How do you keep track of passwords?

Lastpass hacked. This is why I elected not to use the cloud for password storage. (Having said that, I think it is impossible to be "safe". I heard on NPR 60-80% of SS numbers are already compromised). I am using 2-factor as much as possible for the sites where I can.

If you use LP, I suggest you open the link as they have suggestions for how to proceed.

Time to change your master password, LastPass was hacked
 
I try to remember a few passwords, those I use quite often. The rest I keep on two pieces of paper, torn in half (half of the password on each page). I have these squirreled away in different locations.
 
I've been using a system for probably two years now, and it is working well for me. No reliance on any tech. I usually find that a system that starts out OK sometimes falls apart after 6 months or so, so I'm confident this one is 'here to stay' for me. Here's a basic description of my system, you could modify in many ways for your own use:

A) I created a prefix that is ~ 5 char long, a mix of upper case, lower case, and numbers.

B) I created a suffix that is ~ 5 char long, lower case (to avoid multiple SHIFT key operations) and numbers.

C) A & B are committed to memory (also written down away from the computer) - they are short enough and the mnemonic is easy for me to remember.

D) For every site that I feel I need security, I have a log of the site address (or just a reminder of what it would be), and I create a unique, short, simple 'key' for that site - like local bank might be "lclbnk" - I write down that "key", as "-lclbnk-" and it is of no use to anyone, because the actual PW is my prefix&lclbnk&suffix. And the combined PW is pretty complex, yet simple to recall.

E) For sites where I don't really care about security, I use a common, easy to remember and type PW with a mix of U/L and numbers, so it works at almost every site.

Works for me.

-ERD50
 
I use a password program which keeps an encrypted file on the computer. Passwords randomly generated.

No way could I use a mnemonic. One problem with that is that some sites require a special character. Others do not. Some want at least 8 chars. Some want longer. Too taxing for me :facepalm:.

Of course, the risk in having the passwords on a file, nothing is safe from theft and decryption (just ask the British spies from the decrypted Snowden files :().
 
Another security measure I've been taking is putting better challenge question answers.

For example, to reset a password using an answer like "Spot" as the name of your first is kind of self-defeating :LOL:.

So, instead of "Spot", I'd use "Spot" plus a randomly generated pin number.
 
easysurfer said:
...

No way could I use a mnemonic. One problem with that is that some sites require a special character. Others do not. Some want at least 8 chars. Some want longer. Too taxing for me :facepalm:. ...
Click to expand...

I've had almost zero problems with my method (if that was directed to my post). Since my prefix and suffix combined use both upper and lower case and numbers, the short 'key' can contain a 'special' char (like "#") if required ("lclbnk#"). I don't use 'special' chars in the prefix/suffix, in case the site does not allow those.

The only problem I've had is my combo was too long for one site (odd as the prefix-suffix combined are only 8-10 chars) - so for that one, I just dropped the suffix, and my cheat sheet just says " - mykey", instead of " - mykey - ".

EZ, and the complete passwords do not exist in any form. The prefix and suffix are not stored on my computer, or on any paper near the 'keys'.


-ERD50
 
2nd factor authentication is, alas, still necessary, as the bad guys are developing ways of intercepting passwords. Obviously, local hoodlums won't crack them, but organized crime and malevolent governments may have that power in the future
.
 
I use Lastpass.

I also save my password in the web browser for non-essential sites.
 
ERD50 said:
I've had almost zero problems with my method (if that was directed to my post). Since my prefix and suffix combined use both upper and lower case and numbers, the short 'key' can contain a 'special' char (like "#") if required ("lclbnk#"). I don't use 'special' chars in the prefix/suffix, in case the site does not allow those.

The only problem I've had is my combo was too long for one site (odd as the prefix-suffix combined are only 8-10 chars) - so for that one, I just dropped the suffix, and my cheat sheet just says " - mykey", instead of " - mykey - ".

EZ, and the complete passwords do not exist in any form. The prefix and suffix are not stored on my computer, or on any paper near the 'keys'.


-ERD50
Click to expand...

No. Wasn't directed to your post. What works fine for one person doesn't for another.

I have a brother who uses the one password method. :facepalm:. You know, the same password across accounts. But he really doesn't use the computer for stuff like online banking. So, I guess things balance out.
 
You must log in or register to reply here.

Similar threads

Janet H
Forum Downtime - software update scheduled April 23/24
2
Replies
36
Views
1K
Out of Steam
Out of Steam
Janet H
Forum Update - We're back! Ask your questions here.
11 12 13
Replies
300
Views
8K
GenXguy
GenXguy
PaunchyPirate
Helping an elderly parent stay on top of their financial accounts
Replies
24
Views
994
1242Vintage
1
M
How do you start/operate a website?
Replies
20
Views
1K
gauss
gauss
E
The Eagles - Lip Syncing? Milli Vanilli redux?
2
Replies
31
Views
2K
Koolau
Koolau

Latest posts

Back
Top Bottom