“So many passwords, so many requirements. Capital letter, numbers, no spaces, something random so it can’t be cracked, but something memorable so you don’t have to write it down… Aww snap! it can’t be one already used! Why do they make this so hard? Who really wants my passwords anyway?”
Pretty much for the simple reason that your passwords are valuable. Phishers and hackers want to access whatever accounts of yours they can take gain from…. bank accounts and online purchase passwords can be compromised to run up your bills and deplete your resources. Email accounts are opened and sorted through for passwords, compromising or private photographs, credit card numbers, etc. Anything that can be sold. Even your private address book will be taken apart and sold for direct marketing parts: emails to spammers, phone numbers to insidious call centers, etc.
If you have a website, they might like to use your public face to promote their business via your url. They can do this by altering your website directly if they get password access to your ftp, control panel (c-panel) or content management system passwords (WordPress, Drupal, Joomla). They can make it so visitors to your site pick up and propagate nasty bits of code to further the benefit of their cause. And… they have lots of ways of doing this, and are changing tactics all the time.
Hint: “I have 3-4 passwords that I use for all of my accounts.” Is not a good example of good password management.
Good password management is hard. There are many tools available to help you manage your passwords. The one I’ve come to like is LastPass.com. I recommend my clients use it and offer this video to explain their services:
http://youtu.be/RM0fzHxMASQ
Having all of my passwords accessible from any browser anywhere has come in handy multiple times. I’ve even been able to ‘come to the rescue’ for clients with lost passwords while on vacation. Since I maintain password sets for my client projects my sanity has been saved on numerous accounts. It can be used to broadcast password changes across project groups. If you’re going to use LastPass, make sure you do not use the master password you set up for ANY other password but… make it memorable. Instead of using a Strong Password Generator to assign a random password, make sure it’s something you will remember without writing down.
There is of course the cold reality that any service or software can be subject to attack. Passwords can be guessed, keyloggers sit in coffeeshops waiting for you to log into your PayPal account. If you don’t think LastPass will work fo your, do come up with your own system that works, employing encryption keys, browser tools or simple effective pneumonic devices. A ol’ fashioned notebook or rolodex system might work best for you, but all systems have limitations.
Recently LastPass announced that they’re now supporting all devices for free. It was one of the few paid iphone apps I have ever purchased. It was worth every penny and still is.