Tired of remembering your passwords?

[Mutt Daeng]

20 hours ago, KhunBENQ said:

Big thumbs up.

 

Most all password that are easy to remember are junk.

Everything shorter than 12 characters is weak.

Enter your password in Google search. If found dump it.

 

I use generated easy to read passwords of 14 to 16 characters.

Easy to read: <AZ><az><09>

Like g9aSfgfjUSEGoXqq, 5LR1JzO7oAuOHFKJ  ...

Nerds say 20 characters is necessary.

Using strange characters &^(#)$&*($... is outdated and only gives headaches.

Length matters

 

Generating passwords with "PasswordTech":
https://pwgen-win.sourceforge.io/

 

 

 

I use Password Tech as well to generate passwords.

[BigStar]

17 hours ago, patman30 said:

the key is to have a formula you use to create your passwords
then you only need remember the formula

And therein lies the rub.

[patman30]

1 hour ago, BigStar said:

And therein lies the rub.

remembering a very simple formula
is a lot easier than remembering a gazillion passwords
even with a password manager you need to remember your password, which should be secure
even then for that single secure password
remembering a simple formula is easier????

[BigStar]

8 minutes ago, patman30 said:

remembering a very simple formula
is a lot easier than remembering a gazillion passwords
even with a password manager you need to remember your password, which should be secure
even then for that single secure password
remembering a simple formula is easier????

I'm thinking of three friends now, one w/ early onset AD, one who's had a stroke, the other brain-damaged from oxygen deprivation after a heart attack. For them, a master password written on a paper would easier to deal with than applying a formula, if they could remember the formula. Or find the formula: just finding the paper could be an issue, as I discovered from dealing with my friend with AD. 

 

Further, the automatic form-filling via password manager could be a blessing, as all three have typing and even mousing issues. I prefer it myself. I don't wanna bother applying a formula and then typing in my username and the password for multiple sites daily. That's 'cause I'm lazy, but also regard it as a (small) waste of time.

 

As an aside, services like Bitwarden don't store your master password. Your other (securely generated, by Bitwarden itself) passwords are encrypted and can only be decrypted by the master password based on a randomly generated session key from your local computer. Safe enough. If the FBI wants into your account, if nothing else they can just nab you while you're logged in, like they did with Ross Ulbricht.

 

Reminds me of members here not trusting banks or whatever and thinking their valuables are safely stored at home in their "vault." Years ago, a Pattaya bar owner thought so as well. Heavy secure safe, combo lock, key. Thieves found it trivial to open by just letting him do it at knifepoint. G'by, 2 million baht.

 

So, different strokes I guess. Your method works, of course. In fact I use it sometimes for throwaway email addresses and passwords. I've even been known to use the same throwaway password when it can't possibly matter.

[NanLaew]

On 4/2/2023 at 11:36 AM, KannikaP said:

No-one has yet suggested having an Excel sheet on their desktop, with all their various passwords listed. Select the correct one, copy & paste.

Works for me!

[gamb00ler]

On 3/31/2023 at 4:28 PM, proton said:

I used on of these applications then forgot the password to that so gave up, just write them down

For the password to my password manager I use bits of personal information from decades ago.  Then I write down a description of the information that comprises the password.  The description will be useless to anyone but me.  Former addresses, ex-wife's middle name, old phone #'s... you get the picture I'm sure.

 

I loved LastPass until they said the free version cannot be used on both my mobile and my desktop.  So I just exported all my desktop info and created another free LastPass account and then imported the info from the primary account.  The second account is used only on my mobile.  Since I use LastPass only rarely on my mobile, I update it regularly from my primary LastPass account on the desktop.

[RayWright]

Have used KeePass for a number of years, and even deployed it in my last Financial Services Company.

 

When using "Special Characters", most organisations will detail the range to select from, which is most of the non Numeric and Upper / Lower case characters on the keyboard. 

 

So potentially you can have a 97 Character Character-Set for passwords using the traditional English keyboard. 

     Numbers = 10

     Upper case = 26

     Lower case = 26

     Special Characters = 35   ! #$%&'()*+,-./:;<=>?@[\]^_`{|}~£¬"

 

However, there are many more characters available using the ALT+<Numeric Keyboard>. (NB The caveat is knowing how your computer has been setup in terms of Language, Fonts, Locale / Region and also physical keyboard, plus the application you're using to create the characters.) The <Alt> Codes were initially created by IBM using a 3 digit number, however Microsoft expanded on this to create the ANSI Character set. Currently there are nearly 150,000 codes across the Unicode character set.

 

So, typing <Alt>+0128 will give me the Euro currency symbol, €. Typing <Alt>+128 gives the Ç symbol.

So for Japanese Yen, <Alt>+190, ¥ and for spelling Cafe correctly, then Caf<Alt>+130, Café

 

Using Word / Outlook / Excel, then on my Computer I can get the Thai Baht Character by using <Alt>+3647, yet using my Chrome browser onto AseanNow.Com, gives a Question Mark, as the character isn't recognised / mapped.  

 

To add extra security, then replacing the letter O in a word with a numeric Zero, same for 3 for an e, or 1 for the letter L or i expands the number of characters within your character set. Moving into European languages, then make use of letters with ascents, so the word Ape, could become Äpé, or AseanNow could be written as ŧÆnN©w, the letters ea are reversed and written as a diphthong. For added complexity, use a Pass-Phrase rather than an individual word, so Th3ShopN€xtD00r as opposed to 711 would be much more secure.

 

So in terms of how secure my KeePass file is, then, I'm using a pass phrase of 32 Characters in length, from a Character Set of nearly 150,000 characters. Let AI or even a brut force attack from the Goddess of Ultimate Power try and crack that within my lifetime!

 

[Stocky]

On 4/10/2023 at 10:02 AM, gamb00ler said:

For the password to my password manager I use bits of personal information from decades ago.  Then I write down a description of the information that comprises the password.  The description will be useless to anyone but me.  Former addresses, ex-wife's middle name, old phone #'s... you get the picture I'm sure.

I have a similar, hopefully senility/Alzheimer's proof, solution. I use the make, colour and registration of the first family car I recall.

[3NUMBAS]

they also seem to be changed by hackers as i have some changed by others

but not paypal so far

[topt]

3 hours ago, 3NUMBAS said:

they also seem to be changed by hackers as i have some changed by others

but not paypal so far

Can you translate the above please...........

[Lacessit]

I've noticed Bitwarden has a very useful function. Clicking on the tick symbol, after opening a website where a password is used on that site, notifies you if said password has been the subject of a data breach.

[ozimoron]

32 minutes ago, Lacessit said:

I've noticed Bitwarden has a very useful function. Clicking on the tick symbol, after opening a website where a password is used on that site, notifies you if said password has been the subject of a data breach.

1password has the same function. It has a utility named watchtower which tells if if you have a reused or compromised password.

[JustAnotherHun]

I use an encrypted veracrypt file stored on a USB stick.

It contains a file with all passwords and "sensible" business- and private data as well.

Very safe and comfortable.

[BigStar]

49 minutes ago, JustAnotherHun said:

I use an encrypted veracrypt file stored on a USB stick.

It contains a file with all passwords and "sensible" business- and private data as well.

Very safe and comfortable.

So every time you want to login here or to any other website, you gotta open VC, tell it the name of your file to mount (unless you save history), enter your password for your VC file, enter the VC container, then open the password file w/ editor or viewer, locate the ANF password, copy it, then close the file, close the VC container, go back to the ANF login screen, type in your username and then paste in your password.

 

Comfortable indeed. What else is there to do all day?

[JustAnotherHun]

14 minutes ago, BigStar said:

So every time you want to login here or to any other website, you gotta open VC, tell it the name of your file to mount (unless you save history), enter your password for your VC file, enter the VC container, then open the password file w/ editor or viewer, locate the ANF password, copy it, then close the file, close the VC container, go back to the ANF login screen, type in your username and then paste in your password.

 

Comfortable indeed. What else is there to do all day?

Quite comfortable, yes.

Open VC with the password, open the password file, copy the wanted PW and insert it to your website-login. 4 clicks.