My passwords are completely unmemorable and stored in a specific location. This makes it difficult to use one of my accounts on another machine (e.g. phone, Wii, internet cafe) without planning in advance. It also means I have to backup the store somewhere (and preferably a couple of places).
To access my passwords on my machine I have to have a password to login to the operating system and then another to unlock the password store. These will have to be memorable so I don’t get locked out and hence will most likely be the same as my brain can’t cope with much. Either that or I write them down somewhere.
One option to solve this would be to use an online password store (a quick search seems to reveal quite a few). Firstly, I can’t use these for work and secondly how can I trust them myself? Thoughts? Suggestions? How does everyone else solve this problem? Or is it just me worrying too much…
Ok, I’ve realised that I am being bothered so much that I can no longer be productive. By friends or colleagues? No, all my own doing unfortunately. Throughout the day I am constantly interrupted with important information such as a new work email, a new personal email, a new blog post, etc etc. The amount of things I had automatically checking and notifiying me was a bit large. Suddenly inspiration hits with a little help from Merlin Mann over at 43 Folders.
So last week I took the plunge. I turned off automatic mail checking in Lotus Notes for my work email, uninstalled my mail notifier for my personal mail and kept my feed readers closed (Liferea for internal feeds behind the firewall and Google Reader for everything else). I made sure all my RSS feeds were split up into categories so I could process them more efficiently (blogs in priorities 1 to 4 plus some extra feeds separately such as comments on this blog or on my Flickr photos, twitter updates of interest etc. I also customized some of my feeds such as Twitter using Feed Rinse. This allowed me to filter the feed so that I only show updates from particular people, and only those that are @replies to me etc - I really don’t need to make sure I miss every single tweet from everyone I follow!
So now with this new setup in place I’m trying to only check my mail and feeds once in the morning, once in the afternoon and maybe once before I leave the office. If I happen to be at the computer in the evening or weekend then I can check my personal stuff if I feel the need. I certainly feel more in control and I haven’t seen a problem with it yet - if anyone expects an immediate reply to an email, they should contact me by phone or instant message! We’ll see how this goes…
For anyone that’s interested, I highly recommend watching Merlin’s recent MacWorld presentation on ‘Attention Sinks & Time Burglars‘. I’d also recommend any of his other presentations, particularly Inbox Zero.
In the past I’ve taken the very secure approach to passwords by having the same one for everything. As I have to change most of my passwords for work every 90 days I even had trouble remembering that one password so I made sure it was a recognisable word (usually something childish and inappropriate that would make me laugh such as ‘pooping’) and threw a number in the middle somewhere so the checkers wouldn’t block it. I’ve since (i.e. today) seen the error of my ways and decided this really isn’t good enough, particularly for someone who works in the IT industry and really should just know better.
I figured that with my special memory even improving this technique very slightly would leave me in the dark so I decided I’d need a tool to help me. Given that I’ll be using a tool, I decided I may as well go the whole hog and have a different, auto-generated and complex password for everything. Then I found Revelation, a password manager for the GNOME desktop. It seems to be a really neat little app that can store, generate and quality check passwords. It even has a handy little tray applet for quickly copying a particular password into your clipboard and other useful bits and pieces.
Of course the major drawback to this approach is that if I lose the file containing my passwords I’m screwed. So now I have something else to backup. This might seem like a bad thing but actually it meant that I improved my current backup process too. That’s even less interesting that this post so I won’t go into any details
Having said and done all this, I’m sure that even if all my passwords are the same, no-one would ever find out one and then try it in a million different systems. But man would I look like a prize idiot if they did - so just in case I’ll stick with it.
