Bruce Schneier's Advice for Managing Passwords

Correction: As soon as I posted this, I realized that the list provided by Schneier is not his list; he's just linking to it. Sorry for the confusion.

Security expert Bruce Schneier shares a list of do's and don't's for passwords (and in a show of refreshing honesty, admits that he regularly breaks seven of his own the rules; that's pretty extreme given that the list contains only ten items).

I routinely break four or five of the rules, but I won't tell you which ones. I assume that I get bonus points for that. I thought about password-protecting this post to increase my security score, but, to be honest, I don't know how to do that.

I will tell you that I use a password manager application called Passwords Plus (created by DataViz). It's not perfect - there's no iPhone version, for example, and its password generation feature is limited to a maximum of eight characters - but it's served me well over the years. I have to keep track of around 300 passwords for myself and my clients, and an app like this is absolutely essential for me.

Although, now that I think about it, I really should be able to remember all of them without assistance, since I use nothing other than "mypassword." ;-)


So, you're saying I shouldn't use my credit card number as a password? hmmm...

I use a password I invented years ago for most websites that don't contain anything personal about me. A lot of these sites (newspaper sites, for example) use a non-working email address.

One article I read had what I thought was a great way of generating passwords - use a sentence you can remember and the password is the first (or last) letter of each word.

For example - Fireant Gazette must be read daily = fgmbrd or tetedy.

OK... here's my CC number:


I hope that helps.

About this Entry

This page contains a single entry by Eric published on August 10, 2009 8:04 AM.

Just Anole Fashioned Lizard was the previous entry in this blog.

This Bird's a Hoot! is the next entry in this blog.

Archives Index