How many passwords do you have to remember?

Deise Vu · 15-06-2017 10:38am #1

So yesterday I was brought to the brink of a nervous breakdown. First I tried to investigate a massive charge on a work mobile which required a login name, password, user PIN and a verification code before accessing a ‘dashboard’ of which I could make zero sense. Result: On-line billing now cancelled and it’s back to the 50’s. Hello reams of paper, bye bye forests.

What nearly tipped me over the edge though, was trying to cancel an auto-renew of Xbox Gold on a child’s Xbox. His friend emigrated two years ago and I was persuaded that they could keep in touch and have fun. Needless to say the friend is long forgotten but every year Bill Gates needs €60 from me to keep the wolf from the door so I decided to cancel. I won’t give the long version of what ensued. People who know Microsoft will already be familiar with the seven circles of hell you must visit to cancel a subscription and, people who do not, probably wouldn’t believe it. Trust me, at one stage I was actually speaking to my credit card company about cancelling my card and moving banks.

Eventually, thanks to my 11 year old being able to recall a password on a Microsoft account and a Gmail account he created two years ago I was able to cancel with the assistance of my new best friend, Matthew, at Microsoft Support Chat. Yes, I know I was stupid, thanks for reminding me.

It got me thinking, I am reasonably tech-savvy but will never, ever give my credit card details to any organisation ever again unless there is a human I can catch by the collar and tie and drag across a counter in order to emphasise my displeasure at their notion of Customer Service. So, is the world of e-commerce eventually going to collapse or are we all going to be bankrupted by long forgotten passwords and the small print of contracts we never read? Alternatively, will someone come up with a transferable biometric system that will allow us to live our lives without having a list of 100’s of different passwords that have to be changed regularly.

I am curious to know how many passwords people have and how they organise them. I have a spreadsheet with over 200 work passwords (plus subsets!) and between 50-100 private ones. If I forget the password to my password spreadsheet I will probably starve or be bankrupted and I will certainly be fired. This can’t be right. What do the rest of you do? Does your spouse know how to access all your banks, utilities, insurance, pension, even your phone (God forbid!) etc etc? Do you know how to stop standing orders / direct debits from your bank account?

Or did I just have a bad day.

I will try to add a poll but I haven't done that previously. hopefully it won't require a password.

Alun · 15-06-2017 10:38am

One.

https://www.lastpass.com/

MillField · 15-06-2017 10:41am

I use 1Password to hold these. There wouldn't be a hope of me remembering passwords otherwise!

whoopsadoodles · 15-06-2017 10:45am

One - for the password list.

I do however remember a scary amount of those all by myself.

Only when typing them though. If I was asked to say it out loud I wouldn't have a clue.

Deise Vu · 15-06-2017 10:45am

But, but .....they cost more money :mad::mad::eek:

Alun · 15-06-2017 10:47am

Deise Vu wrote: »

But, but .....they cost more money :mad::mad::eek:

Lastpass is free. There is a premium version that adds some features, but you don't really need those.

MillField · 15-06-2017 10:50am

Alun wrote: »

Lastpass is free. There is a premium version that adds some features, but you don't really need those.

Same goes for 1Password

ED E · 15-06-2017 10:51am

Google
Password Manager
Dropbox
Desktop
Banking PIN

Thats it. The rest are pseudo random blobs like B2Du0psJNpnzN8sCBNGY. I also remember both my parents primary ones as they never can...

Qreq · 15-06-2017 10:57am

The poll doesn't work as intended for those who use password managers. We have a low number to remember because the manager remembers everything else we trust them with.

Deise Vu · 15-06-2017 11:02am

Qreq wrote: »

The poll doesn't work as intended for those who use password managers. We have a low number to remember because the manager remembers everything else we trust them with.

Yep. I probably should change to to how many do you use.

Is anyone even a little bit apprehensive as to what would happen if you forget the password to your passwords? I mean a bang on the head, dementia...alcohol poisoning?

whoopsadoodles · 15-06-2017 11:04am

Deise Vu wrote: »

Yep. I probably should change to to how many do you use.

Is anyone even a little bit apprehensive as to what would happen if you forget the password to your passwords? I mean a bang on the head, dementia...alcohol poisoning?

Sure then you'd forget all your passwords anyway!

RayM · 15-06-2017 11:07am

I just use the password "password" for everything. Much easier.

RayM · 15-06-2017 11:07am

I have a very small penis

Delphinium · 15-06-2017 11:08am

Passwords are easy using a manager. Then you have unlock codes for phones, tablets etc. And bank cards. I have to remember gate and alarm codes for several houses, mostly relatives, to care for animals while they are away. Usually can recall the specific codes when I reach the gate as I have a habit of associating codes in some way with the property or owner as an aid to remember. But I do keep a secured list at home, written in a way only I can decipher, just in case I forget.

Deise Vu · 15-06-2017 11:09am

whoopsadoodles wrote: »

Sure then you'd forget all your passwords anyway!

That's my point. We are completely governed by having to remember passwords (and having to navigate sites some of which are deliberately obtuse when it comes to cancelling in my view).

In my example above, €60 per annum infinitum would have been coming out of my account for Bill gates if I didn't spend an hour at it last night.

HalloweenJack · 15-06-2017 11:09am

I have variations of the same password for most online logins plus a few completely random ones just in case.

murpho999 · 15-06-2017 11:16am

I just use the same password for everything.

It's a combination of a particular word, relevant to me, that nobody has a hope of guessing combined with a number.

So when I get to some website i haven't used in a while I know my password will work.

People who just pick random passwords for different sites are the ones who get into trouble.

whoopsadoodles · 15-06-2017 11:19am

murpho999 wrote: »

I just use the same password for everything.

It's a combination of a particular word, relevant to me, that nobody has a hope of guessing combined with a number.

So when I get to some website i haven't used in a while I know my password will work.

People who just pick random passwords for different sites are the ones who get into trouble.

I assume you're taking the piss?

Qreq · 15-06-2017 11:22am

Deise Vu wrote: »

Is anyone even a little bit apprehensive as to what would happen if you forget the password to your passwords? I mean a bang on the head, dementia...alcohol poisoning?

That situation would screw people without managers too. In both cases, you could print out your passwords or put them on a usb stick and store them. Of course, the hypothetical head injury could make you forget that place. You could tell a trusted person about the place or give them your master password (that person could be viewed as additional security or an additional vulnerability). For a physical place with padlocks, it's possible to link multiple padlocks together as a chain so that everybody has a key for a different padlock, any of which can break the chain. There's also another setup in which two or more people would need to open their locks together so that no single person can get access.

Hotblack Desiato · 15-06-2017 11:27am

Deise Vu wrote: »

I have a spreadsheet with over 200 work passwords (plus subsets!) and between 50-100 private ones. If I forget the password to my password spreadsheet I will probably starve or be bankrupted and I will certainly be fired.

Is your work aware you are doing that? because using very weak encryption to store your work passwords should be a sacking offence in itself.

You're already effectively using a password manager, just a piss-poor one.

Another good, free password manager is KeePass.

murpho999 · 15-06-2017 11:29am

whoopsadoodles wrote: »

I assume you're taking the piss?

No, why would I be? It's an easy system

Password contains a word and number and only difference I would face with various logins is the number.
Works perfectly now for years.

stimpson · 15-06-2017 11:30am

sbsquarepants · 15-06-2017 11:44am

Passwords are the bane of my life -incorrect password, reset password, try use the password I thought it was in the first place only to be told I can't use a previous password! ARGHHHHH:mad:

I have 2 bank accounts, internet banking codes, pins etc - I haven't a damn clue what they are, but when I sit down at my computer my fingers somehow know what buttons to press all by themselves. Couldn't write them out if my life depended on it!

Deise Vu · 15-06-2017 11:51am

Hotblack Desiato wrote: »

Is your work aware you are doing that? because using very weak encryption to store your work passwords should be a sacking offence in itself.

You're already effectively using a password manager, just a piss-poor one.

Another good, free password manager is KeePass.

Someone would have to hack into our system, locate the file (which has a harmless sounding name),and break the encryption. Is that less safe than trusting some anonymous corporation in Cyber Space as most of the techies here seem to have done? (That's a genuine question, I'm not being smart assed, I consider myself tech-savvy but am most definitely not a tech).

scamalert · 15-06-2017 11:54am

this reminds me on setting password reminder for dominos, and as usual forgot password so opted for reminder question:the question i put in was whats my password

(=idiot)

Now do remember about 5 passwords for important stuff main email banking etc.then likes of shopping online if use often also write them down on piece of paper and stick into wallet drawer seems no brainer but takes few seconds to find it when in need.

as other passwords go i either choose very generic password that i would use in many places and add random characters,or just forget and recover when needed.

services like google microsoft actually made it easier in recent years.other services like banks etc can be hell to deal with, when needing reset.

Brian201888 · 15-06-2017 11:56am

Another for Last Pass

One eyed Jack · 15-06-2017 11:58am

Deise Vu wrote: »

I have a spreadsheet with over 200 work passwords (plus subsets!) and between 50-100 private ones.

I don't really want to know, but I couldn't help thinking - where in the hell do you work that a single person would have to maintain accounts for over 200 different clients? :eek:

I just memorise what passwords I need to, and sometimes clients allow for passphrases which are much easier to remember, and then there are the few that require two-factor authentication and specific VPN, antivirus or OS software to be running on the guest machine or else they don't allow access. They're far more painful to have to deal with than just memorising passwords!

Alun · 15-06-2017 12:04pm

Deise Vu wrote: »

Is that less safe than trusting some anonymous corporation in Cyber Space as most of the techies here seem to have done? (That's a genuine question, I'm not being smart assed, I consider myself tech-savvy but am most definitely not a tech).

In the case of Lastpass, your passwords are stored on their servers in encrypted form, but they do not know your master password, that's only known to you, so any decryption takes place on your device only. Additionally there are extra safeguards in place to limit access to certain devices or certain countries, plus the ability to use 2FA such as Google authenticator or Yubikey.

Deise Vu · 15-06-2017 12:22pm

Alun wrote: »

In the case of Lastpass, your passwords are stored on their servers in encrypted form, but they do not know your master password, that's only known to you, so any decryption takes place on your device only. Additionally there are extra safeguards in place to limit access to certain devices or certain countries, plus the ability to use 2FA such as Google authenticator or Yubikey.

10 years ago I probably would have accepted that as I don't understand it (!). However, the older and more cynical I get, I cant help but feel uneasy that the people who designed the system will have some way of getting round their own security or someone within the company will find a way.

I am overly cynical it has to be said.:o

davo2001 · 15-06-2017 12:24pm

Alun wrote: »

One.

https://www.lastpass.com/

There is and has been major security vunribilities with lastpass and other password managers.

Deise Vu · 15-06-2017 12:31pm

One eyed Jack wrote: »

I don't really want to know, but I couldn't help thinking - where in the hell do you work that a single person would have to maintain accounts for over 200 different clients? :eek:

I just memorise what passwords I need to, and sometimes clients allow for passphrases which are much easier to remember, and then there are the few that require two-factor authentication and specific VPN, antivirus or OS software to be running on the guest machine or else they don't allow access. They're far more painful to have to deal with than just memorising passwords!

Its no secret I'm an accountant but I am also serve as network admin (with a lot of outside help!). Virtually everybody you deal with now has an on-line interface, customers / suppliers / utilities/ Banks / Govt Depts. We have multiple sites which multiplies the interactions. That's before you drill down into individuals for phone PINS; PUKS; Find-my-phone; email; company fuel cards by vehicle; by user; fleet tracking etc etc etc. Its a bloody nightmare.

Fortunately it is all in order to simplify the interaction.:rolleyes::rolleyes:

maccored · 15-06-2017 12:35pm

isnt the idea of a password manager a bit silly? All anyone needs to know then is the password to your password manager.

Der Stier · 15-06-2017 12:39pm

I have about 3 basic passwords that I do little algoriths with in my head when I need to change them, fortunately I have a good memory for these things.

But I must check out that lastpass.

Send In The Robots · 15-06-2017 12:39pm

maccored wrote: »

isnt the idea of a password manager a bit silly? All anyone needs to know then is the password to your password manager.

Agree, and wasn't one of those major password site managers on the news as being hacked recently making it a null option.

Alun · 15-06-2017 12:45pm

maccored wrote: »

isnt the idea of a password manager a bit silly? All anyone needs to know then is the password to your password manager.

Not really. The master password isn't stored anywhere accessible to an attacker, it's used locally to scramble your passwords before uploading to the password manager server, and the password manager company themselves don't know your master password either. Plus any potential hacker has to log in to the password manager in the first place and there are all kinds of hurdles you can put in the way of that happening such as device restrictions, 2FA and geographic limits.

....... · 15-06-2017 12:46pm

This post has been deleted.

Alun · 15-06-2017 12:51pm

Send In The Robots wrote: »

Agree, and wasn't one of those major password site managers on the news as being hacked recently making it a null option.

If you're referring to Lastpass that was a vulnerability that was discovered in one of the browser extensions which AFAIK would require the attacker to have physical access to a computer running the extension and logged in under your user name. It was disclosed to Lastpass without being made publicly known and fixed pretty quickly anyway.

Send In The Robots · 15-06-2017 12:51pm

Can't link but 'OneLogin' was on the news recently, it suffered a serious data breach.

Alun · 15-06-2017 12:55pm

....... wrote: »

This post has been deleted.

Because the bad guys know that people do this. When, not if, one of your passwords makes it onto a list of hacked passwords through a security breach like the recent Yahoo breach, they'll try that password on a variety of other sites along with simple variations of the same with, say 2 digits at the end. Having the base password available gives them a better chance of striking lucky.

maccored · 15-06-2017 12:56pm

Alun wrote: »

Not really. The master password isn't stored anywhere accessible to an attacker, it's used locally to scramble your passwords before uploading to the password manager server, and the password manager company themselves don't know your master password either. Plus any potential hacker has to log in to the password manager in the first place and there are all kinds of hurdles you can put in the way of that happening such as device restrictions, 2FA and geographic limits.

a password you make up that can get hacked is also not 'stored anywhere accessible to an attacker'. A bad password is a bad password, so if you have a crap password for a password manager then the hacker has a list to all the other account passwords. how they get to the password manager etc etc is totally irrelevant

Alun · 15-06-2017 1:04pm

Send In The Robots wrote: »

Can't link but 'OneLogin' was on the news recently, it suffered a serious data breach.

Yes, I saw that. Information is a bit patchy but there's evidence that they may have stolen some encrypted password vault data along with other user information. They wouldn't have had access to master passwords though, so the only danger may be from weak master passwords, possibly based on user names which they may try to exploit.

Alun · 15-06-2017 1:10pm

maccored wrote: »

a password you make up that can get hacked is also not 'stored anywhere accessible to an attacker'. A bad password is a bad password, so if you have a crap password for a password manager then the hacker has a list to all the other account passwords. how they get to the password manager etc etc is totally irrelevant

But they still have to actually physically log on to the password manager website to access them. I have mine set up so that only the devices I've authorized (PC plus phone) have access to it, require a one off code from a 2FA device and are geographically limited to Irish IP's. I'll also get an immediate email and SMS if any attempt to log in to my account from any other device or country is even attempted.

spoonbadger · 15-06-2017 1:21pm

stimpson wrote: »

Not really true anymore https://diogomonica.com/2014/10/11/password-security-why-the-horse-battery-staple-is-not-correct/

If it hasn't been posted yet, this is an excellent resource https://haveibeenpwned.com/

Deise Vu · 15-06-2017 1:32pm

spoonbadger wrote: »

If I searched your hard drive for the username or email of an account of yours I wanted the password for, would I find that file

I don't really understand the question. My email user name, as an example, would be contained within the excel file which is password protected but it obviously wouldn't appear in the excel file name. Is it the case that forensic searches can bypass file encryption and drill into the files? (Genuine question again!). My email user name will also appear on a million emails going in and out but very few excel files I suppose.

citytillidie · 15-06-2017 1:34pm

I have a few email addresses that have different passwords.

One for Xbox
One for personal use
One for online sensitive use
One for online sign ups

....... · 15-06-2017 1:41pm

This post has been deleted.

spoonbadger · 15-06-2017 1:55pm

Deise Vu wrote: »

I don't really understand the question. My email user name, as an example, would be contained within the excel file which is password protected but it obviously wouldn't appear in the excel file name. Is it the case that forensic searches can bypass file encryption and drill into the files? (Genuine question again!). My email user name will also appear on a million emails going in and out but very few excel files I suppose.

Thought I'd edited that in time :P Sorry, I didn't fully read your post and didn't realize your file was encrypted. If it wasn't though, storing account names with passwords somewhere searchable is a bad idea. Search for the account name is a very easy, lazy way of trying to find account details on a site, hard drive etc. etc.

stimpson · 15-06-2017 1:56pm

Deise Vu wrote: »

I don't really understand the question. My email user name, as an example, would be contained within the excel file which is password protected but it obviously wouldn't appear in the excel file name. Is it the case that forensic searches can bypass file encryption and drill into the files? (Genuine question again!). My email user name will also appear on a million emails going in and out but very few excel files I suppose.

What version of Excel?

Gone Drinking · 15-06-2017 2:07pm

Don't understand password managers, you've one password then for all your passwords. What if someone looks over your shoulder and sees it, or puts a key logger on your machine? Just never understood it.

I've between 6-10 passwords. Only the weakest couple that I've been using since I was a kid contain a dictionary word, these are only used for sites i don't care about. I've a complex one that I use for my important secure sites (online banking, secure payment authentication, main email etc). I've lesser complex ones I use for sites that I'm not too bothered by (social media) and then I've a few for work related items.

The companys or services I use my main/important password with would never ever be saving my password in plain text. It's been encrypted since the day I registered. Even if they were to fall victim of a hack where the passwords are leaked, the likelihood of them encrypting my password is nil.

Would probably be the same sort of security on social media/boards but I use a couple of passwords for those accounts because there's a greater chance they'll fall victim to a security flaw or hack.

Deise Vu · 15-06-2017 2:08pm

stimpson wrote: »

What version of Excel?

Office 2010. Version 14.0.7128.500 (32Bit) I got fed up with the constant change for the sake of it and never upgraded since. Don't tell me I have to cave in now?

Hotblack Desiato · 15-06-2017 2:36pm

Deise Vu wrote: »

Someone would have to hack into our system, locate the file (which has a harmless sounding name),and break the encryption.

All very easily done and it only takes one phishing email sent to a user of an unpatched system to manage it - all your files can be sucked down to the attacker's system and examined at their leisure for juicy stuff. Although it's usually a lot more lucrative for them these days to just encrypt your files and look for a ransom...

Office encryption is not really encryption, think of it as one of those novelty 'padlocks' you get in a christmas cracker. Absolutely trivial to crack open.

Is that less safe than trusting some anonymous corporation in Cyber Space as most of the techies here seem to have done? (That's a genuine question, I'm not being smart assed, I consider myself tech-savvy but am most definitely not a tech).

Whatever about the others KeePass isn't an anonymous corporation, it's an open source project and you retain your password store yourself (although you could put it on a cloud service if you wanted.)

ALL software has flaws and ALL software must be patched promptly when flaws are discovered. Amateur admins who don't know what they are doing and don't like patching will sooner or later get caught out badly, and it only takes one bad cybercrime incident to destroy a business for good.

How many passwords do you have to remember?

How many passwords do you have to remember 80 votes

Comments