My friend Aaron recently blogged about an innovative way to generate and remember many passwords using convenient password cards. His post has inspired me to share my own method for randomizing my passwords across many sites. Let me say at the outset, though, I really like Aaron’s approach, and don’t mean to imply by this post that I think my approach is superior to his (in fact, for portability and forward compatibility, his solution is perhaps superior to mine). The point is to find a method that works and then discipline yourself to stick to it.
Let me start with a short story. You may remember that I used to be the proprietor of the Homestar Runner Wiki and its accompanying discussion forum. Well, there was some drama there one year (as there was every year and as there is with all online fora) and one of our members decided to start his own forum and tried to persuade other members to leave us and join him since we were so dumb and he was so cool. I almost signed up on his forum just to see what all the fuss was about, but before I got around to it, one of our forum’s moderators signed up on his site. Shortly after she signed up, he was able to retrieve her password from his own forum’s database, and, since she had used the same password for his site as she had used on our site, he was able to log into our site using her password.