Where is the safest place to save all my pin numbers and passwords?

masonic

The early ones tried to, but the login process varies so much from one website to the next, and at the same website over time, theworkload would be substantial.

Keepass allows you to set different challenge/response pairs, but you need to select which to fill into the relevant box each time.

grumpy_codger

leosayer said:

grumpy_codger said:

Shylock_249 said:

...
For banks, building societies etc I've started using Bitwarden which works quite well.  Some years ago I tried Keypass which I found difficult to use especially if I'd created a long difficult password made up of numbers and characters because some building societies wouldn't accept "Copy and Paste" and then it was very difficult enter the passwords manually.

I don't see how Bitwarden is better than Keypass in this respect. In both you can edit passwords or use your own instead of automatically generated ones and you can set your rules for generating passwords in Keypass.
With regard to disabled paste - google if you can change settings in a browser to bypass this stupid restriction. I've done this in my preferred Firefox  annoyed by stupidly complex 8-symbol alphanumeric Santander OTPs that their IT idiots not allowed to paste. Now I easily copy&paste them on my PC from Phone Link to Firefox.

Most password safes should have the option of generating a password that is a combination of 3 random words (eg. augustus,petrov,gum) which is a recommended and secure method and much easier to remember and enter manually. 

https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/three-random-words

Yes, it's good to have such password for the password manager itself. However, If you have many different 3-word passwords it'll be impossible to remember them anyway.

And nowadays very few providers don't insist on both low- and and upper-case letters plus digits plus special characters.

Cus

I keep all passwords etc in my memory, and use a specific illogical algorithm to determine and create new ones depending on the location and other factors. It's unbreakable digitally as it doesn't exist as stored data anywhere, (well except my brain) and also as there is no hard copy then it cannot be burnt or stolen.

If get hit by a bus or lose my mind I'm in trouble..

Eyeful

Cus said:

I keep all passwords etc in my memory, and use a specific illogical algorithm to determine and create new ones depending on the location and other factors. It's unbreakable digitally as it doesn't exist as stored data anywhere, (well except my brain) and also as there is no hard copy then it cannot be burnt or stolen.

If get hit by a bus or lose my mind I'm in trouble..

That's  OK if you have a photographic memory or only you only have two or three passwords to remember, but not any good for most humans to use.

1. The number of characters is what is important, the more the better.Today 12 characters are easily cracked.
How many characters long are your passwords?
How many password do you need to remember?
Even back in 2013 hackers knew how to crack the systems that their users thought was unbreakable digitally.
https://arstechnica.com/information-technology/2013/10/how-the-bible-and-youtube-are-fueling-the-next-frontier-of-password-cracking/

2. For the average human 
(a) They may have over 10 different passwords of lets say 15 characters to remember.
(b) They will grow older each day and their memory will start to deteriorate slowly, some times without them even realising it is happening.
(c) When quantum computers become available to criminals, passwords are toast.
(d) Passkeys are not yet common for login on many websites yet.
(e) So today the best we can do is; use a password manager to generate & store long complex password and use the better forms of 2FA.

flaneurs_lobster

Cus said:

I keep all passwords etc in my memory, and use a specific illogical algorithm to determine and create new ones depending on the location and other factors. It's unbreakable digitally as it doesn't exist as stored data anywhere, (well except my brain) and also as there is no hard copy then it cannot be burnt or stolen.

If get hit by a bus or lose my mind I'm in trouble..

According to Bitwarden I've got a tad over 1100 separate credential entries stored, suspect your method might not be entirely suitable for me or others with similar.

And to add to @Eyeful 's point about passkeys - I've used them when they are available - I have a grand total of 6.

cwep2

I have a distrust of anything stored on the cloud, especially all my passwords. Even if the risk is small, if someone did access it I could lose everything. Given that quantum computing may be able to crack all existing encryptions at some point in the next decade or so (certainly possible in my lifetime) I just don't want to put all that somewhere in the cloud that would be one of the hackers first ports of call if they we able to break that encryption.

So I only use stuff that is stored locally. A bit less convenient but does the job. Now I have over 1000 logins and passwords, so memory ain't gonna cut it. But I'd separate these into 3-4 categories:
1. Low stakes: eg forum logins like this one or something like BBC iPlayer. If someone gets my password I mean they can post some mean messages as me but there is zero monetary risk. I really don't care much for this stuff so happy to add it to the browser password manager or anything. I'll reuse passwords and do all the things you're not supposed to...
2. Medium stakes: mostly ecommerce sites like Amazon. If someone got access to this they could probably buy some stuff and send it to themselves. This would be annoying and potentially risk £100 or that sort of sum, with a reasonable chance of recovering it if I hadn't been negligent. These are unique and stored locally in an encrypted file, I have a physical offline back up at a family members house in case of fire.
3. High stakes: investment accounts, savings accounts that can only pay to my linked current account etc. Also stored locally in an encrypted file but not stored in their actual form - they are written in a cipher. These would be hard to make payments to any random person but maybe?
4. Very high stakes: main current account, main email account etc - about 5-6 passwords. The sort of place your 2FA goes to if you need to authorise a payment. These very much could be used by someone to empty everything if they had all the above. These are as long as possible whilst still being memorable, unique and not written or stored anywhere. 

masonic

cwep2 said:

I have a distrust of anything stored on the cloud, especially all my passwords. Even if the risk is small, if someone did access it I could lose everything. Given that quantum computing may be able to crack all existing encryptions at some point in the next decade or so (certainly possible in my lifetime) I just don't want to put all that somewhere in the cloud that would be one of the hackers first ports of call if they we able to break that encryption.

*some* existing encryption algorithms. But there are other threats beside quantum computing.

Beeblebr0x

I use biometrics for finance sites, preferably a fingerprint.

Eyeful

cwep2:
As you distrust online Password Managers, have you considered offline password managers such as Keepass XC (others are available)?
https://keepassxc.org/

Johnny-Cage

I use iPasssafe+ which got a iCloud backup option so can use my phone and iPad 

FaceID or pin to access