We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Password Managers
Options
Comments
-
Install another password manager and then each one can remember the other one's password.1
-
Genius. If you are worried that your password manager Master Password is exposed because it has to be written down then the obvious solution is to store it in another password manager!chrisw said:Install another password manager and then each one can remember the other one's password.
Err...
Actually my partner and I do kind of do this, we have an account each on Bitwarden, each with it's own Master Password, but these passwords are stored in the other's vault (albeit slightly encrypted with extra characters known only to us). Paid version of Bitwarden, allows other account holder access if other person has pre-authorised and does not cancel request within set timescale.0 -
But then you have two passwords to remember and one of them you won't be using, except when you've forgotten the other!chrisw said:Install another password manager and then each one can remember the other one's password.
I’m a Forum Ambassador and I support the Forum Team on the In My Home MoneySaving, Energy and Techie Stuff boards. If you need any help on these boards, do let me know. Please note that Ambassadors are not moderators. Any posts you spot in breach of the Forum Rules should be reported via the report button, or by emailing forumteam@moneysavingexpert.com.
All views are my own and not the official line of MoneySavingExpert.
0 -
-
I've been thinking about that as DD and I both use the free version of Bitwarden, and only one needs to have the paid version. Apparently, it remains in place even if you no longer subscribe, but you can't change it. Could be worth a one-off annual subscription of 10USD to set it up perhaps.flaneurs_lobster said:
...chrisw said:Install another password manager and then each one can remember the other one's password.
Actually my partner and I do kind of do this, we have an account each on Bitwarden, each with it's own Master Password, but these passwords are stored in the other's vault (albeit slightly encrypted with extra characters known only to us). Paid version of Bitwarden, allows other account holder access if other person has pre-authorised and does not cancel request within set timescale.I’m a Forum Ambassador and I support the Forum Team on the In My Home MoneySaving, Energy and Techie Stuff boards. If you need any help on these boards, do let me know. Please note that Ambassadors are not moderators. Any posts you spot in breach of the Forum Rules should be reported via the report button, or by emailing forumteam@moneysavingexpert.com.
All views are my own and not the official line of MoneySavingExpert.
0 -
That's very interesting, I've paid for the Families subscription ($40/yr) not knowing that about a single paid sub. Please post again if you are able to confirm this.victor2 said:
I've been thinking about that as DD and I both use the free version of Bitwarden, and only one needs to have the paid version. Apparently, it remains in place even if you no longer subscribe, but you can't change it. Could be worth a one-off annual subscription of 10USD to set it up perhaps.flaneurs_lobster said:
...chrisw said:Install another password manager and then each one can remember the other one's password.
Actually my partner and I do kind of do this, we have an account each on Bitwarden, each with it's own Master Password, but these passwords are stored in the other's vault (albeit slightly encrypted with extra characters known only to us). Paid version of Bitwarden, allows other account holder access if other person has pre-authorised and does not cancel request within set timescale.0 -
Bitwarden Password Manager Pricing & Plans | Bitwardenflaneurs_lobster said:
That's very interesting, I've paid for the Families subscription ($40/yr) not knowing that about a single paid sub. Please post again if you are able to confirm this.victor2 said:
I've been thinking about that as DD and I both use the free version of Bitwarden, and only one needs to have the paid version. Apparently, it remains in place even if you no longer subscribe, but you can't change it. Could be worth a one-off annual subscription of 10USD to set it up perhaps.flaneurs_lobster said:
...chrisw said:Install another password manager and then each one can remember the other one's password.
Actually my partner and I do kind of do this, we have an account each on Bitwarden, each with it's own Master Password, but these passwords are stored in the other's vault (albeit slightly encrypted with extra characters known only to us). Paid version of Bitwarden, allows other account holder access if other person has pre-authorised and does not cancel request within set timescale.Drinking Rum before 10am makes you
A PIRATE
Not an Alcoholic...!0 -
a dictionary attack will have a list of words - one of which will be sticky one of which will be yellowflowers and one of which will be 22 so it's an effectively a three 'character'passwordPHK said:
The person attempting to crack it doesn't know you've only used four different characters. The US equivalent of the NCCS has a password checker that will show how long various methods will take to crack a password.km1500 said:
disagree that a 4 'character' password would take that long to crackoldernonethewiser said:B0bbyEwing said:Saw a post elsewhere on the board that was 8 pages long & there was a lot of talk about password managers & it made me think....
So the whole idea behind them is you only need to remember 1 password & everything contained within the manager should really be a large gobbledygook password.
So in theory, shouldn't your master password also be gobbledygook, in which case you're never going to remember it so then how do you get it each time you need to access the manager?
How do you operate yours? Is it 'safe' having something you can remember or not really and if not really then what do you do to not lose access to your manager?
Yep I know, I overthink things. Just wondered that's all
NoIt should be something you can remember easily which can be a combination of dates, names places, things egSticky22 yellowflower - 30 years to crack allegedly. A quick tweak of the same password means it will take almost 30 thousand years.0 -
Slightly more complex. The base for a character attack is about 100, the base for a dictionary attack is about 8000-170000. I agree with your premise though that simple dictionary words significantly reduces the effectiveness.km1500 said:
a dictionary attack will have a list of words - one of which will be sticky one of which will be yellowflowers and one of which will be 22 so it's an effectively a three 'character'passwordPHK said:
The person attempting to crack it doesn't know you've only used four different characters. The US equivalent of the NCCS has a password checker that will show how long various methods will take to crack a password.km1500 said:
disagree that a 4 'character' password would take that long to crackoldernonethewiser said:B0bbyEwing said:Saw a post elsewhere on the board that was 8 pages long & there was a lot of talk about password managers & it made me think....
So the whole idea behind them is you only need to remember 1 password & everything contained within the manager should really be a large gobbledygook password.
So in theory, shouldn't your master password also be gobbledygook, in which case you're never going to remember it so then how do you get it each time you need to access the manager?
How do you operate yours? Is it 'safe' having something you can remember or not really and if not really then what do you do to not lose access to your manager?
Yep I know, I overthink things. Just wondered that's allNoIt should be something you can remember easily which can be a combination of dates, names places, things egSticky22 yellowflower - 30 years to crack allegedly. A quick tweak of the same password means it will take almost 30 thousand years.
BTW you were correct the first time when you said 4 words, 'yellowflower' would count as 2 words.
Apparently brute force crackers can check up to a billion passwords per second (and increasing). Most of the charts that give an idea of how long to crack a password assume character-by-character attacks, and significantly less throughput.
People often extrapolate these time-to-crack charts to mean a 12 character word would take centuries to crack. That is not true it could take only a few seconds to crack a 12 character word using a dictionary attack. That is why it is suggested to use multiple words (to provide length) and ensure at least one is mangled (not in an obvious way such as replacing 'o' with '0' or 's' with '$').
I don't care about your first world problems; I have enough of my own!0 -
The difference in time needed to brute force crack a 15 character passphrase made up dictionary words compared to a truly random 15 character password using all symbols on the keyboard is quite remarkable.
That said, by using mixed case (e,g, "AppleHouseCloud"), that password would take about 5 days to crack using GPU-based techniques assuming each of the words is chosen from a dictionary of 100,000 words.
If you inserted 4 digits that you can remember (i.e. house alarm code) somewhere in the passphrase "AppleHouse1241Cloud" it's more like 507 years to crack.0
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.4K Spending & Discounts
- 243.7K Work, Benefits & Business
- 598.5K Mortgages, Homes & Bills
- 176.8K Life & Family
- 256.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards