There is a lot of talk about password security strength. There are tools that let you type in your proposed password, and they provide an estimate, obviously based on math, of how long it would take to crack that password using current technology.
I find it interesting that some of us think this means our passwords are safe if the tool comes back with a high value.
In the past, I have used a specific set of rules to create passwords that I can recreate easily if I do not have access to where I store them. When testing these passwords with online tools like the GRC Password Haystacks tool, I get really great results. But, if you saw two or more of the passwords written down, it would not take long to figure out just about any of the passwords.
I already know the “correct” answer is to use a tool that generates very long, random passwords, and store them in a password vault. But the truth is, this is inconvenient at times, so a lot of us avoid it.
An example might be the initials of your favorite Disney character, several specific numbers and characters, the words from the URL of the website or company before the first period(.), and another number/character string (dD1978%Twit2001$). Always the same capital locations, always the same number/character sequences.
Anybody else use their own rule based passwords?