'How to have lots of passwords without struggling to remember them' blog discussion

245

Replies

  • MrsTinksMrsTinks Forumite
    15.2K Posts
    Part of the Furniture 10,000 Posts Combo Breaker Name Dropper
    ✭✭✭✭✭
    I use memory triggers as the main reminder. Say it was my amazon account: the first thought I had when I thought amazon was my favourite author; Terry pratchett - but using him would be too obvious... But prat= twit so my password WAS Twit1948 1948 being his year of birth.... Hasten to add it's long since been changed but I use similar triggers for other sites :)
    DFW Nerd #025
    DFW no more! Officially debt free 2017 - now joining the MFW's! :)

    My DFW Diary - blah- mildly funny stuff about my journey
  • ElkyElkyElkyElky Forumite
    2.5K Posts
    My passwords would never consist of any type of word or name. I usually just type a random sequence of letters, numbers and other characters and memorise that sequence (takes me about 5 minutes to memorise, which usually happens by the time I've changed my password for every website I use). My main password just now is 17 characters long and changes on a monthly basis.

    For example, 49K£m6*AL2OPmd$! was my previous password. Completely unguessable since it doesn't contain any words from the dictionary.
    We’ve had to remove your signature. Please check the Forum Rules if you’re unsure why it’s been removed and, if still unsure, email [email protected]
  • onredbullonredbull Forumite
    401 Posts
    Part of the Furniture 100 Posts Combo Breaker
    ✭✭
    I used to used an old little address book, something that comes free in the post or with a magazine and keep it close to my computer. Not ideal if you move around on laptop, but was ok next to pc.
    ~~~~~~~~~~~~
    :kisses3: "In Raising Your Children;" :kisses3:
    "Spend Half As Much Money n Twice As Much Time."
  • I've never got on with lastpass, some of the online forms I need to enter passwords into use techniques to prevent passwords being entered.

    I use the following system.

    * Low value sites (like internet forums etc) have a common password that's probably easily guessed. , that would probably be the one I'd have used on the PSN if I'd used it. I'm slowly transitioning some/all of these over to random passwords

    * Medium value sites (sites that can spend real money that might remember a credit card details) like amazon etc or webmail sites I use a unique random password, (using a plugin called pwgen) Passwords are then synched between machine with firefox sync.
    * A high value password I use for encryption keys like the firefox password DB, I never use that online anywhere.
    * Online banking and credit cards sites have their own password, which I use on multiple sites in this category
    * Work accounts tend to have a random password, remembered via firefox. For those work sites that have techniques to prevent entering auto-remembered passwords, I use the grease-monkey plugin & the script "showpas" which shows the password (so I can cut/paste it) if you mouse-over the password field.

    So, most (but not all) of my password security is reliant on the encryption of the firefox passwordDB. Probably not perfect, especially if someone gets a key logger on my machine, but it's better than many ppl :)
  • edited 29 April 2011 at 8:14AM
    malc_bmalc_b Forumite
    1.1K Posts
    Part of the Furniture 500 Posts
    ✭✭✭
    edited 29 April 2011 at 8:14AM
    I second keepass. Random passwords for every site. Only one password to remember. You can run it off a USB stick. It auto types for you (and mixes that with copy/paste to obscure it from key loggers). It can also handle some pick letter X from password logins.

    BTW before installing trusteer rapport I would suggest reading what people say about it. I quick google brings up many people who have problems with it slowing down their computer, sending MB of data to trusteer, clashing with firewalls and AV, and then being near impossible to remove.
  • cloutyclouty Forumite
    118 Posts
    There's no way I am going to tell you my system!

    On a mac, I have had no problems with Trusteer.. it uses about 3% of the system - stats from iStat Nano. I have removed it in the past, when a mac glitch meant it failed to engage. Their helpdesk (via email) is just that.
    may your good days grow
  • mel12mel12 Forumite
    298 Posts
    I have one random collection of letters and numbers memorised then just move the letters on - so I only have to write down if its +1 or +2 etc.

    So if the first password is GTX247 (its not obviously), then
    password+1 would be HUY358 and +2 IVZ469 and so on... Once they get to 9 the numbers rotate to zero so +3 would be JWA570 etc.
    Only after the last tree has been cut down,
    Only after the last river has been poisoned,
    Only after the last fish has been caught,
    Only then will you find that money cannot be eaten
  • edited 30 April 2011 at 4:16PM
    m00headm00head Forumite
    147 Posts
    edited 30 April 2011 at 4:16PM
    There are websites out there which let you store your passwords encrypted locally on your PC. Your passwords are only accessed when you syncronize your online accounts through their own website, such as:

    http://www.accountstore.co.uk (free for everyone)

    http://www.firstdirect.com/ibplus (free for everyone, not just First Direct customers)

    http://www.ewise.com.au/accunity (free for everyone)

    http://www.egg.com/youraccounts (existing customers only)

    All of the above websites (apart from the last one) support the vast majority of online banking, e-mail, and utility accounts.

    .
  • DecorianDecorian Forumite
    28 Posts
    Passwords are always the weak point in a security system.
    People will talk about password entropy (how "random" it is) and password reuse.
    As Martin rightly said password reuse is very bad as some websites get compromised, and we need to restrict damage.

    Password entropy is less important in my opinion, but is still worth thinking about, due to the reasons given below.
    The example given above about writing it "in code", if an attacker got hold of your list (in code) and one of your passwords, they may be able to brute force break your other passwords. This is because they can try all words beginning with the letter specified, then all 4 digit numbers beginning with the number specified. As you've reduced the number of words required to check by specifying what letter it starts with, this should not take long. This is an example of a dictionary attack, where the attacker will try every word in a dictionary, which is why it is recommended not to use real words (or even common miss-spellings or number replacements eg. pa55w0rd).
    If you have a theme running through your passwords, and an attacker gets hold of one, they are much more likely to be able to break your others.

    The other thing mentioned is building an "alphabet" to translate your word into a code, remember the word, and then use the code to type your password.
    This is an example of a simple symmetrical cypher, if the key is found (written down), then it is easy to perform a dictionary attack on it.

    My personal opinion of the best way, is use a password storage program (people have mentioned these in previous posts, personally I use secrets for Android).
    These programs include all the information you need to log in, not just password. They have places to write the name of the site, your username, your password, and any extra information you need. Then they encrypt that with symmetric encryption using a master password. This master password must be secure, it must not appear in any dictionary, have any relevance to you or anyone you know, it must also be long. You must never forget it or you lose access to all your passwords.
    However, if you are happy that you are able to remember and safely look after just one master password, then using a program such as these, will allow you to have very secure passwords that are different for every website.
    All posts made are simply my own opinions and are not professional advice.
  • macutmoremacutmore Forumite
    28 Posts
    The password card beats all because you actually have your password 'written down' making it easy to remember. So many people sacrifice security by using names in their password stings which make them easily crackable by botnets otherwise!

    http://www.passwordcard.org/en/mobile?number=cee64d1799935d3b
This discussion has been closed.
Latest MSE News and Guides

Alexa, tell me some top tips

How can this Forumite maximise their smart speaker?

Join the Forum discussion

State pension shortfalls for women

MPs call it a 'shameful shambles'

MSE News