My Password System
Three categories of passwords:
1. Low security password: a short memorable password using letters and numbers that can be used on multiple websites. Never use this password for anything to do with private info (e.g. emails), identity (e.g. Twitter, facebook) or money.
2. High-security offline password: a memorable string of at least 12 characters including lowercase, uppercase, numbers and symbols, may be repeated for various applications
3. High-security online password: a unique password for each website (because you can’t trust that they store your password securely) made up of 3 parts:
— beginning – a random 4 symbol string containing at least one number, these written down in file available on the cloud (e.g. email/note website/blog) or on a mobile (e.g. SMS), in a form that is not obvious which string is used on which website, ideally password protected
— middle – a 3/4 letter code for the website, one of which is capitalised e.g. Ggl, Amzn
— ending – a 4/5 letter string that you memorise and which may be repeated
to a total of 12 characters
Use Steve Gibson’s OffTheGrid to help you remember the password
You don’t need a very long password. As long as it is not contained in a library, and uses the four different types of characters (uppercase, lowercase, symbol, number), 12 characters will take long enough to brute force to make it not worthwhile.
Don’t answer security questions truthfully. Use them as secondary passwords.
Send your password reset/backup emails to an account you never use in public.
Reconsider whether or not you really need to sign up for yet another online service.
Use different emails/usernames for each service you sign up to.
Rest and Reflect 