I received an email from a journal asking me to review a paper. Near the bottom of the email, it says,
Your User Name is xxx and your password: xxx.
I x-ed these out for obvious reasons–I don’t want my passwords spread over the net. I can’t believe that an online system would send passwords by plaintext over email, conveniently flagged with the word “password”!
Sending passwords and user names in the clear can, indeed, be quite disconcerting. Doing so can also leave the recipient in a quandary as to whether to (a) believe the reliability of the sender and (b) whether you are being in reality monitored by someone. The "captcha" technology so prevalent today on the internet can certainly be used to solve this issue. On the other hand, almost all of the login systems allow immediate change of your password after you have first logged on so insofar as there might be trust in the first place to do that initial logging on, your security can be restored simply by exercising that option.
Chuck Yung
I don't want others to know what strategy I use. and importantly, you should change your password wherever it has been compromised. don't trust *any* website with the real password.
—
Never use the same string for "real" passwords as you do for silly passwords intended for sites like journals, and other millions of sites that ask you for password. If you do this mistake, change the "real" password immediately.
To generate random passwords, use Steve Gibson's PPP.
To remember the silly passwords, one can use software. There is a good guide at Ask-Leo.