I really hate managing passwords. I want something that will make things easy for me to have different passwords over several websites, help me change them semi-regularly, and not have to remember them (some sort of secure lookup service - NOT paper). Is there a tool for that? If so, best one? I’m willing to pay a reasonable amount for it, but I’d prefer it not be subscription based.
1password, Lastpass, Keypass.
I use 1password.
Everyone hates passwords.
What you are looking for is a password manager. That would reduce your burden to only having to remember the password to your password manager. The trade off is that you are going back to using one password for everything in that if someone cracks your password manager password, they have access to all your passwords.
Which way did you come in?
Ditto password managers. I have one on my iPhone and on my Mac at home, same app for different platforms, and they sync wirelessly when I ask them to. I have little idea what I’d do with 120 to 150 complicated passwords (and various other account details like account numbers and security questions) if it weren’t for that.
For Internet-based password managers, of course, you have to bet on the company itself being good-intentioned and on the repository not being easily crackable. When a company accumulates the e-mail / banking / government / cryptocurrency credentials of tens of millions of people, it becomes a really juicy target for nefarious cybercriminals. (I’m a LastPass user.)
I keep mine on paper and tend to rotate them around various places. Currently my one for work is an older Harley model which was formerly my password for AOL. I can easily remember them all and after a week or so following “rotation” I rarely have to check my cheatsheet since all are old friends of mine now.
Yeah. I view passwords as a sort of false sense of security. And password managers, where you keep them all in one place, as a prime target for eventual exposure.
My password is 123457. Everyone gives up after they try 123456.
Retired, at home. There’s a spreadsheet hosted somewhere that has them all. They change periodically.
There’s a paper copy at home. Good luck finding it.
That’s my system, and it has been working fine for 30 years.
I first response was to simply say “lame reply” but if it happens to work for someone why declare it terrible on its face?
Reusing passwords is insecure. If AOL has ever had a data breach while you were using that harley model as the password, then any accounts using that password now or in the future are at risk.
You might want to check your passwords on Have I been Pwned and see if they’ve ever been found in known data breaches.
Claiming that a password management system “works” is beside the point. Of course your system works. The question is whether it is secure. Using the same password on every site also works, but it’s terrible advice, just as yours is.
I use the subscription-based version of 1Password. I only actually know 1 or 2 of my several hundred passwords, and I can keep secure notes and other data in the vault. I pay for the family subscription (that’s for 5 people), and it allows me to create vaults that are shared with my wife (sensitive things like bank accounts) and with the whole family (the Netflix credentials, for instance). The company has been around a long time, and, since I pay them for the service, I feel that I can mostly trust them. In the past, they have been very transparent and quick to fix any security holes they discovered. Like others have said, there’s a risk to cloud-synced services like this, but it’s less than using the same small set of passwords on everything.
The app has extensions for all major browsers, so it can fill in web logins for you, and it includes a feature to let you know when when your passwords may have been compromised at particular sites so you can change them. It will also let you know which sites you use that have 2-factor authentication available (NB: don’t use SMS for 2-factor; use an authentication app like Authy or Google Authenticator).
I think all the major password managers are similar.
I’ve used dashlane as a password manager for a few years and I’m very happy with the investment.
It’s just not feasible to come up with and remember 100+ strong, unique passwords that you periodically rotate.
I use a password generator with uppercase, lowercase letters and numbers up to 18 characters. All gibberish and saved in text file on thumb drive.
These are for the important sites and online shopping sites. For sites like this forum I’ll use nonsense words.
I have re-used the same password (or one of a couple consistent variants, depending on strength requirements) for years.
In fact, I realized how long I’ve been on the Dope when I got a new computer and had to log in for the 1st time in years … it was my “old” password, reused constantly about a decade earlier.
I also store most of my login details (friggin’ usernames aren’t consistent) by writing them onto Ye Olde Technology known as Post-It notes.
Yes, I’m serious. No, they’re probably not good examples to follow.
But I also figure, hackers may try to break into an app & steal millions of logins, but those hackers aren’t breaking into my crappy little particleboard desk and deciphering my handwriting. Half those Post-Its are probably for old, defunct accounts anyway.
I’m not touting this as advice, since I know it’s not good practice, but can someone tell me if there is a serious flaw in what I do, namely: use the same, fairly insecure password for the vast majority of sites (like the Dope), i.e. those where I really don’t care if someone finds out the password and impersonates me. This includes things like Amazon and other shopping sites. So what if someone manages to log in under my name? As long as they don’t have my card/banking details, they can’t hurt me. Then for actual important stuff (work, email, banking, finance) I use different strong passwords.
Create a spreadsheet or manual list using a key word or phrase, I use my first initial, last name and birthday.
Then go up and down one letter or digit for each character in your key.
For example, a becomes b and z, 0 becomes 1 and 9.
Add the special character you like and pick one of the key letters to be a capital. If you are especially paranoid, substitute the next special character on your keyboard in the “encrypted” lines.
As long as you use a reasonably long key, this method produces 50 strong passwords and it is easy to change as needed. As long as you remember the key you can recover a particular password by using the key and “encryption” to retrieve it. I am on the third iteration so far after like 15 years of using this method, but I am lazy about changing them.