scrap passwords for scrap accounts
- at least -- anything that makes me create an account in order to read something i make junk accounts, pointing all over the planet and use junk passwords for.
Stuff I need, on the other hand, I take some care with, but the passwords are algorithmic, so remembering them is easier.
Stuff I have control over? SSH? private/public key authentication only, no passwords.
Educating the ID admins? long, painful, tedious processes. Worth it tho.
I too worked for the 30 day rotation, 16 password deep history queue, 2 Upper, 2 Lower, 2 special, 2 Numeric "reset yer password over the phone based on one question" company. Same with the vpn password. *sigh*. I think it explains the crash and burn.
Mines the one with the encrypted spreadsheet and a copy of "ssh-agent for dummies" in the pocket