Password Managers

Saw a post elsewhere on the board that was 8 pages long & there was a lot of talk about password managers & it made me think....

So the whole idea behind them is you only need to remember 1 password & everything contained within the manager should really be a large gobbledygook password. 

So in theory, shouldn't your master password also be 
gobbledygook, in which case you're never going to remember it so then how do you get it each time you need to access the manager?

How do you operate yours? Is it 'safe' having something you can remember or not really and if not really then what do you do to not lose access to your manager?

Yep I know, I overthink things. Just wondered that's all :)
«13

Comments

  • victor2
    victor2 Posts: 8,052 Ambassador
    Part of the Furniture 1,000 Posts Name Dropper
    My master password consists of a some mixed up words I won't forget plus a few special characters thrown in and a mix of upper and lower case. I mainly use biometric security to get access, so it does challenge me if I need to use the master password instead! I do have it written down in a secure place.

    I’m a Forum Ambassador and I support the Forum Team on the In My Home MoneySaving, Energy and Techie Stuff boards. If you need any help on these boards, do let me know. Please note that Ambassadors are not moderators. Any posts you spot in breach of the Forum Rules should be reported via the report button, or by emailing forumteam@moneysavingexpert.com. 

    All views are my own and not the official line of MoneySavingExpert.

  • Saw a post elsewhere on the board that was 8 pages long & there was a lot of talk about password managers & it made me think....

    So the whole idea behind them is you only need to remember 1 password & everything contained within the manager should really be a large gobbledygook password. 

    So in theory, shouldn't your master password also be gobbledygook, in which case you're never going to remember it so then how do you get it each time you need to access the manager?

    How do you operate yours? Is it 'safe' having something you can remember or not really and if not really then what do you do to not lose access to your manager?

    Yep I know, I overthink things. Just wondered that's all :)
    I open my password manager with a fingerprint. The fallback is a pass number which is something memorable.

    The way I look at it, the first line of defence is to know where my devices (phone, tablet) are. In the same way as I currently know where my wallet and passport are. The next line of defence is my fingerprint, the weak point is the alternative pass number for the device(s), so I don’t use the same number anywhere else. I’m as cautious about entering it in a public place as I would be about someone looking over my shoulder at a cash machine. The devices lock after a certain number of failed attempts to guess the password so that’s not a concern.

    By using a password manager to create a unique strong password for each account, I’m blocking the risk that one account is hacked and the password is used to access another unconnected account. 

    Most third parties now use or offer multi factor authentication for higher risk systems like banking apps which is the braces to my belt.
    Fashion on the Ration
    2024 - 43/66 coupons used, carry forward 23
    2025 - 60.5/89
  • I use roboform..... I just use a certain pattern on the keyboard (12 characters) I can easy remember....that'll do me
  • Saw a post elsewhere on the board that was 8 pages long & there was a lot of talk about password managers & it made me think....

    So the whole idea behind them is you only need to remember 1 password & everything contained within the manager should really be a large gobbledygook password. 

    So in theory, shouldn't your master password also be 
    gobbledygook, in which case you're never going to remember it so then how do you get it each time you need to access the manager?

    How do you operate yours? Is it 'safe' having something you can remember or not really and if not really then what do you do to not lose access to your manager?

    Yep I know, I overthink things. Just wondered that's all :)
    No

    It should be something you can remember easily which can be a combination of dates, names places, things eg
    Sticky22 yellowflower - 30 years to crack allegedly. A quick tweak of the same password means it will take almost 30 thousand years.

    Things that are differerent: draw & drawer, brought & bought, loose & lose, dose & does, payed & paid


  • tacpot12
    tacpot12 Posts: 9,156 Forumite
    Ninth Anniversary 1,000 Posts Name Dropper
    I combine a master password with Two Factor Authentication. I have a FIDO physical key as backup, but use Google Authenticator as the main source of the second factor.

    My master password is a couple of memorable words, a couple of numerica digits and a special character, with a capital or two; all of which makes it hard to crack the password by brute force, but not so hard that I have trouble typing it in.
    The comments I post are my personal opinion. While I try to check everything is correct before posting, I can and do make mistakes, so always try to check official information sources before relying on my posts.
  • B0bbyEwing
    B0bbyEwing Posts: 1,443 Forumite
    1,000 Posts Second Anniversary Name Dropper
    Tbh I use biometrics too. My concern with this is what has happened to a couple relatives previously when it's come to their banking (& lack of using PWMs) in that they've been using biometrics for so long that when they get a new phone or whatever else that forces an actual password input..... They've forgotten it because it's just been so easy to use a thumb print or face ID for so long. 

    I currently use a mix of words & numbers that I've not used for anything else ever before, however I haven't thrown special characters in to the mix so I'll rectify that one now. Thanks. 
  • PHK
    PHK Posts: 2,186 Forumite
    Eighth Anniversary 1,000 Posts Photogenic Name Dropper
    edited 25 November 2024 at 7:11AM
    Tbh I use biometrics too. My concern with this is what has happened to a couple relatives previously when it's come to their banking (& lack of using PWMs) in that they've been using biometrics for so long that when they get a new phone or whatever else that forces an actual password input..... They've forgotten it because it's just been so easy to use a thumb print or face ID for so long. 

    I currently use a mix of words & numbers that I've not used for anything else ever before, however I haven't thrown special characters in to the mix so I'll rectify that one now. Thanks. 
    With regards to relatives that is a good reason to get them using a password manager especially as Android and iOS have one built in. 

    For extra security, you might want to look at third  party password managers. I use Bitwarden. 

    Now, would also be a good time for a Digital Health check (checking for re-used passwords, making sure some form of 2FA is on, getting rid of any passwords that are written down, getting up to speed on how to act securely online etc)
  • km1500
    km1500 Posts: 2,703 Forumite
    1,000 Posts Second Anniversary Name Dropper
    Saw a post elsewhere on the board that was 8 pages long & there was a lot of talk about password managers & it made me think....

    So the whole idea behind them is you only need to remember 1 password & everything contained within the manager should really be a large gobbledygook password. 

    So in theory, shouldn't your master password also be gobbledygook, in which case you're never going to remember it so then how do you get it each time you need to access the manager?

    How do you operate yours? Is it 'safe' having something you can remember or not really and if not really then what do you do to not lose access to your manager?

    Yep I know, I overthink things. Just wondered that's all :)
    No

    It should be something you can remember easily which can be a combination of dates, names places, things eg
    Sticky22 yellowflower - 30 years to crack allegedly. A quick tweak of the same password means it will take almost 30 thousand years.

    disagree that a 4 'character' password would take that long to crack
  • Cougar
    Cougar Posts: 16 Forumite
    Part of the Furniture 10 Posts Combo Breaker
    km1500 said:
    disagree that a 4 'character' password would take that long to crack

    Quite.

    It would take forever to brute force if your attack methodology was "aaaaa"? Nope. "aaaab?"  Nope.  But absolutely no-one has cracked passwords like that in at least 20 years.
  • PHK
    PHK Posts: 2,186 Forumite
    Eighth Anniversary 1,000 Posts Photogenic Name Dropper
    km1500 said:
    Saw a post elsewhere on the board that was 8 pages long & there was a lot of talk about password managers & it made me think....

    So the whole idea behind them is you only need to remember 1 password & everything contained within the manager should really be a large gobbledygook password. 

    So in theory, shouldn't your master password also be gobbledygook, in which case you're never going to remember it so then how do you get it each time you need to access the manager?

    How do you operate yours? Is it 'safe' having something you can remember or not really and if not really then what do you do to not lose access to your manager?

    Yep I know, I overthink things. Just wondered that's all :)
    No

    It should be something you can remember easily which can be a combination of dates, names places, things eg
    Sticky22 yellowflower - 30 years to crack allegedly. A quick tweak of the same password means it will take almost 30 thousand years.

    disagree that a 4 'character' password would take that long to crack
    The person attempting to crack it doesn't know you've only used four different characters. The US equivalent of the NCCS has a password checker that will show how long various methods will take to crack a password. 
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 349.9K Banking & Borrowing
  • 252.6K Reduce Debt & Boost Income
  • 453K Spending & Discounts
  • 242.8K Work, Benefits & Business
  • 619.6K Mortgages, Homes & Bills
  • 176.4K Life & Family
  • 255.7K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.