Password management

DMac

Registered User
Jul 18, 2015
535
0
Surrey, UK
I wonder what methods TP users use to help make sure their passwords for bank accounts and other secure websites are kept safe? This is becoming more & more of an issue for my OH, as he has PoA over his mother's financial affairs, and the number of websites he needs to use - all with passwords that are hard to remember - is becoming overwhelming.

I've done a bit of research into this, and I can see that using an online password manager has some advantages, the main one being that you only need to remember one master password. Also, the better password managers can generate strong passwords for you, or at least identify weak & duplicate ones. Some can work across multiple devices, because the 'safe' is kept online, which means you can access it from anywhere. This could be useful if, for example, you lose your laptop or phone.

On the other hand, how secure are those password manager sites? A hacker only needs to find out the master password, and they could get access to everything! And goodness help you if you forget the master password!

I'd be interested to hear any thoughts! Thank you.
 

Canadian Joanne

Registered User
Apr 8, 2005
17,710
0
70
Toronto, Canada
I do what "they" say you shouldn't - I write my passwords down in a little notebook. But I also have gradually changed passwords until I only have a few. I use upper and lower case, numbers and recently started adding a special character - ? or % - something like that. I have a couple of passwords which I use for several different things. It works out for me.

I am not at all comfortable with the idea of an online password manager.
 

northumbrian_k

Volunteer Host
Mar 2, 2017
4,415
0
Newcastle
I often use the initial letters of the words of a favourite song, at least one of them capitalised, with a number somewhere amongst this and (if the particular site allows it) a 'special character'. As an example (not a real one):

Ny2awttbiu~

(New York's a wonderful town the bronx is up ...)
 

nitram

Registered User
Apr 6, 2011
30,072
0
Bury
I keep mine in an encrypted document using the free version of https://www.axcrypt.net/download/

If I have forgotten them, and to save looking them up, I can generate them by associating something or somewhere with the site name, I have different ways of doing this.

For example LLoyds bank, which I don't use, could be
lgkmffklg - LLoyd George knew my father etc.
I can then write it down as lgn mff klg which makes finding the fifth letter, or any other, easy.

If I associate blackbirds with a different site the password could be
4&20bbbiapwtpwotb - four and twenty blackbirds baked etc.

For sites that don't really matter associate each one with a car you have owned, say the site was Fred's Emporium and the car reg was abc123d password would be fabc123de

For site that demand mixed cases, or maybe for all sites to make things easier every third alpha character could be upper case.

Although non alpha numeric characters and mixing cases adds security the length of the password, which should not contain any words, is very important
 

Saffie

Registered User
Mar 26, 2011
22,513
0
Near Southampton
I often use the initial letters of the words of a favourite song, at least one of them capitalised, with a number somewhere amongst this and (if the particular site allows it) a 'special character'. As an example (not a real one):

Ny2awttbiu~

(New York's a wonderful town the bronx is up ...)

You still have to remember that though so how can they be retained in a safe way?

I use many different ones and confess I have them listed in hard copy.
Some less important ones are the same but any that are connected to finance in any way, no matter how loosely, stand alone.
I just hope that anyone who burgles my house isn't a computer hacker too!
 

nitram

Registered User
Apr 6, 2011
30,072
0
Bury
'I write my passwords down in a little notebook.'

if you do this you could write then down incorrectly.

a12#bC3£d
becomes
either
z01#aB2£c
or
b23#cD4£e
 

nitram

Registered User
Apr 6, 2011
30,072
0
Bury
"I just hope that anyone who burgles my house isn't a computer hacker too!"

They could just take it for their mate to look at.

If you lost all security details for your bank just think how difficult it would be to either get new ones or even have the account locked.

Also on security, all backups should be either online or on removable media stored somewhere safe and reasonably fireproof.
 

Philbo

Registered User
Feb 28, 2017
853
0
Kent
I use a small address book, in which I write the password down for each website or company.

I do my own sort of encryption, for example substituting ALM for numbers, where I've used the same numbers as our house alarm (one I never forget), or g/d where I've used my granddaughter's name.

Where I use a capitol letter, I underscore that letter in my book, e.g. Cat, would represent our old cat called Sheba.

Makes perfect sense to me.:D
 

nitram

Registered User
Apr 6, 2011
30,072
0
Bury
Just checked and I have 242 unique passwords, 27 financial and 215 shopping, email, various applications.

This isn't counting things like, memorable date (which is always an adjusted family date), favourite colour, memorable name (not a name in my family but one in a relative's family), memorable location, name of first pet, first school attended (not the one I attended), mother's maiden name (incorrect one), etc.
 

nitram

Registered User
Apr 6, 2011
30,072
0
Bury
I know the commonly used ones.
For others the sites that annoy me are the ones that won't let you paste anything in.
 

DMac

Registered User
Jul 18, 2015
535
0
Surrey, UK
Thank you!

Thank you all for your comments, they have been most helpful! :)

I do believe I have come to a decision! ;) I'm going to set up a password manager after all. I'm swayed by nitram's arguments about the consequences of losing sensitive details, and the benefit of having those details stored safely offsite in a place that's secure and regularly backed up.

So, how secure is 'secure'? I guess nothing in the world is ever 100% foolproof, but there are places that are worth trusting - nitram has posted a link to one, for example. I've decided to use a website that already provides general internet security for all my gadgets - and if I can't trust them, who can I trust?

Thank you also for the comments about making individual passwords secure. That wasn't actually the reason for my initial post, but your suggestions have made me think about this. I think it is worth re-iterating the importance of setting secure passwords in the first place.

Thank you again, I really appreciate your thoughts! :)
 

Rosnpton

Registered User
Mar 19, 2017
394
0
Northants
Hi
I have two passwords used in various ways.
All capitals
All lower case
Numbers added etc.
They are listed as a phone entry in my diary under names which are obvious only to me not to be real.
I've generated a phone number into it as well,to make it seem 'real' if even my diary gets stolen.
Although,my writing is scrawl so I doubt anyone would be able to read it
Ros
 

nitram

Registered User
Apr 6, 2011
30,072
0
Bury
"So, how secure is 'secure'? I guess nothing in the world is ever 100% foolproof, but there are places that are worth trusting - nitram has posted a link to one, for example."

My link was to an application for encrypting files stored on your own system.

You can do this and then store the files online, this is what I do.

I use the free (personal) version of https://www.syncplicity.com/pricing/ to automatically store the files I choose online.

I can view these from any system anywhere in the world, download if I want to, and decrypt if necessary. I can also set up automatic synchronisation with any other system.

To view the files requires both the Syncplicity and Axcrypt passphrases.

This is not a password manager, it's a way of securely storing your passwords.

OT but also to be considered by some.
For widows/widowers especially with offspring as beneficiaries/executors have you organised things so that if you walk under the proverbial bus tomorrow they know how to access you computer or if the computer was destroyed because it was not a bus but a plane crash meaning that your laptop was destroyed , they know haw to access financial details if stored online.
 

nitram

Registered User
Apr 6, 2011
30,072
0
Bury
"They are listed as a phone entry in my diary under names which are obvious only to me not to be real.
I've generated a phone number into it as well,to make it seem 'real' if even my diary gets stolen.
Although,my writing is scrawl so I doubt anyone would be able to read it"


And if the diary gets stolen, what do you do?
Your only option appears to be to try to generate specific passwords from your base password.

After a few guesses you either get locked out for a short time or with financial sites have to go through a process of proving you are actually you, at the best an OTP (one time password) to your mobile, at the worst a few days delay waiting for the post.
 

northumbrian_k

Volunteer Host
Mar 2, 2017
4,415
0
Newcastle
You still have to remember that though so how can they be retained in a safe way?

I use many different ones and confess I have them listed in hard copy.
Some less important ones are the same but any that are connected to finance in any way, no matter how loosely, stand alone.
I just hope that anyone who burgles my house isn't a computer hacker too!

It is often said that music/singing is a good way to remember things and that is what works for me. I don't know why but some passwords 'stick' better than others and one never knows which they will be. I still remember a password generated by a bulletin board that I haven't used since I finished work 3 years ago.

Of course it goes beyond passwords as, for additional security, many sites expect you to remember the answers to questions you answered when you first signed up, ask you to give 3 characters out of a 'secret' word and/or digits from a PIN. When it gets this complicated it is best to have some kind of backup so I have mine written down (not in full but with enough information to prompt me) in a password protected file - the problems here are that I still have to remember at least one password and that it could be hacked quite easily. It is also not much use if my laptop is inaccessible for some reason.

I have had some security issues which were almost certainly due to use of my smartphone for internet and email access. Since I stopped doing that things have been OK ...
 

Saffie

Registered User
Mar 26, 2011
22,513
0
Near Southampton
It is often said that music/singing is a good way to remember things and that is what works for me. I don't know why but some passwords 'stick' better than others and one never knows which they will be. I still remember a password generated by a bulletin board that I haven't used since I finished work 3 years ago.

Of course it goes beyond passwords as, for additional security, many sites expect you to remember the answers to questions you answered when you first signed up, ask you to give 3 characters out of a 'secret' word and/or digits from a PIN. When it gets this complicated it is best to have some kind of backup so I have mine written down (not in full but with enough information to prompt me) in a password protected file - the problems here are that I still have to remember at least one password and that it could be hacked quite easily. It is also not much use if my laptop is inaccessible for some reason.

I have had some security issues which were almost certainly due to use of my smartphone for internet and email access. Since I stopped doing that things have been OK ...

I use short sentences for pin numbers etc. in acronym form and find that works well. I've always done this for exams etc too. It doesn't help with passwords though especially with over 50 of them - and those are just the ones I have written down!
 

Staff online

Forum statistics

Threads
138,115
Messages
1,993,113
Members
89,779
Latest member
peanutbrain