1. positives: - The password is very hard to guess / bruteforce - There are no physical ways to obtain the password except for hacking one of the services where you have an account - You don't have to remember a lot and the effort is low compared to other methods negatives: - If one service gets hacked and your password is found out, all your accounts are compromised - If you forget your password, you don't have a good recovery method for your account (unless the service provides one) - Even though your password is pretty strong, you are still a pretty easy target 2. positives: - The password is very hard to guess / bruteforce - There are no physical ways to obtain the password except for hacking one of the services where you have an account - You don't have to remember a lot and additionally to 1 only the method you're using (that you append the first letter of every service to it) negatives: - If one service gets hacked and your password is found out, getting into other accounts is harder than 1, but still pretty easy if they figure out your method - If you forget your password, you don't have a good recovery method for your account (unless the service provides one) - Even though your password is pretty strong, you are still a pretty easy target (although a tougher one than 1) 3. positives: - Your passwords are very hard to guess / bruteforce - If one of your accounts gets hacked, none of your others compromised - You don't have to remember a lot, except for the secure place / the means to get to the secure place negatives: - If someone finds and steals your password book, you don't have any means of getting your accounts back - If you need to access your passwords from somewhere where you don't have access to your password book, you can't log into any of your accounts - Keeping the password book around is a huge maintenance burden (compared to 1 + 2 for example) 4. positives: - Your passwords are very hard to guess / bruteforce - If one of your accounts gets hacked, none of your others are compromised - You can easily take all of your passwords with you negatives: - If someone finds and steals your USB stick, you don't have any means of getting your accounts back - If you need to access your passwords from somewhere where you don't have access to your USB stick, you can't log into any of your accounts - Keeping the USB stick around is a little bit of a burden (compared to 1 + 2 for example, 3 is a bigger burden of course) 5. positives: - Your passwords are very hard to guess / bruteforce - If one of your accounts gets hacked, none of your others are compromised - Finding all of your passwords is really easy and convenient negatives: - If your PC breaks, you don't have access to any of your passwords anymore - If you don't have access to your PC where you need one of your passwords, you can't log into your accounts - If you lose any of your passwords, you don't have a proper way of getting them back (like deleting it on accident or something) 6. positives: - Your passwords are very hard to guess / bruteforce - If one of your accounts gets hacked, none of your others are compromised - Taking your passwords with you is really easy negatives: - If the service storing your passwords gets hacked (and is not properly protected), all of your passwords could be vulnerable - Depending on how you access this password manager, your account may not be so secure - You need to keep around an extra password for your password manager (that you need a good strategy for as well) 7. positives: - Bruteforcing one of your passwords doesn't leak your main password (assuming the password derivation is good) - If one of your accounts gets hacked, none of your others are compromised - Knowing your main password, means you know all of your passwords (because they are simply derived, they are not unrelated to your main password) negatives: - You need to keep around an extra password for your password derivation service (that you need a good strategy for as well) - If your main password is found out, all of your accounts are compromised - You are a relatively easy target since all it takes is cracking your main password (and knowing one site you have an account for) 8. positives: - Your passwords are very hard to guess / bruteforce - If one of your accounts gets hacked, none of your others are compromised - Finding all of your passwords is really easy and convenient negatives: - If your PC breaks, you don't have access to any of your passwords anymore - If you don't have access to your PC where you need one of your passwords, you can't log into your accounts - If you lose any of your passwords, you don't have a proper way of getting them back (like deleting it on accident) 9. positives: - You don't have to remember a lot of passwords - If one of your accounts gets hacked (and are unrelated to the password reset method), none of your others are compromised - Getting into your accounts is really easy negatives: - If your reset password method gets compromised, you don't have a way of getting back your account - Not all services may have a reset password function - You are a relatively easy target since all it takes is cracking your reset password method (if it is an email address for example)