Soooo... does anyone else have trouble remembering all their passwords? I used to have the same password for pretty much every account (not secure but easy to remember), but then made them really long and complex (secure but hard to remember). I've started writing them on my phone, bits of paper, or a word doc on my computer...but this doesn't feel safe :/ Anyone know a better way to remember hard passwords?
Remembering passwords
- Thread starter hermajesty
- Start date
You could do what I do.hermajesty said:
1) Create a separate email account for each and every online service you use. So a separate email for your skype, facebook, twitter, etc.
2) Give each email a separate password, made up of random characters.
3) Create two master email accounts that all your other emails point back to, in case they get hacked and you get locked out. The second master account (which is used in case your first master gets hacked) you NEVER put online anywhere.
4) Each online service gets its own password
5) Put all of these in a word document
6) Password protect the word document with an easy to remember password
7) Put the document on a device that is NOT connected to the internet.
8) Open up the document whenever you need to get a password.
I know its time consuming, but it really does make you more secure. If ever someone for example hacks my Skype account, I can request a password reset and have it sent to my Skype email. If ever someone hacks my Skype email, I can request a password reset for that email and have it sent to my master email. Since the document is on a device with no internet access of any kind, it can't be hacked.
Do you have any favorite letters or numbers?
Make string of them with a dot, dash or hashtag inbetween and then add your own site identifying mark at the beginning or end.
As an example: GG#14#X5#TWTR or GG#14#X5#FCBK etc.
Make string of them with a dot, dash or hashtag inbetween and then add your own site identifying mark at the beginning or end.
As an example: GG#14#X5#TWTR or GG#14#X5#FCBK etc.
My best advice is to create a base password of moderate strength: A capital letter, numbers, symbol, etc. And then add a unique twist to that base password for every site. Thus you're always going to know that base password, and you just have to remember those twists, they don't have to be drastic changes, but enough that your password isn't going to be guessed and you don't have to make a new password every time.
Cool! Thanks for the tips everyone, some good advice I'll have to follow! 
Maybe a funny question, but what's the likelihood of a password managing site being hacked? Would be a field day for a hacker surely.
Are you talking about KeePass? Just wondering if it's the same one mentioned in this article [https://www.1and1.co.uk/digitalguide/server/security/password-managers-an-overview-of-todays-best-tools/] about password managers... Dashlane and LastPass (love these names) also got some love too. Anyone familiar with those?Subbies said:
Maybe a funny question, but what's the likelihood of a password managing site being hacked? Would be a field day for a hacker surely.
I use a code system where I have a bunch of words that each begin with a different letter that I can remember
Example
A - Apple
D - Dog
I - Ice
Z - Zoo
F - French
H - House
O - Open
G - Gone
I then create a password by combineing these words together and use the starting letter of each word as the code. I then have a list of all the passwords on my phone that I could then show people and without them knowing what the words are they can't get my password. I throw numbers in there as well.
Example
Escapist: FAD - FrenchAppleDog
YouTube: GOD - GoneOpenDog
Steam: ADD31 - AppleDogDog31
Gmail: HOGIZGOD - HouseOpenGoneIceZooGoneOpenDog
So you can have really long passwords that you can remember with short codes or can even leave lying around on paper.
NOTE: None of these are my actual passwords or words that I use
Example
A - Apple
D - Dog
I - Ice
Z - Zoo
F - French
H - House
O - Open
G - Gone
I then create a password by combineing these words together and use the starting letter of each word as the code. I then have a list of all the passwords on my phone that I could then show people and without them knowing what the words are they can't get my password. I throw numbers in there as well.
Example
Escapist: FAD - FrenchAppleDog
YouTube: GOD - GoneOpenDog
Steam: ADD31 - AppleDogDog31
Gmail: HOGIZGOD - HouseOpenGoneIceZooGoneOpenDog
So you can have really long passwords that you can remember with short codes or can even leave lying around on paper.
NOTE: None of these are my actual passwords or words that I use
I used to have rather terrible account security, but I'm in the process of fixing that at the moment. Seriously, I used to store all of my passwords in a plaintext .txt file, and also had repeated passwords (repeated passwords with easy to find personal information, no less).
I've been umming and erring about finally fixing the issue once and for all, but I finally got around to chaging my passwords and accounts. Right now I've printed out a list of all my passwords (your move, hackers) so unless someone breaks into my house there's nothing they can do about it.
The method I currently use for passwords is to string together a whole heap of words and add in a few capitals, numbers, and symbols (don't put the capitals at the start, or the numbers and symbols at the end, that's too obvious). Also, I don't use real words, since those are vulnerable to dictionary attacks, especially if they're common words. Instead, I just make up a load of nonsense words that sound kind of like words, but aren't (or at least, aren't English words, but practically every combinations of phonemes is a word in some language).
For example.
byang punyo olus
There, absolute gibberish. Well, upon Googling it, it turns out Byang is the name of some African Evangelical, a Punyo seems to be some kind of Filipino martial arts weapon, and Olus seems to be an alternate spelling for the Greek God Aeolus. It's always amusing to find out the actual meaning of these words.
Next step, add in some additional security.
bY9ang puNyo olu$s
There, an 18 character password that contains capitals, numbers, and symbols, and won't be susceptible to dictionary attacks. What's more, it's much easier to remember byang punyo olus and the position of capitals, etc, than it is to remember fD345#/d354|0#@85$, and it's much easier to type. It can be even easier if you remove a word, since this level of security is probably overkill for unimportant accounts.
Combine that with a password database to fall back on and you should be fine. Oh, and before anyone mentions it, no, revealing this system isn't actually putting me at risk. One of the key elements of a secure system is that it should be secure even if people have some understanding of how the system works.
I've been umming and erring about finally fixing the issue once and for all, but I finally got around to chaging my passwords and accounts. Right now I've printed out a list of all my passwords (your move, hackers) so unless someone breaks into my house there's nothing they can do about it.
The method I currently use for passwords is to string together a whole heap of words and add in a few capitals, numbers, and symbols (don't put the capitals at the start, or the numbers and symbols at the end, that's too obvious). Also, I don't use real words, since those are vulnerable to dictionary attacks, especially if they're common words. Instead, I just make up a load of nonsense words that sound kind of like words, but aren't (or at least, aren't English words, but practically every combinations of phonemes is a word in some language).
For example.
byang punyo olus
There, absolute gibberish. Well, upon Googling it, it turns out Byang is the name of some African Evangelical, a Punyo seems to be some kind of Filipino martial arts weapon, and Olus seems to be an alternate spelling for the Greek God Aeolus. It's always amusing to find out the actual meaning of these words.
Next step, add in some additional security.
bY9ang puNyo olu$s
There, an 18 character password that contains capitals, numbers, and symbols, and won't be susceptible to dictionary attacks. What's more, it's much easier to remember byang punyo olus and the position of capitals, etc, than it is to remember fD345#/d354|0#@85$, and it's much easier to type. It can be even easier if you remove a word, since this level of security is probably overkill for unimportant accounts.
Combine that with a password database to fall back on and you should be fine. Oh, and before anyone mentions it, no, revealing this system isn't actually putting me at risk. One of the key elements of a secure system is that it should be secure even if people have some understanding of how the system works.
God dammit, I can't even remember to spell correctly my own password manager ^^'. Yeah I meant KeePass and not keypass.hermajesty said:
As for the likelihood of hacking a password managing site, if they're doing this correctly, it shouldn't matter. A password managing site doesn't store your password, only a hash of if, and if it has been hashed with salt (extra random padding) then it's very hard to crack.
However a password manager application like KeePass doesn't store your passwords on the web, but in an encrypted file on your computer protected by a master password.
I use LastPass and recommend it. I have accounts on over 300 sites and applications and the risk of compromise was too much given how many sites are getting breached and how many criminals are now using stolen credentials routinely to try and log into sites other than the one that was hacked.
I have now eliminated repeated passwords on sites I use and each one has a very difficult unique password. LastPass did suffer from a compromise, but all of the user passwords were encrypted and LastPass managed the fallout well - maintaining a lot of faith in their community.
Passwords have been a problem area in security since the 1970s and password managers are probably the best way of overcoming some of their weaknesses today.
I have now eliminated repeated passwords on sites I use and each one has a very difficult unique password. LastPass did suffer from a compromise, but all of the user passwords were encrypted and LastPass managed the fallout well - maintaining a lot of faith in their community.
Passwords have been a problem area in security since the 1970s and password managers are probably the best way of overcoming some of their weaknesses today.
Personally I like to write them down on forums so it's easy to check whenever... Password1234
No, but seriously I just write it on a post-it note for a week or two until I memorise it. I try to have 2 or 3 sets of random words completely unrelated to me, and have a rotating number system for different sites that I add to the end of the set. I personally don't trust password managers on principle, and they just add another password into the mix.
If you are worried about a postit note being insecure, try rearranging the letters to a pattern you choose - like do odd characters first then the evens - pswr13asod24. And ultimately, if the post-it note is in your house / your office desk, it's as secure as you are. And as XKCD points out, if a hacker really wanted to get into your stuff, you are ultimately the weak link:
No, but seriously I just write it on a post-it note for a week or two until I memorise it. I try to have 2 or 3 sets of random words completely unrelated to me, and have a rotating number system for different sites that I add to the end of the set. I personally don't trust password managers on principle, and they just add another password into the mix.
If you are worried about a postit note being insecure, try rearranging the letters to a pattern you choose - like do odd characters first then the evens - pswr13asod24. And ultimately, if the post-it note is in your house / your office desk, it's as secure as you are. And as XKCD points out, if a hacker really wanted to get into your stuff, you are ultimately the weak link:
If you're paranoid or concerned about a directed attack of some kind, get a version of PGP (or any other encryption scheme) you like, make a really enormous key slaved to a single robust passphrase. Remember that passphrase, but it's the only thing you have to remember.
Then get a plain old text file and write all of your shit down. Then encrypt it. It's a small file even if you have hundreds of passes, so opening it up is only ever going to be a quickie process. If you're not worried about offline attackers (which I can't imagine that you are) just set it all up as a USB key so you don't have to type a phrase over and over.
Simples.
Then get a plain old text file and write all of your shit down. Then encrypt it. It's a small file even if you have hundreds of passes, so opening it up is only ever going to be a quickie process. If you're not worried about offline attackers (which I can't imagine that you are) just set it all up as a USB key so you don't have to type a phrase over and over.
Simples.
What I usually do is I make my password a sentence relating to the site itself.
For example, would I make an account for Twitter, my password would be something like: 'Sound and fury, signifying nothing.' For sites that I use less frequently, I have a word document that I write them down in; I don't think it matters too much if someone gets the password for some site that I only made a password for one-time use in. For all the others, I use it frequently enough that I simply memorize it. The end result is that every password is different, and I don't have trouble remembering which is which.
For example, would I make an account for Twitter, my password would be something like: 'Sound and fury, signifying nothing.' For sites that I use less frequently, I have a word document that I write them down in; I don't think it matters too much if someone gets the password for some site that I only made a password for one-time use in. For all the others, I use it frequently enough that I simply memorize it. The end result is that every password is different, and I don't have trouble remembering which is which.
The most important thing to help you remember passwords is, don't save passwords if there is the option to do so. If you don't use it you will forget it.hermajesty said:
I can think of two methods to allow you the creation of passwords that are easier to remember. The one that I use, is creating a string of symbols, then separate it in smaller chunks and rearrange the chunks whenever you need a new password. Since you are using the same chunks over and over, it's easy to remember them through regular use. Even if you don't remember the password exactly, you can figure it out with trial and error, by rearranging the pieces that you created.
An alternate password creation method, is using an entire sentence as password. This method allows creating longer passwords that are easier to remember. You can use sentences connected to whatever you need it, which would aid in memorizing.
No you absolutely SHOULD let the browser remember your passwords, especially if you use Chrome/Firefox and have sync enabled.Neonsilver said:
Browsers act like a secure password vault and will absolutely save your ass if you have 20 different passwords across all the sites you visit and need to reinstall the browser/OS/etc.
I pretty much let automated systems remember all my password for me, and the rest I put into KeePass. Nothing wrong in doing that
https://medium.freecodecamp.com/360-million-reasons-to-destroy-all-passwords-9a100b2b5001#.ctbkmz6gv
Very Interesting read.
--
Yeah, I do have trouble remembering passwords. Some require numbers, some require numbers and special characters.. Some require Capital letter, numbers, special characters...
I really wish this passwordlessness is a thing in the future.
Very Interesting read.
--
Yeah, I do have trouble remembering passwords. Some require numbers, some require numbers and special characters.. Some require Capital letter, numbers, special characters...
I really wish this passwordlessness is a thing in the future.
First and foremost, everything that saving your password and syncing the browser or something like KeePass offers, is already covered by your brain if you memorize them and not saving passwords and regulary using them helps with memorizing. Second, I'm rather paranoid, so I don't trust wherever the information is saved when syncing.Yuuki said:No you absolutely SHOULD let the browser remember your passwords, especially if you use Chrome/Firefox and have sync enabled.Neonsilver said:
Browsers act like a secure password vault and will absolutely save your ass if you have 20 different passwords across all the sites you visit and need to reinstall the browser/OS/etc.
I pretty much let automated systems remember all my password for me, and the rest I put into KeePass. Nothing wrong in doing that