|
I have a custom password generator that randomly picks and splices two words from a dictionary, and adds a symbol and a number.
A different password for every login gets stored a KeePass database, that I replicate to 3 different locations.
I also have a Yubikey, as well the Google Authenticator on my phone for when they are needed, but I rarely use either one.
Money makes the world go round ... but documentation moves the money.
|
|
|
|
|
At work I have about 5 different VPNs and 7 different Okta login pages. Do they all expire at the same time? HAH! Not to mention the government VPNs and Okta pages that require an even longer password than the normal stuff.
I've had to resort to using the same password for all those systems and when one tells me to change my password, I change them all.
I’ve given up trying to be calm. However, I am open to feeling slightly less agitated.
|
|
|
|
|
A password manager? Or something else?
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
|
|
|
|
|
From my perspective?
PURE RISK...
So, use them for BS logins you don't care about, but please use a tool instead.
The mere fact that Google has EVERY password of some people makes them a HUGE target for Nation-State Hacking!
I use a tool with browser plugins and operates on the phone.
I also DO NOT STORE in that tool ANY Financial Passwords, Crypto Keys, etc.
[I have to assume the vendor will get hacked at some point, or get a WARRANT for the data!]
So, I maintain 3 rings of protection:
NONE via the Browser (I don't care about my HBO password).
SECURE: Via software to manage about 600 Passwords
INSANE: Custom Software with Triple Encryption requiring a long passphrase for $ related items
The next question becomes. How do you give access to this stuff after you've been hit by a train!
My approach. Your Lawyer has HALF the key, your CPA the other Half, and your Executor the Encrypted File (requiring the Key, to unlock all of the passwords).
For additional Security, I go one step further (Further, you say... LOL)...
I generated a list of 100 GUIDS.
I express my passphrases as: {1}salt{2}{3}context-salt{..}{..}
Where the numbers are picked a lot more randomly than shown...
Which makes the passphrases useless without the GUID list.
Eventually Multi-Sig blockchain identity protection will be a common thing obviating the need for all of this.
Finally, I would NEVER release the actual people/roles that I actually used. Consider those suggestions that work because of decent legal obligations. NEVER store private data in Medical Files (while your Doctor cannot disclose things... The entire industry treats your medical records like Front Page News, IMO)
|
|
|
|
|
Kirk 10389821 wrote: From my perspective?
PURE RISK...
Pure risk isn't an option in the survey. 
Because of their ubiquity I suspect the in browser options are the most widely used methods of storage; so their omission as an item in the survey caught me off guard.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
--Zachris Topelius
|
|
|
|
|
|
I am an external Consultant for a handful of Companies.
2 of which are consulting firms.
Plus my own business, where my clients have been with me for decades...
So, I have an unusually large number of clients, machines, servers, passwords, etc.
Plus Heavy 2FA (not using SMS)
|
|
|
|
|
I use a password manager for my work sites, and random bits of paper and sticky notes for personal and my master password for my manager, but I recently upgraded to a small notebook for recording my passwords. I got the notion to do this from my super-organized son who has always kept his neatly listed in a notebook in impeccable handwriting.
|
|
|
|
|
I used to keep my passwords in a little blue booklet that fit in my back pocket --- until it slipped out at an airport waiting lounge, and an attendant held it up in the airplane asking who owned it.
|
|
|
|
|
Scary! I packed mine at the bottom of my carryon. I'm pretty paranoid about things like that getting lost. I only need it for the personal stuff anyway, having finally memorized my master password (time to change it), so I knew I wouldn't need it before settling in at my destination.
|
|
|
|
|
I don't know about clever... I just remember them all. A unique password for everything. Is it that hard?
- I would love to change the world, but they won’t give me the source code.
|
|
|
|
|
I did this for a while.
I created a PWD schema like: ABC+{sitename}+DEF+10203
Then some cute sites blocked seeing their site name or my email in the password.
Worse, limits on ";" or other special characters started creeping up.
The one I hate most: Not Allowing Passwords that are TOO LONG? (WTF? You should only store the hash!)
[I've run into places where 20 characters was too long, as well as 16 characters back in the day!]
But once I crossed about 100 passwords it was ugly.
Also, you start to realize that if you use the same email address, and say 4-5 of your passwords are hacked/pwned... Then EVERYONE sees that pattern. [Keeping in mind that EVEN TODAY some sites are still storing passwords in Clear Text], once they are hacked, your exposure increases.
Curious how you are with regards to this? And roughly how many passwords?
[Understanding I am a consultant who works for MANY companies, so my password list is probably larger than someone who works with 1 company]
|
|
|
|
|
I made a program for store my passwords, in an encrypted file with User, e-mail and password. Also have some notes to help in something.
|
|
|
|
|
Me too! I also save in two locations.
73
|
|
|
|
|
I've seen a few user instructions along the lines of 'If you have problems accessing the internet, follow the guidelines at https:/some.do.main/url'.
Your solution won't help you if you forget the password for logging in on a computer. You probably won't for the computer you use every day, but I have had to boot up retired PCs not used for a couple of years, unable to remember the password I used in those days. Fortunately, I never needed anything but plain, unencrypted files from the retired machines, so mounting the retired C: disk as an additional data disk on my current PC. Which goes to show that preventing someone from logging into your computer has, by itself, close to zero value if you PC or disk is stolen. Files must be protected by encryption one way or another, otherwise any kid can read them even if they cannot log in to the computer.
|
|
|
|
|
You're wright! My file is in internet. It's encrypted using a strong 256 byte encryption double pass. I never write down the password in any place, and use a "my-own-remember-mechanism" which involves names of my close and not so close family, pets past and present and dates. I am almost sure nobody can guess any of the passwords I use for my file's encryption, not even my wife. Its a sort of a poem and then the anagram of it.
Of course, I have a copy in an external hard drive.
|
|
|
|
|
Your point is not lost on me.
I switched to HISTORY Logging of my passwords for this very reason.
I now datestamp when I change them, so If I have to open an old box, I have a Snowballs chance to guess the password.
Also, along with you, I can access many of the files by mounting the drives. But hate that level of Hassle.
I have issues with one laptop, my daughter used to use. She controls the password through her microsoft account. LOL.
I will probably have to wipe it clean and re-install Windows.
I have a rarely used LINUX VM that I keep forgetting to log the password for. I spend 10 minutes, every time I boot it, to remember the simplistic password that was used. And then I forget to write it down, because it should have been obvious... LOL (torn between two worlds)
|
|
|
|
|
pa$$w0rd
>64
Some days the dragon wins. Suck it up.
|
|
|
|
|
|
We never expected you to.
|
|
|
|
|
|
My memory 
|
|
|
|
|
I don't. But would've never let anyone know this either. 
|
|
|
|
|
I always use "incorrect" as my password - when I forget it, every site gives me a good clue ... 
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
