These password memorizations are driving me crazy

[Naer]

I can't log onto my soundcloud. I tried reseting. and they sent it to my email. I forgot my email password. I tried retrieving my email password and they have to send it to my cell phone. I lost my phone. fml

 

[Naer]

nm, I got it

 

[ultimatebob]

I used to make fun of people like you, until some banks started requiring that you change your password every 90 days.

Now I can't seem to remember them anymore. It doesn't help that you're now supposed to have unique passwords for every service (since you can't seem to count on anybody to secure their shit right), and a lot of places now require complex passwords (with letters, numbers, capital letters, and symbols) and the friggin rules are different on every site.

 

[KLin]

lastpass ftw

 

[Rakehellion]

nm, I got it

:thumbsup:

 

[Jaskalas]

Write down a list of your sites, along with a hint that is very obvious to you.

 

[Rakehellion]

I used to make fun of people like you, until some banks started requiring that you change your password every 90 days.

Now I can't seem to remember them anymore. It doesn't help that you're now supposed to have unique passwords for every service (since you can't seem to count on anybody to secure their shit right), and a lot of places now require complex passwords (with letters, numbers, capital letters, and symbols) and the friggin rules are different on every site.

Which ironically makes passwords a lot less secure because now people are forced to write them down.

 

[mikeymikec]

I used to make fun of people like you, until some banks started requiring that you change your password every 90 days.

Write to them and complain. That password policy is astoundingly stupid. Failing that, vote with your money and go with another bank, but also point out to them the reason why you are changing banks, because if their IT security model is based on stupid ideas like this, you are frankly afraid for the money you have banked with them.

password1
password2
password3...


The only reason I can think of why a password change should be mandated every x days would be if brute-force attempts on the account are common, but these should be monitored and mitigated, so it's still a bad security policy.

 

[dighn]

use a password manager. it's kind of a necessity these days if you take security seriously - this means using good passwords, that are different between different accounts, and don't follow some kind of easy to guess system. i've been using keepass.

i still don't put my banking passwords in there though.

 

[Imp]

I write them all in a book beside my desk... Anyone breaks in, they'll get to have fun with every effing bank account I have.

 

[mikeymikec]

My most important passwords are memorised. The less important ones are noted.

 

[BUTCH1]

I just keep a notepad file with them all on it but I guess that's not the smartest move if my computer was compromised, I did name it "golf scores" so it wouldn't be obvious LOL.

 

[ultimatebob]

Write to them and complain. That password policy is astoundingly stupid. Failing that, vote with your money and go with another bank, but also point out to them the reason why you are changing banks, because if their IT security model is based on stupid ideas like this, you are frankly afraid for the money you have banked with them.

password1
password2
password3...


The only reason I can think of why a password change should be mandated every x days would be if brute-force attempts on the account are common, but these should be monitored and mitigated, so it's still a bad security policy.

I'd love to do that, but ADP is one of the primary offenders and my workplace uses them for both payroll and 401k.

They have the worst rules of all... one of the services requires the use of an @ symbol in the username, and the other requires a number for the username and won't let you use an @ symbol

 

[clamum]

I switched to using Dropbox and KeePass (and using it on a USB drive if necessary) a few years ago and am so glad I did. It takes a few moments to get to the password but it's damn nice actually.

 

[OCGuy]

2/10 troll

 

[OutHouse]

I'd love to do that, but ADP is one of the primary offenders and my workplace uses them

me too, i jot the password on my google drive account.

 

[It's Not Lupus]

I switched to using Dropbox and KeePass (and using it on a USB drive if necessary) a few years ago and am so glad I did. It takes a few moments to get to the password but it's damn nice actually.

I did this but now use BitTorrent Sync instead of Dropbox.

 

[Red Squirrel]

Welcome to my world, we have at least 30 passwords at work, and I'm not exaggerating. I'm also not counting the static ones that we all access such as DMS10 switches.

What I hate is some of the ones that expire don't let you invoke a change yourself. So it's very hard to keep them in sync. I'm sure I do the same most people do, I just add a number at the end.

For home/online passwords I have a web based password manager to keep track of everything. There's a few passwords such as forums and stuff that I know by heart but the important stuff that could lead to my CC # or worse, domain names, are all very complex and I have to refer to the DB. It's encrypted too.

 

[John Connor]

I use an add-on for Firefox and Pale Moon called PWDhash.

http://crypto.stanford.edu/PwdHash/

 

[WHAMPOM]

I can't log onto my soundcloud. I tried reseting. and they sent it to my email. I forgot my email password. I tried retrieving my email password and they have to send it to my cell phone. I lost my phone. fml

A wire wound book of index cards with all your sites and their passwords neatly printed out.
Generic 8 digit passwords for forum sites, etc. Unique 12 digit passwords(with misspellings and number substitutions in sign on names)in retail sites and any you want to fully secure.
I have two generic passwords memorized, all the rest I have to look up. Don't check the "remember me" or "private computer" option if your home comp is not secure.

 

[pmv]

Welcome to my world, we have at least 30 passwords at work, and I'm not exaggerating. I'm also not counting the static ones that we all access such as DMS10 switches.

What I hate is some of the ones that expire don't let you invoke a change yourself. So it's very hard to keep them in sync. I'm sure I do the same most people do, I just add a number at the end.

Definitely this. In a previous job had umpteen passwords that all expired every month, none would let you reuse a previously used password, and all were constantly out-of-synch with each other so you'd be changing one or other every few days. Writing them down was your only hope.

My current password peeve - sites that have a short length limit on the password - but have an actual password field that's longer than that limit. and which don't tell you what that limit actually is till after you try and put in one that's too long.

Oh yeah - and why don't _all_ password entry pages warn you if you've got CAPS LOCK on (some do, bless their cotton socks).

 

[Puppies04]

Which ironically makes passwords a lot less secure because now people are forced to write them down.

Written down in a scrap book in a drawer in a different room to your pc. The chance of someone A. Breaking into your house B. Finding book C. Opening book D. Giving a crap about your passwords when they are busy stealing your TV is miniscule.

 

[Imp]

Huh... Thanks to this thread for getting my paranoid. I just figured out a way to write down my passwords and make them secure: write down all but in each, include two characters that aren't written or fake like "xx" or "zz". Memorize and use the exact same set of characters for every password.

Two letters should leave enough combinations to force a lockout if someone were to find your book. If no lockout, good luck?

 

[darkxshade]

I just have mine saved to a spreadsheet in a thumbdrive but have been contemplating switching over to one of those password managers like keepass, lastpass, 1password, etc.

 

[Leyawiin]

I have mine in sets (useless forum stuff gets one, online shopping gets another, online banking gets a sole one not used anywhere else, emails get another, etc...). Its not perfect, but what is? A half dozen are about all I can keep up with.