I’m doing a lot of web development. By nature, I also have a metric ton of username/password logins on different websites.
I have to admit that I’m using the same password in a lot of places. Well, I’ve got three main passwords for three levels of sites:
Throwaway accounts. Mailman lists that mail me my password in plaintext every month.
My laptop login.
Having pretty much the same password every time isn’t good. If one gets compromised, you have to change ‘em all. Possible solutions:
I could use random passwords and store ‘em all in some password manager. The problem is that I need those passwords on my linux laptop, on my iphone and on my ipad. Well, which password manager works on all three? For every app?
I could use some algorithm that I can remember. So ‘nieuwegeingoogle’ for logging in to google.com, ‘nieuwegeinslashdot’ for logging in to slashdot. Yeah, right. Not to difficult to guess what my other passwords are going to be, right? Same with ‘Gonieuwegein12og’ for google, as slashdot has to be ‘Slnieuwegein12as’. Well, I can probably think of a better algorithm, I guess.
Have some simple algorithm and then md5 hash it and use that as a password. Well, that might not be too bad. There’s an md5 app for the iphone. But then you get into problems with sites that cannot accept the full length of an md5 hash.
My current guess is “figure out some hard-to-guess algorithm”. So option two.
Am I thinking in the wrong direction? Are there better options? Please comment if you’ve got a good idea.
My name is Reinout van Rees and I work a lot with Python (programming language) and Django (website framework). I live in The Netherlands and I'm happily married to Annie van Rees-Kooiman.
Most of my website content is in my weblog. You can keep up to date by subscribing to the automatic feeds (for instance with Google reader):