I'd like to listen to what you do to manage passwords and security phrase/question/answer for your mission-critical finical accounts. Do you use multiple passwords? Do you alter your passwords periodically? Have you been paranoid about getting your passwords compromised as well as lost. To me, it is really a pain when you forget a password and have to call the companies to reset it. IMO, This procedure actually could compromise the integrity of your privacy and security even more. I'd like to hear all experience to deal with the problems. I am crazy on this. Thanks. By the way, I trust no software solution for the problem. The reason I post this in the software forum is because I don't want this goes to chi-chart. I guess this thread can easily be designated to the psychology forum as well.
I have had this happen when I couldn't log into a credit card site where I pay my monthly bill. It turned out that they had a couple different logins on their site, and I needed to click on the Credit Card menu to find the login for my credit card, and not the general login that looked like the obvous login on the main page. Sometimes you will be told that you have an invalid password if their system happens to be down, like at 3:00 am or something when they do their maintenance. When you sign up, they usually ask you to set a Password Reminder Hint, where you create your own security phrase. It helps if you create a phrase that you will not forget. Sometimes it lets you write your own question, and I've written things like "What is your first name?" and then the Answer I enter is . . . (my first name)! Simple. I have my various accounts written down on a piece of paper with the User ID and Password written next to each. They are usually similar variations from account to account. They aren't all the same, because some sites require different amounts of characters, some require letters and numbers, some require only letters, some require only numbers.
I write my passwords on the bottom side of my mouse. I change my mouse periodically so I think I am pretty secure. Kidding aside. I work in the IT business and for the last decade I always had to manage 10-20 different system accounts at work. We are forced to change our passwords periodically (every 3 months). So I am in the habit to do this for all my private accounts too. I don't have a problem to remember my passwords for regularly used accounts. However sometimes I have a problem when I was on vacation or didn't use the account for some other reason. I write passwords down (encrypted) for infrequent used systems.
About ten years ago, when I worked next to a Cray consultant, he used the following procedure to log on to their computers: 1. Connect via the Internet. 2. Type in username and password. 3. A new password generated by the computer will be sent to a card that he carries. 4. Type in the second password. If someone needs to log on as the Cray consultant, he has to know his username, his password and gets the security card too. This procedure was over ten years old. Now they may have some new tricks.
My written passwords are encrypted by my own handwriting. Sometimes even I can't decipher it. I know no one else will.
Windows servers have configurable security policies: you can set password requirements, length of validity etc. In addition you can use smartcards and certificates to provide a multi-layer protection against a hacker - software system or people - getting authenticated access to your systems .... The same facilities are available in Unix systems with a few add-ons: the windows stuff is out of the box functionality.
When you write the passwords on a piece of paper in your handwriting and/or encoding, where do you put the paper, under your pillows? what kind of paper is the best to use? When you use a smart card, do you carry the reader (USB?) all the time with you or where do you put them? Thanks.
Basically the way to do this is to use smartcards in conjunction with locked down mobile devices - laptops etc. This can be done over a network connection / internet: no portable card reader is necessary. If all this is planned properly, then even if an employees laptop were stolen, the thief would likely get little if any confidential information. In addition, they would have a very tough time getting past the smart card code system .... If your employees need to write down multiple passwords then you already have a problem.....