I never let browsers remember my password. Rather I always type the passwords by hand as refresher. Furthermore, I practice logging in periodically – a necessary cost of maintenance, just like workout.
Password hint questions -- I'm yet to work out the best practice. How about
* all questions about places - hangzhou
--stock password
By using the same stock password on 5 sites, we might remember it more easily. However, when we change password on one of these sites, we have to remember which site
If you already came up with a unique password for a site and use it long enough, then you can stick to that forever. However, there's a risk of theft.
As a widely useful stock password, there should be numbers and letters (not asdf....) I'd put no caps and no meta characters.
If a site requires caps, I use London
--Classify the sites :
* Those sites with 2-factor: ok to have a stock password.
* xp: Some sites are fragile -- would lock you out after very few failures. I'd avoid caps.
* A few (like 10) sites I access frequently. Easy to commit to memory. Better work out a solution for those infrequent sites.
* Obviously some accounts are critical. I tend to feel a large number (like 30) of sites are critical, but I had better pick no more than 10 as really critical, and think carefully about them.
* Some really critical sites have a 24-hour hotline but they may not be able to authenticate you over phone
* hsbc site is notoriously difficult, so I would use the simplest password, without caps.
Password hint questions -- I'm yet to work out the best practice. How about
* all questions about places - hangzhou
--stock password
By using the same stock password on 5 sites, we might remember it more easily. However, when we change password on one of these sites, we have to remember which site
If you already came up with a unique password for a site and use it long enough, then you can stick to that forever. However, there's a risk of theft.
As a widely useful stock password, there should be numbers and letters (not asdf....) I'd put no caps and no meta characters.
If a site requires caps, I use London
--Classify the sites :
* Those sites with 2-factor: ok to have a stock password.
* xp: Some sites are fragile -- would lock you out after very few failures. I'd avoid caps.
* A few (like 10) sites I access frequently. Easy to commit to memory. Better work out a solution for those infrequent sites.
* Obviously some accounts are critical. I tend to feel a large number (like 30) of sites are critical, but I had better pick no more than 10 as really critical, and think carefully about them.
* Some really critical sites have a 24-hour hotline but they may not be able to authenticate you over phone
* hsbc site is notoriously difficult, so I would use the simplest password, without caps.
