If they hack your fitbit.com password and it gets them into facebook, that might be a little more of a problem.

If they download passwords from your credit card company and that lets them into your bank, that’s a much bigger problem.

On an unrelated node, changing your password every 30 to 90 days does nothing to increase that entropy like some companies force you to do. Quite the opposite, it generally forces people into using password schemes that decrease entropy or causes people to write down passwords in an easily comprimised place (like stuck to your monitor with a sticky note).

Nice post. I use 1Passwd on my Macintosh machines. Since it syncs with the iPhone I have all my passwords stored in the iPhone. The problem here is that I use 2-passwords. But if you find those you can access all my data at once. (scary). I wish there was some sort of security measure like ’10 wrong passwords erases the db’.

As for the card, I’m a bit skeptical. You still need to remember color, symbol, direction, and length for each password. I would guess that is rather hard, especially because you don’t have any association with these combinations (unlike with normal passwords). So far the xkcd approach seems easiest for me.

$3g4t6brt#173xdd rhymes like so $ 3g 4t 6brt # 173xdd