Page 1 of 2 12 LastLast
Results 1 to 15 of 19
  1. #1
    Registered User
    Join Date
    Jul 2015
    Posts
    446

    Password management

    I wonder what methods TP users use to help make sure their passwords for bank accounts and other secure websites are kept safe? This is becoming more & more of an issue for my OH, as he has PoA over his mother's financial affairs, and the number of websites he needs to use - all with passwords that are hard to remember - is becoming overwhelming.

    I've done a bit of research into this, and I can see that using an online password manager has some advantages, the main one being that you only need to remember one master password. Also, the better password managers can generate strong passwords for you, or at least identify weak & duplicate ones. Some can work across multiple devices, because the 'safe' is kept online, which means you can access it from anywhere. This could be useful if, for example, you lose your laptop or phone.

    On the other hand, how secure are those password manager sites? A hacker only needs to find out the master password, and they could get access to everything! And goodness help you if you forget the master password!

    I'd be interested to hear any thoughts! Thank you.

  2. #2
    Registered User Canadian Joanne's Avatar
    Join Date
    Apr 2005
    Location
    Toronto, Canada
    Posts
    15,293
    I do what "they" say you shouldn't - I write my passwords down in a little notebook. But I also have gradually changed passwords until I only have a few. I use upper and lower case, numbers and recently started adding a special character - ? or % - something like that. I have a couple of passwords which I use for several different things. It works out for me.

    I am not at all comfortable with the idea of an online password manager.
    Joanne
    Former carer
    When you've seen one person with Alzheimer's, you've seen one person with Alzheimer's

  3. #3
    Registered User
    Join Date
    Mar 2017
    Location
    Newcastle
    Posts
    114
    I often use the initial letters of the words of a favourite song, at least one of them capitalised, with a number somewhere amongst this and (if the particular site allows it) a 'special character'. As an example (not a real one):

    Ny2awttbiu~

    (New York's a wonderful town the bronx is up ...)

  4. #4
    Registered User
    Join Date
    Apr 2011
    Posts
    12,522
    I keep mine in an encrypted document using the free version of https://www.axcrypt.net/download/

    If I have forgotten them, and to save looking them up, I can generate them by associating something or somewhere with the site name, I have different ways of doing this.

    For example LLoyds bank, which I don't use, could be
    lgkmffklg - LLoyd George knew my father etc.
    I can then write it down as lgn mff klg which makes finding the fifth letter, or any other, easy.

    If I associate blackbirds with a different site the password could be
    4&20bbbiapwtpwotb - four and twenty blackbirds baked etc.

    For sites that don't really matter associate each one with a car you have owned, say the site was Fred's Emporium and the car reg was abc123d password would be fabc123de

    For site that demand mixed cases, or maybe for all sites to make things easier every third alpha character could be upper case.

    Although non alpha numeric characters and mixing cases adds security the length of the password, which should not contain any words, is very important

  5. #5
    Registered User Saffie's Avatar
    Join Date
    Mar 2011
    Location
    Near Southampton
    Posts
    21,639
    Quote Originally Posted by northumbrian_k View Post
    I often use the initial letters of the words of a favourite song, at least one of them capitalised, with a number somewhere amongst this and (if the particular site allows it) a 'special character'. As an example (not a real one):

    Ny2awttbiu~

    (New York's a wonderful town the bronx is up ...)
    You still have to remember that though so how can they be retained in a safe way?

    I use many different ones and confess I have them listed in hard copy.
    Some less important ones are the same but any that are connected to finance in any way, no matter how loosely, stand alone.
    I just hope that anyone who burgles my house isn't a computer hacker too!
    "Sometimes you will never know the value of something, until it becomes a memory.” Dr. Seuss

  6. #6
    Registered User
    Join Date
    Apr 2011
    Posts
    12,522
    'I write my passwords down in a little notebook.'

    if you do this you could write then down incorrectly.

    a12#bC3£d
    becomes
    either
    z01#aB2£c
    or
    b23#cD4£e

  7. #7
    Registered User
    Join Date
    Apr 2011
    Posts
    12,522
    "I just hope that anyone who burgles my house isn't a computer hacker too!"

    They could just take it for their mate to look at.

    If you lost all security details for your bank just think how difficult it would be to either get new ones or even have the account locked.

    Also on security, all backups should be either online or on removable media stored somewhere safe and reasonably fireproof.

  8. #8
    Registered User Saffie's Avatar
    Join Date
    Mar 2011
    Location
    Near Southampton
    Posts
    21,639
    Didn't that apply to the notebook too?
    Mine are not in a note book but the sheet is kept securely.
    "Sometimes you will never know the value of something, until it becomes a memory.” Dr. Seuss

  9. #9
    Registered User
    Join Date
    Feb 2017
    Location
    Kent
    Posts
    163
    I use a small address book, in which I write the password down for each website or company.

    I do my own sort of encryption, for example substituting ALM for numbers, where I've used the same numbers as our house alarm (one I never forget), or g/d where I've used my granddaughter's name.

    Where I use a capitol letter, I underscore that letter in my book, e.g. Cat, would represent our old cat called Sheba.

    Makes perfect sense to me.

  10. #10
    Registered User
    Join Date
    Apr 2011
    Posts
    12,522
    Just checked and I have 242 unique passwords, 27 financial and 215 shopping, email, various applications.

    This isn't counting things like, memorable date (which is always an adjusted family date), favourite colour, memorable name (not a name in my family but one in a relative's family), memorable location, name of first pet, first school attended (not the one I attended), mother's maiden name (incorrect one), etc.

  11. #11
    Registered User Canadian Joanne's Avatar
    Join Date
    Apr 2005
    Location
    Toronto, Canada
    Posts
    15,293
    Holy moley, nitram! How do you keep up? I have perhaps 7 or 8.
    Joanne
    Former carer
    When you've seen one person with Alzheimer's, you've seen one person with Alzheimer's

  12. #12
    Registered User
    Join Date
    Apr 2011
    Posts
    12,522
    I know the commonly used ones.
    For others the sites that annoy me are the ones that won't let you paste anything in.

  13. #13
    Registered User
    Join Date
    Jul 2015
    Posts
    446

    Thank you!

    Thank you all for your comments, they have been most helpful!

    I do believe I have come to a decision! I'm going to set up a password manager after all. I'm swayed by nitram's arguments about the consequences of losing sensitive details, and the benefit of having those details stored safely offsite in a place that's secure and regularly backed up.

    So, how secure is 'secure'? I guess nothing in the world is ever 100% foolproof, but there are places that are worth trusting - nitram has posted a link to one, for example. I've decided to use a website that already provides general internet security for all my gadgets - and if I can't trust them, who can I trust?

    Thank you also for the comments about making individual passwords secure. That wasn't actually the reason for my initial post, but your suggestions have made me think about this. I think it is worth re-iterating the importance of setting secure passwords in the first place.

    Thank you again, I really appreciate your thoughts!

  14. #14
    Registered User
    Join Date
    Mar 2017
    Location
    Northants
    Posts
    356
    Hi
    I have two passwords used in various ways.
    All capitals
    All lower case
    Numbers added etc.
    They are listed as a phone entry in my diary under names which are obvious only to me not to be real.
    I've generated a phone number into it as well,to make it seem 'real' if even my diary gets stolen.
    Although,my writing is scrawl so I doubt anyone would be able to read it
    Ros

  15. #15
    Registered User
    Join Date
    Apr 2011
    Posts
    12,522
    "So, how secure is 'secure'? I guess nothing in the world is ever 100% foolproof, but there are places that are worth trusting - nitram has posted a link to one, for example."

    My link was to an application for encrypting files stored on your own system.

    You can do this and then store the files online, this is what I do.

    I use the free (personal) version of https://www.syncplicity.com/pricing/ to automatically store the files I choose online.

    I can view these from any system anywhere in the world, download if I want to, and decrypt if necessary. I can also set up automatic synchronisation with any other system.

    To view the files requires both the Syncplicity and Axcrypt passphrases.

    This is not a password manager, it's a way of securely storing your passwords.

    OT but also to be considered by some.
    For widows/widowers especially with offspring as beneficiaries/executors have you organised things so that if you walk under the proverbial bus tomorrow they know how to access you computer or if the computer was destroyed because it was not a bus but a plane crash meaning that your laptop was destroyed , they know haw to access financial details if stored online.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •