We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Password Managers
Options
Comments
-
I read something about this fairly recently, see here: https://passwordbits.com/mix-non-english-passwords-secure/debitcardmayhem said:What if you use words from other languages e.g. senoramerdebahnoffbanana ?
TLDR, it depends on the foreign words you choose. Many password crackers have lists of the most commonly used words in multiple languages so if you choose one of those words then it is likely to be fairly unsecure - the example given is:
The passphrase “cat gato chatte macska” is clever, but you are only saying “cat” in four different languages. This would be an incredibly easy password to guess.
0 -
The most common method I've heard is to have a difficult to guess "baseword" involving a mix of case, numbers and special charcters, then added to it is a couple of characters that are unique to the site being used, along the principle of AM = Amazon, but not that simple. That way, if they forget a password, they can usually work it out, but every password is unique.
I’m a Forum Ambassador and I support the Forum Team on the In My Home MoneySaving, Energy and Techie Stuff boards. If you need any help on these boards, do let me know. Please note that Ambassadors are not moderators. Any posts you spot in breach of the Forum Rules should be reported via the report button, or by emailing forumteam@moneysavingexpert.com.
All views are my own and not the official line of MoneySavingExpert.
0 -
As the transition to Passkeys is ramping up the discussion around passwords seems a bit prehistoric.
Estimates are that to crack a Passkey would take around 300 Trillion years.....More than enough for me...
So, best to ditch passwords wherever possible and use Passkeys instead. Until the site you want moves to Passkey always make sure 2FA or MFA are implemented where possible.
Drinking Rum before 10am makes you
A PIRATE
Not an Alcoholic...!3 -
Your password or base word should really be 'random' letters and one way of generating them is to think of a piece of poetry or song or saying that is rare and (for example) use the first letter of each word in that verse or songvictor2 said:The most common method I've heard is to have a difficult to guess "baseword" involving a mix of case, numbers and special charcters, then added to it is a couple of characters that are unique to the site being used, along the principle of AM = Amazon, but not that simple. That way, if they forget a password, they can usually work it out, but every password is unique.
Simple example - tlawrtltydwnd
the long and winding road that leads to your door will never disappear
Put a special character or two at the end
Then as suggested if you want, put AM at the end for Amazon, EB for eBay etc0 -
Indeed, but where do you store the passkeys to be truly cross platform. You still need to secure that store with a master password.RumRat said:As the transition to Passkeys is ramping up the discussion around passwords seems a bit prehistoric.
Estimates are that to crack a Passkey would take around 300 Trillion years.....More than enough for me...
So, best to ditch passwords wherever possible and use Passkeys instead. Until the site you want moves to Passkey always make sure 2FA or MFA are implemented where possible.0 -
Passkeys really need a hardware device to protect them like a Yubikey which asking a lot of Joe User0
-
Over half of the 40-odd financial institutions I have accounts with use SMS as their 2FA method when accessing them online. I don't see universal adoption of passkeys coming any time soon.
At least the institutions that have apps are using biometrics (in the main) for access control.
Is storing your passkeys on a secured mobile device a significant improvement over holding passwords? Bitwarden allow this, as does Google and MSoft. I've set them up but have not yet been brave enough to remove my passwords.Vitor said:Passkeys really need a hardware device to protect them like a Yubikey which asking a lot of Joe User0 -
- Is storing your passkeys on a secured mobile device a significant improvement over holding passwords -
Passkeys are mostly a a mitigation against the web-site's database of account information being compromised and stolen, as there are simply no passwords to extract. In the event of a data breach, you don’t have to scramble to change passwords as the private key remains on your device.
For 99% of private users I'd say Passkeys on well-protected mobiles are good enough, but ultimately a mobile phone has more ways to be compromised than a hardware key holder.1
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards