Too many passwords

Irish Stones · 18-01-2022 3:24pm #1

Hi all,

I'm starting to have some problems with the many passwords I have to use for my accounts.

Different email addresses, forums, online stores, online services, etc.

I know that the advice is not to use the same password for all accounts, but it's also impossible to have a different password for each account, and then remember them all. So, very often, I tend to forget the password set for a certain account (especially when I seldom use it) and need to hit the "forgot password?" button to reset it.

Do you have any advice to create and remember secure passwords for several accounts?

Thanks!

cromelex · 18-01-2022 3:34pm

Get a password manager.

You can use something free like Bitwarden.

The idea is that you only need to remember your "master" password, and then the password manager will keep all the different passwords for all the websites, meaning you only need to remember a single, strong password.

Ronney · 18-01-2022 3:35pm

https://www.boards.ie/discussion/2058228664/too-many-passwords

Get a Strong base password and add the first 3 letters of the website to that sites password.

Passwords nowadays need a mixture of letters/numbers/special characters so get an 8 digit here you might remember

Abc1Def2Boa! for Boards or BABC1oDef2a! if you think the first is obvious

Abc1Def2Gma! for Gmail

Abc1Def2Hot! For Hotmail

RobertFoster · 18-01-2022 3:36pm

Have you tried using a password manager? I personally use BitWarden. Check out YouTube for explainers/guides on how they work.

km991148 · 18-01-2022 3:37pm

https://www.boards.ie/discussion/comment/118494941#Comment_118494941

Ignore any "systems" like this and get a password manager. Have it generate a strong secure password for every site to the max length allowable for each site.

Bitwarden can be installed as a browser extension and a phone app and will sync between them.

banie01 · 18-01-2022 3:47pm

https://www.boards.ie/discussion/comment/118494934#Comment_118494934

+1 on Bitwarden. I was previously a lastpass user and switched about 2yrs ago.

Secure, fast and easy to use.

Irish Stones · 18-01-2022 4:53pm

https://www.boards.ie/discussion/comment/118494941#Comment_118494941

This, actually, was one of my first thought.

A "root" common to all sites, and then a "variable" part for every site.

It seems this system is advised against, though.

Irish Stones · 18-01-2022 4:54pm

I will give a look into Bitwarden now, thanks!

Irish Stones · 18-01-2022 4:58pm

What scares me the most about these password managers is that if they discontinue their services, and they have generated a password for you, you might be locked out your accounts for good.

Am I wrong?

Glaceon · 18-01-2022 5:15pm

I've never been comfortable with password managers, they seem like a single point of failure to me. If the master password is somehow compromised, everything else is compromised too.

Strumms · 18-01-2022 5:18pm

What I’ve started doing is writing them down in a small notebook that I keep locked in my drawer….

email accounts , gym booking, course website, Netflix…. various clothing, sporting goods and homeware retailers x6, government sites..

problem started when so many websites started asking for passwords with one capital letter and X amount of numbers in them or a symbol… or some specific variant of that, becoming impossible to surefire recall everything, especially sites you don’t frequent too regularly,,,

Irish Stones · 18-01-2022 5:21pm

https://www.boards.ie/discussion/comment/118495560#Comment_118495560

That could be a point of failure to me too.

HeidiHeidi · 18-01-2022 5:23pm

https://www.boards.ie/discussion/comment/118495574#Comment_118495574

I have one of those as well! Trouble is when I'm not at home and wind up changing the password, and forget to record it - so I have a back up partial list in an app on my phone.

I toyed with the idea of a password manager, but as another poster said, the single point of failure aspect of it just doesn't seem like a great idea.

I do use the"save password" feature in Google and Firefox, not sure whether that's foolish or not but I've survived so far.....

Irish Stones · 18-01-2022 5:25pm

https://www.boards.ie/discussion/comment/118495574#Comment_118495574

That is exactly what is happening to me. Too many accounts, several of them I use rarely and forget the password, I have to generate a new one, only to forget it again. Moreover, there's no a common criterium for all of these accounts. Some want extremely strong sequences of number, letters, lower and upper case, symbols, length.

Having them written down isn't a solution, though, I may lose the notebook, or leave it at home when I need while I'm away, and so on.

HeidiHeidi · 18-01-2022 5:29pm

https://www.boards.ie/discussion/comment/118495610#Comment_118495610

I've started using a system as described in an earlier post when I'm forced to change password - a combination of a strong common password and a bit of the website name.

Then I have to try and remember to update the master list at home in the notebook later.

Might not be the most secure, but jaysus it's all very difficult!! Better than 1234 anyway......

If I'm ever burgled and they find my notebook, I'm goosed.....

cruizer101 · 18-01-2022 5:30pm

I'm not really a fan of password managers tried one years ago and didn't like using it, maybe I should give it another go.

What I do is dependent on the service I use different policies. i.e. for my gmail and other important services they have completely unique secure passwords. For not so important stuff I use a system similar to suggested above, a base password plus identifier, its not overly secure but for services like boards or other forums I'm not as concerned, I don't want someone logging in as me but realistically they can't do a huge amount of harm compared to if they could get into my gmail.

SuperBowserWorld · 18-01-2022 5:31pm

paper for throwaway stuff

brain for email, work, banking ...

Stratvs · 18-01-2022 5:50pm

Between work and personal I currently have 147 usernames/passwords. I've been using Passwords Plus for iOS on phone which I find good and it allows to customise each entry with space for notes etc. It also has a self destruct feature. By way of "belt & braces" I also keep them all in a notebook ( I know not generally a good idea but it's tech failure proof and as well hidden as I can manage ).

Irish Stones · 18-01-2022 5:56pm

https://www.boards.ie/discussion/comment/118495603#Comment_118495603

Never used that "save password" feature in Google, I don't trust it 😁

Irish Stones · 18-01-2022 5:57pm

https://www.boards.ie/discussion/comment/118495639#Comment_118495639

Thanks!

Irish Stones · 18-01-2022 5:58pm

https://www.boards.ie/discussion/comment/118495643#Comment_118495643

I had a look at Bitwarden YouTube channel and watched the tutorial and I found it too complicated, I mean, not quick enough to use, I believe.

Timfy · 18-01-2022 6:11pm

I strongly recommend password managers but I trick that I teach is the following.

Think of a strong master password phrase for instance GoldilocksAndThe3Bears!

Then when you sign up, simply add the service that you're signing up to such as;

MicrosoftGoldilocksAndThe3Bears!

FacebookGoldilocksAndThe3Bears!

BoardsGoldilocksAndThe3Bears!

Et voila! A different password for every service that you use.

The master phrase can be as complicated as you want as you'll only need to remember this one - the service that you use will prompt the rest.

Edit... oops, I see someone has already suggested similar to this previously!

km991148 · 18-01-2022 6:13pm

It's all a choice between convenience and security. But most of the time you use some system of remembering you are more than likely opening yourself up to ways of being compromised that you didn't even imagine before.

One massive password on bitwarden suits me.

Of course different services have different levels. I don't mind 2fa on my banking login but it is a pain on the 4od app on the shared firestick.

AndrewJRenko · 18-01-2022 6:25pm

https://www.boards.ie/discussion/comment/118495560#Comment_118495560

You can enable 2 Factor Authentication to avoid the single point of failure. Just about every security advisor in the world recommends password managers as the only practical solution. They generally use good encryption, so even if they are hacked, your passwords won't be visible (similar to your Signal or WhatsApp messages).

If you need access to your passwords on a work device, check to see if you can install the browser add-in for your chosen password manager in the work environment before making a final decision on which one to choose.

Bitwarden works for me - a bit clunky on the work device with cutting and pasting, but it is workable.

Strumms · 18-01-2022 6:35pm

Just shows you how many fûcking dickheads in this world trying to get their grubby mitts on your stuff, your information and money, that we have to go to these levels of inconveniences to ourselves just to have things that we need like our passwords for things that are important to and for us…

Cybercrime is a offence in this country but I can imagine how seriously disinterested the Gardai would be if you as a citizen turned up at a station fully prepared to make a complaint regarding something of yours getting hacked….

of course if you are a business or business owner they’d be all over it… seeing as they are really the only section of society our establishment are anyway concerned about protecting.

Masala · 18-01-2022 6:46pm

https://www.boards.ie/discussion/comment/118495036#Comment_118495036

+1 from me as well on Bitwarden. Can have it on Phone, Ipad and pc... so access to passwords whenever and wherever you look up your sites

km991148 · 18-01-2022 6:51pm

https://www.boards.ie/discussion/comment/118496005#Comment_118496005

Especially if you were writing them down on a bit of paper..

Probably the same level of interest if your car got robbed and you told them you kept the keys on the windscreen..

cromelex · 18-01-2022 6:58pm

In Bitwarden, you can use 2FA (including Fido U2F physical usb keys).

This prevents your account from being compromised even if your master password was to be compromised.

If you are afraid of their own servers being compromised, you can self-host your own. Bitwarden also allows you to do this.

There is no silver bullet, but using a password manager is currently the safest bet.

Calahonda52 · 18-01-2022 7:07pm

I have a business card holder from back in the day: A to Z: just checked, current count is 87

I have a standard format to them.

Most have a known mis type in them in case anyone is snooping.. so it might read say 99Comment69 but would in fact be 9*9*Comment*9*9

km991148 · 18-01-2022 7:52pm

It's a flawed plan really, not so much for the writing down but for the standard format.

You are relying on the security of the crappiest service you use. A lot of crap websites won't protect your password so when they get compromised, as they often do because they are crap, then your standard format had just been added to password cracking dictionaries, therefore making it easier to guess your password in 'better' sites.

Strumms · 18-01-2022 7:57pm

https://www.boards.ie/discussion/comment/118496124#Comment_118496124

As long as the paper is stored safely and out of access for other it’s fine…

Too many passwords

Comments