Like most people, I have dozens of passwords to keep track of. With all the thinking I've been doing lately about passwords, I've decided to change mine more frequently, use a different password for every service, and make them longer and more complex. I've started using a password manager to do this. It's the only way. The trade-off is that I have a single master password with access to all my accounts, but the benefit is "password agility" — the ability to quickly change my passwords, and limit the damage caused by a single password theft (unless of course it's my master password that's stolen).
Replacing passwords entirely would be a better solution, but as far as I can tell, the practicality of alternative authentication methods is still off on the horizon. Smart cards, tokens, code generators, out-of-band authentication via smartphone, and biometrics all seem like good alternatives. I'm wondering how much longer it will be before the major technology vendors and service providers will support those and we can all look back on passwords as a bad memory from a distant past.
Sign up for CIO Asia eNewsletters.