I have a single password and a mailinator address for anything that requires login or registration. Fake name, fake password?
Then I have different, good passwords for my login and Gmail. These are easy to type and generated from a passphrase so they look nothing like dictionary words and yet there is a good way to remember them when they're new and my fingers haven't learned them yet. These are about 10+ characters long but those that are easier to type are favoured.
Old passwords from the previous category are often reused for middle-level services such as HN, Reddit, Slashdot, FaceBook and others where I have a long (or expected long) residence and high correlation with my privacy or personality. This is mostly for convenience since my fingers have the kinetic memory for about 6-7 such passwords: something I've typed for months or a year as my login password is something I'll also remember the following montsh or a year as my reddit password. If I forget, I try all recent password patterns that my fingers can remember. Has worked so far.
Online banking login + passwords are nowhere but my head. In fact, I don't know them if someone wanted me to write them down. Instead, my fingers remember them. The login + password are set by the bank. I also have to look up a code from a pad of one-time PINs sent to me by my bank in order to successfully log in to the online services.
Anything else that is either important or rarely used (Amazon, online stock brokerage service etc.) are stored in a file encrypted for my private GPG key. I open it with Emacs, type in the GPG passphrase, let Emacs decrypt the contents and edit the file as usual. Saving will automatically encrypt the data before writing to disk. Looking up a password is a matter of decrypting the file to stdout from the command line and piping it to less. The private GPG key is protected with a passphrase that is about 50 characters long. It is not written anywhere. The passwords in this file are generated by a Perl script I wrote in the 90's. The output of the script is 16 bytes of random characters and numbers.
It seems that I rely a lot on my memory. Most of them are memorised in my fingers rather than the lexical part of my brain. I have maybe ten passwords that I need every week or month, and those are in my head, probably because I can keep them there. In addition, I have several PIN codes I must remember, and I do. (Cell phone PIN, two bank cards, SecurID user PIN, door lock code...)
Then I have different, good passwords for my login and Gmail. These are easy to type and generated from a passphrase so they look nothing like dictionary words and yet there is a good way to remember them when they're new and my fingers haven't learned them yet. These are about 10+ characters long but those that are easier to type are favoured.
Old passwords from the previous category are often reused for middle-level services such as HN, Reddit, Slashdot, FaceBook and others where I have a long (or expected long) residence and high correlation with my privacy or personality. This is mostly for convenience since my fingers have the kinetic memory for about 6-7 such passwords: something I've typed for months or a year as my login password is something I'll also remember the following montsh or a year as my reddit password. If I forget, I try all recent password patterns that my fingers can remember. Has worked so far.
Online banking login + passwords are nowhere but my head. In fact, I don't know them if someone wanted me to write them down. Instead, my fingers remember them. The login + password are set by the bank. I also have to look up a code from a pad of one-time PINs sent to me by my bank in order to successfully log in to the online services.
Anything else that is either important or rarely used (Amazon, online stock brokerage service etc.) are stored in a file encrypted for my private GPG key. I open it with Emacs, type in the GPG passphrase, let Emacs decrypt the contents and edit the file as usual. Saving will automatically encrypt the data before writing to disk. Looking up a password is a matter of decrypting the file to stdout from the command line and piping it to less. The private GPG key is protected with a passphrase that is about 50 characters long. It is not written anywhere. The passwords in this file are generated by a Perl script I wrote in the 90's. The output of the script is 16 bytes of random characters and numbers.
It seems that I rely a lot on my memory. Most of them are memorised in my fingers rather than the lexical part of my brain. I have maybe ten passwords that I need every week or month, and those are in my head, probably because I can keep them there. In addition, I have several PIN codes I must remember, and I do. (Cell phone PIN, two bank cards, SecurID user PIN, door lock code...)
So, go figure how to hack me.