How many passwords do you have to remember?

stimpson · 15-06-2017 08:57PM

pickarooney wrote: »

Who could be arsed having millions of complicated passwords. I simply don't care if anyone wants to read my emails or whatever and makes the effort to hack it. I'm not going to waste my time trying to outsmart people who do this for a living.

I have a colleague who had the same attitude and when he was fooled with a phishing attempt. They didn't just read his email. He was locked out of gmail in seconds, then his facebook account which had the same password. I had Facebook requests from him asking for money to be wired to him as he lost his wallet and phone while in holiday. Even though he was sitting opposite me.

They then proceeded to change the passwords on any sites they could find in his email. He had a call from the Bank warning him that someone was attempting to access his account using social engineering methods.

It took him weeks to regain access to all of his stuff and he was a wreck because of it all. He now uses a password manager and 2FA.

OU812 · 15-06-2017 09:03PM

I was told to make one that's long, memorable enough to remember, but obscure enough to never be guessed & throw in a couple of substitutions & a specialchracet or two.

One of my accounts has the password *iLikeB1g8uttzandIcannotLie%$

pickarooney · 15-06-2017 09:06PM

The only two sites that don't require me to have a stupidly complex password are the ones that actually matter - both online banking sites require a simple 6-digit password.

They're also be ones I keep forgetting.

Esel · 15-06-2017 09:26PM

OU812 wrote: »

I was told to make one that's long, memorable enough to remember, but obscure enough to never be guessed & throw in a couple of substitutions & a specialchracet or two.

One of my accounts has the password *iLikeB1g8uttzandIcannotLie%$

What's a specialchracet?

OU812 · 15-06-2017 09:48PM

Esel wrote: »

What's a specialchracet?

If you don't know, then your password is insecure !!!

2ygb4cmqetsjhx · 15-06-2017 11:21PM

Jesus there is a lot of terrible password practices here. I use Lastpass with 2FA. Not sure if it's been explained already but using this with 2FA is highly secure assuming last pass itself is secure.

Using a password manager offers two key advantages. The first is you can use a different password on every site. If you have a password on a site that gets hacked hackers will then try your details on many other major sites.

The second advantage is it allows you to use more complex passwords. If you password is randomly generated containing lowercase, uppercase, numbers and symbols and is 16 characters long it will not be recoverable by hackers(assuming the websites are using correct security practices). 16 characters is bare minimum but if you are using last pass you might as well use 100 characters or whatever the site you are signing up to allows.

A lot of websites are still storing passwords in plain text. You can't be sure. For example if you sign up to a site which isn't hashing your password they essentially know it. An employee of that site can start logging in as you where ever they please.

I also have a strong password for my phone and a lengthy one for my SIM card pin.If I lost my phone it would be a disaster otherwise. Here in Germany you can use the phone to pay for food in the supermarket and all my online bank transactions.

For work I use enpass which is a local based password manager. I got around 200 passwords inside.

Capt'n Midnight · 16-06-2017 12:41AM

murpho999 wrote: »

I just use the same password for everything.

And that is why Facebook was setup. To grab peoples passwords.

Hotblack Desiato · 16-06-2017 01:54AM

Deise Vu wrote: »

To a techie I am sure the phrase 'open source' is 100% reassuring. To us non-techies I can only say :eek::eek::eek::eek:

I would explain, but if you can't even be arsed to apply patches and use a password manager then there's no point. Get back to me when you've done those two.

the_syco · 16-06-2017 02:24AM

Alun wrote: »

One.

https://www.lastpass.com/

LOL
https://www.theguardian.com/technology/2017/mar/30/lastpass-warns-users-to-exercise-caution-while-it-fixes-major-vulnerability

stimpson · 16-06-2017 08:16AM

the_syco wrote: »

LOL
https://www.theguardian.com/technology/2017/mar/30/lastpass-warns-users-to-exercise-caution-while-it-fixes-major-vulnerability

And the way to protect yourself? 2FA.

It detailed three steps users could take to keep themselves safe: launch sites directly from the LastPass Vault; use two-factor authentication; and beware of phishing attacks.

And it should be noted that they had patched this within 24 hours.

Deise Vu · 16-06-2017 11:58AM

Hotblack Desiato wrote: »

I would explain, but if you can't even be arsed to apply patches and use a password manager then there's no point. Get back to me when you've done those two.

I'm afraid you are completely missing the point of this thread. I am the first to put up my hand and say my passwords are vulnerable. I am a professional but not in IT. How do you think non professionals, technophobes, the illiterate and dyslexsic are doing? Probably not good. And as I have said several times now, if the hackers are getting better and the public is getting swamped by the requirement to have more and more passwords then e-commerce is heading for a very bad crash some day.

stimpson · 16-06-2017 12:50PM

Deise Vu wrote: »

How do you think non professionals, technophobes, the illiterate and dyslexsic are doing?

I'd say they are just fine if they are using a password manger.

crossmolinalad · 16-06-2017 01:01PM

Just one password for everything and its 30 digits and letters long a combination of birthdates and letters from the names of them
Having it now for 9 years in use

TheFitz13 · 16-06-2017 01:12PM

-Word ID code
-Facebook, snapchat, Instagram etc
-Email
-Bank
-Phone
-Phone PIN

spoonbadger · 16-06-2017 04:25PM

crossmolinalad wrote: »

Just one password for everything and its 30 digits and letters long a combination of birthdates and letters from the names of them
Having it now for 9 years in use

Works until some site you use gets compromised and then you're fukt

CalamariFritti · 16-06-2017 04:30PM

ED E wrote: »

Google
Password Manager
Dropbox
Desktop
Banking PIN

Thats it. The rest are pseudo random blobs like B2Du0psJNpnzN8sCBNGY. I also remember both my parents primary ones as they never can...

Ye I'm the same. I know not even a dozen important ones, half of them work, the rest are blobs suggested by keychain. (Thinly veiled I'm an Apple user reply)

You couldn't do proper passwords anymore for all that sh1te that wants you to create an account just because you ordered 3 lightbulbs or such.

kylith · 16-06-2017 04:30PM

All of them. I have to remember all my passwords.

....... · 16-06-2017 05:14PM

This post has been deleted.

16-06-2017 06:51PM

One main password for everything and slightly changed to match the name of the site I'm logging into, that way it's different for everything but really easy to remember. I also always tell browsers, phones etc to remember my passwords as life's too short to have to keep entering them.

3 or 4 online banking passwords and my work one which never changes thankfully are the only ones I don't follow the same process with.

Hotblack Desiato · 17-06-2017 07:53PM

....... wrote: »

This post has been deleted.

Any time a site is compromised and the (unencrypted or poorly encrypted) password database gets leaked, you can guarantee that those usernames and passwords will be tried on all other popular online services - because so many people reuse passwords.

You don't even need to reuse passwords to have your whole online life fecked over - just linking accounts is enough.

https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/

....... · 18-06-2017 11:20AM

This post has been deleted.

Gone Drinking · 19-06-2017 09:31PM

....... wrote: »

This post has been deleted.

I don't completely disagree with you, there's just no reason to have hundreds or thousands of passwords. Different passwords for ever different site is just crazy overkill.

However, the truth is you do need a handful because everyone will have at some stage created an account somewhere with crap security, who's stored your password in plain text.

I agree with you, if it did happen it wouldn't be the end of the world but it would be a bit of a pain in the hole.

How many passwords do you have to remember?

Comments