At least several times per day I am required to enter passwords on several sites. Invariably I make an error and am sent to Password Hell while an IT person solves the issue. Typically the IT person is at the end of a long hold. Is there not a better way?

Use a password manager.

Password manager is definitely the way to go.

Mine has a browser extension. When I need to log in to a site, I just input a couple of keystrokes and it loads both my user ID and my password.

I'm shocked that nobody has mentioned a password manager thus far.

Why not just write them down on sticky notes?

I'm with the OP. I'm completely and utterly over passwords. Ridiculous complexity requirements, stupidly short mandatory change intervals, policies that don't allow re-use of old passwords...it all pretty much guarantees that you're going to forget it before you have to use it again. Especially for stuff you only do once or twice a year. Which means every time you have to pay your insurance, or check your health records, you get to go through the whole recovery process, two factor authentication, etc etc...and heaven help you if your phone number has changed!

Yeah, you can write it down, or store them all in some sketchy app so whoever developed it can have access via backdoor to all your stuff. I don't see how that's more secure than a simple password (or system of passwords) that you can actually remember in your head all by yourself. But the freaking security people have made that approach pretty much impossible these days.

For about the fifth time in this thread, use a password manager.

A unique long, strong PW for every account. And they sync over all devices. E.g., iPhone and MacBook. Furthermore, a password manager will log you in to the account.

I use mSecure. About $15/year. Money well spent in this hacker-plagued world.

The good news is that the NIST has updated their password guidelines this year. They removed the requirement for uppercase, lowercase, and special characters because in practice it makes users more likely to create weak passwords.

They also now recommend only changing passwords when the user requests a change or the password is found to be compromised. This change is due to the fact that frequent password changes makes it more likely that users will pick weak passwords for memorization or use patterns that make them easier to guess, in addition to the constant frustration of having to change all the time.

Password managers are still probably the best solution, but hopefully we will have some peace from constant changes coming.

I would love to hear from your "IT person". I bet they have some input as well on the Hell you describe.....

What systems are you using that that don't have a self-serve way to reset passwords?

Oh - and maybe a password manager?

And, why do they hide what I'm typing behind *****? Why isn't it defaulted to visible, and allow me to choose hidden if I am in public? 99.999% of the time I enter a password I am in a private location where nobody else will see my screen.

Creating a password...

cabbage

Sorry, the password must be more than 8 characters.

boiled cabbage

Sorry, the password must contain 1 numerical character.

1 boiled cabbage

Sorry, the password cannot have blank spaces.

50fuckingboiledcabbages

Sorry, the password must contain at least one uppercase character.

50FUCKINGboiledcabbages

Sorry, the password cannot use more than one uppercase character consecutively.

50FuckingBoiledCabbagesShovedUpYourArse,IfYouDon'tGiveMeAccessImmediately

Sorry, the password cannot contain punctuation.

NowlAmGettingReallyPissedOff50FuckingBoiledCabbagesShovedUpYourArselfYou DontGiveMeAccessImmediately

Sorry, that password is already in use!

quote:

Originally posted by egregore:
Why not just write them down on sticky notes?

Go ahead and let the Ruskie and Chinese hackers try and figure out what's on my sticky notes!

Simplify your life. Use the same password for everything. Write it on a Post-It note and stick it on the side of your monitor, or for extra security, put it on the bottom of your keyboard.

quote:

Originally posted by V-Tail:
Simplify your life. Use the same password for everything.

No.

Just no.

My suggestion is to use a password manager.

.

Or, just use one password for everything.

quote:

Originally posted by V-Tail:
Simplify your life. Use the same password for everything. Write it on a Post-It note and stick it on the side of your monitor,

I remember watching an early show of ZDNet where people would call in w/ computer questions.
Someone called in to tell the host that his password on the sticky note on the montior was being shown on TV.
And that guy was supposed to be the expert.

What guarantee is there that pass word managers can't be hacked?

I am slowly converting from Dashlane, a "password manager" to Apple Passwords. I cannot wait to be 100% within the Apple eco-verse. Dashlane (and other PW managers) require integration with my browser, extra steps, and do not work with my Apple hardware biometric scanner (fingerprint or face ID).

quote:

Originally posted by 4MUL8R:

I am slowly converting from Dashlane, a "password manager" to Apple Passwords. I cannot wait to be 100% within the Apple eco-verse. Dashlane (and other PW managers) require integration with my browser, extra steps, and do not work with my Apple hardware biometric scanner (fingerprint or face ID).

1Password works seamlessly with Apple's Safari browser on my MacBook. It opens with fingerprint on the computer and iPad, and Face ID on the iPhone. It seems to be 100% integrated with the Apple eco-verse.