I've been using letters and numbers for years, however I see the silly season is upon us. Recently got asked to set a password of a minimum of 16 digits and to include special keys. Needless to say they didn't get my business. A password to me is only secure while it's in my head. Once I write it down, security goes out the window.

I have a couple stock exchange trackers with a major financial company in the UK.

When I started two years ago they required you to enter either your 8-digit customer reference or a username that you could choose to replace it for login, and a PIN of at least 6 digits.

On the next screen they asked for three (specific, varying) characters from your password which had to include at least one upper case letter and at least one digit.

A couple of months ago to improve security they changed the system. They forced me to change to using a username, which could be my registered email address with them. As a result the customer reference no longer works. The PIN number has been dropped. The second screen now requires a straight entry of the password.

It is therefore now one of the most insecure login methods there is for any financial institution I know!

Edited by RobertoS (Sun 29-Nov-15 17:47:32)

I store completely unique, strong, 16 character passwords in a local encrypted database, protected with one good password which I memorise. In my opinion, the danger of local password database discovery is much smaller than the danger of hackers guessing weaker, memorisable passwords online, or remote password databases being compromised which reveal the same, or similar passwords for other sites.

Which is not much use when you're not local

In reply to a post by jchamier:

GMail supports the idea of [email protected] where after the + and before the @ can be anything and you'll receive it into the name mailbox.

Yup, my system is similar to that. Except I run my own mail server so I can use a wildcard pattern. Either way from my perspective they all end up in my inbox so there's nothing to track. One thing does annoy me is people using CC instead of BCC. That has the potential to cause problems.

Curable problems but it'd be annoying to temporarily lose the certainty of knowing which contact actually sent me an email.

Edited by Andrue (Sun 29-Nov-15 21:42:21)

In reply to a post by zom22:

How exactly are you going to reply to say 5 of your contacts about some subject unless you write 5 different emails to each of them from the 5 different email address allocated to each contact and then face the problem that each person will not know the others have also been informed in a separate email as they would if if was a straightforward reply to all.

I've never needed to do that with personal mail. If I did I'd probably use a new group email address for that conversation. It costs nothing to 'create' them and they all end up in the same mail box anyway.

Edited by Andrue (Sun 29-Nov-15 21:39:20)

I expect the majority of the public are completely misled by the common "you get 5 (or 10) mail boxes". The proportion of users needing more than one has to be small.

Aliases are not mentioned in the main publicity, and only people like us discover them.