Comments on: Password Fatigue – Security Term Up For Australian Word Contest http://securitymusings.com/article/213/password-fatigue-security-term-up-for-australian-word-contest Rants and raves from information security professionals Fri, 03 Feb 2012 13:03:11 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Security Musings » Blog Archive » Maybe Forgetting All Of Your Passwords Isn’t Such A Bad Thing http://securitymusings.com/article/213/password-fatigue-security-term-up-for-australian-word-contest/comment-page-1#comment-8211 Security Musings » Blog Archive » Maybe Forgetting All Of Your Passwords Isn’t Such A Bad Thing Mon, 20 Apr 2009 19:17:52 +0000 http://securitymusings.com/article/213/password-fatigue-security-term-up-for-australian-word-contest#comment-8211 [...] logging on to our Twitter, bank, and other online accounts a bit easier and much less secure. Users combat password fatigue by using the same password for all of their accounts, selecting short and weak passwords, or [...] [...] logging on to our Twitter, bank, and other online accounts a bit easier and much less secure. Users combat password fatigue by using the same password for all of their accounts, selecting short and weak passwords, or [...]

]]> By: Laura Bowser http://securitymusings.com/article/213/password-fatigue-security-term-up-for-australian-word-contest/comment-page-1#comment-82 Laura Bowser Wed, 16 Jan 2008 02:51:15 +0000 http://securitymusings.com/article/213/password-fatigue-security-term-up-for-australian-word-contest#comment-82 <p>I can certainly say that I agree with them. Password fatigue is all too common. One solution that my fiancee uses is password safe. It works great until he needs to get to his e-mail from a friend’s computer, then he’s <span class="caps">SOL</span> because he doesn’t have his password database with him, and he doesn’t know what his password is.</p> <p>I break things down into three major categories:<br /> super sekrit, sekrit, and internet. The super sekrit passwords are things like root accounts I have access to, and whenever anyone wants a <strong>really</strong> strong password. The sekrit accounts are the ones that are pretty standard, normal user accounts, bank accounts online, etc. Then there’s the Internet, where I give out the password to friends all the time. These are basically systems that want a password from me for an “account”, to place an order, etc. ones I could really care less about.</p> <p>I have about 2-3 passwords for each “grouping” and that’s about it. Yeah, it’s not as secure as it might be, but there aren’t that many accounts, and I get tired of remembering 3000 passwords.</p> <p>Some of the Internet class accounts are starting to require stronger passwords, and I’ve locked myself out of some accounts because all of the passwords that I “normally” use for that class aren’t acceptable (and let me tell you, the Internet ones? any cracker will get them in about 2 seconds), and I can’t remember what I used. It’s an annoying problem, but I don’t think you’re going to get a single sign-on solution that works among several thousand completely unrelated systems. </p> <p>I kinda like all the ones that are using paypal – I just have to remember one (usually).</p> I can certainly say that I agree with them. Password fatigue is all too common. One solution that my fiancee uses is password safe. It works great until he needs to get to his e-mail from a friend’s computer, then he’s SOL because he doesn’t have his password database with him, and he doesn’t know what his password is.

I break things down into three major categories:
super sekrit, sekrit, and internet. The super sekrit passwords are things like root accounts I have access to, and whenever anyone wants a really strong password. The sekrit accounts are the ones that are pretty standard, normal user accounts, bank accounts online, etc. Then there’s the Internet, where I give out the password to friends all the time. These are basically systems that want a password from me for an “account”, to place an order, etc. ones I could really care less about.

I have about 2-3 passwords for each “grouping” and that’s about it. Yeah, it’s not as secure as it might be, but there aren’t that many accounts, and I get tired of remembering 3000 passwords.

Some of the Internet class accounts are starting to require stronger passwords, and I’ve locked myself out of some accounts because all of the passwords that I “normally” use for that class aren’t acceptable (and let me tell you, the Internet ones? any cracker will get them in about 2 seconds), and I can’t remember what I used. It’s an annoying problem, but I don’t think you’re going to get a single sign-on solution that works among several thousand completely unrelated systems.

I kinda like all the ones that are using paypal – I just have to remember one (usually).

]]>