the most secure passwords, you can think of things ONLY YOU would know. You want to make so that even if you lost your list, and your best friend found it and even knew the system, they still wouldn't be able to break the code very easily. This way you can even make multiple lists of your passwords; maybe keep one with you, hide the other in your desk.


Great idea, but the problem is if you change them around, sooner or later you'd forget which is which and for which account. And many sites now lock your account if you have three wrong tries. It's a pain. And some sites even forbid you from using the previous THREE passwords, so you're forced to come up with four or five... it's maddening. I have three passwords I cycle through, and I still don't remember which goes with which account. When I change passwords, I often will have to change ALL the passwords of all my accounts. It's a major PITA.

Sorry about the formatting of the post above. I'm running major backups at the moment (they didn't finish overnight). I need to log off of Firefox and AW and log back in, but the computer is running so slow at the moment I didn't want to take the time. I'll clean up the post later.

Having some technical difficulties, Mr. Tech Mod? :-P

Having some technical difficulties, Mr. Tech Mod? :-P
No, just running full scans and backups on my computer.

Great idea, but the problem is if you change them around, sooner or later you'd forget which is which and for which account. And many sites now lock your account if you have three wrong tries. It's a pain. And some sites even forbid you from using the previous THREE passwords, so you're forced to come up with four or five... it's maddening. I have three passwords I cycle through, and I still don't remember which goes with which account. When I change passwords, I often will have to change ALL the passwords of all my accounts. It's a major PITA.
Maybe I wasn't clear (who can tell from my earlier post what I was trying to say).

I meant you write the mnemonic down for each site. I've used the system for several years since I have 40 or so passwords I need to keep up with.

Even if your list of passwords is lost, no one is likely to "break the code".

OK, I see. So you DO write down the mnemonics, especially when you switch passwords. But only you know what those mnemonics mean. Gotcha. (except if the perp knows all about you, then he'd know your first dog's name is Rover, etc.)

OK, I see. So you DO write down the mnemonics, especially when you switch passwords. But only you know what those mnemonics mean. Gotcha. (except if the perp knows all about you, then he'd know your first dog's name is Rover, etc.)
That's why you pick out some weird ones that only you would know, especially for accounts involving money.

Anyway, it works for me. I keep one list in my Day-Timer and also a saved copy. Even my best friend couldn't figure out some of the passwords, even if I told her what each mnemonic meant.

Just an idea for anyone interested. It's amazing how many online accounts I have these days, many of them needing a unique password.

I'm only worried about the important ones. If someone cracked my "default" password, I wouldn't lose sleep over them impersonating me on AW. My bank, PayPal, etc passwords are all different.

Though, in general, I'm not extraordinarily worried about people getting my passwords.

I wonder how many of you still use the default password on your router. These passwords are available on many websites. Here (http://www.phenoelit-us.org/dpl/dpl.html) is one of them. A while back, someone got into my router and changed the IP address I go to for my ISP provider. every time I went to the web, I was going through their site and they were recording all my keystrokes. I don't know if they got any credit card info. I don't think they did. I've since changed my router's password to a very secure one.

I'd advise each of you to look into this.

And, while you're in there, maybe hide the SSID (the name) or at least change it to something other than the manufacturer's name -- and not anything like "YOUR NAME HERE". :)