I guess I mainly abbreviate my passwords in a way that only I would know what it means. I have a yahoo email address, so if that is the user ID, I just put a "y". Most of my user ids and passwords are relatively similar (I know, probably not good), so abbreviating seems to work for me!

Interested in what other people do...
nay nay

Hi.

You can use aliases if you like to use a single password at low-security sites, for example. If I have four or five standard passwords I use at low-sec sites, I can make an alias for each one, like "nick" for the password that includes my nickname or the color of Nick's hair, or some other reference to what the password contains. Some sites require longer versions of passwords, so you might also see "nick + extra" in those.

For passwords that have to be complex, frequently changed, or are for higher security sites, well, you can still use the alias concept, it's just a little trickier. I've seen some hints about making phrases into passwords by subbing numbers for words, etc. If my password was "Ig0b4U" then my alias might be "me first" or "me1st" if I want to be cagey.

I confess, I give up. Some of the frequently changed passwords in my book ARE the real passwords. Most of them, though, are not.

You can come up with a set of substitution rules for almost anything. You can even write down your subrules elsewhere in your planner, especially if you use things like reference charts, conversion lists, etc. If you know baker's substitutions, like subbing applesauce for oil in certain recipes, you could even use stuff like that.. Or write "tablespoon" instead of Tbsp or just T. ..and on and on. Editorial marks are good for indicating strange capitalization, insertions or deletions of characters, etc.

There's a million ways, you just have to come up with one you can remember.

shris

How do you carry and secure your sensitive data?

I have a convention for writing passwords down. Nothing that would inform even the most determined cracker what these are. Because only what that convention is I can leave the information in plain sight without fear of anyone guessing what's a password and what's a one-word note.

However, more commonly I use pass-phrases for passwords or initial letters of those pass-phrases, which then look to be random strings of letters/numbers. These initialised pass-phrases are known to my finger muscles that I can type them in my sleep; helps that I touch type so the physical keys are hidden by my hands.

Account numbers and associated PINs I memorize; those never get written down. And the original notification from the bank, or credit/debit card company shreded.

I keep passwords in a PocketMod or 3x5 Card Stuffed in My Wallet.

I wouldn't worry about the method, and just do something that at first glance isn't obvious to anybody but you: adding dummy letters/words, reversing passwords etc. You could even just write them down normally. The important thing is to treat that piece of paper like your credit card and keep it in your wallet, or like your passport and keep it in the household safe if you don't need to refer to them on a regular basis.

If someone gets hold of your wallet, you have bigger things to worry about than a few passwords, and you can change the passwords just after you cancel your credit cards. I also wouldn't worry about people looking at your wallet and copying the passwords down, unless you also worry about people looking at your wallet and copying down your credit card number too.

How about using a simple transposition cipher? Keep the key somewhere safe, and completely flummox anyone who snags your hPDA or planner! :-D

Cheers,
rf

Try http://passwordmaker.org/ . It's free. I've used it for some time and been very happy with it. You only have to remember ONE password.

From the website:

"What if you could use passwords that are as unique as fingerprints for each and every one of your accounts, yet not have to remember them? PasswordMaker allows you to do just that. By using complex mathematical formulae, called hashing algorithms, PasswordMaker outputs the same unique passwords for you each and every time, provided you give it the same input. And these passwords are unique across the globe (providing they are of sufficient length).

"Don't write them down on sticky notes for others to find; no, PasswordMaker calculates them for you over and over again -- as needed -- without storing them so they can't be stolen. And if you use more than one computer (for example, one at work and one at home), it's child's play to synchronize them. There's even an on-line version for times when you are at a public computer and can't install any software."

Hey what's with you people? Do you read the literature and missives written by security professionals?! You're only safe if you memorize your passwords - all of them, yeah, from your safe with your mortgage to your DIY Planner blog password. What you have too many? Oh, don't share them - that's not optimally secure. If you put your password in an electronic file, then that's only one password for the evil people to crack to get all your passwords. If you put them in your notebook, then all it takes is a baddie stealing your notebook. Me? My method - I put my passwords on post-it notes on my computer monitor. :-)

I mean, a code may be more complicated than you want to get, but...

I usually disguise 4-digit PINs as phone numbers. You know, like if the PIN is "1234" then I'll write down "205-1234" or something.

I've gone back to paper for all personal organisation, but passwords are the one thing that I've left digital.

I use a password tracker on my Palm called 'splashId', which I also have on my home Mac and work PC... the Palm syncs with both, so they're always up-to-date. The passwords are blowfish encrypted, and require my master password for access, which no one knows but me, and no-one will ever guess (it's a random string used for nothing else but the password master-key).

Passwords should obey a few important qualities. They shouldn't be words or names; these are prone to dictionary attacks. You shouldn't share them (otherwise a nefarious forum owner may begin monitoring your email because the forum and mail share the same password). Ideally, they should be randomly generated strings.

As I have around 80 sets of credentials, I see no effective way of storing this on paper. This is probably the only personal organisational task where computers beat paper hands-down; at least for me.

Plus, the password file (encrypted, of course) gets backed up with my normal computer backups, so it's fairly fail-safe too.

At work I have a couple of login accounts that I have to use for different purposes, and our security standards are very strict. If I have to write them down, then I use the 'hint' method. Mostly though, I can avoid that by basing it on something meaningful to me, in two parts, using my own rules. I also use the same basic password on each, except that I intentionally misspell the one I use the most. For instance, meaningful concepts might be 'rocket' + 'rabbit', from which I can use:

SAtern-fr3d <-- sample hint: moon+quiet man*
SAturn-fr3d
or
H3rk/jAvA
H3rc/jAvA

Eventually I choose a new concept or two, and I pick passwords ahead of time so I'm not trying to come up with something on the fly. I have to change these passwords every 30 days, and there are all kinds of built in constraints as to what's acceptable and what's prohibited (the above are much too short to be actually used).

I mentioned my own 'rules'. The letter "A" is always capitalized. "L" becomes 1, "E" is 3, oh is zero. A special character separates the concepts.

Yes, it's complicated, but since every bit is meaningful to me, it works.

* The Saturn V was the rocket that took men to the moon. Fred and Java are two of our house rabbits. Fred has always been calm and quiet. The hint makes perfect sense to me, but someone else won't be able to make heads or tails of it, and in fact can lead someone trying to guess off on a wild goose chase. "Quiet Man"... John Wayne movie? Marcel Marceau?

"Herk" refers to the Nike-Hercules, which is an old, very cool looking interceptor missile.