...If someone wants your shit, they're going to get it. I'll tell you all right now, I have maybe 3 online handles that pop up everywhere. I use the same basic password for each (adding a 1 to the end on occasion where it's OMG REQUIRED). I'm sure if someone started googling me, they'd find out a lot...
So, is this a challenge you are inviting...? Just saying because it seems like people have too much free time on their hands these days.
On topic to the post though, I find a (for me) good pw policy to go by for the multitude of sites out there is to have a basic password "frame" such as your hometown or whatever spelled backwards (to pass dictionay filters). This is easy for you to remember, and spelled backwards, the word is incompressible, seemingly random:
elttaes = seattle,
anozira=arizona,
nilreb=berlin
then you add on the frame for websites for online banking such as follows:
BOA## = Bank of America, ## = any digit(s) of numbers you like such as area code, year of birth, etc.
The password might end up looking like: elttaesBOA10
I know there are some sites that have silly PW requirements. I've seen requirements any or a combination that forbid some of the following:
- no special characters: " { ' / , @ ! etc. (escape character problems in code?)
- certain special characters ok, others not such as: @, !, %, (), * (why? hits to close to home, programming-wise? Afraid of invoking variables somehow through password string?)
- no number at end of password (this I've experienced only at financial institutions, must be an oracle DB thing?)
- no capitalization (why not...?, must be a MS legacy thing)
- not enough capital characters, too many capital characters (not sure why this is bad other than the ol' cap locks on thing)
- no all special characters (is this because of "!@#$%^&*()" abuse?)
- no repeating or incrementing, 1234... abcde... (but most likely 1!2@3#... aAbBcCdD... would be fine with such rules)
- no numbers at all (um ok...)
- too short / too long passwords
– misconfigured passphrase entry (I've been on a university SUN Unix systems where passwords were simply truncated to 8 characters; anything after the 8 legit pass phrase char, you can type wildly and your credentials would be accepted anyway.)
- then there’s keychain number thing (don’t remember what its called), biometric fingerprint, etc. in addition to password