Passwords, logins, and all that... nearly lost them all

Grunfeld

Back in the day I used to use a little index book for passwords, temporary email addresses, and all that security stuff.

A while back I started using a password manager because it's the 21st century and you can't always carry an index book around.

A couple of weeks back I added a plug-in to my otherwise very reliable password manager.  Bad move. Something went wrong.

The end of the story is that after many hours of fault finding and an eventual registry edit I finally got my passwords back.

Well, that was extremely close.

I dunno what the answer is really.  The password manager solution seems to offer great security with the ability to create and remember unique passwords for every login, but god you're stuffed if the thing stops working. 

Hey ho, 21st C problems.  Anyone else solved them?

roundthebend

Use a password manager that is web-based, so you can retrieve them by logging in from any web device.
I use Lastpass, it's an absolute gem and the only phone app I pay for because it's cheap and amazing.

Do you want a referral code?

octatonic

Keep them in a notes document on your phone and print them out.
People tend not to break into your house to steal your passwords.

Fuengi

I use Dashlane password manager, worth paying for. 

Sassafras

My password manager is a pencil and paper.

thecolourbox

Or just use the same password for everything, but prefix or suffix it with the name of the website it's for?

Danny1969

I use my own alg which then generates a password from the main url so I don't need to remember the password or store it anyway. 

So lets say you want to generate a password from thefretboard.co.uk. 

In a simple alg the t gets inverted from it's position in the alphabet ..... instead of being 7 from the end you put in 7 from the start so  now becomes g  ..... h becomes s etc  .... for a number square the amount of characters in the url  .... first vowel gets a capital letter. So it's like a much simpler enigma code 

Course i means if anyone cracks your alg then they have every password to every site but there's always a risk to anything. 

viz

I knew a chap whose passwords were all fingerings of guitar solos. He never actually knew what the passwords were because they were affsfaddafsss and so on, but he could always reproduce them on a keyboard

Grunfeld

I guess there’s no getting away from the basic trade off: the more secure your system is, the more complicated it has to be.  

I think @octatonic ‘s approach is pragmatic and sounds like a reasonable assessment of risk.  It’s basically a variation on the index book.  @roundthebend — I really thought about using Lastpass as I’ve heard nothing but good about it, however I can’t shake off my old skool feeling that I want to be in control of my own file.  And @thecolourbox describes pretty much what I did prior to using a secure database file and it works nice and simple but I no longer feel is secure enough.

For what it’s worth I was using KeePass without problem till I tried to get it to sync across devices to Google Drive via a plug in.  Google drive allows multiple copies of a file with the same file name — it does not overwrite earlier copies.  I think that corrupted the database.  But worse, it glitched the save function of KeePass — so I was unable to save any new data.  

I think for the time being I’ll continue to use KeePass but keep it totally vanilla from now on.  It means you have to sync manually but that’s not the end of the world.  Whereas losing all your passwords kinda is.  Definitely going to make a hard copy backup though.

wibble

I use https://www.lastpass.com/ and the free tier plan. No need to use google drive etc to sync. Use the web, browser plugins, mobile app and it all syncs perfectly by itself. I also use their MFA authenticator app as well.

roundthebend

@Grunfeld I understand the desire to have control of your own file, but that's kind of what gets you into difficulty. Lastpass just fixes this problem very easily, perhaps review your stance. Trust me. Try the free version first, but the premium is only about £20 per year and it's worth every penny

Grunfeld

roundthebend said:

...Lastpass just fixes this problem very easily, perhaps review your stance. Trust me. Try the free version first, but the premium is only about £20 per year and it's worth every penny

But... but... but... -- I don't want you to be right, dammit!

Okay, genuine thanks for getting me thinking.  And that was the point of starting this thread so I could hear opinions. 

I can feel some stubbornness beginning to soften.  Possibly.  

Now I have to think about it again because my biggest objection to a manager like lastpass is a vision of Donald Trump dressed as a ninja breaking into their offices to steal my password to the local curry house.   That sort of thing.  Whereas with my own file he'd have to ninja me personally. 

god I probably need therapy more than a password manager...

ESBlonde

I use a metric shyteload of pw for work plus all the personal stuff. These days people are not likely to steal a piece of paper with the passwords as much as they are your laptop or phone. Just hide the paper in a book or ringbinder.

TimmyO

I use 1Password - borderline lifesaver more than once 

drpbier

TimmyO said:

I use 1Password - borderline lifesaver more than once 

Me too - have a family account in fact.

hollywoodrox

thecolourbox said:

Or just use the same password for everything, but prefix or suffix it with the name of the website it's for?

Genius

skullfunkerry

I've literally been thinking today about using a password manager, as most of my passwords are pretty similar and I should sort that. I started looking today and got a bit of options paralysis... I'll have a look at the ones mentioned in this thread.

I always think of this when I think about passwords:

https://www.xkcd.com/936/

ICBM

I have every password written in a text file for each website in the form of a simple mnemonic which will give me the password, but is meaningless to anyone else - eg "car cat" which means the registration number of my first car and the name of my first cat - different for each website. The files are backed up along with all my other documents.

skullfunkerry said:

I always think of this when I think about passwords:

https://www.xkcd.com/936/

Or, if the tinfoil hat fits, we've trained people to use passwords which are easy for government agencies with access to powerful computers to crack...

Grunfeld

skullfunkerry said:

I always think of this when I think about passwords:

https://www.xkcd.com/936/

That's good.  Add an element of randomness with your choice of words for a pass-phrase.

Roll 5 dice

And each roll will choose a word from a

very big list

and that is your random pass-phrase.

Add some special characters, numbers, and CAPITALS, and you're sorted.

PolarityMan

I dont use passwords I just kick the door in

Emp_Fab

I use Lastpass for everything except my bank account login - I keep that in my head only.  In scenarios where I don't store in Lastpass (including my master password for Lastpass), I use song lyrics to generate passwords.  i.e.  I take a line from a song and use the first letters of each word, alternating the case - e.g.  MjKaMpAgAhHpMtNhD - which is a very secure password that on its own, I'd never remember, but as the opening lines to Bohemian Rhapsody, I'll never forget !