I’m ****** done with ****** passwords
 

So trying to get my taxes filed, the tax software I have been using for over 20 years now needs me to set up an account on their system.

I’m just done with ****** passwords. I know bit to use the same one all the time. Not like you could anyway as every account seems to need a different amount of special characters etc.

I hate ****** passwords.

What are you using that actually works to track the 10 or so passwords we now seem to ‘need’ to conduct a simple life?

Chrome has a good password manager function

Google Chrome password manager, and change them every couple months.

Come up with a good strong base password - 8-12 characters, letters, numbers

Then append something unique for wherever you use it, ie if my base password is 3trees@ForMe! then my H&R account might be 3trees@ForMe!taxes

You can't really have a true hate for passwords until you've had to use them for work. Are forced to change them every 3 months. And have to remember cypher codes just to get to your office too.

I keep a small spiral notebook for passwords.

I have nine accounts at work where I get to frequently change my password. Lucky me.

Me too but some are missing. You have to back up the back up.

I use a Password Manager app.

For our vacation request app, when my employees request vacation I need to remember a password that expired every 3 months AND input a 6 digit code that gets sent to my phone. Not texted to my phone, I have to get it from an app...

Passwords are nothing compared to the 2 factor BS

Old joke:
During a recent password audit, it was found that a blonde was using the following password: "MickeyMinniePlutoHueyLouieDeweyDonaldGoofySacrame nto". When asked why she had such a long password, she said she was told that it had to be at least 8 characters long and include at least one capital.

I am in technology, and my 'password management' is a text file called cookie_receipe.txt. I print it out about once a year. As the year goes along, I update it with a pen. End of year, update the text file, print it out again. Feel free to make fun, but it works like champ. Zero hassles.

Bingo!

Which rather ironically totally defeats the purpose of having a password that only you know.:)

Having worked with a number of big companies with ridiculous password requirements I have a special hatred for passwords and IT in general. With every data breach the requirements get more asinine, yet nobody ever gets their entire freaking company hacked because Bob used password as his password. So I contend that if IT was better at their job we could all have easier passwords.:D

After you create a password....doesn't your computer save it for the next login??
Mine does.

I have them in a txt file on a USB drive I keep in my gun safe.

I read a story somewhere, a kept guy whose wife was a lawyer ended up widowed. The wife never shared any passwords with him.

He was locked out of everything important that needed to be taken care of.

Since reading that I purchased a cheap USB stick and put all my passwords and pertinent info in a text file on the stick. I gave my wife instructions regarding the info, just in case something were to happen.

I left my pronhub password off there. wink

Bitwarden.

If you are not using a password manager these days you're nuts.

I have 354 online accounts between business and personal.

Impossible to give each one a unique without some help and this is what makes a single data breach so dangerous for most people.

They will reuse the same password (and likely email address) for virtually everything.

One large database gets breached and a fair number of compromised accounts will yield an even bigger score because they know for fact the user pass combos are reused.

I actually know very few of my passwords, maybe 10 of them.

I let the password manager auto generate and autofill a unique for each site I have an account with.

In the event of a databreach I don't have to go running around changing every password to every account.

To address Jims comment. Password managers allow you to set a delegate.

LastPass lets you delegate your account access. Say you delegate your attorney. Something happens to you wife tells attorney, he fires off the access request and if it's not responded to within a timeframe 1 day, 2 days, a week, that the account owner specifies access is granted.

You can also share specific accounts, I shared all the Netflix, Amazon, HBO TV accounts with my daughter at school. If I have a need to change the password on an account she gets the update.

Pair that with some 2FA where you can and you are in pretty good shape.

Yes, but it shouldn't and you should not use that or allow your web browser to do it either.

Someone gets access to your PC, they have access to everything.

Password manager is great until you share accounts across multiple devices. Then your random string of gibberish gets problematic.

Ok...but my question is "how would another person get access to my pc?"

How so? Modern password managers auto fill.

It's all from the same single database.

Does not matter which device I update a password from.

It all syncs back to the same single instance.

Plus they all have desktop, mobile, even watch apps. My password manager account is secured through MFA.

I'm never without access and it's always in sync.

Well if you stay online gimme about 20 minutes and I'll show you. SmileWavy

it's that easy??

Chrome LOST a bunch of my passwords when it "updated" itself

20 minutes was an exaggeration, but it's not that hard.

People are creatures of habit.

It's a highly exploitable trait.

Creatures of habit....that I am.

Never had a problem before, but prob time to reassess.

Our home computer was hacked about 3 weeks ago. I've been meaning to write up the story and post it here but have been busy with life. 4 hours of anxiety and misery on a Sunday night calling credit card companies.... it wasn't fun. And then another 10 or more hours changing passwords to every financial institution, email and anything else we considered of "value" that might be at risk.

No one ever had a problem before they had a problem.

Yuch. Sorry. Maybe to spiral notebook is safest and most reliable.

Document them in Notes on your phone.

Most of our accounts require access by myself and my wife, so we are talking two iPhones and two laptops. So I’ll play devil’s advocate and ask a question - what if you use a password manager app across multiple devices and then the app is hacked? Seems like that’s even worse than just having a single account hacked, much like having your entire laptop stolen with all of the auto fill passwords populated.

That is the reason I don't use a password manager that is online. The Department of Defense, CIA, FBI, Apple, Microsoft, IRS and lots of other large "secure" organizations have been hacked, and data stolen.

I have never been hacked, or had a computer virus and I have used computers since back to the DOS 2.0 days when it was a dream to have the "full 640K" of RAM and a 10 MB hard drive.

I too have a file on my computer in a sub sub folder that just looks like another file in a among a lot of other files with my list. No one else uses my computers.

it only takes on trojan that get's through..
The program don't care that the file "looks" like just another file, the algorithm will scan it anyway and recognize a password list when it finds it. And then all yer chit is compromised..

I think risk of your individual computer being hacked is much higher then the google cloud getting hacked.

Bitwarden can be self hosted.

If you believe in security through obscurity then you self host.

If you believe your PC is always secure then self host.

And FWIW, I did a couple of years in Enterprise security, DOD was one of our largest clients.

We should all be very worried about their security.

I guess I "self host". I made an encrypted partition on my computer and keep text files in it containing my passwords. I make up passwords from stuff I see around the house. A reminder of the password for the partition is in my screen saver, but you'd never find it.
For things I need cross-platform portability I take a picture of it. One of pics is the side of my coffee maker. The password is the coffee maker model and serial number. If someone gets a hold of my phone I'm sure they are going to wonder why I have so many strange pictures. There are only ten or so passwords that I need on my phone.
I tried a password manager but didn't trust it. One thing I HATED was it would make up a password, apply it, store it away and I never see it. Safari wants to that now and then too.

So which is the best?

Bitwarden?

I need to do something. My blood boils every time I need a new password or need to enter one I have long forgotten. There is the risk but the risk of a heart attack is there too.

I hate f'ing passwords.

I bet the odds of me getting a trojan or virus is way lower than the password manager programs. They have a constant barrage of hackers trying, and it just takes one to get in. No one is bothering to try my home network. I have a new router, with up to date firmware, Anti-Virus and Anti-malware paid for subscriptions not free versions, and I have three different backup routines, and common sense to avoid trojans and malware.

LastPass did away with their free tier even though a paid plan, even family plan, is cheap enough.

Bitwarden is zero knowledge which is good, or bad if you are an idiot like me and fat finger your master pass.

There is no master pass recovery so if you forget it the only option is to delete your account and start over. Ask me how I know, lol.

You can regularly export a csv or locally encrypted json to negate that scenario a bit.

If you secure the master account with MFA you can be a bit lax on the complexity of the master pass.