{"id":25900936,"url":"https://github.com/pixelastic/password-strategy","last_synced_at":"2026-03-04T22:31:28.785Z","repository":{"id":5799137,"uuid":"7013687","full_name":"pixelastic/password-strategy","owner":"pixelastic","description":"Documenting the more efficient way to keep track of my passwords.","archived":false,"fork":false,"pushed_at":"2012-12-05T08:39:36.000Z","size":100,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"develop","last_synced_at":"2024-04-12T01:05:07.119Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pixelastic.png","metadata":{"files":{"readme":"readme.mkd","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2012-12-05T07:44:02.000Z","updated_at":"2014-05-06T23:03:08.000Z","dependencies_parsed_at":"2022-08-30T21:52:14.716Z","dependency_job_id":null,"html_url":"https://github.com/pixelastic/password-strategy","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pixelastic%2Fpassword-strategy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pixelastic%2Fpassword-strategy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pixelastic%2Fpassword-strategy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pixelastic%2Fpassword-strategy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pixelastic","download_url":"https://codeload.github.com/pixelastic/password-strategy/tar.gz/refs/heads/develop","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241596387,"owners_count":19988069,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-03T02:19:40.414Z","updated_at":"2026-03-04T22:31:28.746Z","avatar_url":"https://github.com/pixelastic.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"Overview\n========\n\nI have a lot of accounts, on a lot of different websites. Some of them I use\nalmost everyday (like gmail), some of them give access to very sensitive\ninformation (like paypal), some other I are used in a passive way (like\ndropbox) and some of them I've only use once or twice (like online shops).\n\nThis is my try on organizing this mess my account and password information has\nbecome. Here I'll try to give advice and guidelines that I do follow. Feel free\nto follow them too.\n\nWhat are the risks ?\n--------------------\n\nWhat you need to understand is that some websites are more secure than others,\nand none are 100% secure. Given enough time, every website, will be\ncompromised. No service can offer a complete guarantee of being absolutely\nsecure.\n\nOnce you understand that, you do put a bit more time in making your own online\naccounts as safe as possible.\n\nThe other important thing to understand is that any security scheme is as\nstrong as the weakest element in the chain. You might think that it is no big\ndeal if someone manage to obtain access to your mylittlecuteshop.com because\nyou only ever ordered one thing on that website 3 years ago and you did not\ngive any important information to that website anyway.\n\nYour date of birth ? You already have it publicly displayed on Facebook anyway.\nYour address ? You no longer live at that place. So, really, why should you\ncare that someone got access to that account ?\n\nWell, maybe because you did use the same password for that account and for\nanother website. Maybe even for your gmail account ? Ouch, that would be bad.\nYou have a ton of important information available in your gmail account. Love\nletters, billing information, job resume, private pictures, etc. But more\nimportantly, whoever has access to your email can potentially get access to\nmost of your online account using the \"I forgot my password\" like that most\nsite offer and that send a reset password link by email... to that very own\naddress that is already compromised.\n\nNow that you are now more aware of the risks, let's see what we can do to\nmitigate all this.\n\n\nNever use the same password twice\n---------------------------------\n\nAs outlined above, it is crucial to never use the same password twice. That\nway, even if someone manage to get access to a weak link, he won't be able to\nget access to more important informations from that password.\n\nThe easiest way to do that without having your head exploding is to use\na password manager application. This is a small app where you can save all your\nlogin and passwords. The app itself is protected with a master password (the\nonly one you absolutly have to remember, so make it super-strong). There are\na few out there for different OS, but I personnally use KeePassX.\n\nMake your passwords strong\n--------------------------\n\nI just said that you should make the master password super-strong. This is\nabsolutly true. But this does not mean that any other password should be weak.\nAll your passwords should be strong.\n\nYou probably have heard a lot of different things about password and how to\nmake them strong. Do not use your login as a password, do not use \"qwerty\" or\nany keyboard sequence, do not use your birth date or the name of your children.\nMix uppercase with lower case, use number, use special characters like #, [ or\n^.\n\nThese are all very good advice, but not very pratical in everyday life. Sure,\nyour could create a super strong password like \"x¬Iåf0²ù õ]åVþ6ɶiy\", but\nhonestly, will you ever remember it ? Will you even be able to type it ?\n\nOn the other hand, it is true that the longer the password, the more secure it\nis. The larger the alphabet used, the better.\n\nHere is an example of a scheme one can use to create a strong password.\n\nFirst, you pick a small sentence. It is better to avoid famous quotes, and\nstick with very simple sentences, like \"My neighbour is named Aldous\". It is\neven better if one word does not exists in any dictionnary.  Maybe it is word\nyou used when your were a child, maybe it was the name of one of your pet, or\nyou just invented it, or you changed the letter order.\n\nFor example, \"My roubghnei is named Aldous\". You can even throw a bit of\nspecial characters in it, like \"My roubghnei name is : Aldous\". I discourage\nusing l33t sp34k in password as this can very easily be tested in an alphabet\nattack. It is just better to add number or punctuation where it does not make\nany sense.\n\nYou can just stop here and you'd already have a strong password. Feel free to\nadd more and more complexity to it, but be sure to still remember it, or at\nleast remember how to get the final password from the initial sentence.\n\nWhat I also do is keep this master password as a base, but modify it for every\nnew website. For example, if I'll connect to ebay, I could just change the\npassword to \"My roubghnei ebay is : Aldous\". I can even complexify it a bit\nmore, maybe changing the first and last letter of \"Aldous\" with the first and\nlast letters of the website, making it \"My roubghnei name is : Eldouy\".\n\nOnce again, add complexity as long as 1/ you can remember it and 2/ you end up\nwith different passwords for each accounts.\n\nUsing different email addresses\n-------------------------------\nUne pour les spams (shops, etc), une pour le perso, une pour le pro. Au moins,\nça limite les dégats.\n\nSites qui jouent pas le jeu\n---------------------------\n\nSi un site m'envoie mon email en clair lors de l'inscription, on efface le\nmail, et si possible on change le mot de passe. C'est pas très grave. S'ils le\nrenvoient en clair quand on clique sur \"mot de passe perdu\" alors là c'est très\ngrave. Prévenir les dev de l'erreur pour qu'ils le changent, et éviter\nd'utiliser le site web, changer le mot de passe.\n\nDans l'idéal, on s'inscrit avec un pass weak. On teste la récupération de mot\nde passe. Si correcte, on change par un mot de passe plus fort.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpixelastic%2Fpassword-strategy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpixelastic%2Fpassword-strategy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpixelastic%2Fpassword-strategy/lists"}