how do I reset facebook password?

Will_Do

Brie said:I had a suspicion someone would come back suggesting a password manager.  My problem with them is I don't understand how they can be secure.  Also how can I use one and have access to it available to the OH just in case?

Is it really that much safer than me having something written down that is an incomplete password but which is meaningful to me?  Yes I don't have a completely random ruDHe78932rui3/./re type password on any of my accounts but I don't think they would be that easy to guess.  Likely I'm wrong but so far I've been comfortable with my choses.

Nothing is 100% secure but it's about finding the most reasonably secure option available that doesn't render what you're trying to protect unusable. Commonly used password managers have a massive user base and are also scrutinised by security experts who are not slow in letting the world know if they find a vulnerability. Yes, one of the major password managers suffered a serious breach a few years ago and handled it badly. I moved away from that one and won't go back but I still consider password managers an essential tool in my security tool box.

As to what can you do to give your OH access in an emergency. In Bitwarden you can assign a trusted emergency contact who is delegated access to your account. You need the Premium version for that feature but it's only $10 a year and you get various other enhanced features for your money. I would imagine many of the other PMs offer a similar feature.

Writing passwords down presents its own risks and challenges. If someone finds your book then the game is up obviously. You could keep your book secured under lock and key at home but how do you then access your passwords when your out and about? If you carry your book with you then it massively increasing the risk of it being lost or stollen. I have my password manager app on my phone, my tablet and my laptop. I can even access it via the web so it's accessible (if I need it) from any internet connected device. It's protected by a very complex password and two-factor authentication, along with various monitoring safeguards the vendor runs in the background to further reduce risk.

Incomplete passwords with a prefix or suffix that you remember are not nearly as secure as people like to think they are. Basically, nothing that you can either remember or reconstruct in your head is secure. If there is any kind of a system or pattern then the bad guys will probably figure it out. Your biggest enemy is password reuse. That's where you use the same password across multiple sites. Some people use the same password on every single site they have an account on. You just need to have an account on one site that is breached and the bad guys will try their luck using your credentials on every and any site they can think of. Even if you use the same password but add a prefix, they likely only need you to be in two or three breaches to figure out your system, assuming it's not blatantly obvious. According to haveibeenpwned.com my credentials can be found in at least 8 major breaches where the usernames and passwords or password hashes have been exposed. So it really does happen.

I know it sounds like a faff to adopt a new tool and learn how to use it but think about the worst case scenarios your trying to protect yourself against. Especially nowadays when so many sites allow you to authenticate using platforms like Facebook, Google etc. Just one of your key accounts or your email gets compromised and you could be in a world of pain that will make the minor effort of adopting a password manager pale into insignificance. Don't rush into it if you're not sure but don't rule it out of hand either. Take some time to do your own due diligence.

Olinda99

agree with the above but also add that if you do decide not to use a password manager but decide to create your own passwords then there are two golden rules to follow

the first is to create a totally unique password for your email because that's where password resets are sent

secondly create unique and strong passwords for your banking logons which are not used anywhere else