[newgeezer]

It doesn't have to be; just set up a simple rule

The one problem I have with such a rule is, it just takes one place where they don't adequately protect your password, and one person there to see your password and figure out your rule. Then, he pretty much knows all your passwords everywhere else.

How much chance is there of that? Maybe not much. But—especially as simple and self-contained as your rule is—it's a chance I'm unwilling to take.

[HKMk23]

I’m worse. In the cases where frequent password changes are required, I’ve resorted to combinations and permutations of 0123Abcd. Everytime I have to make a change, I shift the numerals, and either swap the alphas end-for-end or alter which one is capitalized. If they change their protocol to require one character each from the Hebrew and Greek alphabets, it’ll really mess me up, though.

[sionnsar]

I quite admit the rule I used to demonstrate wouldn't be a good one because it's too easily guessed, even from a single case.

I had to make the tradeoff because every time I turned around I was having to make up a new password for something else at work -- one for my e-mail, one for the travel reservation system, one for expense reports, one for the internal website, one for... and each one of them on a different change cycle.