Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • Former MSE Helen
    • By Former MSE Helen 27th Apr 11, 4:13 PM
    • 2,324Posts
    • 971Thanks
    Former MSE Helen
    'How to have lots of passwords without struggling to remember them' blog discussion
    • #1
    • 27th Apr 11, 4:13 PM
    'How to have lots of passwords without struggling to remember them' blog discussion 27th Apr 11 at 4:13 PM
    This is the discussion to link on the back of Martin's blog. Please read the blog first, as this discussion follows it.





    Please click 'post reply' to discuss below.
Page 1
    • Reaper
    • By Reaper 27th Apr 11, 4:45 PM
    • 6,727 Posts
    • 5,090 Thanks
    Reaper
    • #2
    • 27th Apr 11, 4:45 PM
    • #2
    • 27th Apr 11, 4:45 PM
    As all the passwords are for online use I use a password database on my PC. I suggest using a mainstream Open Source program to remove any worry about it being genuine. The one I use is a freebie called KeyPass. Now I only have to remember the single password to access it and the passwords are held encrypted on my hard drive so are no use to a hacker even if they do get into my machine. Do remember to back it up from time to time though!
    • RAS
    • By RAS 27th Apr 11, 4:47 PM
    • 27,995 Posts
    • 48,414 Thanks
    RAS
    • #3
    • 27th Apr 11, 4:47 PM
    • #3
    • 27th Apr 11, 4:47 PM
    I have a number of specialist interests. My passwords often refer to details aspects which are particularly relevant to me. So to start with someone needs to know what interests me, then which area I use for that account, then which of the very specialist aspects is uppermost in my mind. For passwords that have to be re-set frequently, I often use the names of people who are in the news or whose work I have read recently.

    So if I am interested in dogs, the trigger might be Alsatian and the key some aspect specific to that type of dog, combined with a number. Then I play with combinations of that basic set. A short term password might relate to wedding say.

    Not that I would ever use either of these!
    The person who has not made a mistake, has made nothing
  • swingofthings
    • #4
    • 27th Apr 11, 5:23 PM
    • #4
    • 27th Apr 11, 5:23 PM
    Personally I use LastPass ... great for remembering all my passwords and accessible via the cloud which means I can use it on my various PCs at home and work. It is meant to be very secure - see reviews on the net for more information.

    Incidentally re: RAS's post above, with respect, such passwords would be easier to hack if you make them up using things that are pertinant to you ... thus if a hacker knows your personal habits, it will be easier to crack your password ... it is much much harder to hack your account if someone knows everything about you but you have set up random letters etc.
    • jasdev
    • By jasdev 27th Apr 11, 5:39 PM
    • 85 Posts
    • 18 Thanks
    jasdev
    • #5
    • 27th Apr 11, 5:39 PM
    • #5
    • 27th Apr 11, 5:39 PM
    1Password is a very popular way to store/generate robust passwords without having to struggle to memorise lots of different ones. I use KeepassX (Keepass as mentioned above, but for Mac) instead but 1Password has the advantage of working on iPhones and Android phones.
    • real_woodworm
    • By real_woodworm 27th Apr 11, 5:42 PM
    • 14 Posts
    • 4 Thanks
    real_woodworm
    • #6
    • 27th Apr 11, 5:42 PM
    • #6
    • 27th Apr 11, 5:42 PM
    Roboform is good for PCs
    • originalmiscellany
    • By originalmiscellany 27th Apr 11, 5:58 PM
    • 1,612 Posts
    • 3,888 Thanks
    originalmiscellany
    • #7
    • 27th Apr 11, 5:58 PM
    I use
    • #7
    • 27th Apr 11, 5:58 PM
    lastpass. It's a great program and is very well thought of.

    http://download.cnet.com/LastPass-Password-Manager/3000-2092_4-10889725.html
    Feb 2012 - onwards MF achieved
    September 2016 - Back into clearing a mortgage - Was due to be paid off in 32 years in March 2047 -
    April 2018 down to 28.00 months vs 30.04 months at normal payment.
    Predicted mortgage clearing 03/2047 - now looking at 02/2045

    Aims: 1) To pay off mortgage within 20 years - 2037
    • Heffi1
    • By Heffi1 27th Apr 11, 8:59 PM
    • 1,179 Posts
    • 3,574 Thanks
    Heffi1
    • #8
    • 27th Apr 11, 8:59 PM
    • #8
    • 27th Apr 11, 8:59 PM
    Roboform is good for PCs
    Originally posted by real_woodworm
    I have used Roboform for quite a few years now and have peace of mind, as long as the master password is set, then it is pretty much childs play. There is a random password generator too if you dont want to have to think of a password yourself.
    Been here for a long time and don't often post
  • Gwyndster
    • #9
    • 27th Apr 11, 9:07 PM
    • #9
    • 27th Apr 11, 9:07 PM
    Following a suggestion on a website I use a mnemonic:

    For example you could turn:

    I love to eat lasagne and garlic bread - into Il2el&gb

    That way you have a mix of charcters and then I just add characters which represent the organisation.
    • Soosieboo
    • By Soosieboo 27th Apr 11, 10:15 PM
    • 644 Posts
    • 17,109 Thanks
    Soosieboo
    you can't beat LastPass. However I still don't store my bank login details there!
    Rapport is another handy program to have for secure sites. http://www.trusteer.com/product/trusteer-rapport
    Thanks to those that post the comps!!

    • Stompa
    • By Stompa 27th Apr 11, 10:30 PM
    • 7,920 Posts
    • 3,938 Thanks
    Stompa
    1Password is a very popular way to store/generate robust passwords without having to struggle to memorise lots of different ones. I use KeepassX (Keepass as mentioned above, but for Mac) instead but 1Password has the advantage of working on iPhones and Android phones.
    Originally posted by jasdev
    FWIW there is a version of Keepass for Android:

    http://www.appbrain.com/app/keepassdroid/com.android.keepass

    (though it has some limitations)
    Stompa
    • MrsTinks
    • By MrsTinks 27th Apr 11, 11:05 PM
    • 14,995 Posts
    • 23,049 Thanks
    MrsTinks
    I use memory triggers as the main reminder. Say it was my amazon account: the first thought I had when I thought amazon was my favourite author; Terry pratchett - but using him would be too obvious... But prat= twit so my password WAS Twit1948 1948 being his year of birth.... Hasten to add it's long since been changed but I use similar triggers for other sites
    DFW Nerd #025
    DFW no more! Officially debt free 2017 - now joining the MFW's!

    My DFW Diary - blah- mildly funny stuff about my journey
    • ElkyElky
    • By ElkyElky 28th Apr 11, 5:19 AM
    • 2,422 Posts
    • 2,739 Thanks
    ElkyElky
    My passwords would never consist of any type of word or name. I usually just type a random sequence of letters, numbers and other characters and memorise that sequence (takes me about 5 minutes to memorise, which usually happens by the time I've changed my password for every website I use). My main password just now is 17 characters long and changes on a monthly basis.

    For example, 49Km6*AL2OPmd$! was my previous password. Completely unguessable since it doesn't contain any words from the dictionary.
    Weve had to remove your signature. Please check the Forum Rules if youre unsure why its been removed and, if still unsure, email forumteam@moneysavingexpert.com
    • onredbull
    • By onredbull 28th Apr 11, 8:45 AM
    • 397 Posts
    • 396 Thanks
    onredbull
    I used to used an old little address book, something that comes free in the post or with a magazine and keep it close to my computer. Not ideal if you move around on laptop, but was ok next to pc.
    ~~~~~~~~~~~~
    "In Raising Your Children;"
    "Spend Half As Much Money n Twice As Much Time."
    • Simon_c
    • By Simon_c 28th Apr 11, 9:44 AM
    • 49 Posts
    • 48 Thanks
    Simon_c
    I've never got on with lastpass, some of the online forms I need to enter passwords into use techniques to prevent passwords being entered.

    I use the following system.

    * Low value sites (like internet forums etc) have a common password that's probably easily guessed. , that would probably be the one I'd have used on the PSN if I'd used it. I'm slowly transitioning some/all of these over to random passwords

    * Medium value sites (sites that can spend real money that might remember a credit card details) like amazon etc or webmail sites I use a unique random password, (using a plugin called pwgen) Passwords are then synched between machine with firefox sync.
    * A high value password I use for encryption keys like the firefox password DB, I never use that online anywhere.
    * Online banking and credit cards sites have their own password, which I use on multiple sites in this category
    * Work accounts tend to have a random password, remembered via firefox. For those work sites that have techniques to prevent entering auto-remembered passwords, I use the grease-monkey plugin & the script "showpas" which shows the password (so I can cut/paste it) if you mouse-over the password field.

    So, most (but not all) of my password security is reliant on the encryption of the firefox passwordDB. Probably not perfect, especially if someone gets a key logger on my machine, but it's better than many ppl
    • malc_b
    • By malc_b 29th Apr 11, 9:06 AM
    • 1,027 Posts
    • 396 Thanks
    malc_b
    I second keepass. Random passwords for every site. Only one password to remember. You can run it off a USB stick. It auto types for you (and mixes that with copy/paste to obscure it from key loggers). It can also handle some pick letter X from password logins.

    BTW before installing trusteer rapport I would suggest reading what people say about it. I quick google brings up many people who have problems with it slowing down their computer, sending MB of data to trusteer, clashing with firewalls and AV, and then being near impossible to remove.
    Last edited by malc_b; 29-04-2011 at 9:14 AM.
    • clouty
    • By clouty 29th Apr 11, 7:49 PM
    • 113 Posts
    • 194 Thanks
    clouty
    There's no way I am going to tell you my system!

    On a mac, I have had no problems with Trusteer.. it uses about 3% of the system - stats from iStat Nano. I have removed it in the past, when a mac glitch meant it failed to engage. Their helpdesk (via email) is just that.
    may your good days grow
  • mel12
    I have one random collection of letters and numbers memorised then just move the letters on - so I only have to write down if its +1 or +2 etc.

    So if the first password is GTX247 (its not obviously), then
    password+1 would be HUY358 and +2 IVZ469 and so on... Once they get to 9 the numbers rotate to zero so +3 would be JWA570 etc.
    Only after the last tree has been cut down,
    Only after the last river has been poisoned,
    Only after the last fish has been caught,
    Only then will you find that money cannot be eaten
    • m00head
    • By m00head 30th Apr 11, 4:46 PM
    • 146 Posts
    • 1,493 Thanks
    m00head
    There are websites out there which let you store your passwords encrypted locally on your PC. Your passwords are only accessed when you syncronize your online accounts through their own website, such as:

    http://www.accountstore.co.uk (free for everyone)

    http://www.firstdirect.com/ibplus (free for everyone, not just First Direct customers)

    http://www.ewise.com.au/accunity (free for everyone)

    http://www.egg.com/youraccounts (existing customers only)

    All of the above websites (apart from the last one) support the vast majority of online banking, e-mail, and utility accounts.

    .
    Last edited by m00head; 30-04-2011 at 5:16 PM.
    • Decorian
    • By Decorian 3rd May 11, 11:46 AM
    • 28 Posts
    • 15 Thanks
    Decorian
    Passwords are always the weak point in a security system.
    People will talk about password entropy (how "random" it is) and password reuse.
    As Martin rightly said password reuse is very bad as some websites get compromised, and we need to restrict damage.

    Password entropy is less important in my opinion, but is still worth thinking about, due to the reasons given below.
    The example given above about writing it "in code", if an attacker got hold of your list (in code) and one of your passwords, they may be able to brute force break your other passwords. This is because they can try all words beginning with the letter specified, then all 4 digit numbers beginning with the number specified. As you've reduced the number of words required to check by specifying what letter it starts with, this should not take long. This is an example of a dictionary attack, where the attacker will try every word in a dictionary, which is why it is recommended not to use real words (or even common miss-spellings or number replacements eg. pa55w0rd).
    If you have a theme running through your passwords, and an attacker gets hold of one, they are much more likely to be able to break your others.

    The other thing mentioned is building an "alphabet" to translate your word into a code, remember the word, and then use the code to type your password.
    This is an example of a simple symmetrical cypher, if the key is found (written down), then it is easy to perform a dictionary attack on it.

    My personal opinion of the best way, is use a password storage program (people have mentioned these in previous posts, personally I use secrets for Android).
    These programs include all the information you need to log in, not just password. They have places to write the name of the site, your username, your password, and any extra information you need. Then they encrypt that with symmetric encryption using a master password. This master password must be secure, it must not appear in any dictionary, have any relevance to you or anyone you know, it must also be long. You must never forget it or you lose access to all your passwords.
    However, if you are happy that you are able to remember and safely look after just one master password, then using a program such as these, will allow you to have very secure passwords that are different for every website.
    All posts made are simply my own opinions and are not professional advice.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

299Posts Today

3,201Users online

Martin's Twitter