Too many passwords

HBC08

I use the same very secure password for all my important stuff.

I use a 2nd very secure password for less important stuff like Netflix,Spotify etc.

This gives a certain level of security but also means I always know my passwords.

km991148

https://www.boards.ie/discussion/comment/118496466#Comment_118496466

Sure, but you can't really complain if the police don't take you seriously

Strumms

https://www.boards.ie/discussion/comment/118496491#Comment_118496491

It wouldn’t be at the forefront of my concerns.. as long as they are professional and do their job :)

Jim2007

https://www.boards.ie/discussion/comment/118495472#Comment_118495472

There is that and of course since you did not write it yourself you have no idea what goes on in the background especially if the machine is connected to the internet. If the vendor identifies a weakness, you probably won't be the first to know.

Jim2007

https://www.boards.ie/discussion/2058228664/too-many-passwords

The simplest think is to use a password policy that way you can have a different password per site/application and you don't need to remember them. When presented with a logon screen you'll know exactly what to type.

Say for instance: first two chars of site name + "standard string" + middle two chars of site name + second last char + standard unique chars + count of letters in site name. So Amazon might be: amB47tf2azn*-#6 and so on.

Ave Sodalis

You can use themes. They can be as obscure a theme as you want. Movies, movie quotes, song lyrics, places you'd find things in the kitchen/living room/bedroom (e.g spoons2nddraw, micr0waveleftcorner). If you can tie the website to it, even better (e.g Instagram = scales3rdtopcupboard) (Facebook = m1rrorbackwall, library5thfrombridge). It can really be any theme you want, you'll end up with bizarre passwords that will be easy for you to remember.

AndrewJRenko

https://www.boards.ie/discussion/comment/118496476#Comment_118496476

Check your email address and phone number at https://haveibeenpwned.com/ and see which of your accounts have been breached.

HBC08

https://www.boards.ie/discussion/comment/118496647#Comment_118496647

Tried that and it says 1 data breach.

I imagine there's no circumstances where it'll so you've never had a breach,after all they're trying to get me to use their site.They can give me no details at all of this alleged breach,I won't be panicking.

I can guarantee you that was with my secondary password so nothing important (if it happened at all) That's kinda the reason I use this system.

km991148

https://www.boards.ie/discussion/comment/118496787#Comment_118496787

Ok but now all those "unimportant" accounts are comprised.

There isn't a hard sell to use their services.

Also how long has that been so you reckon?

How long would you go before noticing one of your 'important' accounts is gone. It's really a terrible system tbh and this should be pointed out in case someone else decides to use it.

HBC08

https://www.boards.ie/discussion/comment/118496875#Comment_118496875

It's worked well for me for about 25 years so I'm happy enough.

I don't profess to know a lot about this stuff and am mot recommending this method over any others (although I do like to know my passwords when I'm prompted rather than have to go looking for or carry around a hand written notebook) whatever works for people.

km991148

https://www.boards.ie/discussion/comment/118496900#Comment_118496900

Yes and that's all good, and not trying to be a smart arse with you, but for the sake of others I'd have to recommend strongly not to follow this strategy. Online security has changed a lot in 25 years. Your email and password is now published for all to see, it's only a matter of time before you loose access to those other accounts that share the same credentials.

ByTheSea2019

I don't have a different password for everything but I have my "serious" passwords that are only used for serious stuff, banking etc where financial or identity fraud could be a massive problem and then other passwords for more casual sites that don't really have much about me, and I never mix them, so if some less reliable site gets hacked, I'm hopefully not in trouble.

Furze99

Use a variety of passwords based on things I have an interest in and note them down. Don't trust password managers but will use Google etc to remember login details for sites that aren't very critical. Has to be a balance between usability and security.

wonga77

https://www.boards.ie/discussion/comment/118495036#Comment_118495036

Out of curiosity why did you change? I use LastPass and Im quite happy but at $10 a year, bitwarden is far cheaper. Can you sync across passwords?

SouthWesterly

https://www.boards.ie/discussion/comment/118497050#Comment_118497050

Wasn't last pass hacked a few years ago

HBC08

https://www.boards.ie/discussion/comment/118496936#Comment_118496936

My email and password is now published for all to see?

What are you basing that on?

Years ago on an old email address I got a message threatening me that they had my password and they were going to show what porn I'd been watching if I didn't pay some sort of ransom. They actually did have my password.I laughed and didn't give it a second thought, a guy in Cork killed himself over the same sh1t.

Seriously,less dramatics and fear and a bit of cop on goes a long way.

km991148

https://www.boards.ie/discussion/comment/118497098#Comment_118497098

By your own admission you are no expert - I am not trying to put fear in you, just telling it how it is.

IUf you got a hit on https://haveibeenpwned.com it means a website you use was hacked and attackers stole your data. If the website was not storing passwords securely (surprisingly common) then yes your email and password have been published on the internet. It will be on a list that is passed around people that like to try and find other compromised accounts.

The "bit of cop on" you are looking for is to use a password manager and a unique password for everything. You don't want one, and I appreciate you have stated your reasons, fine, I am not trying to force you to use one. But for anyone else looking for advice (like the OP for example) then they must know this is a terrible system and should understand the risks involved.

The exposing your porn habits ruse is a different scam entirely and (as you suspected) was most likely bs.

Janey Mack

HaveIbeenpwned also has a password checker - if your password wasn’t hashed in a breach.

”Pwned Passwords are hundreds of millions of real world passwords previously exposed in data breaches. This exposure makes them unsuitable for ongoing use as they're at much greater risk of being used to take over other accounts”

https://haveibeenpwned.com/Passwords

HBC08

https://www.boards.ie/discussion/comment/118497158#Comment_118497158

OK,I can't say I know you're wrong as I don't know enough about.

cruizer101

https://www.boards.ie/discussion/comment/118495861#Comment_118495861

That actually wouldn't be that strong a password. Yes it is long but hackers will use dictionaries of words to try and hack passwords, these dictionaries will contain actual words and other pseudo-words which are commonly used in passwords as well as common replacments e.g. G0ld1l0cks or B3ears.

Interesting video on it here https://www.youtube.com/watch?v=7U-RbOKanYs

HBC08

https://www.boards.ie/discussion/comment/118497213#Comment_118497213

Checked it there and no breaches apparently .

Flinty997

https://www.boards.ie/discussion/comment/118496476#Comment_118496476

I know you've not had a problem. But that's the literally how not to do passwords.

But it's a good idea to at least have different passwords for different levels of importance.

AndrewJRenko

https://www.boards.ie/discussion/comment/118496787#Comment_118496787

Scroll down and it will tell you what breach was involved.

Some breaches, like the cit0day one below, are collections of databases from multiple previous breaches, so you might not be able to track it down to one particular site.

It's a reputable site, not a hard sell. If your account hasn't been breached, you get a zero response, like this one for the email account I've been using for about three years .

AndrewJRenko

https://www.boards.ie/discussion/comment/118497213#Comment_118497213

Thanks, didn't know you could check the actual password. I checked one of my older, strongish passwords, and got this:

Slightly disconcerting.

archfi

Bitwarden

It's free or $10 for extra bits and bobs which you won't require. You can also self-host it.

Cross platform & cross OS syncing desktop/mobile/tablet

Export your passwords every couple of weeks to an encrypted backup and your in safe waters

Masala

I was once told to make a password from a book title or a favourite movie with at least 8 characters. So my recent password is

......

....

... Snow White & the Seven Dwarfs!!!!

I’ll get my coat...

Victor

If keeping passwords in a locked drawer, realise that a burglar is going to wreck your desk, whether they are looking for passwords or just cash.

If keeping passwords in a safe, always have a second safe with a few hundred euros, your previous passport and your fake jewellery.

Pawwed Rig

https://www.boards.ie/discussion/comment/118496787#Comment_118496787

I tried 3 different emails and came up as 1 data breach each. Not buying it

askU

What's wrong with using Google save -password?

Flinty997

https://www.boards.ie/discussion/comment/118497885#Comment_118497885

Main one is if If someone hacks your machine or gets physical access they get into your accounts without needing the password.

It's ok for unimportant stuff. But for anything important you should have it always ask for the password.