How do you manage your passwords?

[88keys]

For years I've had several go to passwords that I'd use for everything but I find that it's getting harder to keep track of them all in my head and so there have been a few accounts that I habitually get locked out of because of this.
More recently my employer started doing paperless payroll and we login to view our paystubs and submit vacation time. The website is slightly buggy but their password rules are utlra-strict and I can't seem to come up with a 12 digit alpha-numeric password containing both caps, lowercase, and special characters that I'll remember after one week.

So I broke down yesterday and started using keepass. It seems pretty good and works well on both mobile and desktop. So now all of my passwords have been changed using their generator so I should be good as long as I still have my backup file which I keep unprotected and publicly downloadable on my google drive with the link posted to my facebook wall.

 

[lxskllr]

Same thing. I keep it backed up to SpiderOak.

 

[elitejp]

im old school. I have a file on my computer that i keep my passwords

 

[radhak]

For years I've had several go to passwords that I'd use for everything but I find that it's getting harder to keep track of them all in my head and so there have been a few accounts that I habitually get locked out of because of this.
More recently my employer started doing paperless payroll and we login to view our paystubs and submit vacation time. The website is slightly buggy but their password rules are utlra-strict and I can't seem to come up with a 12 digit alpha-numeric password containing both caps, lowercase, and special characters that I'll remember after one week.

So I broke down yesterday and started using keepass. It seems pretty good and works well on both mobile and desktop. So now all of my passwords have been changed using their generator so I should be good as long as I still have my backup file which I keep unprotected and publicly downloadable on my google drive with the link posted to my facebook wall.

Heh - keeping yourself safe, I see...

I tried some password manager, and quit. The problem I have is that our desktop is open for the whole family to use, and I'd like to selectively allow most websites for everybody, while some others (bank, investments, etc) only for wife/me, not the kids. I was unable to make that distinction, so I went back to our old option : a password document.

Yeah, I know - not safe. But whadya gonna do?

 

[brianmanahan]

i just remember all my passwords

and back some of them up in gmail

 

[glenn1]

Just develop a repeatable system. You probably already need credentials to log into your employer network, so employers that don't use single sign-on but instead impose strict password standards for ancillary work systems like vacation tracker tools is asinine. Thus for me I just use a simple additive password system for the second, third, etc. levels of system logins when I'm already logged onto the employer network:

For me, it's

<special character> plain English word <1>

As it's time to change password on the system, I just increment the end number by one so it goes something like this:

#nefnefnef1 gets changed to #nefnefnef2, then #nefnefnef3, etc.

 

[Kneedragger]

Right now I use Splashid. It is password protected on my PC and Android phone. I store passwords and personal info.

I've been wanting try a different one but they all seem to sync to cloud. I just want wifi only sync.

 

[zinfamous]

Just develop a repeatable system. You probably already need credentials to log into your employer network, so employers that don't use single sign-on but instead impose strict password standards for ancillary work systems like vacation tracker tools is asinine. Thus for me I just use a simple additive password system for the second, third, etc. levels of system logins when I'm already logged onto the employer network:

For me, it's

<special character> plain English word <1>

As it's time to change password on the system, I just increment the end number by one so it goes something like this:

#nefnefnef1 gets changed to #nefnefnef2, then #nefnefnef3, etc.

great, now I have to change all of my passwords.

 

[ControlD]

I use KeePass for most of my passwords. For the passwords that I might need to use before I can get KeePass installed (my Google password for example if I reset my phone) I simply use five normal English words chained together. That will most likely never be brute forced and it is easy to remember. I do the same for my actual KeePass master password.

 

[Brainonska511]

I use KeePass for most of my passwords. For the passwords that I might need to use before I can get KeePass installed (my Google password for example if I reset my phone) I simply use five normal English words chained together. That will most likely never be brute forced and it is easy to remember. I do the same for my actual KeePass master password.

I also use KeePass. And I keep a mobile version on a USB drive, just in case I need stuff on the go. I only remember a handful of my passwords now (usually ones I'd need on the go), the rest are just a long random mix of letters, numbers, symbols, etc...

I tried some password manager, and quit. The problem I have is that our desktop is open for the whole family to use, and I'd like to selectively allow most websites for everybody, while some others (bank, investments, etc) only for wife/me, not the kids. I was unable to make that distinction, so I went back to our old option : a password document.

I don't see why a program like Keepass wouldn't work for you. If your kids need some of the same passwords, just create a 2nd database file to hold the passwords that everyone should be able to access and keep the first one (that contains stuff for only you and your wife) protected.

 

[Stopsignhank]

im old school. I have a file on my computer that i keep my passwords

Exactly what I do to.

 

[MustISO]

Pen and paper baby!

 

[ultimatebob]

I let Google Chrome store and sync them between my devices for the most part.

 

[gorcorps]

I try a bunch of passwords and then click "forgot your password?" if it doesn't take

Works great

 

[ControlD]

I try a bunch of passwords and then click "forgot your password?" if it doesn't take

Works great

lol.

Even using a password manager I find myself using this method more often than I care to admit. Sometimes going through the extra step of firing up the manager before making a new password doesn't happen and then a few months later I have no idea what I used.

 

[edro]

4 go-to passwords for online
txt file on desktop for all work passwords since they change all the time and are strict

 

[edro]

I let Google Chrome store and sync them between my devices for the most part.

Yeah, I do that too. Always concerned about security though. It seems way too easy of a target.

 

[CraKaJaX]

Keeper

 

[Mai72]

I use an app/program called SafeInCloud.

1) It all gets synced with my dropbox.
2) It has a password generator. I can easily create long complicated passwords with ease.
3) It automatically syncs between phone/computer.
4) It uses the fingerprint scanner on your smartphone.
5) It has pre-made cards and templates.
6) It will plug in your username/password if you are on the home screen. It's an add on for Google Chrome. No need to go into the app to retrieve your information.

 

[dullard]

1) For simple website registrations that have no critical data: a very simple password that all of these websites share. Worst case scenario, someone can both read my news AND play my online games. The horror. This password is so engrained by using it on dozens of websites for over 15+ years that I could not possibly forget it.

Example password: "CatDog1"

2) For moderately sensitive websites: I have two different passwords more complex than the password above. These websites that are like Anandtech, where if it is broken into I won't lose anything but my reputation on the forum. These passwords are so engrained by using it for over 15+ years that I could not possibly forget it. But there is a document on my computer with the passwords if needed.

Example passwords: "as&1fD" and "%#Pq24"

These are structured to meet almost all password rules that I've ever come across (generally 6+ characters, a capital letter, a symbol, a lower case letter, and a number).

3) For critical websites such as stocks and retirement accounts, I mesh all of the 3 passwords above. I then have a gmail account that doesn't say what the passwords are but instead gives me a clue as to how I mesh them. I have many different ways of meshing them.

Example password meshing every other letter from the two moderate passwords above: "a%s#&P1qf2D4" then I gmail myself the website and the message "moderate every other", to mean that I take the moderate passwords and mesh them using every other character.

If anyone ever hacked my gmail to get the code "moderate every other" they would have no clue what to do with it. If anyone ever hacked my computer to get my moderate passwords, they couldn't get into any of my critical websites. But I can get into gmail and instantly know what the passwords are.

4) For the most critical ones such as credit cards and banks, where they can steal money and it would be really hard to get back, I do #3 but add one of the website letters somewhere in the password.

For example, I may add the 3rd website letter into the 2nd place of the password. So if I were to do this for "hsbc.com", I would add "b" into the "a%s#&P1qf2D4" password's 2nd place to get "ab%s#&P1qf2D4".

This way all of my really critical passwords are unique, only I can remember them, they are easy for me to just gmail to know, but no one else can do it.

5) If any website has such crazy rules that this won't work, I'll just add the odd rule right into my email such as "limit the result to 10 characters".

 

[ultimatebob]

4 go-to passwords for online

I used to do that, but not anymore. Sites are getting hacked all the time, and I don't want to worry about having to change half of my passwords if my Anandtech forums passwords gets hacked (for example).

Now I try to put something site specific in for each site. So, if my password was Goober42 (it isn't), it would now be GooberAnand42.

 

[core2slow]

onenote.

My password is something like "P@$$w0rd12" and when it's about to expire I just go up to 13, 14, etc.

 

[Squeetard]

Up here ~taps temple.
I have one password that I use for places I don't care if they get hacked. Like this place.
I have one for gaming online purchases etc. It is actually an old wep encryption key that is burned in my brain from my old wifi.
One more for my banking, don't use that anywhere else.
A couple for work.

 

[Squeetard]

onenote.

My password is something like "P@$$w0rd12" and when it's about to expire I just go up to 13, 14, etc.

P@$$w0rd15. Got it!

 

[Jodell88]

KeePassX.