I hate Facebook.

I hate Facebook and have started working on a post about it that requires me to create a profile on said hated social networking[1] site.

Given that I’m not exactly thrilled about handing FB some of my personal info. I had to create a new email address to which it could barf its enrollment confirmation.
I use Google for email[2] so this meant that I would have to invite myself to a new account. This, of course, meant that I needed a temporary email account that I could invite. So I ended up creating two new email accounts just to be able to create one FB profile, just so that I could get a screenshot of FB to dislike.

This, of course, meant new passwords – which brings me to my story.

lockdown

I currently have five active passwords, excluding the ones I use for work purposes.
They vary in strength and how often I rotate them based on what they are used for. In terms of strength they range from simple words, through associative phrases, complex concatenations of words with character substitutions all the way through to randomly generated garbage. Strangely the strength doesn’t seem to affect how often I feel I need to rotate a certain password.

I also use the passwords for groups of accounts. The weakest I never rotate and it eventually just ends up being discarded when I stop using the particular group of accounts[3]. I use a stronger password for accounts that I intend keeping but that don’t link to me personally. An even stronger password protects accounts that link to me personally. I limit the number of these strictly. Interestingly, this is one of only two passwords that are not at all associative – it’s just a phrase that somehow seemed right at the time and has stuck. I guess it says something about me that I want to have my very personal identifier be something that really has no connection to me as a person[4]. From there on the strengthening passwords are used for accounts that have a legal bearing and for technical, administrative accounts. By the time it comes to these passwords they are either long mangled phrases or simply a bunch of random characters/numbers.
There’s something satisfying about a password that cannot be pronounced in a conventional sense (though I do remember it phonetically).

Oh, and there’s one more – the password to my wireless router. I was so paranoid when I set it up that I chose a vicious phrase with a variety of crazi-time grooviness mixed in. I don’t remember it. Shit.

So what’s the point of me sharing my password profile with the world and thereby quite possibly upping the brute force attacks that this very site is likely to sustain? It’s about the number of passwords that I use. Is there anyone in the world who uses only one password and if so, do they know what they are setting themselves up for?
I once met a woman who used the same PIN for her cellphone, bank debit card and luggage. I just smiled politely and nodded when she told me this.

Where does the balance lie between stupidity and paranoia? How many passwords does it make sense to have? The question is probably not relevant. I don’t use sets of passwords to limit the damage that could be inflicted if one or more were to be compromised, but because they (and the accounts that go with them) separate my time online into layers of personal involvement.
Some passwords survive longer[5] than the accounts that they protect.

[1] I don’t network – never have been able to, never have bothered to learn how to do it. My bad? That’s part of my gripe with FB.
[2] don’t get me wrong, it’s not just FB that I’m nervous about – Google also has more of me on-line than what I would like
[3] i.e. loose interest in
[4] it’s somehow far more boring than the other
[5] the best passwords are the ones that change shape over time