How I avoid leaking my passwords

A few years ago, a work colleague accidentally posted a password into our team's group chat.

How did I know it was a password? Because it looked like this:

I.LoveKatie0510!

I have no idea which service this password corresponded to — maybe it was his bank account, or maybe just a password he created for local development — but I watched as the post quickly disappeared when he realized his mistake, hoping no one would notice it.

But I noticed indeed.

I use a password manager and occasionally have to copy and paste passwords into UIs, but I have a simple trick for avoiding this problem.

Here's an example password of mine (no longer in use):

https://ExperimentingWithBabies.com/?id=2480

This password, unconventional though it might look, is both a valid URL and, coincidentally, fulfills most common password requirements. It has sufficient length, as well as a mix of lowercase and uppercase letters, plus some numbers and special characters.

But if I were to mistakenly paste this password into a group chat or a text message or some other public location, the chances of anyone recognizing it as a password are pretty slim.

And that's how I avoid leaking my passwords — not by making it harder for them to appear out in the open, but by making it harder for them to be recognized as sensitive information.