That's what I do. Misspell a word or two then add a number somewhere. Actually once I had a password that was a typo of a misspelling (the typo did not fix the misspelling). Took me 6 months to notice. Now that's security!
I have four different sources for passwords (in the last ten years, I've used at least 2 from each of these routes): bastardised mnemonics, and three "others", which I don't want to discuss beyond the broadest sense of, "one scientific, one linguistic, and one I don't talk about".
At present, I think I have 8 or 9 different passwords on the go, with another couple "held in reserve", and a couple that I no longer use because they are probably compromised. There is some duplication, mostly among uses where I'm less concerned about security.
Maybe I'm not paranoid enough, but I figure that if you can guess my passwords just by knowing they're roughly based on mnemonics, then you're so elite you deserve to know my passwords.
I have a tendency to generate nonsense words which I can easily remember, and I'll then modify them to suit the password requirements (captials, l33tsp34k, etc.) Occasionally I'll glom a few words together with l33tsp34k filler (hypothetical example: 2BORNOT2B). Work passwords have strict rotation rules. My main non-work password most recently changed when I accidentally published it on my website through a combination of poor software, lack of proofreading, and muscle memory. Work and non-work passwords are (obviously) different, which causes me no end of grief when e.g. logging into my home webmail client.
After switching computers and realizing how many of my online passwords were only retained in Firefox's memory, I'm contemplating just leaving those as the randomly-generated 6rQH8439E gobbledygook and letting Firefox remember them. Or storing them safely in my email folder, where no haxx0r would ever think to look.
I was going to answer the poll, then realized my answer doesn't fit in the margin provided.
My approach to passwords these days is to pick completely random sequences that are fast to type and have some non-alphanumeric characters. My passwords are thus completely non-mnemonic and usually more in my muscle memory than in my mind, although I find it helps to create ones that are vaguely pronounceable. (Since I work on Unix, they're also necessarily 8 characters long.)
I want fast to type because I feel that this is the best way to stand up to the only pragmatic security threat I can do anything about, which is people watching me when I have to log in in semi-public. Besides, fast to type means easy to type which means less annoying. I have to deal with some passwords that have to be carefully and slowly typed out and nnngh.
This was actually the method i used for my Exchange password at Macromedia, after i got sick of having to change my password every two months or so. A quick-to-type password with a slight character rotation for the next iteration.
I am sufficiently neurotic about it that when I have to change a password (or make up a new one) I deliberately pick a completely new pattern, instead of mutating a current one a bit. This can sometime suck, such as when I have to change from a password that had a really great pattern to a less nice one.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
no subject
no subject
no subject
This is what i do, too. I throw in a capitalized letter, digit, and/or non-alphanumeric character to break up the string of letters.
no subject
no subject
no subject
Actually once I had a password that was a typo of a misspelling (the typo did not fix the misspelling). Took me 6 months to notice. Now that's security!
no subject
no subject
At present, I think I have 8 or 9 different passwords on the go, with another couple "held in reserve", and a couple that I no longer use because they are probably compromised. There is some duplication, mostly among uses where I'm less concerned about security.
no subject
no subject
Ah, biometrics. I knew i was forgetting something.
no subject
no subject
no subject
no subject
no subject
no subject
My approach to passwords these days is to pick completely random sequences that are fast to type and have some non-alphanumeric characters. My passwords are thus completely non-mnemonic and usually more in my muscle memory than in my mind, although I find it helps to create ones that are vaguely pronounceable. (Since I work on Unix, they're also necessarily 8 characters long.)
I want fast to type because I feel that this is the best way to stand up to the only pragmatic security threat I can do anything about, which is people watching me when I have to log in in semi-public. Besides, fast to type means easy to type which means less annoying. I have to deal with some passwords that have to be carefully and slowly typed out and nnngh.
no subject
no subject
no subject