Tired of remembering your passwords?

[Lacessit]

Like many people, I have about 30 or 40 passwords to various websites, Suppliers, banks, online shopping etc.etc. Remembering them all is a pain in the butt. Forgetting is even worse. Murphy's Law being what it is it's always important or urgent when I forget one.

No more, my son introduced me to Bitwarden. Only email address and one master password needed. Free download from the Google play store.

Bitwarden creates a field where I can store the name of the organisation, its web address URL, my password, and any other details I need to know. Just highlight the URL, open in a new tab, and away I go.

Has anyone else tried this system? It's only downside - all the passwords are lost if one forgets the master password

[OneMoreFarang]

I use LastPass since years for private and a different account for business.

It works fine and is, as far as I understand, pretty secure.

The paid version also allows sharing with passwords with other people.

 

In general, for something important like that, I prefer companies who charge for their service. Because as we know by now, if it's "free", then mostly we are the product. That is not a good idea with security relevant issues. 

[Lacessit]

1 hour ago, OneMoreFarang said:

I use LastPass since years for private and a different account for business.

It works fine and is, as far as I understand, pretty secure.

The paid version also allows sharing with passwords with other people.

 

In general, for something important like that, I prefer companies who charge for their service. Because as we know by now, if it's "free", then mostly we are the product. That is not a good idea with security relevant issues. 

There are coders that make fine software for little or no charge, sometimes they request donations. Quite a few people swear by the various versions of Linux ( me included ), which are all free downloads. AFAIK they have far fewer security issues than any version of Windows, which costs, and is the target of nearly 100% of hackers.

Paying for a service does not necessarily mean it is better at security. There's a class action forming in Australia with Optus, the second biggest telecom, after a massive breach of customer data.

 

https://www.mauriceblackburn.com.au/class-actions/join-a-class-action/optus-data-breach-2022/

[KannikaP]

Most passwords these days must be at least 8 digits, including capitals, lower, number and a symbol.

Think of a PIN, 4 or 6 up to you. Follow that with a symbol, * / ? or anything YOU want. That's the start of all your passwords. Then use, for example, the last four letters of the 'company' eg Soft for Microsoft, Ogle for Google, Wide for Nationwide etc etc whatever YOU want. Or use all the vowels in the name, or the consonants. All you need to remember is the PIN & symbol, and to start, or end, the letters with a capital.

Or start with the letters followed by the PIN. Easy.

[proton]

I used on of these applications then forgot the password to that so gave up, just write them down

[Mutt Daeng]

I've been using PasswordSafe https://www.pwsafe.org/ for over 10 years on Windows, Android & Ubuntu. The Windows & Linux versions are compatible with Yubikey, if you need that level of security.

 

 

[dingdongrb]

6 hours ago, KannikaP said:

Most passwords these days must be at least 8 digits, including capitals, lower, number and a symbol.

Think of a PIN, 4 or 6 up to you. Follow that with a symbol, * / ? or anything YOU want. That's the start of all your passwords. Then use, for example, the last four letters of the 'company' eg Soft for Microsoft, Ogle for Google, Wide for Nationwide etc etc whatever YOU want. Or use all the vowels in the name, or the consonants. All you need to remember is the PIN & symbol, and to start, or end, the letters with a capital.

Or start with the letters followed by the PIN. Easy.

That is pretty much a summary of how I create and remember passwords. I have been using that method for years and rarely have any issues. The issue I do have occasionally is when a website won't allow the special character I always use. 

 

I don't trust any app or service. It's pretty much why I don't trust the cloud for storage of important personal documents. Things can always be hacked. 

[BigStar]

On 3/31/2023 at 9:28 AM, Lacessit said:

Has anyone else tried this system?

Been using it a few years for a couple hundred passwords, etc. Changed from Lastpass when Lastpass changed the terms of service. Besides, Lastpass seems always being hacked, though no customer passwords have been compromised. Bitwarden, OTOH, is open source anyway, so any major flaws would long have been exploited.

 

You can use Bitwarden in various ways, including via your own server. It doesn't have to be cloud-based, to address some of our very shrewd objections.

 

Works well, used it today to login here. It doesn't autofill as well as Lastpass does on a large variety of sites & forms, but good 'nuff.

 

 

[BritManToo]

A1234567

Works for me!

[dingdongrb]

48 minutes ago, BritManToo said:

A1234567

Works for me!

Until the requirement is having a special character included......  (which most are needing these days)

[MJCM]

PASSWORD PROBLEMS:

WINDOWS: Please enter your new password. 

USER: cabbage 

WINDOWS: Sorry, the password must be more than 8 characters. 

USER: boiled cabbage 


WINDOWS: Sorry, the password must contain 1 numerical character. 

USER: 1 boiled cabbage 


WINDOWS: Sorry, the password cannot have blank spaces. 

USER: 50bloodyboiledcabbages 


WINDOWS: Sorry, the password must contain at least one uppercase character. 

USER: 50BLOODYboiledcabbages 


WINDOWS: Sorry, the password cannot use more than one uppercase character consecutively. 

USER: 50BloodyBoiledCabbagesYouStupidIdiotGiveMeAccessNow! 


WINDOWS: Sorry, the password cannot contain punctuation. 

USER : IWillHuntYouDown50BloodyBoiledCabbagesYouStupidIdiotGiveMeAccessNow 


WINDOWS: *Sorry, that password is already in use.*

[LosLobo]

I use the password utility in Norton 360 works well.

 

Norton will check dark web and give a report of any suspicious activity.

 

[Carmine6]

I've used Keepass for a while.  Completely offline.  You can create a key file separate from the data file, so both of those plus the password are needed to access the passwords.  

 

KeePass Password Safe

 

There are mobile versions so that the database file (and any key file) can be copied to a phone and used there as well.  That is a drawback versus the web based ones such as Lastpass since you have to keep the file updated on all devices manually.  But I don't trust web based versions.

 

I used to use password safe that someone mentioned above, but I think keepass worked better for use on PC and phone back when I switched.

[KannikaP]

No-one has yet suggested having an Excel sheet on their desktop, with all their various passwords listed. Select the correct one, copy & paste.

[KhunLA]

I use old house address #s, or past dog names, so easy to remember.

 

Just add #1 if symbol or # is required.   Easy to remember.

[KhunBENQ]

On 3/31/2023 at 8:26 PM, dingdongrb said:

I don't trust any app or service. It's pretty much why I don't trust the cloud for storage of important personal documents. Things can always be hacked. 

Fully agree. And what's the difference?

You always need some "master" key/password to open your password safe/list.

 

My sensitive data is a textfile in a container encrypted with VeraCrypt.

Stored locally with three backups on other notebook. mobile phone and external drive.

I open it with the masterpassword and the rest is pure manual "work" (copy/paste).

 

Additionally I print the text file incl masterpassword on a regular basis and lock it in the safe.

[KhunBENQ]

41 minutes ago, Carmine6 said:

That is a drawback versus the web based ones such as Lastpass since you have to keep the file updated on all devices manually.  But I don't trust web based versions.

Big thumbs up.

 

13 minutes ago, KhunLA said:

I use old house address #s, or past dog names, so easy to remember.

 

Just add #1 if symbol or # is required.   Easy to remember.

Most all password that are easy to remember are junk.

Everything shorter than 12 characters is weak.

Enter your password in Google search. If found dump it.

 

I use generated easy to read passwords of 14 to 16 characters.

Easy to read: <AZ><az><09>

Like g9aSfgfjUSEGoXqq, 5LR1JzO7oAuOHFKJ  ...

Nerds say 20 characters is necessary.

Using strange characters &^(#)$&*($... is outdated and only gives headaches.

Length matters

 

Generating passwords with "PasswordTech":
https://pwgen-win.sourceforge.io/

 

 

 

[Fab5BKK]

Be careful (very careful) with LastPass

 

LastPass Security Breach

 

Another security breach...

[KhunLA]

1 hour ago, KhunBENQ said:

Like g9aSfgfjUSEGoXqq, 5LR1JzO7oAuOHFKJ 

How am I suppose to remember something like that.

 

Except for one financial site, I have nothing at risk if hacked.

Even the financial site has it's own security measures, and will reimburse me IF hacked.  

[KhunBENQ]

4 minutes ago, KhunLA said:

How am I suppose to remember something like that.

There is exactly one password that you have to remember and that is the master password. That's how all the tools work.

In private secure space it's OK to write that down somewhere.

And as you will use this frequently you will remember it after a while.

The masterpassword must never be used for any other purpose than opening the password safe. Never use it for any online/external service.

This in mind you might reduce the complexity somewhat.

 

A popular method to have a masterpassword to remember:

take some motto/phrase/verse that you remember like (from another post):

 

"Life is like riding a bicycle. To keep your balance you must keep moving."

 

Now take either first or second character of each word (first if only one character):

LilrabTkybymkm

You can well write down the complete verse and put in the cabinet.

 

 

 

 

[Stocky]

I've been using NordPass for a couple of years now and am happy with it.

[KhunLA]

33 minutes ago, KhunBENQ said:

There is exactly one password that you have to remember and that is the master password. That's how all the tools work.

In private secure space it's OK to write that down somewhere.

And as you will use this frequently you will remember it after a while.

The masterpassword must never be used for any other purpose than opening the password safe. Never use it for any online/external service.

This in mind you might reduce the complexity somewhat.

 

A popular method to have a masterpassword to remember:

take some motto/phrase/verse that you remember like (from another post):

 

"Life is like riding a bicycle. To keep your balance you must keep moving."

 

Now take either first or second character of each word (first if only one character):

LilrabTkybymkm

You can well write down the complete verse and put in the cabinet.

OR, I can simple do what has worked for decades, and is so easy to remember, I don't need to write anything down.

 

No need to fix what isn't broken.

[DaLa]

I’m in the KannikaP, dingdongrb, KhunLA , KhunBENQ camp on this one. However I disagree with the 12 characters.

 

Assuming 60 characters (upper-lower-numerical) options 60*60*60*60*60 (ie 5 characters) typing at 1 character per second would take around 24 years to enter all the combinations.

[ozimoron]

1Password is the best app. If you want a good app which is standalone (storage on your PC), I recommend keepassxc.

[KhunBENQ]

6 hours ago, DaLa said:

Assuming 60 characters (upper-lower-numerical) options 60*60*60*60*60 (ie 5 characters) typing at 1 character per second would take around 24 years to enter all the combinations.

You want to tell that a 5 character password is a good one???

You think some nerd sits at the keyboard and does his tries???

Passwords are cracked from stolen/leaked data on the server or man in the middle ("wire tapping").

It's done with highly specialized hardware.

 

For ALL six character password their respecting hashes (the encrypted form stored on the servers) are available in tabular form.

Cracking a 5 character password is in the millisecond microsecond range.

 

The following picture assumes some kind of computing power of the cracking machines:

 

https://www.betterbuys.com/estimating-password-cracking-times/

 

 

 

[KhunBENQ]

I do NOT recommend to have an active/real password on this site:

https://www.passwordmonster.com/

 

But you can use something "similar" to see what they say,

For my 16 character "g9aSfgfjUSEGoXqq" from above it says 26 billion years to crack.

With the know methods and hardware even the smartest "agencies" won't have a quick hit

 

The real danger is your device.

Updated, free of malware, trojans?

If not all effort is wasted.

That's also the reason not use public computers for sensitive tasks.

 

[patman30]

i use very secure passwords
never write any down
do not use words etc
do not use any password managers
the key is to have a formula you use to create your passwords
then you only need remember the formula

processors will get faster
and GPU farms will get bigger

[scottiejohn]

1 hour ago, patman30 said:

the key is to have a formula you use to create your passwords
then you only need remember the formula

Too much information! 

[gargamon]

I use keepass2 and associated clients, depending on device and OS. The password database is kept in the cloud (Google drive for me) with a local copy on each device for when there's no internet connection.

 

The clients I use are:

Linux:

Keeweb 

 

Android:

Keepass2android 

 

Windows:

Yucch. Why would anyone still be using windows... 

 

 

[Adumbration]

12 hours ago, Carmine6 said:

I've used Keepass for a while.  Completely offline.  You can create a key file separate from the data file, so both of those plus the password are needed to access the passwords.  

 

KeePass Password Safe

 

There are mobile versions so that the database file (and any key file) can be copied to a phone and used there as well.  That is a drawback versus the web based ones such as Lastpass since you have to keep the file updated on all devices manually.  But I don't trust web based versions.

 

I used to use password safe that someone mentioned above, but I think keepass worked better for use on PC and phone back when I switched.

I have used keepass for about a decade.  I keep the dbx file on dropbox.  There is a android keepass app the you can use on your phone and it can sync with the dbx file in your dropbox folder.  So you do not have to update dbx on your different devices as they all sync with the one dbx file on dropbox.

 

A freestanding version of keepass can run from your crypto  wallet or a memory stick.