1. Welcome to Talking Point - an online community for everyone who is affected by dementia. Whether you have dementia or know someone who does, we will be there for you.

    Sign up to join the community, or Log in if you're already a member.

    If you need help using Talking Point, read our Help pages or contact us at talkingpoint@alzheimers.org.uk

  2. Hi everyone, Talking Point is back! We’ve updated the software in order to improve security, design, and the way the community works, and introduced some helpful features.

    Find out more

Password management

Discussion in 'Equipment and technology' started by DMac, Jul 17, 2017.

  1. DMac

    DMac Registered User

    Jul 18, 2015
    501
    Female
    Surrey, UK
    I wonder what methods TP users use to help make sure their passwords for bank accounts and other secure websites are kept safe? This is becoming more & more of an issue for my OH, as he has PoA over his mother's financial affairs, and the number of websites he needs to use - all with passwords that are hard to remember - is becoming overwhelming.

    I've done a bit of research into this, and I can see that using an online password manager has some advantages, the main one being that you only need to remember one master password. Also, the better password managers can generate strong passwords for you, or at least identify weak & duplicate ones. Some can work across multiple devices, because the 'safe' is kept online, which means you can access it from anywhere. This could be useful if, for example, you lose your laptop or phone.

    On the other hand, how secure are those password manager sites? A hacker only needs to find out the master password, and they could get access to everything! And goodness help you if you forget the master password!

    I'd be interested to hear any thoughts! Thank you.
     
  2. Canadian Joanne

    Canadian Joanne Registered User

    Apr 8, 2005
    15,340
    Toronto, Canada
    I do what "they" say you shouldn't - I write my passwords down in a little notebook. But I also have gradually changed passwords until I only have a few. I use upper and lower case, numbers and recently started adding a special character - ? or % - something like that. I have a couple of passwords which I use for several different things. It works out for me.

    I am not at all comfortable with the idea of an online password manager.
     
  3. northumbrian_k

    northumbrian_k Registered User

    Mar 2, 2017
    193
    Newcastle
    I often use the initial letters of the words of a favourite song, at least one of them capitalised, with a number somewhere amongst this and (if the particular site allows it) a 'special character'. As an example (not a real one):

    Ny2awttbiu~

    (New York's a wonderful town the bronx is up ...)
     
  4. nitram

    nitram Registered User

    Apr 6, 2011
    13,460
    Male
    North Manchester
    I keep mine in an encrypted document using the free version of https://www.axcrypt.net/download/

    If I have forgotten them, and to save looking them up, I can generate them by associating something or somewhere with the site name, I have different ways of doing this.

    For example LLoyds bank, which I don't use, could be
    lgkmffklg - LLoyd George knew my father etc.
    I can then write it down as lgn mff klg which makes finding the fifth letter, or any other, easy.

    If I associate blackbirds with a different site the password could be
    4&20bbbiapwtpwotb - four and twenty blackbirds baked etc.

    For sites that don't really matter associate each one with a car you have owned, say the site was Fred's Emporium and the car reg was abc123d password would be fabc123de

    For site that demand mixed cases, or maybe for all sites to make things easier every third alpha character could be upper case.

    Although non alpha numeric characters and mixing cases adds security the length of the password, which should not contain any words, is very important
     
  5. Saffie

    Saffie Registered User

    Mar 26, 2011
    22,316
    Female
    Near Southampton
    You still have to remember that though so how can they be retained in a safe way?

    I use many different ones and confess I have them listed in hard copy.
    Some less important ones are the same but any that are connected to finance in any way, no matter how loosely, stand alone.
    I just hope that anyone who burgles my house isn't a computer hacker too!
     
  6. nitram

    nitram Registered User

    Apr 6, 2011
    13,460
    Male
    North Manchester
    'I write my passwords down in a little notebook.'

    if you do this you could write then down incorrectly.

    a12#bC3£d
    becomes
    either
    z01#aB2£c
    or
    b23#cD4£e
     
  7. nitram

    nitram Registered User

    Apr 6, 2011
    13,460
    Male
    North Manchester
    "I just hope that anyone who burgles my house isn't a computer hacker too!"

    They could just take it for their mate to look at.

    If you lost all security details for your bank just think how difficult it would be to either get new ones or even have the account locked.

    Also on security, all backups should be either online or on removable media stored somewhere safe and reasonably fireproof.
     
  8. Saffie

    Saffie Registered User

    Mar 26, 2011
    22,316
    Female
    Near Southampton
    Didn't that apply to the notebook too?
    Mine are not in a note book but the sheet is kept securely.
     
  9. Philbo

    Philbo Registered User

    Feb 28, 2017
    277
    Kent
    I use a small address book, in which I write the password down for each website or company.

    I do my own sort of encryption, for example substituting ALM for numbers, where I've used the same numbers as our house alarm (one I never forget), or g/d where I've used my granddaughter's name.

    Where I use a capitol letter, I underscore that letter in my book, e.g. Cat, would represent our old cat called Sheba.

    Makes perfect sense to me.:D
     
  10. nitram

    nitram Registered User

    Apr 6, 2011
    13,460
    Male
    North Manchester
    Just checked and I have 242 unique passwords, 27 financial and 215 shopping, email, various applications.

    This isn't counting things like, memorable date (which is always an adjusted family date), favourite colour, memorable name (not a name in my family but one in a relative's family), memorable location, name of first pet, first school attended (not the one I attended), mother's maiden name (incorrect one), etc.
     
  11. Canadian Joanne

    Canadian Joanne Registered User

    Apr 8, 2005
    15,340
    Toronto, Canada
    Holy moley, nitram! How do you keep up? I have perhaps 7 or 8.
     
  12. nitram

    nitram Registered User

    Apr 6, 2011
    13,460
    Male
    North Manchester
    I know the commonly used ones.
    For others the sites that annoy me are the ones that won't let you paste anything in.
     
  13. DMac

    DMac Registered User

    Jul 18, 2015
    501
    Female
    Surrey, UK
    Thank you!

    Thank you all for your comments, they have been most helpful! :)

    I do believe I have come to a decision! ;) I'm going to set up a password manager after all. I'm swayed by nitram's arguments about the consequences of losing sensitive details, and the benefit of having those details stored safely offsite in a place that's secure and regularly backed up.

    So, how secure is 'secure'? I guess nothing in the world is ever 100% foolproof, but there are places that are worth trusting - nitram has posted a link to one, for example. I've decided to use a website that already provides general internet security for all my gadgets - and if I can't trust them, who can I trust?

    Thank you also for the comments about making individual passwords secure. That wasn't actually the reason for my initial post, but your suggestions have made me think about this. I think it is worth re-iterating the importance of setting secure passwords in the first place.

    Thank you again, I really appreciate your thoughts! :)
     
  14. Rosnpton

    Rosnpton Registered User

    Mar 19, 2017
    390
    Northants
    Hi
    I have two passwords used in various ways.
    All capitals
    All lower case
    Numbers added etc.
    They are listed as a phone entry in my diary under names which are obvious only to me not to be real.
    I've generated a phone number into it as well,to make it seem 'real' if even my diary gets stolen.
    Although,my writing is scrawl so I doubt anyone would be able to read it
    Ros
     
  15. nitram

    nitram Registered User

    Apr 6, 2011
    13,460
    Male
    North Manchester
    "So, how secure is 'secure'? I guess nothing in the world is ever 100% foolproof, but there are places that are worth trusting - nitram has posted a link to one, for example."

    My link was to an application for encrypting files stored on your own system.

    You can do this and then store the files online, this is what I do.

    I use the free (personal) version of https://www.syncplicity.com/pricing/ to automatically store the files I choose online.

    I can view these from any system anywhere in the world, download if I want to, and decrypt if necessary. I can also set up automatic synchronisation with any other system.

    To view the files requires both the Syncplicity and Axcrypt passphrases.

    This is not a password manager, it's a way of securely storing your passwords.

    OT but also to be considered by some.
    For widows/widowers especially with offspring as beneficiaries/executors have you organised things so that if you walk under the proverbial bus tomorrow they know how to access you computer or if the computer was destroyed because it was not a bus but a plane crash meaning that your laptop was destroyed , they know haw to access financial details if stored online.
     
  16. nitram

    nitram Registered User

    Apr 6, 2011
    13,460
    Male
    North Manchester
    "They are listed as a phone entry in my diary under names which are obvious only to me not to be real.
    I've generated a phone number into it as well,to make it seem 'real' if even my diary gets stolen.
    Although,my writing is scrawl so I doubt anyone would be able to read it"


    And if the diary gets stolen, what do you do?
    Your only option appears to be to try to generate specific passwords from your base password.

    After a few guesses you either get locked out for a short time or with financial sites have to go through a process of proving you are actually you, at the best an OTP (one time password) to your mobile, at the worst a few days delay waiting for the post.
     
  17. Selinacroft

    Selinacroft Registered User

    Oct 10, 2015
    806
    Norton software password vault
     
  18. northumbrian_k

    northumbrian_k Registered User

    Mar 2, 2017
    193
    Newcastle
    It is often said that music/singing is a good way to remember things and that is what works for me. I don't know why but some passwords 'stick' better than others and one never knows which they will be. I still remember a password generated by a bulletin board that I haven't used since I finished work 3 years ago.

    Of course it goes beyond passwords as, for additional security, many sites expect you to remember the answers to questions you answered when you first signed up, ask you to give 3 characters out of a 'secret' word and/or digits from a PIN. When it gets this complicated it is best to have some kind of backup so I have mine written down (not in full but with enough information to prompt me) in a password protected file - the problems here are that I still have to remember at least one password and that it could be hacked quite easily. It is also not much use if my laptop is inaccessible for some reason.

    I have had some security issues which were almost certainly due to use of my smartphone for internet and email access. Since I stopped doing that things have been OK ...
     
  19. Saffie

    Saffie Registered User

    Mar 26, 2011
    22,316
    Female
    Near Southampton
    I use short sentences for pin numbers etc. in acronym form and find that works well. I've always done this for exams etc too. It doesn't help with passwords though especially with over 50 of them - and those are just the ones I have written down!
     

Share This Page