How to survive on three passwords
Some time ago, I read in some issue of Women's Health, a magazine my wife subscribes to, that you can survive in the modern always-connected online world on just three passwords. One password for your financial institutions, one password for the less important sites (say, your social sites, or your shopping sites), and one password for everything which you don't consider important or particularly care about or is essence a one off.
Bloody nonsense, was how I put it to myself at the time and took the mag for recycling.Incredible bloody nonsense, is how I put it now. One reason? Well, you may have heard that Twitter had some issues today. They sent out password reset emails to a bunch of users due to some anomalous behavior with their accounts, The reason? Well, it seems that these users had been using the same password on some compromised sites as they had on Twitter. Bad guys do some harvesting of userid/password combinations on the compromised sites, try them out on Twitter (and I dare say on other sites too), and make hay with those logins that work. Holy crap. And on top of all that, about a month ago, an interview with a Facebook employee was published about the "master" password that was (is still?) used internally to provide full permissions to anyone's Facebook page and user details. Think about it: a rogue employee who could harvest logins from the company they work for, resign, and then use those logins willy-nilly. Look, it's not difficult. Use a good password database program. There are free ones out there (Password Safe being by Bruce Schneier, the crypto guru), or you can purchase them. I use one called SplashID, mainly because you can sync the database between an app on your PC and one on your iPhone. There are very few sites I remember my password to any more, really only my banks, my network logins, and my PCs because I use them every day. These password programs even come with password generators to avoid having to use ordinary words (a dictionary attack, even with 1337 character substitutions, will discover a single word passwords in less than half a second). The answer to the question posed by the post title should be "it can't be done, not without exposing yourself to some possible bad things happening". You should have a unique password for each site. No excuse.
