Here is an alternate solution to strong passwords. Come up with a small strong password that is easy to remember. Let say your root password phrase is ‘camelot’. Now come up with a consistent ciphering algorithm.
For example, replace all A’s with @ or all O’s with zeros etc. Capitalize every third letter.

Now, your root password becomes something like ‘c@Mel0t’. Now for each site either prefix or suffix the site name and apply the same ciphering algorithm.

So, if you visit www.google.com, you end up with a password like ‘g00glEc@Mel0t’.

Use this approach to create more replacements or change to rules so you come up with your own. One thing a lot of people might point out though is someone who has access to one password now knows your root password and hence can guess the passwords to all sites. This isn’t entirely true. A lot depends on your scheme. For example, if I need a yahoo password using the scheme above, it becomes ‘y@H00C@mEl0T’. Since the rule was to capitalize every third letter, the root password differs from the google one. Also, since you come up with the rules, you can make them as complicated as you need. For example, capitalize the 3rd letter, if the 3rd letter matches your cipher don’t go the cipher. Using this rule. Your google password becomes ‘g0OglEc@MelOt’ and yahoo becomes ‘y@H00C@mEl0T’. The your google password now starts with ‘g-zero-caps o’ as opposed to ‘g-zero-zero’.

Lets hear your innovate ways to password management sans software.

I use SuperGenPass. This cool little javascript is a bookmarklet that can be run on any site you visit to generate a unique password. It uses a combination of a user provided password and the site domain name to generate a strong unique password.

One advantage is that I only need to remember one password to generate unique passwords for any site. Also, the unique password is the same throughout the domain. Another advantage is that I don’t need internet access to generate the password since the javascript is run locally rather than remotely. So I have access to my passwords even if I am not online.

There are some shortcomings as well. One quite serious issue is that it currently does not use special characters to generate passwords. Special characters in passwords make it exponentially harder to break rather than just using letters and numbers. Another problem is that certain sites have limitation on passwords; ie. no longer than 8 characters or disallow certain characters etc. This means that the generated password will need to be modified to work for the site which makes it harder for you the remember it when you revisit. This really is a site issue and not a supergenpass issue. Sites should not restrict passwords, especially strong passwords. It also seems like it is possible for a site to get access to your private password even though the javascript is run locally. You can read about that particular issue here

A combination of SuperGenPass and Lastpass is possibly the ideal solution. Run supergenpass on a site you trust to generate your password. Enter the password on the desired site and sign up. Let lastpass remember that password for future use.

Probably everyone knows about Palin’s email being compromised. Maybe not many know how. A hacker simple clicked on the forgot password link, and sat there figuring out where she met her fiance and what school she went to. In today’s day and age, there questions are easily answered. Between Wikipedia and facebook and most people pets, schools and practically their entire life history is there for everyone to read. An someone like Palin, who has been in Alaska, oh wait, probably never gone outside of Wasilla her whole life, security questions are a few minutes of guesswork. So what’s the point of strong password generators and software that charges you to keep track of them, when you have weak workarounds to get by them.

The solution you ask. I don’t know! But maybe email my temp password to a secondary email, let users personalize the questions, etc etc. Maybe you have better ideas.