Best Way to Save Bank Passwords

Eyeful

Google are not experts on Pass Word Managers (PWM). Why take the risk?

Use either
1. A security key like YubiKey 5 NFC
2. PWM together with 2FA
3. PWM you find easy to use, free or paid for. Storage in the cloud or locally.
There are a number such as
(a) Cloud Storage PWM's to consider:  Bitwarden (free), 1 Password (paid for)
(b) Local PWM: KeePass XC (free):
https://keepassxc.org/docs/KeePassXC_GettingStarted#_opening_an_existing_database

4.  https://www.ncsc.gov.uk/collection/passwords/password-manager-buyers-guide

5. Salting Passwords:         https://passwordbits.com/salting-passwords/

6. Double blind method (salting PW), of storing for important information.
https://www.youtube.com/watch?v=boj9q26gadE

barnstar2077

The best method I have found that works for me is to keep them in a book, but change the same character in every password so the book is useless to anyone else.  So, for example, have a 16+ character password, but always replace the third character with a 7 in every password.  Make it something you can remember, so in the example you might be a James Bond fan, so 007 will remind you to replace the third character with a 7.

A fan of mountain climbing could make every second character a K.  Just make sure you write something random down in the book for the second character so no one could ever work it out.  So, for the K2 example, you write down "GJ84@JKP0xXH4$%L", but the password is actually "GK84@JKP0xXH4$%L"  Simple really.

DoneWorking

barnstar2077 said:

The best method I have found that works for me is to keep them in a book, but change the same character in every password so the book is useless to anyone else.  So, for example, have a 16+ character password, but always replace the third character with a 7 in every password.  Make it something you can remember, so in the example you might be a James Bond fan, so 007 will remind you to replace the third number with a 7.  A fan of mountain climbing?, make every second character a K.  Just make sure you write something random down in the book for the second character so no one could ever work it out.  Simple really.

Interesting concept 
Thanks

I tend to use a series of words characters and numbers that only I know and can remember 

I then write it down in a note pad using only a few clues
I then add a few words as a reminder for later in case I forget

I must admit there have been a few evenings when I've felt a bit like a code breaker at Bletchley Park trying to crack my own code 😂 

Under your scheme I could in fact write it down as is and then change one or more of the characters on an easy to recall basis 

oldernonethewiser

sausage_time said:

For those of us enjoying life outside the Apple walled garden, Google Password manager lets you save notes for each entry.

Some people play outside the walled garden yet still manage to avoid Google.

Prism

We are getting ever closer to the scenario of having no password at all (as is recommended for work) but until the point that banks catch up then enabled MFA, be resistant to phishing and then it doesn't really matter what your password is. I could share my passwords right now for many of my accounts and it wouldn't help you.

eskbanker

Prism said:

I could share my passwords right now for many of my accounts and it wouldn't help you.

Sounds similar to the famous Jeremy Clarkson publication of his sort code and account number, in the confident but misplaced belief that nobody could do anything with them!

masonic

IvanOpinion said:

barnstar2077 said:

The best method I have found that works for me is to keep them in a book, but change the same character in every password so the book is useless to anyone else.  So, for example, have a 16+ character password, but always replace the third character with a 7 in every password.  Make it something you can remember, so in the example you might be a James Bond fan, so 007 will remind you to replace the third character with a 7.

A fan of mountain climbing could make every second character a K.  Just make sure you write something random down in the book for the second character so no one could ever work it out.  So, for the K2 example, you write down "GJ84@JKP0xXH4$%L", but the password is actually "GK84@JKP0xXH4$%L"  Simple really.

If it works for you that is fine, but there is an inherent risk. If someone cracks one of your passwords then they gain access to all (similar to the use of password managers, you only need to crack one password).

To be fair, I use something similar but work with one of 10 salt phrases mangled with the website details - the difference is I can work out any password without ever having to write a password down (even in a mangled form writing passwords down is a major weakness).

How do you deal with the annoying requirements imposed by some sites that passwords must be between X and Y characters in length, and must contain at least 1 character from groups A, B and C, but cannot contain characters from group D?

Sarahspangles

Prism said:

We are getting ever closer to the scenario of having no password at all (as is recommended for work) but until the point that banks catch up then enabled MFA, be resistant to phishing and then it doesn't really matter what your password is. I could share my passwords right now for many of my accounts and it wouldn't help you.

I always use multi factor authentication if there is a choice, but in the same way as most people can no longer recall all their passwords, I now waste time trying to remember which MFA process I need.

At work, I need to remember a passcode to unlock my work phone and then which of two authenticator apps the specific login process needs. The passcode itself changes every couple of months. For some clinical/financial systems I also have a smart card reader and ID card. I start the login process about twenty minutes before I need to use systems, as trying to do any of this while working is just asking for trouble.

I only need to use one authenticator app at home but there the confusion is that I have multiple identities e.g. for Microsoft (personal + trustee). Most systems are text to phone or email to registered address, but some banking transactions still require a card reader. I was amused/horrified recently to receive a paper card from the Coventry with a number grid to use on phone calls!

Accessing most things on my personal phone requires fingerprint login. Which is secure, but I am concerned that thieves might decide it’s worthwhile targeting vulnerable people in person to take over their access.

sausage_time

oldernonethewiser said:

sausage_time said:

For those of us enjoying life outside the Apple walled garden, Google Password manager lets you save notes for each entry.

Some people play outside the walled garden yet still manage to avoid Google.

Indeed.  For many it could be a convenient solution with nothing separate to install, maintain, or back up.

Personally I use a stand-alone open source password manager that I use on my phone and non-Apple non-Microsoft desktop.  I do not store or back up my password file on the cloud.

LHW99

I was amused/horrified recently to receive a paper card from the Coventry with a number grid to use on phone calls!

Reminds me of a long closed business account with Abbey (?). You had to fax them requests for payments to foreign accounts, and they required a new code filled on each fax form to verify.

So they wanted you to set up a list of codes in advance, fax it to them! and then work your way down the list, using the next one each time you made a request. I moved to a foreign exchange broker very quickly.