How do you keep track of all your passwords?

Problem Of Motivation

I have a notepad file especially for this. You'd be amazed at how many different codes, account numbers and passwords you'd accumulate over the years. It's becoming a huge document. I then take pleasure in those moments when I'm asked for some code, and somebody shouts out "oh sh1t, we need a code for that", and then when they're not looking I secretly open up my document with all the passwords and find it, and then I pretend that I remembered it.

But even I come into situations where I'm costed half an hour or so because I don't have a password that someone else forgot to take note of, and you'll have choose a "forgot password" option and send an email or what not. You'd be amazed at how you could be inconvenienced by not having a code these days. You can't take anything for granted. For example, I recently couldn't even watch something I'd recorded on Sky without a bloody code. Now with most people, when they'd finally figure out the code, they'd just watch the bloody show. But not me - I add the password to my file! That's the trick.

I have noticed one other thing. And that's that after going to the trouble of remembering documenting passwords, that when you come back to log in a few years later, that it just tells you that you've the wrong password. I notice this most when doing making job applications under the likes of taleo.net, career4.successfactors.com and xjobs.brassring.com, when you'd be made to set up an account to apply for a job, but then when you come back a few years later, that password won't work. You then have to pretend that you've forgot you're password to get in.

whatawaster

Last Pass.

I don't know how I ever lived without it

RMAOK

Commit them to memory

twignme

SecureSafe App.

Del.Monte

RMAOK wrote: »

Commit them to memory

Failing that, which occasionally happens, I have them all written down in a notebook which is in code which only makes sense to me and locked in a floor-safe.

BrokenArrows

I use mostly the same password for everything with some exceptions.

But in general I make heavy use of the "forgot password" feature.

Corkgirl18

A password manager is the way to go

JohnnyFlash

LastPass. Amazing service.

jester77

I host my own password manger, bitwarden. One of the best out there and don't have to worry about third party sites having access to my passwords.

B.A._Baracus

I have a simple system:

Create a decent password with uppercase, lowercase, few numbers and a symbol. Use that for the important websites. Others? generic password. Stuff like burn emails or what have you. Plus you can do variations. Easier to remember a variation than another password.

They say passphrases are the best now. Such as, TimmyOpenedUpTheWELL1122 or JeSTer77isAknob stuff like that





:pac:

maccored

i use passphrases - easier to remember and harder to crack. I'd never use a password manager as all you need do is crack that.

Bigbagofcans

If I use them frequently then it's muscle memory. For those less used I have to think for a min what they are.

Tell me how

@michael1979. That's who the OP reminds me of.
Was trying to think who it was when reading first post of last few threads.

JohnnyFlash

maccored wrote: »

i use passphrases - easier to remember and harder to crack. I'd never use a password manager as all you need do is crack that.

Use a pass phrase to access your password manager and setup 2 factor authentication on it as well.

Sir Oxman

jester77 wrote: »

I host my own password manger, bitwarden. One of the best out there and don't have to worry about third party sites having access to my passwords.

I've yet to host my own but it's on my list.
I use Bitwarden and export my stuff once a week.

silverharp

a sticky on my desk

Graces7

BrokenArrows wrote: »

I use mostly the same password for everything with some exceptions.

But in general I make heavy use of the "forgot password" feature.

does not work . my computer died this week and I cannot access my gmail account as they say the password is wrong. They want to send a message to my default email which was the yahoo one that died. whatever I do they will not let me in to my gmail or my weblog

kneemos

Forgot password button.

iamwhoiam

An old fashioned little notebook and a pen

Noo

I used to have the same password for most things for years, but then of course some ask for capitals or symbols and you end up with loads of variations of the same password and can never remember which is for which site.

So this is an example if what I do now (obviously not going to give exact details)
- use a symbol and word unique to me (this will be the same for every password)
- add a certain section of the website name (same section for every password but will be unique to that website)
- add a number which is a formula based on the website name.

This way I only have to remember my password formula.

Bigmac1euro

Password1 for everything

Problem Of Motivation

maccored wrote: »

i use passphrases - easier to remember and harder to crack. I'd never use a password manager as all you need do is crack that.

To be fair most of the stuff you'd need a password for, you couldn't give a damn if someone cracked it. So what if a burglar can watch a program that you recorded on your Sky TV!

Problem Of Motivation

Noo wrote: »

add a number which is a formula based on the website name.

I don't know what you mean by that?

kneemos

Problem Of Motivation wrote: »

To be fair most of the stuff you'd need a password for, you couldn't give a damn if someone cracked it. So what if a burglar can watch a program that you recorded on your Sky TV!

Anything involving money really. The rest can all have the same password.

Problem Of Motivation

Corkgirl18 wrote: »

A password manager is the way to go

Can't Marker ZuckerHead and Vladmir Putin access that if they want?

MOH

Post them all on Facebook. That way if I need one and I'm stuck, I can always ask a friend to check for me.

Except my Facebook password for obvious reasons, that goes on Twitter.

o1s1n

Bigmac1euro wrote: »

Password1 for everything

Posting as Bigmac1euro on boards.ie in 5,4,3,2...

Mrcaramelchoc

Problem Of Motivation wrote: »

Can't Marker ZuckerHead and Vladmir Putin access that if they want?

this is what i was wondering,the people that make these apps.dont they have access to these passwords?i mean thousands of them in some cases and some of them would be important like bank passwords or amazon passwords etc?i have no idea who makes bitwarden or last pass etc
isnt it open to be fiddled with?

Apiarist

I have a password manager. Also for passwords I use a set of ~40 words that I mix with special symbols in different combinations. I remember those words and write down codes for their combinations in a paper notebook. For example, "X!5d" would translate into "Executive!5decision". These is for the majority of sites where the security is not the first concern.

For important logins, I use randomly generated passwords saved in a password manager.

ED E

Mrcaramelchoc wrote: »

this is what i was wondering,the people that make these apps.dont they have access to these passwords?i mean thousands of them in some cases and some of them would be important like bank passwords or amazon passwords etc?i have no idea who makes bitwarden or last pass etc
isnt it open to be fiddled with?

No, only you do.


Think of it like storing a can of alphabet soup with them. They just get an illegible blob. You store the master password. Without it what they have is useless.


NB: If you use LP's password recovery features then LP CAN access your data but in the trust nobody mode its entirely private.

Apiarist

Mrcaramelchoc wrote: »

....the people that make these apps.dont they have access to these passwords?i mean thousands of them ....

Potentially they can. However, they must not and it is a very bad form if they do.

Apps do not need to store your password at all. A normal security check takes the passwords and applies a one-way mathematical function to it which produces a string of numbers. You give the word "my_pass" + your username and the function returns "54 68 61 74 73 20 6D 79 20 4B 75 6E 67 20 46 75"; the resulting number is stored by the app. Any time you enter the password, the number is generated and compared versus the stored number. And here is a good bit -- it is not practically possible to get the original password from the stored number.

fmpisces

Problem Of Motivation wrote: »

I have a notepad file especially for this. You'd be amazed at how many different codes, account numbers and passwords you'd accumulate over the years. It's becoming a huge document. I then take pleasure in those moments when I'm asked for some code, and somebody shouts out "oh sh1t, we need a code for that", and then when they're not looking I secretly open up my document with all the passwords and find it, and then I pretend that I remembered it.

But even I come into situations where I'm costed half an hour or so because I don't have a password that someone else forgot to take note of, and you'll have choose a "forgot password" option and send an email or what not. You'd be amazed at how you could be inconvenienced by not having a code these days. You can't take anything for granted. For example, I recently couldn't even watch something I'd recorded on Sky without a bloody code. Now with most people, when they'd finally figure out the code, they'd just watch the bloody show. But not me - I add the password to my file! That's the trick.

I have noticed one other thing. And that's that after going to the trouble of remembering documenting passwords, that when you come back to log in a few years later, that it just tells you that you've the wrong password. I notice this most when doing making job applications under the likes of taleo.net, career4.successfactors.com and xjobs.brassring.com, when you'd be made to set up an account to apply for a job, but then when you come back a few years later, that password won't work. You then have to pretend that you've forgot you're password to get in.

I have a typed up list of all my log ins and passwords on a Notepad document, saved on my laptop, on my phone in PDF and emailed myself a copy in case the two devices ever crashed.

Mrcaramelchoc

victor8600 wrote: »

Potentially they can. However, they must not and it is a very bad form if they do.

Apps do not need to store your password at all. A normal security check takes the passwords and applies a one-way mathematical function to it which produces a string of numbers. You give the word "my_pass" + your username and the function returns "54 68 61 74 73 20 6D 79 20 4B 75 6E 67 20 46 75"; the resulting number is stored by the app. Any time you enter the password, the number is generated and compared versus the stored number. And here is a good bit -- it is not practically possible to get the original password from the stored number.

Very interesting cheers.

maccored

interesting article on password managers

https://www.weforum.org/agenda/2019/03/password-managers-arent-all-theyre-cracked-up-to-be-heres-why/

This is it

Graces7 wrote: »

does not work . my computer died this week and I cannot access my gmail account as they say the password is wrong. They want to send a message to my default email which was the yahoo one that died. whatever I do they will not let me in to my gmail or my weblog

Well it does work it's just that the backup you have is inaccessible... That's the users fault.

ytpe2r5bxkn0c1

I use a simple code incorporating the website.


Credential Manager Control Panel lists them too.

I use the same first few characters for every password and then modify depending on the what the password if for so its very easy to remember as it will be the same start and then something to do with the website I'm logging into but I don't have the full same password for everything at the same time.

I wouldn't be a fan of them password managers prefer to just have passwords I enter on different sites. I have my passwords saved in the browser of both my personal and work computers also so I rarely have to enter passwords. Same for app on the I can save them on etc.

Noo

Problem Of Motivation wrote: »

I don't know what you mean by that?

Oh something simple like add the first and third letters. So Boards would be b=2 and a=1, so the number for that password would be 3.

Capt'n Midnight

I use "invalid" as my password so that if there's a typo the website will remind me that my password is 'invalid'

muse ubaid

i use the same password for all my accounts

Capt'n Midnight

muse ubaid wrote: »

i use the same password for all my accounts

https://haveibeenpwned.com/

evernote entry

ixoy

KeePass to store them and I've taken to generating passphrases from horsebatterystaple.net

muse ubaid

Capt'n Midnight wrote: »

haveibeenpwned

its too early to say yet...

Beasty

I have a system for PINs and passwords, which means I don't need to write anything down or store any details other than with the counterparty I use the password with

It's a system that no-one else knows, which means that when I've gone (or indeed when my mind goes) all my secrets will go with me, and they could be looking for some of my "treasures" for quite a long time....

it could be cracked, but someone would need to know half a dozen or more of them to do that, and even then there are idiosyncrasies both in password requirements and the way I apply my system that would make it quite difficult to do so, particularly for the more important ones which have additional layers of "protection"