I h8 passw3rdz

I'm sick of passwords.

I want to be secure:

  • Never reuse a password, month-to-month or site-to-site
  • Use a secure, reliable random password generator
  • Change all my passwords each month
  • Don’t write them down on a post-it note on my monitor

I want it hassle-free, so I could:

  • Use the same password.
  • Never change it
  • Make it the name of my pet/son/wife/mistress

Some sites place restrictions on passwords, in an attempt to make them more secure. If I’m doing a good job of selecting my password, then any restriction is a reduction in entropy in my password, actually making it less secure.

I’ve seen restrictions on the max length of the password, which is just the worst.

I want it something that helps me with my MS corpnet password, my bank’s web site, my Everquest message boards, my ATM PIN, etc.

I need something that identifies me uniquely, and securely. I also want my privacy, so I don’t want two providers to be able to figure out that my identity with one is the same as with the other.

I want computers to help me with this problem. What can be done?

Smart cards: By providing 2-layer security (the card + a pass code), it’s more secure because it’s harder to compromise both at the same time. Fails the privacy test, as I have one smart card for all providers.

Send them all to my hotmail account: Any time I have a web browser, I have my passwords. But it’s not secure.

Write them down on a piece of paper: Compromised if stolen; lost if washed in the laundry; annoying to type them in, useless if I forget it in my other pair of pants.

Carry a pocket PC: I don’t want to carry another piece of equipment that I must maintain, recharge, repair, replace, etc.

I think the PGP Passphrase FAQ is a good read.