PW management (was Re: break-in attempts)

[Rich Braun]

Alright, I'll bite.  Conventional wisdom on single-factor authentication has
been brought up at least twice in this thread:

1) Use a different password for each account.
2) Wherever possible, use an encrypted key instead of plain text password.

This strikes me as completely impractical for anyone who uses the web or has
multiple logins anywhere.

I'm *constantly* forgetting which password I used on which system, so I either
lock up the account by trying too many different passwords, or I revert to a
cheat-sheet that I've written down or stored in a text file in some
hopefully-obscure place.

Cheat-sheets are a terrible approach.  Hardware dongles that keep track of
passwords are only useful on the systems that have the needed software on
them.

The only meaningful long-term solution to this problems will ultimately be
some sort of government- or industry-mandated central registry of
authentication information.  Bill Gates would love you to use his, he first
proposed this concept at a talk he gave right here in Boston at a
BCS-sponsored event.  And the FBI would love you to use a biometric method,
which would prevent you from ever revoking an identity key.

Until some well-connected powerful rich guy imposes a grand-unified master
authentication database on all of us, what are we to do?  I'm at a complete
loss as to any practical method that works across multiple computers,
including the ones I walk up to at a friend's house or Internet cafe or
wherever.

Yes, I am challenging those of you who suggest these conventional PW
management rules:  they DON'T WORK for me.  Do you have some secrets on
successful use?

-rich