three basic levels:
- Top Secret
This is a good model to follow in protecting your own private information. However, you can probably get away with just two levels:
- Secret (Low Security)
- Really, Really Secret (High Security)
Really Secret would apply to those situations in which the discovery of your password could lead to major financial loss, inconvenience, or embarassment and involve things like your Social Security Number, credit card number, primary email address. Secret would be for the rest -- stuff you would prefer to keep secret or restrict access to but wouldn't be a major crisis if breached.
Mushpup is not meant for Really, Really Secret situations. But it is ideal for the rest.
sites listed here can help you come up with strong ones. Try to avoid as much as possible writing these passwords down. Commit them to memory and never share them with anyone.
Do you have your two passwords? This is where Mushpup comes in. Your Low Security Password is also your Mushpup Secret Word. With it, you can create an almost infinite number of distinct working passwords while only having to remember your one Mushpup Secret Word. How does it work?
Whenever you have to register for a non-critical website, just open up the mushpup page, put the site domain and your Mushpup Secret Word in the form and get your new password. Then use this as your password on that site.
Why not just use your Mushpup Secret Word itself as your password? Well, again, if someone gains access to your password through the negligence or malice of that particular website, they won't thereby have access to any other sites. The real beauty of mushpup is not that it makes your password on that particular site safer, it makes your password for every other site you go to safer.
But what makes it really cool is that it provides a convenient, secure way to obtain your password from anywhere on the internet. Just drop by mushpup.org, put the same information (site and mushpup secret word) back in the form, and there your password is. No need to memorize it. No need to write it down. And it's even immune to keyloggers.
Security Engineering by Ross Anderson, Chapter 3: Passwords