Be careful if you have a Word document with all your bank details in it

35har1old

400ixl said:

Depending on the version of Excel it can be cracked in minutes. Hopefully you are using a later version, in which case password protection is pretty goo and you don't have anything to worry about there.

Things change though once the file is open.

Excel you are cutting and pasting of which there are exploits out there that will capture that
Excel also has exploits that once the file is open all data can be leaked giving over all your passwords
You could have accessed a non genuine website and you may paste passwords into that. A password manager would see it is not the right site and not offer a password, alerting you to the issue
Password managers can use 2FA to access them which Excel does not
Excel will not create random complex passwords for you when signing up to sites or changing passwords
Excel is a pain to use on a mobile device and across multiple devices in comparison to a password manager

You are being reasonably secure in what you are doing, but it is not the best you can do with little additional effort. In fact in execution a password manager is easier to use than having to cut and past (or type) using Excel

Its not that you are insecure, you can be more secure and actually have a more usable way of being secure.

 Store them on a computer that does not connect to the internet

k_man

[Deleted User] said:

Bridlington1 said:

I store all of my passwords on sheets of paper which are kept in a locked cashbox which I keep hidden away. A hacker can't get my passwords without breaking into the house and even if they did they'd struggle to find it.

I personally condider keeping passwords stored on a computer/onedrive especially if they aren't encrypted to be too risky.

This is the safest option in the whole thread.

While it may be the safest, it certainly isn't very convenient, which then reduces the safety.

While a secured paper copy as a backup is viable, as a main store it has the following risks/downsides:

Discourages use of random passwords (see below)

Every password has to be typed in manually every time. I would find this very cumbersome  (I need to enter a password many, many times every day)

Becomes a single point of failure. In the event of a fire or break in, all passwords could be lost. And that isn't a good time to lose login details to banks, insurance companies etc.

As the list gets longer (many of us now have 10s if not hundreds of logins) finding the right one gets harder, and so reduces convenience.

k_man

35har1old said:

400ixl said:

Depending on the version of Excel it can be cracked in minutes. Hopefully you are using a later version, in which case password protection is pretty goo and you don't have anything to worry about there.

Things change though once the file is open.

Excel you are cutting and pasting of which there are exploits out there that will capture that
Excel also has exploits that once the file is open all data can be leaked giving over all your passwords
You could have accessed a non genuine website and you may paste passwords into that. A password manager would see it is not the right site and not offer a password, alerting you to the issue
Password managers can use 2FA to access them which Excel does not
Excel will not create random complex passwords for you when signing up to sites or changing passwords
Excel is a pain to use on a mobile device and across multiple devices in comparison to a password manager

You are being reasonably secure in what you are doing, but it is not the best you can do with little additional effort. In fact in execution a password manager is easier to use than having to cut and past (or type) using Excel

Its not that you are insecure, you can be more secure and actually have a more usable way of being secure.

 Store them on a computer that does not connect to the internet

As above, this scores low on convenience/ease of use.
And requires 2 computers, to be accessible at the same time, which is not the case for most users.

Bridlington1

k_man said:

[Deleted User] said:

Bridlington1 said:

I store all of my passwords on sheets of paper which are kept in a locked cashbox which I keep hidden away. A hacker can't get my passwords without breaking into the house and even if they did they'd struggle to find it.

I personally condider keeping passwords stored on a computer/onedrive especially if they aren't encrypted to be too risky.

This is the safest option in the whole thread.

While it may be the safest, it certainly isn't very convenient, which then reduces the safety.

While a secured paper copy as a backup is viable, as a main store it has the following risks/downsides:

Discourages use of random passwords (see below)

Every password has to be typed in manually every time. I would find this very cumbersome  (I need to enter a password many, many times every day)

Becomes a single point of failure. In the event of a fire or break in, all passwords could be lost. And that isn't a good time to lose login details to banks, insurance companies etc.

As the list gets longer (many of us now have 10s if not hundreds of logins) finding the right one gets harder, and so reduces convenience.

Finding the correct password is easy enough for me as I store each one on a separate sheet of paper (usually the back of receipts) which are kept in alphabetical order.

I have a second backup cashbox which contains a jamjar containing another list of passwords, which are all on A4 sheets this time and written in invisible ink. If there is a burglar they would have to find two boxes, 2 smartphones and disconnect the landline somehow before they could lock me out of any of my banking. Moreover in the event of fire if I am in the house I can grab the first box in a matter of seconds so both myself and the box will be going through the window to the garden below, that's assuming the fire is not during the night as I have been known to sleep through fire alarms going off on numerous occasions before so this could cause issues.

By far the safest and probably the most convenient option is just memorising the passwords. I have memorised the ones I use most often so most of the time I do not need to look them up full stop. I have 2 mobile phones which I use for OTPS so as long as I have access to either of my mobile phones or the landline or my debit cards (and can visit a branch or source a card reader) I can access some of my money without the paper copies. 

At the end of the day there is no 100% safe option of storing passwords but if you can't remember all of them you will have some risk of either the passwords being destroyed, being compromised or both. I choose to err on the side of prioritising keeping them away from fraudsters at the risk of them being destroyed by fire but it's down to personal preference and what your priorities are as to which method you use.

k_man

Bridlington1 said:

k_man said:

[Deleted User] said:

Bridlington1 said:

I store all of my passwords on sheets of paper which are kept in a locked cashbox which I keep hidden away. A hacker can't get my passwords without breaking into the house and even if they did they'd struggle to find it.

I personally condider keeping passwords stored on a computer/onedrive especially if they aren't encrypted to be too risky.

This is the safest option in the whole thread.

While it may be the safest, it certainly isn't very convenient, which then reduces the safety.

While a secured paper copy as a backup is viable, as a main store it has the following risks/downsides:

Discourages use of random passwords (see below)

Every password has to be typed in manually every time. I would find this very cumbersome  (I need to enter a password many, many times every day)

Becomes a single point of failure. In the event of a fire or break in, all passwords could be lost. And that isn't a good time to lose login details to banks, insurance companies etc.

As the list gets longer (many of us now have 10s if not hundreds of logins) finding the right one gets harder, and so reduces convenience.

Finding the correct password is easy enough for me as I store each one on a separate sheet of paper (usually the back of receipts) which are kept in alphabetical order.

I have a second backup cashbox which contains a jamjar containing another list of passwords, which are all on A4 sheets this time and written in invisible ink. If there is a burglar they would have to find two boxes, 2 smartphones and disconnect the landline somehow before they could lock me out of any of my banking. Moreover in the event of fire if I am in the house I can grab the first box in a matter of seconds so both myself and the box will be going through the window to the garden below, that's assuming the fire is not during the night as I have been known to sleep through fire alarms going off on numerous occasions before so this could cause issues.

By far the safest and probably the most convenient option is just memorising the passwords. I have memorised the ones I use most often so most of the time I do not need to look them up full stop. I have 2 mobile phones which I use for OTPS so as long as I have access to either of my mobile phones or the landline or my debit cards (and can visit a branch or source a card reader) I can access some of my money without the paper copies. 

At the end of the day there is no 100% safe option of storing passwords but if you can't remember all of them you will have some risk of either the passwords being destroyed, being compromised or both. I choose to err on the side of prioritising keeping them away from fraudsters at the risk of them being destroyed by fire but it's down to personal preference and what your priorities are as to which method you use.

 I have hundreds of passwords and passcodes, so memorising all those, while ensuring they are unique and strong would not work for me (and I assume for >95% of the population).

Bridlington1

k_man said:

Bridlington1 said:

k_man said:

[Deleted User] said:

Bridlington1 said:

I store all of my passwords on sheets of paper which are kept in a locked cashbox which I keep hidden away. A hacker can't get my passwords without breaking into the house and even if they did they'd struggle to find it.

I personally condider keeping passwords stored on a computer/onedrive especially if they aren't encrypted to be too risky.

This is the safest option in the whole thread.

While it may be the safest, it certainly isn't very convenient, which then reduces the safety.

While a secured paper copy as a backup is viable, as a main store it has the following risks/downsides:

Discourages use of random passwords (see below)

Every password has to be typed in manually every time. I would find this very cumbersome  (I need to enter a password many, many times every day)

Becomes a single point of failure. In the event of a fire or break in, all passwords could be lost. And that isn't a good time to lose login details to banks, insurance companies etc.

As the list gets longer (many of us now have 10s if not hundreds of logins) finding the right one gets harder, and so reduces convenience.

Finding the correct password is easy enough for me as I store each one on a separate sheet of paper (usually the back of receipts) which are kept in alphabetical order.

I have a second backup cashbox which contains a jamjar containing another list of passwords, which are all on A4 sheets this time and written in invisible ink. If there is a burglar they would have to find two boxes, 2 smartphones and disconnect the landline somehow before they could lock me out of any of my banking. Moreover in the event of fire if I am in the house I can grab the first box in a matter of seconds so both myself and the box will be going through the window to the garden below, that's assuming the fire is not during the night as I have been known to sleep through fire alarms going off on numerous occasions before so this could cause issues.

By far the safest and probably the most convenient option is just memorising the passwords. I have memorised the ones I use most often so most of the time I do not need to look them up full stop. I have 2 mobile phones which I use for OTPS so as long as I have access to either of my mobile phones or the landline or my debit cards (and can visit a branch or source a card reader) I can access some of my money without the paper copies. 

At the end of the day there is no 100% safe option of storing passwords but if you can't remember all of them you will have some risk of either the passwords being destroyed, being compromised or both. I choose to err on the side of prioritising keeping them away from fraudsters at the risk of them being destroyed by fire but it's down to personal preference and what your priorities are as to which method you use.

 I have hundreds of passwords and passcodes, so memorising all those, while ensuring they are unique and strong would not work for me (and I assume for >95% of the population).

I am forever moving money between accounts to get the best rates. I like yourself have hundreds of passwords and passcodes. I do not memorise all of them but in the process of logging into online banking god knows how many times over the months and years I have inadvertently memorised the passwords to the accounts I use most often e.g. Natwest, RBS, Lloyds, Halifax (which gives me access to Bank of Scotland too), Nationwide, Virgin Money, Santander etc.

Between the accounts I have memorised the info for I have linked regular savers at some of the highest rates available which contain over £15k between them and I can access the account that my wages/student loan payments go into so if all my passwords are stolen/destroyed although I will not have access to all of my money, I can still access a decent chunk of it.

Surely memorising some of your most important passwords is a wise move in this sort of situation.

k_man

Bridlington1 said:

k_man said:

Bridlington1 said:

k_man said:

[Deleted User] said:

Bridlington1 said:

I store all of my passwords on sheets of paper which are kept in a locked cashbox which I keep hidden away. A hacker can't get my passwords without breaking into the house and even if they did they'd struggle to find it.

I personally condider keeping passwords stored on a computer/onedrive especially if they aren't encrypted to be too risky.

This is the safest option in the whole thread.

While it may be the safest, it certainly isn't very convenient, which then reduces the safety.

While a secured paper copy as a backup is viable, as a main store it has the following risks/downsides:

Discourages use of random passwords (see below)

Every password has to be typed in manually every time. I would find this very cumbersome  (I need to enter a password many, many times every day)

Becomes a single point of failure. In the event of a fire or break in, all passwords could be lost. And that isn't a good time to lose login details to banks, insurance companies etc.

As the list gets longer (many of us now have 10s if not hundreds of logins) finding the right one gets harder, and so reduces convenience.

Finding the correct password is easy enough for me as I store each one on a separate sheet of paper (usually the back of receipts) which are kept in alphabetical order.

I have a second backup cashbox which contains a jamjar containing another list of passwords, which are all on A4 sheets this time and written in invisible ink. If there is a burglar they would have to find two boxes, 2 smartphones and disconnect the landline somehow before they could lock me out of any of my banking. Moreover in the event of fire if I am in the house I can grab the first box in a matter of seconds so both myself and the box will be going through the window to the garden below, that's assuming the fire is not during the night as I have been known to sleep through fire alarms going off on numerous occasions before so this could cause issues.

By far the safest and probably the most convenient option is just memorising the passwords. I have memorised the ones I use most often so most of the time I do not need to look them up full stop. I have 2 mobile phones which I use for OTPS so as long as I have access to either of my mobile phones or the landline or my debit cards (and can visit a branch or source a card reader) I can access some of my money without the paper copies. 

At the end of the day there is no 100% safe option of storing passwords but if you can't remember all of them you will have some risk of either the passwords being destroyed, being compromised or both. I choose to err on the side of prioritising keeping them away from fraudsters at the risk of them being destroyed by fire but it's down to personal preference and what your priorities are as to which method you use.

 I have hundreds of passwords and passcodes, so memorising all those, while ensuring they are unique and strong would not work for me (and I assume for >95% of the population).

I am forever moving money between accounts to get the best rates. I like yourself have hundreds of passwords and passcodes. I do not memorise all of them but in the process of logging into online banking god knows how many times over the months and years I have inadvertently memorised the passwords to the accounts I use most often e.g. Natwest, RBS, Lloyds, Halifax (which gives me access to Bank of Scotland too), Nationwide, Virgin Money, Santander etc.

Between the accounts I have memorised the info for I have linked regular savers at some of the highest rates available which contain over £15k between them and I can access the account that my wages/student loan payments go into so if all my passwords are stolen/destroyed although I will not have access to all of my money, I can still access a decent chunk of it.

Surely memorising some of your most important passwords is a wise move in this sort of situation.

I am more in the school of thought that if you can remember more than a few passwords, they are not strong passwords.

So I memorise a few passwords (meaning they are not fully random, but are long), and have a local paper copy of these, for systems where necessary, e.g. the password manager itself, and Microsoft and Google accounts.

The rest are long, strong, and probably wouldn't actually be recognised by me!

Section62

Bridlington1 said:

k_man said:

Bridlington1 said:

 I have hundreds of passwords and passcodes, so memorising all those, while ensuring they are unique and strong would not work for me (and I assume for >95% of the population).

I am forever moving money between accounts to get the best rates. I like yourself have hundreds of passwords and passcodes. I do not memorise all of them but in the process of logging into online banking god knows how many times over the months and years I have inadvertently memorised the passwords to the accounts I use most often e.g. Natwest, RBS, Lloyds, Halifax (which gives me access to Bank of Scotland too), Nationwide, Virgin Money, Santander etc.

Between the accounts I have memorised the info for I have linked regular savers at some of the highest rates available which contain over £15k between them and I can access the account that my wages/student loan payments go into so if all my passwords are stolen/destroyed although I will not have access to all of my money, I can still access a decent chunk of it.

Surely memorising some of your most important passwords is a wise move in this sort of situation.

I think this is a big part of it - and the issue really depends on how good any individual is at memorising things.

I also have a large number of online accounts (not sure I make it into hundreds though) and those I use on a regular basis (around 20+) I know the login details by heart.

Those I don't use so often I have written down in a coded form - also using a form of word association meaning that anyone other than me is unlikely to guess that (1) this is a list of passwords and (2) what the passwords are.

The points about convenience are well made, but for me personally the hassle of researching the different password managers and keeping up to date on issues each one may have is comparable to the hassle of having a piece of paper to refer to from time to time.  Different people will have different needs and approaches though.

One of the key points in this thread though is the importance of being careful about memorable information, e.g. mother's maiden name.  I now never use my mother's correct maiden name as information I provide to a financial services company as 'security' information.  If you were born in England or Wales and someone knows your birth name and approximate age then in most cases it takes only a few seconds on a site like FreeBMD to find your MMN.  There's no need to trawl social media to find that.

That said, it is also important to be clear whether the FI is asking for the information for security purposes only, or wants the information as part of the application process. If the latter, there is a risk of the 'false' information going into one of the anti-fraud databases and flagging you up for application fraud or similar. For that reason I make sure that any 'false' answers I give for security purposes are clearly false with no ambiguity as to whether it was an attempt to mislead the FI.  E.g. the word I'd use for mother's maiden name is never one which is recognisable as a surname.

km1500

probably a silly question but how do you accumulate hundreds (ie>=200) of passwords / codes ?

Bridlington1

k_man said:

Bridlington1 said:

k_man said:

Bridlington1 said:

k_man said:

[Deleted User] said:

Bridlington1 said:

I store all of my passwords on sheets of paper which are kept in a locked cashbox which I keep hidden away. A hacker can't get my passwords without breaking into the house and even if they did they'd struggle to find it.

I personally condider keeping passwords stored on a computer/onedrive especially if they aren't encrypted to be too risky.

This is the safest option in the whole thread.

While it may be the safest, it certainly isn't very convenient, which then reduces the safety.

While a secured paper copy as a backup is viable, as a main store it has the following risks/downsides:

Discourages use of random passwords (see below)

Every password has to be typed in manually every time. I would find this very cumbersome  (I need to enter a password many, many times every day)

Becomes a single point of failure. In the event of a fire or break in, all passwords could be lost. And that isn't a good time to lose login details to banks, insurance companies etc.

As the list gets longer (many of us now have 10s if not hundreds of logins) finding the right one gets harder, and so reduces convenience.

Finding the correct password is easy enough for me as I store each one on a separate sheet of paper (usually the back of receipts) which are kept in alphabetical order.

I have a second backup cashbox which contains a jamjar containing another list of passwords, which are all on A4 sheets this time and written in invisible ink. If there is a burglar they would have to find two boxes, 2 smartphones and disconnect the landline somehow before they could lock me out of any of my banking. Moreover in the event of fire if I am in the house I can grab the first box in a matter of seconds so both myself and the box will be going through the window to the garden below, that's assuming the fire is not during the night as I have been known to sleep through fire alarms going off on numerous occasions before so this could cause issues.

By far the safest and probably the most convenient option is just memorising the passwords. I have memorised the ones I use most often so most of the time I do not need to look them up full stop. I have 2 mobile phones which I use for OTPS so as long as I have access to either of my mobile phones or the landline or my debit cards (and can visit a branch or source a card reader) I can access some of my money without the paper copies. 

At the end of the day there is no 100% safe option of storing passwords but if you can't remember all of them you will have some risk of either the passwords being destroyed, being compromised or both. I choose to err on the side of prioritising keeping them away from fraudsters at the risk of them being destroyed by fire but it's down to personal preference and what your priorities are as to which method you use.

 I have hundreds of passwords and passcodes, so memorising all those, while ensuring they are unique and strong would not work for me (and I assume for >95% of the population).

I am forever moving money between accounts to get the best rates. I like yourself have hundreds of passwords and passcodes. I do not memorise all of them but in the process of logging into online banking god knows how many times over the months and years I have inadvertently memorised the passwords to the accounts I use most often e.g. Natwest, RBS, Lloyds, Halifax (which gives me access to Bank of Scotland too), Nationwide, Virgin Money, Santander etc.

Between the accounts I have memorised the info for I have linked regular savers at some of the highest rates available which contain over £15k between them and I can access the account that my wages/student loan payments go into so if all my passwords are stolen/destroyed although I will not have access to all of my money, I can still access a decent chunk of it.

Surely memorising some of your most important passwords is a wise move in this sort of situation.

I am more in the school of thought that if you can remember more than a few passwords, they are not strong passwords.

So I memorise a few passwords (meaning they are not fully random, but are long), and have a local paper copy of these, for systems where necessary, e.g. the password manager itself, and Microsoft and Google accounts.

The rest are long, strong, and probably wouldn't actually be recognised by me!

My passwords are a series of random letters and numbers of 8 digits long which I generate using random.org. I then slot a couple of other symbols in where I fancy. I've managed to memorise these alright as it's only like remembering phone numbers but with extra characters involved. They may not be the longest passwords but they are reasonably strong and can be memorised by me but are not easily guessed by others.