A question about passwords

Page 1 of 2 12 LastLast

  1. Posts : 228
    w10
       #1

    A question about passwords


    Me, again so soon, a different question but brought to my attention by members who answered my last thread on W10 clean install.

    Passwords
    Correct me if I am wrong, but we are supposed to have a password for every site we use. We are not supposed to write those passwords down anywhere, well I don't know anyone who could remember say 20 different passwords.

    With this in mind, I was taught on a previous site (IDF50) (I don't feel 50) that to overcome the above problem was to think or create a phrase that's easy to remember for example " the best pc forum for help is w10" and you take the first letter of every word Tbpffhiw10 so you have the capital and number normally required.

    BUT, after stating all above, it was pointed out to me the benefit of lastpass or others.

    my question is, how safe is it, as we are placing our 20 different passwords in their vault ??
      My Computer


  2. Posts : 42,634
    Win 10 Pro (22H2) (2nd PC is 22H2)
       #2

    How secure is #Roboform? The 5 minute challenge.

    - do read this - worrying!

    I use Roboform. Some password managers allow you to sync your passwords so all your devices potentially have access to them. Most also allow you to store those only on your PC.

    Naturally, in either case, one could conceive the potential of the author having access to a copy, perhaps more so in the case of the former, which definitely requires granting the program internet access.

    The theory is that the encryption is strong and effectively cannot be broken. But all hangs on access to the password- and a secure implementation of its use (see above!)

    Here's what I do for my financial sites that have a 2 or 3 stage login.
    The first stage is via my password manager - URL and 1st login fields.
    The 2nd stage is often manual fill anyway (which I could provide a prompt for with Roboform - but no other pwd managers I've tried or asked about).

    That stage's data I keep separate.

    Thus even if Roboform cracked my encryption or had a back door, or had access to my master password, they still couldn't access my account.

    However, not all sites offer multi-stage logins.

    Only 20 login passwords? Really? I've no idea how many I have...

    A better (well, more secure) is to opt for multi-factor authentication: "This is the most important step you can take if you haven’t already. Even if the worst happens and hackers get your master password, they’ll still need the authentication code to access your account if you have two-factor authentication enabled." (Think of having to receive a text message to confirm access e.g.)
      My Computers


  3. Posts : 2,487
    Windows 10 Home, 64-bit
       #3

    I've gone back and forth on the issue.

    I fiddled with a password manager a couple of years ago and ultimately gave up on it.

    I have passwords on probably 40 different sites.

    For about 38 of them (including this forum), I use one of a couple of passwords of about a dozen characters. I do keep a Word document that tells me the password for each of those websites.

    Those 38 sites are all non-critical to my life and it wouldn't be a big deal if those passwords were compromised.

    But there are couple of sites related to my finances that I consider very critical.

    Each of those 2 sites has a unique password. For those, I use something similar to your method--taking the first letter of each word in a fairly long phrase I easily recall and throwing in a couple of special characters. So it ends up being something like sofh9;gilvvyx3.

    I can easily train my fingers for those 2 websites and I don't have to wonder about the security of a password manager. All the other sites are expendable.
      My Computer


  4. Posts : 5,439
    Windows 11 Home
       #4

    frenchman96 said:
    Correct me if I am wrong, but we are supposed to have a password for every site we use.
    That depends, what webpage. You do not need a super secure password for forums and such. I use the same login and Password123 for 95% webpages, in 15 years, not a single one was stolen, then again, there was nothing to hack, if someone would gain access, I would create a new account, with the same password again.

    frenchman96 said:
    how safe is it, as we are placing our 20 different passwords in their vault ??
    Note, that there are 2 kinds of passwords managers. Online, like Lastpass and offline, like Keepass.

    Online PM is obviously more convenient, you can access your passwords from anywhere, but so can the potential hacker (Lastpass is hacked constantly). As for offline, only you can access it, depending on where you store it, on disk, USB, or an online storage (that is a bit risky of course, unless you encrypt it).
      My Computer


  5. Posts : 30,077
    Windows 11 Pro x64 Version 23H2
       #5

    Very safe. I have over 400.

    I don't use cloud services to sync as I just haven't built that trust level. Good old sneaker net.

    The key to any password manager is the vault password. Most allow long passwords and long eventually turns into complex.

    While ideally you shouldn't write passwords down no one can remember dozens of complex passwords. The trick is not to store them in plain sight on your desk or as a Word (excel, text, etc) file on your computer. Paper based one usually don't get maintained well, lots of scratching out and writing over. Usually I get handed wads of scarps when helping clients.

    I agree with dalchina. I turn two step on where ever I can. Most websites provide emergency codes should you need them. Amazon forces you to have more than one way to authenticate (where they send codes) to eliminate need for emergency codes.
      My Computer


  6. Posts : 5,439
    Windows 11 Home
       #6

    Caledon Ken said:
    The trick is not to store them in plain sight on your desk or as a Word (excel, text, etc) file on your computer.
    True, but depending on the office suite/version, a document with a password is actually encrypted, so it provides a similar protection compared to a password manager or it can be encrypted with a simple tool like 7-zip, if it is not being accessed too often, not to mention drive encryption like Veracrypt.
    Attached Thumbnails Attached Thumbnails A question about passwords-capture_08122018_202000.jpg  
      My Computer


  7. Posts : 30,077
    Windows 11 Pro x64 Version 23H2
       #7

    Absolutely agree. Just a lot of the people I deal with don't get involved with these tools.

    I tell them if they must, place it on a USB key and store the key safely.
      My Computer


  8. Posts : 31,398
    10 Home x64 (22H2) (10 Pro on 2nd pc)
       #8

    I write mine in a text file I can refer to when needed.

    Well... not exactly write them, but something that lets me reconstruct them. Say I have a couple or memorable words, a name or two and a few number I like. For example (and no, these aren't my real ones) horse, desktop, alice, malcolm, 10240, 17134

    Then I mix them together, capitalise parts and insert some extra character to make a password, such as $10240££maLColm$$
    What I write in the text file is $numberone££naMEtwo$$

    I also have a easily remembered letter substitution I can apply to the words/names, if so I put something like this in the text file: %%hashwORdone$numbertwo which (if the hash is to shift one letter up the alphabet) would give %%iPStf$17134
    Last edited by Bree; 12 Aug 2018 at 22:06.
      My Computers


  9. Posts : 228
    w10
    Thread Starter
       #9

    I am glad I posted this topic, always words of wisdom to read and store, and with my own thoughts, and a couple of the replies, I think I will do the following.

    1- still create my own difficult password (first letters of a phrase)
    2- use it on sites like bank, paypal
    3- if I need to create others, keep on stick in a safe location.

    Thanks again for imput.
      My Computer


  10. Posts : 17,661
    Windows 10 Pro
       #10

    Bree said:
    I write mine in a text file I can refer to when needed.

    Well... not exactly write them, but something that lets me reconstruct them. Say I have a couple or memorable words, a name or two and a few number I like. For example (and no, these aren't my real ones) horse, desktop, alice, malcolm, 10240, 17134
    You geeks might laugh now, this method of mine probably confirming general consensus about me being an idiot, but this has worked for me for years. It makes remembering passwords an easy "memory game".

    First, I try to avoid registering for a site or service if it does not offer two-factor authentication. For those with 2FA, I use Microsoft Authenticator app on my mobile phone.

    Each site and service requiring a password and with 2FA, I select a city. I search Bing Maps for hotels in that city, select one and make password from its address.

    An example. Let's say I would register for a new Microsoft account, a new outlook.com email. First city coming to my mind when writing this post was Basel in Switzerland. Searched Bing Maps for hotels in Basel, saw one with interesting name which translates to The Devil's Court:

    A question about passwords-image.png

    Now when signing up for new MS account, I would use password Leonhardgraben494051, address of hotel I selected (street, house number, zip/postal code) as its password, and set up 2FA. When it's time to change the account password, I would just select a new hotel in a new city, but for now I will remember this account as Basel Devil. I note this password down on an encrypted Excel document which is stored on my mirrored, strongly protected NAS only.

    I use European cities for all Microsoft services and sites, Australian for all social media accounts, and UK & Ireland for all the rest.

    Now it's easy. Of course these are not real cities and hotels I actually use but to give an example, I have no issues remembering that Twitter is Canberra Novotel, my main MS account is Hamburg Hafen, Gmail is Cork Imperial, and so on.

    Strange thing is, you will quite soon start really remembering those passwords. I've been surprised to see how seldom I have to consult my "Hotels in various Cities" password list on NAS.

    For sites not offering 2FA I use a completely different system

    Kari
    Last edited by Kari; 13 Aug 2018 at 05:44. Reason: Typos
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 01:04.
Find Us




Windows 10 Forums