Memory Tools for Password Management?

New Media Blogger asks: "A co-worker of mine recently got burned hard because they used the same password for all of their online accounts. This experience led me to compile a list of easy-to-use password management memory tools (all free, of course), which make it infinitely easier for me to keep track of my dozens of passwords. I am sure many of the Slashdot crowd have memory tools of their own — what are you favourite password memorization tools?"

Random

[EvanED]

Random passwords, then just learn them.

[*] Really unimportant sites just an easy password that's the same across all of them
[*] More important, but still not critical sites use variations on a couple randomly generated pronounceable passwords; the fact they are random means that no dictionary attack will find them, while the fact that they are pronounceable makes them easyish to learn
[*] Critical sites (like my bank) I either generate a random password and learn it by rote repetition, or I use PasswordSafe and store the password and then just open that each time I need it.

In general, just repeat the password over and over to yourself a dozen times a few times over the course of a couple days (you can have it written down during that window) and you'll probably get it.

After all, that's how I memorized 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0.

(Let's see the MPAA subpoena my brain.)

Three layer approach

[Actually, I do RTFA]

For accounts I don't care who access (like my free nytimes.com account), and in fact want people to crack to mess up the tracking data, I use the same password across all of them.

For infrequently used sites I choose a strong password, and forget it. Then, whenever I need that password, I get them to e-mail me a new one.

For accounts I use often and care about, I suck it up and memorize it. Pull a word or two, scramble the letters, add some numbers and punctuation randomly. Oftentimes, just thinking of that word, and cause I'm predicatable, I can recreate the password.

My Password Memorization Process

[Rank_Tyro]

I use one basic 7 character set which consists of letters and numbers. I modify that depending on a sites sensitivity by adding characters.

For example "mi2SSrs", for common sites and forums such as /.
For technical sites where I download software I add a three letter prefix to the main.
For webmail, I capitalize the three letter prefix.
For online money transactions I capitalize the prefix and add a character such as ~ at the end.
For my home ftp server login I add in the last 4 numbers of a high school girlfriends phone number.

All of these numbers and letters are also followed or preceded by license plate numbers and letters that I choose at random and memorize from cars off the freeway. That is changed quarterly.

Bios passwords and administrator logins are pass phrases at least 8 words long with a number set.

Now, that may sound like alot to remember, but I write down mnemonic clues starting with the lowest level of protection, and as security gets higher, each set gets words associated with the add on characters.

These clues are saved to a text file and a yellow "post-it" and labeled "Passwords". The text file goes into my home directory and the post it goes underneath the keyboard on the desktops. Good luck trying to log into anything based on what is written down.

However, after using this system for a few years, I can easily remember passwords up to 25 characters without worry about losing anything. Muscle memory plays a big part too. ....(btw, all of the information posted here is true, however I intentionally mixed up the order of things)
   

Belt and Braces

[strangedays]

Being a devious and un-trusting type with a world-view sadly twisted by experience, I tend to assume many others are the same way too, and that's way scary.

So... I prefer to entertain my full frontal paranoia by not using anything digital or on-line to actually store my keys to the things that matter.

Instead, I decided to keep my keys in a little black book, old fashioned, perhaps even quaint you exclaim!

True Squire! says I, but go ahead then, have a go.. lets see you hack that book.

Of course I do have nightmares about losing the book, however an occasional trip to a copier and a safe deposit box takes care of those, for a while. Of course if you did get to read it, you'd find yourself holding a bunch of keys... to what? aha!, thats the devious and twisted bit, remind me not to share that!

For hard passwords I choose random letters and numbers in groups of 2, at least 8, 16 or 32 chars in length, depending on the resources value. Otherwise, so I am told, the encryption becomes much easier to break.

For less significant sites, I (like many it seems)use a favorite quote, condensed into a shorter string of the letters of each word.

Re:Hiding

[PopeRatzo]

The upside, of course, is that I have a different password for every single computer and service I log into.

That's an upside??