Comment Re:Yup, Probably true (Score 3, Insightful) 278
Same basic process, though different criteria for me:
- Junk sites (one-time login for news, quick downloads, register-to-see, tech mailing lists) get the same low-end password. If I can't foresee any information that I care about going to that site, then it gets a basic throwaway. (I also misspell registration details so i have an idea if advertisers are getting that info).
- Slashdot, forums, etc: Also low-grade. Sorry, but if someone gets their rocks off posting crap as me, I can live with it. I've got enough First Life points to keep me busy.
- Personal email: Since I don't trust the email systems that are in the hands of others, I don't put anything on there I care about. (If someone wants to know that I'm asking my prof how to fix some code, more power to them--it'll bore them to tears.) Hence, it gets a medium-grade password.
- Online stores: Medium grade for one-time purchases, high-grade for repeat business.
- Own email system, bank, etc: High grade password, randomized (at least to the rest of the world) that it passes the basic dictionary-attack. For example, I somehow remember old phone numbers and bank accounts from 20 years ago (none of which are in use); add a couple of 1337-speak letters and you're in business.
Like the parent, it's really a matter of compartmentalization and damage control. If you don't own the system, it's not completely trustworthy. If it's your system, it's only modestly trustworthy. If you're doing something criminal/embarassing/stupid, it's better to leave all notes at the bottom of the Marianas trench.