We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Password Managers
B0bbyEwing
Posts: 1,443 Forumite
in Techie Stuff
Saw a post elsewhere on the board that was 8 pages long & there was a lot of talk about password managers & it made me think....
So the whole idea behind them is you only need to remember 1 password & everything contained within the manager should really be a large gobbledygook password.
So in theory, shouldn't your master password also be gobbledygook, in which case you're never going to remember it so then how do you get it each time you need to access the manager?
How do you operate yours? Is it 'safe' having something you can remember or not really and if not really then what do you do to not lose access to your manager?
Yep I know, I overthink things. Just wondered that's all
So the whole idea behind them is you only need to remember 1 password & everything contained within the manager should really be a large gobbledygook password.
So in theory, shouldn't your master password also be gobbledygook, in which case you're never going to remember it so then how do you get it each time you need to access the manager?
How do you operate yours? Is it 'safe' having something you can remember or not really and if not really then what do you do to not lose access to your manager?
Yep I know, I overthink things. Just wondered that's all
2
Comments
-
My master password consists of a some mixed up words I won't forget plus a few special characters thrown in and a mix of upper and lower case. I mainly use biometric security to get access, so it does challenge me if I need to use the master password instead! I do have it written down in a secure place.
I’m a Forum Ambassador and I support the Forum Team on the In My Home MoneySaving, Energy and Techie Stuff boards. If you need any help on these boards, do let me know. Please note that Ambassadors are not moderators. Any posts you spot in breach of the Forum Rules should be reported via the report button, or by emailing forumteam@moneysavingexpert.com.
All views are my own and not the official line of MoneySavingExpert.
2 -
B0bbyEwing said:Saw a post elsewhere on the board that was 8 pages long & there was a lot of talk about password managers & it made me think....
So the whole idea behind them is you only need to remember 1 password & everything contained within the manager should really be a large gobbledygook password.
So in theory, shouldn't your master password also be gobbledygook, in which case you're never going to remember it so then how do you get it each time you need to access the manager?
How do you operate yours? Is it 'safe' having something you can remember or not really and if not really then what do you do to not lose access to your manager?
Yep I know, I overthink things. Just wondered that's allI open my password manager with a fingerprint. The fallback is a pass number which is something memorable.
The way I look at it, the first line of defence is to know where my devices (phone, tablet) are. In the same way as I currently know where my wallet and passport are. The next line of defence is my fingerprint, the weak point is the alternative pass number for the device(s), so I don’t use the same number anywhere else. I’m as cautious about entering it in a public place as I would be about someone looking over my shoulder at a cash machine. The devices lock after a certain number of failed attempts to guess the password so that’s not a concern.
By using a password manager to create a unique strong password for each account, I’m blocking the risk that one account is hacked and the password is used to access another unconnected account.
Most third parties now use or offer multi factor authentication for higher risk systems like banking apps which is the braces to my belt.Fashion on the Ration
2024 - 43/66 coupons used, carry forward 23
2025 - 60.5/890 -
I use roboform..... I just use a certain pattern on the keyboard (12 characters) I can easy remember....that'll do me0
-
B0bbyEwing said:Saw a post elsewhere on the board that was 8 pages long & there was a lot of talk about password managers & it made me think....
So the whole idea behind them is you only need to remember 1 password & everything contained within the manager should really be a large gobbledygook password.
So in theory, shouldn't your master password also be gobbledygook, in which case you're never going to remember it so then how do you get it each time you need to access the manager?
How do you operate yours? Is it 'safe' having something you can remember or not really and if not really then what do you do to not lose access to your manager?
Yep I know, I overthink things. Just wondered that's allNoIt should be something you can remember easily which can be a combination of dates, names places, things egSticky22 yellowflower - 30 years to crack allegedly. A quick tweak of the same password means it will take almost 30 thousand years.
Things that are differerent: draw & drawer, brought & bought, loose & lose, dose & does, payed & paid0 -
I combine a master password with Two Factor Authentication. I have a FIDO physical key as backup, but use Google Authenticator as the main source of the second factor.
My master password is a couple of memorable words, a couple of numerica digits and a special character, with a capital or two; all of which makes it hard to crack the password by brute force, but not so hard that I have trouble typing it in.The comments I post are my personal opinion. While I try to check everything is correct before posting, I can and do make mistakes, so always try to check official information sources before relying on my posts.0 -
Tbh I use biometrics too. My concern with this is what has happened to a couple relatives previously when it's come to their banking (& lack of using PWMs) in that they've been using biometrics for so long that when they get a new phone or whatever else that forces an actual password input..... They've forgotten it because it's just been so easy to use a thumb print or face ID for so long.
I currently use a mix of words & numbers that I've not used for anything else ever before, however I haven't thrown special characters in to the mix so I'll rectify that one now. Thanks.0 -
With regards to relatives that is a good reason to get them using a password manager especially as Android and iOS have one built in.B0bbyEwing said:Tbh I use biometrics too. My concern with this is what has happened to a couple relatives previously when it's come to their banking (& lack of using PWMs) in that they've been using biometrics for so long that when they get a new phone or whatever else that forces an actual password input..... They've forgotten it because it's just been so easy to use a thumb print or face ID for so long.
I currently use a mix of words & numbers that I've not used for anything else ever before, however I haven't thrown special characters in to the mix so I'll rectify that one now. Thanks.
For extra security, you might want to look at third party password managers. I use Bitwarden.
Now, would also be a good time for a Digital Health check (checking for re-used passwords, making sure some form of 2FA is on, getting rid of any passwords that are written down, getting up to speed on how to act securely online etc)0 -
disagree that a 4 'character' password would take that long to crackoldernonethewiser said:B0bbyEwing said:Saw a post elsewhere on the board that was 8 pages long & there was a lot of talk about password managers & it made me think....
So the whole idea behind them is you only need to remember 1 password & everything contained within the manager should really be a large gobbledygook password.
So in theory, shouldn't your master password also be gobbledygook, in which case you're never going to remember it so then how do you get it each time you need to access the manager?
How do you operate yours? Is it 'safe' having something you can remember or not really and if not really then what do you do to not lose access to your manager?
Yep I know, I overthink things. Just wondered that's allNoIt should be something you can remember easily which can be a combination of dates, names places, things egSticky22 yellowflower - 30 years to crack allegedly. A quick tweak of the same password means it will take almost 30 thousand years.0 -
The person attempting to crack it doesn't know you've only used four different characters. The US equivalent of the NCCS has a password checker that will show how long various methods will take to crack a password.km1500 said:
disagree that a 4 'character' password would take that long to crackoldernonethewiser said:B0bbyEwing said:Saw a post elsewhere on the board that was 8 pages long & there was a lot of talk about password managers & it made me think....
So the whole idea behind them is you only need to remember 1 password & everything contained within the manager should really be a large gobbledygook password.
So in theory, shouldn't your master password also be gobbledygook, in which case you're never going to remember it so then how do you get it each time you need to access the manager?
How do you operate yours? Is it 'safe' having something you can remember or not really and if not really then what do you do to not lose access to your manager?
Yep I know, I overthink things. Just wondered that's allNoIt should be something you can remember easily which can be a combination of dates, names places, things egSticky22 yellowflower - 30 years to crack allegedly. A quick tweak of the same password means it will take almost 30 thousand years.0
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.9K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 453K Spending & Discounts
- 242.8K Work, Benefits & Business
- 619.6K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.7K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards