Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Too many passwords

  • 18-01-2022 2:24pm
    #1
    Registered Users, Registered Users 2 Posts: 2,308 ✭✭✭


    Hi all,

    I'm starting to have some problems with the many passwords I have to use for my accounts.

    Different email addresses, forums, online stores, online services, etc.

    I know that the advice is not to use the same password for all accounts, but it's also impossible to have a different password for each account, and then remember them all. So, very often, I tend to forget the password set for a certain account (especially when I seldom use it) and need to hit the "forgot password?" button to reset it.

    Do you have any advice to create and remember secure passwords for several accounts?

    Thanks!



«13

Comments

  • Registered Users, Registered Users 2 Posts: 235 ✭✭cromelex


    Get a password manager.


    You can use something free like Bitwarden.


    The idea is that you only need to remember your "master" password, and then the password manager will keep all the different passwords for all the websites, meaning you only need to remember a single, strong password.



  • Registered Users, Registered Users 2 Posts: 857 ✭✭✭Ronney


    Get a Strong base password and add the first 3 letters of the website to that sites password.

    Passwords nowadays need a mixture of letters/numbers/special characters so get an 8 digit here you might remember

    Abc1Def2Boa! for Boards or BABC1oDef2a! if you think the first is obvious

    Abc1Def2Gma! for Gmail

    Abc1Def2Hot! For Hotmail



  • Registered Users, Registered Users 2 Posts: 9,280 ✭✭✭RobertFoster


    Have you tried using a password manager? I personally use BitWarden. Check out YouTube for explainers/guides on how they work.



  • Registered Users, Registered Users 2 Posts: 4,277 ✭✭✭km991148


    Ignore any "systems" like this and get a password manager. Have it generate a strong secure password for every site to the max length allowable for each site.


    Bitwarden can be installed as a browser extension and a phone app and will sync between them.



  • Registered Users, Registered Users 2 Posts: 17,282 ✭✭✭✭banie01


    +1 on Bitwarden. I was previously a lastpass user and switched about 2yrs ago.

    Secure, fast and easy to use.



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,308 ✭✭✭Irish Stones


    This, actually, was one of my first thought.

    A "root" common to all sites, and then a "variable" part for every site.

    It seems this system is advised against, though.



  • Registered Users, Registered Users 2 Posts: 2,308 ✭✭✭Irish Stones


    I will give a look into Bitwarden now, thanks!



  • Registered Users, Registered Users 2 Posts: 2,308 ✭✭✭Irish Stones


    What scares me the most about these password managers is that if they discontinue their services, and they have generated a password for you, you might be locked out your accounts for good.

    Am I wrong?



  • Registered Users, Registered Users 2 Posts: 2,398 ✭✭✭Glaceon


    I've never been comfortable with password managers, they seem like a single point of failure to me. If the master password is somehow compromised, everything else is compromised too.



  • Registered Users, Registered Users 2 Posts: 26,203 ✭✭✭✭Strumms


    What I’ve started doing is writing them down in a small notebook that I keep locked in my drawer….

    email accounts , gym booking, course website, Netflix…. various clothing, sporting goods and homeware retailers x6, government sites..

    problem started when so many websites started asking for passwords with one capital letter and X amount of numbers in them or a symbol… or some specific variant of that, becoming impossible to surefire recall everything, especially sites you don’t frequent too regularly,,,



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,308 ✭✭✭Irish Stones




  • Registered Users, Registered Users 2 Posts: 30,036 ✭✭✭✭HeidiHeidi


    I have one of those as well! Trouble is when I'm not at home and wind up changing the password, and forget to record it - so I have a back up partial list in an app on my phone.

    I toyed with the idea of a password manager, but as another poster said, the single point of failure aspect of it just doesn't seem like a great idea.

    I do use the"save password" feature in Google and Firefox, not sure whether that's foolish or not but I've survived so far.....



  • Registered Users, Registered Users 2 Posts: 2,308 ✭✭✭Irish Stones


    That is exactly what is happening to me. Too many accounts, several of them I use rarely and forget the password, I have to generate a new one, only to forget it again. Moreover, there's no a common criterium for all of these accounts. Some want extremely strong sequences of number, letters, lower and upper case, symbols, length.

    Having them written down isn't a solution, though, I may lose the notebook, or leave it at home when I need while I'm away, and so on.



  • Registered Users, Registered Users 2 Posts: 30,036 ✭✭✭✭HeidiHeidi


    I've started using a system as described in an earlier post when I'm forced to change password - a combination of a strong common password and a bit of the website name.

    Then I have to try and remember to update the master list at home in the notebook later.

    Might not be the most secure, but jaysus it's all very difficult!! Better than 1234 anyway......

    If I'm ever burgled and they find my notebook, I'm goosed.....



  • Registered Users, Registered Users 2 Posts: 3,205 ✭✭✭cruizer101


    I'm not really a fan of password managers tried one years ago and didn't like using it, maybe I should give it another go.

    What I do is dependent on the service I use different policies. i.e. for my gmail and other important services they have completely unique secure passwords. For not so important stuff I use a system similar to suggested above, a base password plus identifier, its not overly secure but for services like boards or other forums I'm not as concerned, I don't want someone logging in as me but realistically they can't do a huge amount of harm compared to if they could get into my gmail.



  • Registered Users, Registered Users 2 Posts: 7,846 ✭✭✭SuperBowserWorld


    paper for throwaway stuff

    brain for email, work, banking ...

    Post edited by SuperBowserWorld on


  • Registered Users, Registered Users 2 Posts: 958 ✭✭✭Stratvs


    Between work and personal I currently have 147 usernames/passwords. I've been using Passwords Plus for iOS on phone which I find good and it allows to customise each entry with space for notes etc. It also has a self destruct feature. By way of "belt & braces" I also keep them all in a notebook ( I know not generally a good idea but it's tech failure proof and as well hidden as I can manage ).



  • Registered Users, Registered Users 2 Posts: 2,308 ✭✭✭Irish Stones


    Never used that "save password" feature in Google, I don't trust it 😁



  • Registered Users, Registered Users 2 Posts: 2,308 ✭✭✭Irish Stones




  • Registered Users, Registered Users 2 Posts: 2,308 ✭✭✭Irish Stones


    I had a look at Bitwarden YouTube channel and watched the tutorial and I found it too complicated, I mean, not quick enough to use, I believe.



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 753 ✭✭✭Timfy


    I strongly recommend password managers but I trick that I teach is the following.

    Think of a strong master password phrase for instance GoldilocksAndThe3Bears!

    Then when you sign up, simply add the service that you're signing up to such as;

    MicrosoftGoldilocksAndThe3Bears!

    FacebookGoldilocksAndThe3Bears!

    BoardsGoldilocksAndThe3Bears!

    Et voila! A different password for every service that you use.

    The master phrase can be as complicated as you want as you'll only need to remember this one - the service that you use will prompt the rest.


    Edit... oops, I see someone has already suggested similar to this previously!

    No trees were harmed in the posting of this message, however a large number of electrons were terribly inconvenienced.



  • Registered Users, Registered Users 2 Posts: 4,277 ✭✭✭km991148


    It's all a choice between convenience and security. But most of the time you use some system of remembering you are more than likely opening yourself up to ways of being compromised that you didn't even imagine before.


    One massive password on bitwarden suits me.

    Of course different services have different levels. I don't mind 2fa on my banking login but it is a pain on the 4od app on the shared firestick.



  • Registered Users, Registered Users 2 Posts: 30,268 ✭✭✭✭AndrewJRenko


    You can enable 2 Factor Authentication to avoid the single point of failure. Just about every security advisor in the world recommends password managers as the only practical solution. They generally use good encryption, so even if they are hacked, your passwords won't be visible (similar to your Signal or WhatsApp messages).

    If you need access to your passwords on a work device, check to see if you can install the browser add-in for your chosen password manager in the work environment before making a final decision on which one to choose.

    Bitwarden works for me - a bit clunky on the work device with cutting and pasting, but it is workable.



  • Registered Users, Registered Users 2 Posts: 26,203 ✭✭✭✭Strumms


    Just shows you how many fûcking dickheads in this world trying to get their grubby mitts on your stuff, your information and money, that we have to go to these levels of inconveniences to ourselves just to have things that we need like our passwords for things that are important to and for us…

    Cybercrime is a offence in this country but I can imagine how seriously disinterested the Gardai would be if you as a citizen turned up at a station fully prepared to make a complaint regarding something of yours getting hacked….

    of course if you are a business or business owner they’d be all over it… seeing as they are really the only section of society our establishment are anyway concerned about protecting.



  • Registered Users, Registered Users 2 Posts: 3,527 ✭✭✭Masala


    +1 from me as well on Bitwarden. Can have it on Phone, Ipad and pc... so access to passwords whenever and wherever you look up your sites



  • Registered Users, Registered Users 2 Posts: 4,277 ✭✭✭km991148


    Especially if you were writing them down on a bit of paper..


    Probably the same level of interest if your car got robbed and you told them you kept the keys on the windscreen..



  • Registered Users, Registered Users 2 Posts: 235 ✭✭cromelex


    In Bitwarden, you can use 2FA (including Fido U2F physical usb keys).

    This prevents your account from being compromised even if your master password was to be compromised.

    If you are afraid of their own servers being compromised, you can self-host your own. Bitwarden also allows you to do this.


    There is no silver bullet, but using a password manager is currently the safest bet.



  • Registered Users, Registered Users 2 Posts: 12,881 ✭✭✭✭Calahonda52


    I have a business card holder from back in the day: A to Z: just checked, current count is 87

    I have a standard format to them.

    Most have a known mis type in them in case anyone is snooping.. so it might read say 99Comment69 but would in fact be 9*9*Comment*9*9

    “I can’t pay my staff or mortgage with instagram likes”.



  • Registered Users, Registered Users 2 Posts: 4,277 ✭✭✭km991148


    It's a flawed plan really, not so much for the writing down but for the standard format.

    You are relying on the security of the crappiest service you use. A lot of crap websites won't protect your password so when they get compromised, as they often do because they are crap, then your standard format had just been added to password cracking dictionaries, therefore making it easier to guess your password in 'better' sites.



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 26,203 ✭✭✭✭Strumms


    As long as the paper is stored safely and out of access for other it’s fine…



  • Registered Users, Registered Users 2 Posts: 3,711 ✭✭✭HBC08


    I use the same very secure password for all my important stuff.

    I use a 2nd very secure password for less important stuff like Netflix,Spotify etc.

    This gives a certain level of security but also means I always know my passwords.



  • Registered Users, Registered Users 2 Posts: 4,277 ✭✭✭km991148


    Sure, but you can't really complain if the police don't take you seriously



  • Registered Users, Registered Users 2 Posts: 26,203 ✭✭✭✭Strumms


    It wouldn’t be at the forefront of my concerns.. as long as they are professional and do their job :)



  • Moderators, Business & Finance Moderators Posts: 10,604 Mod ✭✭✭✭Jim2007


    There is that and of course since you did not write it yourself you have no idea what goes on in the background especially if the machine is connected to the internet. If the vendor identifies a weakness, you probably won't be the first to know.



  • Moderators, Business & Finance Moderators Posts: 10,604 Mod ✭✭✭✭Jim2007


    The simplest think is to use a password policy that way you can have a different password per site/application and you don't need to remember them. When presented with a logon screen you'll know exactly what to type.

    Say for instance: first two chars of site name + "standard string" + middle two chars of site name + second last char + standard unique chars + count of letters in site name. So Amazon might be: amB47tf2azn*-#6 and so on.



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 7,555 ✭✭✭Ave Sodalis


    You can use themes. They can be as obscure a theme as you want. Movies, movie quotes, song lyrics, places you'd find things in the kitchen/living room/bedroom (e.g spoons2nddraw, micr0waveleftcorner). If you can tie the website to it, even better (e.g Instagram = scales3rdtopcupboard) (Facebook = m1rrorbackwall, library5thfrombridge). It can really be any theme you want, you'll end up with bizarre passwords that will be easy for you to remember.



  • Registered Users, Registered Users 2 Posts: 30,268 ✭✭✭✭AndrewJRenko


    Check your email address and phone number at https://haveibeenpwned.com/ and see which of your accounts have been breached.



  • Registered Users, Registered Users 2 Posts: 3,711 ✭✭✭HBC08


    Tried that and it says 1 data breach.

    I imagine there's no circumstances where it'll so you've never had a breach,after all they're trying to get me to use their site.They can give me no details at all of this alleged breach,I won't be panicking.

    I can guarantee you that was with my secondary password so nothing important (if it happened at all) That's kinda the reason I use this system.



  • Registered Users, Registered Users 2 Posts: 4,277 ✭✭✭km991148


    Ok but now all those "unimportant" accounts are comprised.


    There isn't a hard sell to use their services.

    Also how long has that been so you reckon?

    How long would you go before noticing one of your 'important' accounts is gone. It's really a terrible system tbh and this should be pointed out in case someone else decides to use it.



  • Registered Users, Registered Users 2 Posts: 3,711 ✭✭✭HBC08


    It's worked well for me for about 25 years so I'm happy enough.

    I don't profess to know a lot about this stuff and am mot recommending this method over any others (although I do like to know my passwords when I'm prompted rather than have to go looking for or carry around a hand written notebook) whatever works for people.



  • Advertisement
  • Registered Users, Registered Users 2 Posts: 4,277 ✭✭✭km991148


    Yes and that's all good, and not trying to be a smart arse with you, but for the sake of others I'd have to recommend strongly not to follow this strategy. Online security has changed a lot in 25 years. Your email and password is now published for all to see, it's only a matter of time before you loose access to those other accounts that share the same credentials.



  • Registered Users, Registered Users 2 Posts: 113 ✭✭ByTheSea2019


    I don't have a different password for everything but I have my "serious" passwords that are only used for serious stuff, banking etc where financial or identity fraud could be a massive problem and then other passwords for more casual sites that don't really have much about me, and I never mix them, so if some less reliable site gets hacked, I'm hopefully not in trouble.



  • Registered Users, Registered Users 2 Posts: 11,392 ✭✭✭✭Furze99


    Use a variety of passwords based on things I have an interest in and note them down. Don't trust password managers but will use Google etc to remember login details for sites that aren't very critical. Has to be a balance between usability and security.



  • Registered Users, Registered Users 2 Posts: 4,477 ✭✭✭wonga77



    Out of curiosity why did you change? I use LastPass and Im quite happy but at $10 a year, bitwarden is far cheaper. Can you sync across passwords?



  • Posts: 0 [Deleted User]




  • Registered Users, Registered Users 2 Posts: 3,711 ✭✭✭HBC08


    My email and password is now published for all to see?

    What are you basing that on?

    Years ago on an old email address I got a message threatening me that they had my password and they were going to show what porn I'd been watching if I didn't pay some sort of ransom. They actually did have my password.I laughed and didn't give it a second thought, a guy in Cork killed himself over the same sh1t.

    Seriously,less dramatics and fear and a bit of cop on goes a long way.



  • Registered Users, Registered Users 2 Posts: 4,277 ✭✭✭km991148


    By your own admission you are no expert - I am not trying to put fear in you, just telling it how it is.

    IUf you got a hit on https://haveibeenpwned.com it means a website you use was hacked and attackers stole your data. If the website was not storing passwords securely (surprisingly common) then yes your email and password have been published on the internet. It will be on a list that is passed around people that like to try and find other compromised accounts.


    The "bit of cop on" you are looking for is to use a password manager and a unique password for everything. You don't want one, and I appreciate you have stated your reasons, fine, I am not trying to force you to use one. But for anyone else looking for advice (like the OP for example) then they must know this is a terrible system and should understand the risks involved.

    The exposing your porn habits ruse is a different scam entirely and (as you suspected) was most likely bs.



  • Registered Users, Registered Users 2 Posts: 105 ✭✭Janey Mack


    HaveIbeenpwned also has a password checker - if your password wasn’t hashed in a breach.

    ”Pwned Passwords are hundreds of millions of real world passwords previously exposed in data breaches. This exposure makes them unsuitable for ongoing use as they're at much greater risk of being used to take over other accounts”

    https://haveibeenpwned.com/Passwords



  • Registered Users, Registered Users 2 Posts: 3,711 ✭✭✭HBC08


    OK,I can't say I know you're wrong as I don't know enough about.



  • Registered Users, Registered Users 2 Posts: 3,205 ✭✭✭cruizer101


    That actually wouldn't be that strong a password. Yes it is long but hackers will use dictionaries of words to try and hack passwords, these dictionaries will contain actual words and other pseudo-words which are commonly used in passwords as well as common replacments e.g. G0ld1l0cks or B3ears.

    Interesting video on it here https://www.youtube.com/watch?v=7U-RbOKanYs



  • Advertisement
Advertisement