this post was submitted on 29 Nov 2024
36 points (92.9% liked)

Ask Lemmy

27100 readers
2206 users here now

A Fediverse community for open-ended, thought provoking questions

Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world


Rules: (interactive)


1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them


2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?


3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.


4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].


5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.


Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija


Logo design credit goes to: tubbadu


founded 2 years ago
MODERATORS
 

Of course I'm not asking you to give away your passwords. But for those of you who have so many, how do you keep track of them all? Do you use any unique methods?

I know many people struggle between having something that's easy to remember and something that's easy to guess. If you keep a note with your passwords on it, for example, it can be stolen, lost, or destroyed, or if you make them according to a pattern that's easy to remember, the wrong people might find them easier to guess.

top 50 comments
sorted by: hot top controversial new old
[–] supercriticalcheese@lemmy.world 10 points 3 days ago

Password manager

[–] scrubbles@poptalk.scrubbles.tech 97 points 5 days ago (2 children)

In my experience the best way to remember passwords is to.... Get a password manager

[–] Hansie211@lemmy.world 24 points 5 days ago* (last edited 5 days ago) (5 children)

This is 100% the best advise. But how do you remember your password managers password? I highly recommend Computerphiles tips, I've never seen it explained better: https://youtube.com/watch?v=3NjQ9b3pgIg

(Join 3-4 random, unrelated words for a strong, memorable password)

[–] SkaveRat@discuss.tchncs.de 12 points 5 days ago (2 children)

how do you remember your password managers password

another password manager

[–] jdw@links.mayhem.academy 4 points 5 days ago (1 children)

Until finally there is one to bind them all.

[–] SatyrSack 7 points 5 days ago

And that password is written on a scrap of paper attached to my monitor. Perfect security.

load more comments (1 replies)

https://xkcd.com/936/ Because theres one for every situation.

[–] KittenBiscuits@lemm.ee 4 points 5 days ago

I definitely use a password wallet.

And because I'm getting into the demographic where my peers are going through end of life planning (whether for their parents or themselves), I have written my master password down and keep it with the will/"very important papers". Whoever settles your affairs will thank you.

Also, since I've wrangled with this one specifically, when a loved one passes keep their mobile number active so you can navigate mfa and password resets for their accounts.

load more comments (2 replies)

I have Bitwarden set up with a feature called Emergency Access. The credentials to access that is just stores in plain text on a piece of paper in a drawer that I frequently use. If I ever forget my master password, I pull out the paper and use the Emergency Access feature, and start the timer, I set it at one or two weeks.

[–] Schlemmy@lemmy.ml 20 points 4 days ago

I don't. Bitwarden and that's it.

[–] IDKWhatUsernametoPutHereLolol@lemmy.dbzer0.com 17 points 5 days ago* (last edited 5 days ago)

Like other have said, Bitwarden.

But I also would like to add: I use the Emergency Access feature in case of forgotten master password.

You basically set up another account and do a sort of "public key exchange handshake" with your main account. Then your secondary account becomes a way to recover your main account.

You can store the credentials to secondary account in plain text on a piece of paper in a drawer somewhere you have a habit of accessing (so you don't forget where you put it). Its doesn't matter if a snooping family member saw those credentials, theres a pre-set timer that needs to expire before access is granted. If I saw that timer being triggered, I'd know someone had been snooping, and I can just click deny access from my main account.

So if you somehow forget your main password, you find the paper with your secondary account and use it to request access to your primary account. And well you'd have to wait out the timer, but its better than losing your vault forever and having to reset every password.

[–] hperrin@lemmy.world 16 points 5 days ago

I only remember one password, the one to my password manager.

[–] ByteMe@lemmy.world 2 points 3 days ago (2 children)

I try to use passwords that look like sentences. For example you could "SpotifyIsAwesome!2024". Easy to remember, hard to crack

[–] Fantabread@lemm.ee 1 points 3 days ago

Impossible to crack since no reasonable person would think that in 2024!

[–] WhatsHerBucket@lemmy.world 11 points 5 days ago

I have hundreds of passwords, there’s no way I could manage that without a password manager.

1Password isn’t terrible, it’s pretty intuitive.

Bitwarden is another popular option.

Using the same (or similar) passwords for multiple things is a really bad idea.

[–] semperverus@lemmy.world 7 points 4 days ago

KeePassXC/DX.

[–] Appoxo@lemmy.dbzer0.com 7 points 4 days ago

Bitwarden and be done.

[–] Nadru@lemmy.world 5 points 4 days ago (1 children)

I have a friend who resets his passwords whenever he connects. So he only remembers one password, that of his email. He claims it's safer this way.

[–] Ookami38@sh.itjust.works 4 points 4 days ago (1 children)

Theres.... There's something to it, I guess. Make sure your email is secure, and if not even you know your password, how can someone else. Christ, it sounds like a massive pain in the ass, though.

[–] Nadru@lemmy.world 1 points 3 days ago

Exactly, like I agree with him on principle but it's too time consuming.

[–] traches@sh.itjust.works 5 points 4 days ago

For passwords you have to keep in your head, diceware. Surprised it’s not already mentioned! Basically you roll dice to choose words from a long wordlist until you have 6 or 7 words.

Human brains are good at remembering words. It’s way easier to remember a password that looks like:

grandson estimator virtuous scabbed poet parasitic

than it is to remember a random character string.

[–] Bougie_Birdie@lemmy.blahaj.zone 7 points 5 days ago (1 children)
[–] randombullet@programming.dev 4 points 4 days ago (2 children)

I use passphrases from movies of shows that I like. Then add a special symbol and a number that I like.

Thanks for nothing you useless reptile!61

This has 100.54 bits of entropy. I consider anything above 60 sufficient enough

[–] Ookami38@sh.itjust.works 5 points 4 days ago (1 children)

Similar, but I just take the first letter of each word, keep proper pronunciation, and turn some into numbers as appropriate.

Two trailer park girls go round the outside, round the outside, round the outside.

Becomes

2tpggrto,rto,rto.

No, for the record I do not use THAT song.

[–] sem@lemmy.blahaj.zone 1 points 4 days ago (1 children)

Wouldn't it be better to use the full quote, with some random numbers and symbols interspersed?

[–] Ookami38@sh.itjust.works 3 points 4 days ago

Depends. I like this because it's shorter, but still maintains a good level of security, and I'll never forget it. Technically the full password is stronger, yeah. This also has the added benefit of someone being able to see you type it or catch a glimpse of it plaintext for some reason and have NO chance of remembering it.

Either way, they're both pretty secure, I just don't wanna type several lines of... Anything each time I log in.

[–] IphtashuFitz@lemmy.world 3 points 4 days ago* (last edited 4 days ago)

I worked in IT at a company years ago that standardized on song lyrics in a similar fashion:

4 Those about 2 rock we salute you!

I want 2 rock & roll all night

Etc.

[–] Platypus@lemmings.world 7 points 5 days ago
[–] TrueStoryBob@lemmy.world 3 points 4 days ago

I have four passwords I memorize: my password manager, my main email, my work login, and a throw away password for stuff that doesn't matter too much (signing up for giveaways, throw away social media accounts, etc). For everything else I have the password manager create some twenty character monstrosity.

The four memorized ones are all nine letter words with numbers and symbols replacing letters usually always including a comma somewhere as I heard once that a comma makes a password hardet to crack (but, now thinking about it, I don't know where I heard that and it sounds like a myth).

[–] MyNameIsRichard@lemmy.ml 6 points 5 days ago

Keepassxc remembers for me.

[–] ultranaut@lemmy.world 6 points 5 days ago
[–] PetteriPano@lemmy.world 4 points 4 days ago

I used to have a couple of letters from the site/service followed by an obscure dialectal word that's not found in dictionaries with a few characters replaced by numbers and symbols. Those two letters kind of work like salting to keep every hash of my password unique.

Now I just do bitwarden.

[–] shneancy@lemmy.world 3 points 4 days ago

i have difficult & long unique passwords for each of the important things (emails, bank, any official gov or edu sites etc.) that i keep on a piece of paper in my notebook (with a few backup copies). And i also have 3 degrees of difficulty for my other passwords that i use like this: easy "i could not care less if this account got hacked, in fact i know this password has been leaked in plain text before so whatever", medium "i'd kinda suck if this got hacked but ultimately it'd not cause major issues", hard "i do not want this to be hacked"

[–] AbouBenAdhem@lemmy.world 5 points 5 days ago (1 children)

For cases where I may not have access to a password manager, I have a standard procedure where I'll take the website url, add a fixed salt word, and run it through a hash function.

[–] KittenBiscuits@lemm.ee 3 points 5 days ago

Either this is a common algorithm or you might be my friend who also does this.

[–] satanmat@lemmy.world 4 points 4 days ago

2 ways

1 password manager

  1. I use them very often. I have a bunch of different yes complex passwords that I’m using repeatedly throughout the day so brute force rote memory….

But yeah. Password manager

[–] 667@lemmy.radio 4 points 5 days ago (1 children)
[–] NOT_RICK@lemmy.world 5 points 4 days ago

You use 7 stars for your password?

[–] TokenEffort@sh.itjust.works 4 points 5 days ago (2 children)

They're all the same-ish.

Let's say my password is Token, but spelled like t0k3||

I would attach something related to the site on it, so if the site is lemmy for example, the password would be like

t0k3||Addictedtosurfing

If the site is Amazon something like

t0k3||Thanksformyfavoritejob

I called it "lock and key" style and I'd change the beginning part, the "lock", once a year.

So next year it'll be ef|=027Addictedtosurfing

These are examples lol

[–] sbv@sh.itjust.works 2 points 4 days ago

Pretty much this. But I used a function of the host name, so it would be easier to remember.

It gets annoying when the site forces you to rotate the password. After that happened a couple of times I started using a password manager.

load more comments (1 replies)
[–] JackbyDev@programming.dev 2 points 4 days ago

I only try to remember two passwords. My email password and my password manager password. The rest and random gobbledy gook.

[–] Akasazh@feddit.nl 2 points 4 days ago

I use postal codes, street names and house numbers of addresses where I previously lived. They contain numbers and capital letters, are random for anyone else, but in doubt I can always look them up.

[–] OhStopYellingAtMe@lemmy.world 3 points 5 days ago

Before password managers I used to come up with a phrase or nonsense word that was personally significant to me, or an inside joke. Some sort of “catch phrase” that would only make sense to me and maybe my closest friends. Sometimes just an initialism of something I’d know, like my ex-gf Angie (not her real name) had a gap in her teeth, so I’d tell my friends “Angie’s got a gap in her teeth so my dick’s gots to fit!” and so my password would be “Agagihtsmdg2f!”

[–] Feathercrown@lemmy.world 2 points 4 days ago* (last edited 4 days ago)

My passwords are unfortunately very... "patterned". Makes remembering them easier though.

[–] korthrun@lemmy.sdf.org 3 points 5 days ago* (last edited 5 days ago) (1 children)

I use a hardware password manager that connects over USB or bluetooth for most things. The few things that I use often I have a system for, and that system is popular culture.

Love "The Prisoner of Azkaban"? Initialize it, and add the publish date some where: HP&TPoA|1999

Starship troopers fan? Initialize a memorable quote. "The enemy can not push a button... if you disable his hand. Medic!": Tecnpab...iydhh.M! Need numbers? Find a quote with numbers, or add the release year, or the number of times you watched it that one weekend where you and a friend watched it 32 times.

Like TV shows more? How about the fourth episode of family guy: S1-MindOverMuder-E4.

Metal Fan? I do love track three off of Metallica's 1983 album: #3|Motorbreath-1983

Etc.

load more comments (1 replies)
[–] Evotech@lemmy.world 2 points 4 days ago

I remember them two characters at a time.

Theres a couple of passwords I remember, like for logging on my PC and into my password manager

[–] AA5B@lemmy.world 1 points 4 days ago* (last edited 4 days ago)

I only need a couple “real” passwords. They are long, complex, and backed by 2fa

Historically I re-used things from personal history. I know I shouldn’t but they’re easier to remember since I already memorized them. Usually they’re not public data, more like

  • my first PIN of my first ever bank card is now additional authentication for my app with my current bank
  • one password is the name and IP (with substitutions) of one of my favorite servers from a job 15 years ago when I ran my own lab
  • I gotta admit, I still have some trivial passwords for things that seem trivial

But my passwords are mostly generated (and the password to that is complex and unique, plus requires additional Auth). Anything from the last couple years also has a unique generated email

My company is pretty serious about such things: I have generated passwords, two separate 2fa apps and a yubikey. Plus they have some annoying shit on the laptop that is sometimes annoying

[–] mjhelto@lemm.ee 1 points 4 days ago

For the work passwords I have to remember and cannot always access a password manager, I use pass phrases instead. Statistically, 3 random, non-similar words, are more secure than normal passwords. Changing random letters to symbols and capitalizing can further improve the security. For instance...

  • Stove glob3 hamst#r
  • pants Stuffin& quote
  • z1ptie float beet$l
load more comments
view more: next ›