quote:

Originally posted by RogueJSK:

quote:

Originally posted by V-Tail:
Simplify your life. Use the same password for everything.

No.

Just no.

Yes. YES! Much easier to remember, especially if you write the password on a Post-It and stick it on your monitor.

Keep it simple. Recommended passwords are easy to remember, like "Password123," or your phone number or birth date, or maybe your pet's name. Short passwords are easier to type than long ones.

Feel free to add your own tips below this line:
_____________

Youse guys.

I’m hoping for all-emojies passwords. Now that’s a concept!

And weird Tim Cook puts 85 NEW emojis in every new iOS release!

quote:

Originally posted by 92fstech:
I'm with the OP. I'm completely and utterly over passwords. Ridiculous complexity requirements, stupidly short mandatory change intervals, policies that don't allow re-use of old passwords...it all pretty much guarantees that you're going to forget it before you have to use it again. Especially for stuff you only do once or twice a year. Which means every time you have to pay your insurance, or check your health records, you get to go through the whole recovery process, two factor authentication, etc etc......

LOL made me think of this my sister recently sent me. I'm with you though, why do I need to "create an account" with a password to order a pair of shoes?

quote:

Originally posted by V-Tail:
<snip>
Recommended passwords are easy to remember, like "Password123,"
<snip>

Member Mark123 would like that one.

Most of my most sensitive passwords I use all the time so I am able to memorize them since with repetition I can remember everything.

For most of my low lever forums and other accounts that if they got hacked I'm not worried since no financial or sensitive data is attached to them.

What I would recommend is on your computer etc create a simple word document with all your passwords so that you don't have to write it down on some piece of paper. And hide the file in some obscure folder and just copy and paste them in.

What really gets me going there are a few critical sites I have to log in and almost every time they have to send me a code via text that expires even though my username and password are correct. Having to stop what I'm doing to check my damn phone for it makes my blood boil.

quote:

What really gets me going there are a few critical sites I have to log in and almost every time they have to send me a code via text that expires even though my username and password are correct. Having to stop what I'm doing to check my damn phone for it makes my blood boil.

Especially when you've previously checked the dialog box to 'Trust this device' during a previous session.

quote:

Originally posted by dfens:
What I would recommend is on your computer etc create a simple word document with all your passwords so that you don't have to write it down on some piece of paper. And hide the file in some obscure folder and just copy and paste them in.

Yes!

And make sure your heirs, spouse, or other vital (and thoroughly trusted) people are reminded periodically how to find that file.

My kids all know how to access my computer and know where the safe is with important original documents. If anything should happen unexpectedly, they will be able to easily access all the important online accounts to manage the estate.

quote:

Originally posted by gjgalligan:
What guarantee is there that pass word managers can't be hacked?

There was a password manager that got hacked many years ago. But be that as it may, here's my rationale:

1. Password manager systems have evolved and they encrypt your password. The good ones wouldn't know what your set of passwords are.

2. They do simplify things making you remember only one strong password that unlocks your password manager.

3. For critical accounts where a successful hacker can take money out, before I save the password manager's suggested password in the system, I save the password manager's password in the password app. Then I add another short string that I can easily remember and save that to the actual login. So when I login in to that critical account, after the password manager fills in its password, I add my string to the password. So even if a hacker successfully hacks the password manager, the password for that critical account is incomplete. As far as credit cards and such other accounts, I'm protected by the credit card. If the hacker wants to pay any of my bills, then thank you very much.

quote:

Originally posted by dfens:
<<snip>>
What really gets me going there are a few critical sites I have to log in and almost every time they have to send me a code via text that expires even though my username and password are correct. Having to stop what I'm doing to check my damn phone for it makes my blood boil.

That's the part that pisses me off the most! I am NOT one of those people who keeps their phone with them all the time; I want a break from it time to time! This 2-factor authentication using texts prevents that from happening!!!

Edit to add: Right after making the above comment, I wanted to visit Twitter to check on something, and because I had been forced to clear my cache earlier today trying to fix another website (Kroger.com) that wasn't working properly, I had to log back into Twitter (X, or whatever)! Problem was it wanted my user name which it created, and I didn't remember exactly. Without it I could not get back in as my password wasn't saved under my e-mail address!

I had to create a new account, get logged in using the two-factor auth via text, then search for my original user name, switch back to it, then reset THAT password, again requiring another text to my phone, then finally was able to get back in! It was even more frustrating and tiring than me typing (and you reading that description)!!!

As my wife commented earlier today while I was trying to setup streaming for the Georgia/Auburn game... "Why does EVERYTHING have to be so difficult these days???" And I couldn't say it any better...

^^^^^
I have no such problems. Yes, I usually have my iPhone (with its password manager app) handy. My way to avoid the situation that you describe. Works good. Keeps things simple. I like simple.

Let's see ... I'm trying to use my computer to access a website. The website requires that I have a second device (phone) available. A code is sent to the second device (phone) and I have to enter that code into the first device (computer) in order to access the website.

Simple? Really?

Passwords managers are great, if they sync between all your devices. I only have Apple devices and they don’t always sync. Also, you need a strong password on your computer/tablet. And another on the app that contains all your stored passwords. And the two factor setup isn’t secure if someone has your phone or tablet or computer.

A LONG time ago it was determined that the length of the password was what made it secure, not the randomness or variety of alphanumerics and special characters. Unless they have been hacked or otherwise compromised, don’t make people change them! I used to be a system administrator when I worked for a living and I spent an inordinate amount of time resetting passwords because software would make them change them every 30 days and you couldn’t reuse a previous one or use “common” words out of the dictionary!

To companies I do business with, I wish to God they would stop with all the accounts and info they want to buy something mundane like socks. And stop with all the cookies and passing along info to other companies.

quote:

Originally posted by V-Tail:
Let's see ... I'm trying to use my computer to access a website. The website requires that I have a second device (phone) available. A code is sent to the second device (phone) and I have to enter that code into the first device (computer) in order to access the website.

Simple? Really?

It’s simple for me. I no longer use my laptop to access my accounts. When I paid my P3 Federal income tax in September I did the following, ALL on my iPhone:
* Opened the banking app. FaceID got me into my account. Transferred some funds from my brokerage account to my checking account. Logged out.
* Opened the PW manager app (FaceID again) to login to LOGIN.GOV
* Still in the PW manager app, I logged in to my IRS EFT account. Got the two-factor text code to complete the login. Made the P3 payment and copied the payment confirmation number to a Notes file.
* Logged out of my IRS account.
* Logged out of my LOGIN.GOV account.
* Closed the PW manager app.
Done. Ate a couple of Smoked Gouda Triscuits.

Just write checks and use the mail. The scammers will never expect it.

Password manager, so they only need to steal one password. Got it.

Ok, wise guys. WHICH password manager? Huh?

Or just use Pi22aPu$$y$antA! It's easy to remember because everyone likes at least one of those.

I have used mSecure for about 15 years.

quote:

Originally posted by ArtieS:
Ok, wise guys. WHICH password manager? Huh?
<snip>

mSecure for me. I’ve used it for at least seven years. Currently $14.99/year (used to be a one-time fee). It’s an Apple subscription, and renews automatically (with an advanced renewal notification).

Syncs all of my devices with multiple sync options: Wi-Fi, DropBox, mSecure’s own server. I use the latter – works anywhere, no third-party involved, and no additional fee. Nice clean apps for my iPhone and MacBook. AES encryption. It’s never been hacked.

I did some research before selecting it. The “Black Hat” group had studied the security of several PW managers and rated mSecure as “not too bad”, the best for all of the PW managers they investigated. Some were pretty poor, but that was several years ago.

Some time ago I had an issue. The app has a means to request help from the developer, mSeven Software. My issue was resolved in a day or two.

I have been using Apple's Keychain, synched across all my Apple Devices for years. Usually works pretty well, but sometimes it's not 100%. Usually that's due to websites that have multiple different login pages, or ones that change the login page periodically, allowing old passwords for the older login pages to persist without getting updated.

The new Apple Passwords app is an improvement. Never thought about using a 3rd party app.

A good password manager is useful for more than just storing passwords. Think of it as a secure information store, consolidated in one place. For example, my wife needs only know the password to mSecure, and from there she can get the PW to the physical safes in the house, as well as the lock code to the encrypted volume that houses my gun spreadsheet. It is somewhat like an “Open Upon Death” envelope for her.

As for there being one password that someone can use to gain your whole life, that’s true. However, if that password isn’t used anywhere else, then it has little exposure on the internet, and isn’t very prone to being exposed due to a back-end hack.

Due to my use of a PW manager, my passwords are so long and complicated that they’re difficult to enter manually if it’s right in front of you. It’s the best way to secure yourself from thieves online.