Password Maintenance?

2,207 Views | 31 Replies | Last: 4 yr ago by MarylandAG
TXAGFAN
How long do you want to ignore this user?
AG
Is there a widely trusted and highly regarded way to save passwords so they are accessible across multiple devices, like an app?

My mother is crippled with her passwords and it ruins every computer related aspect of her life (computers, shopping, streaming media, etc). For example, today I tried to show her how to download books from library onto her kindle. She didn't know her Amazon password and ruined an hour because she is so agitated about her passwords. She has them saved on her laptop via chrome, some are on notecards around house, etc. My brother somewhere along the way convinced her to make them exceedingly complicated so that doesn't help either.

I get it, passwords are a pain. I reset mine more than I care to admit, but she doesn't want to do that.

How do you do it?
Frisco
How long do you want to ignore this user?
AG
Lastpass
permabull
How long do you want to ignore this user?
AG
tamusc
How long do you want to ignore this user?
AG
There's a number of password manager options out there. I use LastPass myself.
hph6203
How long do you want to ignore this user?
AG
LastPass as well. Went through and updated all my passwords to make each one unique, took a couple of hours, but definitely feel like it improved my overall security.
.
TMoney2007
How long do you want to ignore this user?
AG
I use last pass as well. Their family plan is barely any more expensive than a single license and up to 6 people can use it.

You can also share passwords between the accounts.

The nice thing is she can memorize one complicated password. A unique 4-5 word phrase with a special character and a couple numbers that are meaningful make a strong password. Let it generate all the passwords for places that store your credit cards and bank websites. There are apps for the major browsers, Android and iPhones. You can log into the phone apps with a fingerprint censor.
permabull
How long do you want to ignore this user?
AG
AggieBarstool
How long do you want to ignore this user?
LastPass or 1Password. Both great. Both secure. Both cross-device compatible.

Skip the rest of the noise on the market.
bigtruckguy3500
How long do you want to ignore this user?
I use LastPass. But I've tried various things for my mom. The problem is that she never sticks with it.
tamusc
How long do you want to ignore this user?
AG
bigtruckguy3500 said:

I use LastPass. But I've tried various things for my mom. The problem is that she never sticks with it.
Yeah, I've struggled with my folks and my wife to a lesser extent. The hardest part is the transition, but once you can push them through that, it gets so much easier.
TxFig
How long do you want to ignore this user?
AG
The solution is to cut down on the number of passwords she uses.


1) for sites where security is important (Banks, Financial security companies, etc) - create ONE hellagood password and use it for all of them. See notes on how to do this.

2) for Email (especially if it's Gmail), create a 2nd hellagood password.

3) for sites where security is just so-so (facebook, other social media, etc) - create ONE decent password and use it for all of them.

4) for sites where security is just an annoyance, create ONE password that is simple to remember. NEVER EVER CHANGE THIS PASSWORD.

5) Teach your mom about social engineering ways people steal passwords. These days, nobody uses decryption methods to steal passwords - it's simply inefficient. Instead they trick people into giving up their passwords voluntarily.

If someone is going to give up their password, it doesn't matter how good the password is. If they learn how to NOT fall victim to this, they pretty much never have to worry about it.


6) Keep password tracking simple. Put it in an Excel spreadsheet - which itself is protected by the password #3. And tell your kids. Tell your kids where this spreadsheet is located...



Note 1: If you have a "hellagood" password, you shouldn't have to change it ever. Social engineering will crack these password 100 years before a decryption program will.

Note 2: so what is a "hellagood" password?
Pick a 4 or 5 word phrase that is easy for YOU to remember. Use ALL of the letters in that Phrase (min of 18 characters).
For example: AlaskaSalmonFishing4MyRetirement

That password is uncrackable. AND (more importantly), I will never forget it.
--
Chris Barnes
Retired A&M IT geek - now beekeeper
http://www.cornerstonehoneybees.com/
hph6203
How long do you want to ignore this user?
AG
Way easier and safer to use a password manager than a system like this. Social engineering is not the only way passwords get stolen and to think you're NEVER going to have to change a password is naive. Yahoo had a hack several years ago where passwords to emails were exposed, that exposed every single password that used that email to sign up. I trust Google more than Yahoo with security, but any company can make mistakes. Equifax had a data breach that exposed damn near every American to identity theft.
.
TMoney2007
How long do you want to ignore this user?
AG
Anyone that gets a working password to a high value site is going to immediately try it other places.

It would be like putting important data on a 5 disk RAID-0 array... If one goes down, you're going to lose all of them.

One really great password used with something like LastPass who is seriously focused on security is easiest and best. If you're really security conscious, 2 factor authentication with an authenticator app or a security key is a step beyond that, but its much more inconvenient.

I do agree about having a password that I use in places where I don't care about it getting hacked.

Another tip is that if you use a random password generator like lastpass, set it to exclude ambiguous characters. That way it leaves characters like I,1, l, 0 and O out. This way, if you have to manually enter them for some reason it is easier. It reduces the character space some but it's nice to not have to guess.
saw em off
How long do you want to ignore this user?
Love 1Password.
dubi
How long do you want to ignore this user?
AG
Quote:

3) for sites where security is just so-so (facebook, other social media, etc) - create ONE decent password and use it for all of them.
I hope you are just kidding!

I use 1Password and so does my 86 year old mother.
tamusc
How long do you want to ignore this user?
AG
Outside of teaching someone about social engineering, this is probably some of the worst, out of date security advice I've ever seen.

The old advice of combining easy to remember words is pretty much dead thanks to modern dictionary based attack methods.
Picard
How long do you want to ignore this user?
AG
tamusc said:

Outside of teaching someone about social engineering, this is probably some of the worst, out of date security advice I've ever seen.

The old advice of combining easy to remember words is pretty much dead thanks to modern dictionary based attack methods.

Agreed. That post reeks of "old man advice". I'm sure it was good advice back in the day, but not any more.

dave99ag
How long do you want to ignore this user?
AG
saw em off
How long do you want to ignore this user?
TxFig said:

The solution is to cut down on the number of passwords she uses.


1) for sites where security is important (Banks, Financial security companies, etc) - create ONE hellagood password and use it for all of them. See notes on how to do this.

2) for Email (especially if it's Gmail), create a 2nd hellagood password.

3) for sites where security is just so-so (facebook, other social media, etc) - create ONE decent password and use it for all of them.

4) for sites where security is just an annoyance, create ONE password that is simple to remember. NEVER EVER CHANGE THIS PASSWORD.

5) Teach your mom about social engineering ways people steal passwords. These days, nobody uses decryption methods to steal passwords - it's simply inefficient. Instead they trick people into giving up their passwords voluntarily.

If someone is going to give up their password, it doesn't matter how good the password is. If they learn how to NOT fall victim to this, they pretty much never have to worry about it.


6) Keep password tracking simple. Put it in an Excel spreadsheet - which itself is protected by the password #3. And tell your kids. Tell your kids where this spreadsheet is located...



Note 1: If you have a "hellagood" password, you shouldn't have to change it ever. Social engineering will crack these password 100 years before a decryption program will.

Note 2: so what is a "hellagood" password?
Pick a 4 or 5 word phrase that is easy for YOU to remember. Use ALL of the letters in that Phrase (min of 18 characters).
For example: AlaskaSalmonFishing4MyRetirement

That password is uncrackable. AND (more importantly), I will never forget it.

This is the worst advice I've seen when it comes to personal cybersecurity. Rule #1 (for this subject) NEVER use the same password across multiple sites. And a password protected excel file is very easily crackable.
OverSeas AG
How long do you want to ignore this user?
AG
Every knee shall bow and every tongue shall confess
DON'T TREAD ON ME
heddleston
How long do you want to ignore this user?
AG
The aforementioned password managers are great, I use Dashlane. Hunt for coupon codes for the different services and see which works for you.

For making passwords i recommend using Diceware. Even if an attacker knows youre using diceware and which wordlist youre using, it will take forever to break if your password is long enough. You could even throw a wrench into that by using a die to choose which wordlist you use for each word if you wanted to. I usually then augment a few of the words in some way and add some numbers/symbols. I also prefer using real dice, but a dice app/random number generator works okay.

* In addition to the OG wordlists in the above link, here is a set of wordlists generated from fan wikis for Star Wars, Star Trek, GoT, and Harry Potter. these lists are done with a D20 instead of regular dice.
Cassius
How long do you want to ignore this user?
For your master password, use a long phrase with spaces instead of a short, alphanumeric password. The longer it is, even with just alphabetic characters, the harder it is to crack.

This password :

i see dead people all the time

Is much better than

6g4F&-/087
Quinn
How long do you want to ignore this user?
AG
How does last pass work? Is it a plugin for your browser/phone? What happens if you forget that password?
lb3
How long do you want to ignore this user?
AG
cz308
How long do you want to ignore this user?
saw em off said:

Love 1Password.
Same. I've used both but I like 1Password more.
TxAggieBand85
How long do you want to ignore this user?
AG
Quinn said:

How does last pass work? Is it a plugin for your browser/phone? What happens if you forget that password?
Password Recovery.

Set Up Account Recovery
cr0wbar
How long do you want to ignore this user?
AG
please dont kill me but lately Google chrome has been creating extremely hard passwords:

15D7D8*99mdk190F1bkdjTYid!kd

and saving them across my devices. Is this bad?
Azariah
How long do you want to ignore this user?
AG
TxFig said:

The solution is to cut down on the number of passwords she uses.


1) for sites where security is important (Banks, Financial security companies, etc) - create ONE hellagood password and use it for all of them. See notes on how to do this.

2) for Email (especially if it's Gmail), create a 2nd hellagood password.

3) for sites where security is just so-so (facebook, other social media, etc) - create ONE decent password and use it for all of them.

4) for sites where security is just an annoyance, create ONE password that is simple to remember. NEVER EVER CHANGE THIS PASSWORD.

5) Teach your mom about social engineering ways people steal passwords. These days, nobody uses decryption methods to steal passwords - it's simply inefficient. Instead they trick people into giving up their passwords voluntarily.

If someone is going to give up their password, it doesn't matter how good the password is. If they learn how to NOT fall victim to this, they pretty much never have to worry about it.


6) Keep password tracking simple. Put it in an Excel spreadsheet - which itself is protected by the password #3. And tell your kids. Tell your kids where this spreadsheet is located...



Note 1: If you have a "hellagood" password, you shouldn't have to change it ever. Social engineering will crack these password 100 years before a decryption program will.

Note 2: so what is a "hellagood" password?
Pick a 4 or 5 word phrase that is easy for YOU to remember. Use ALL of the letters in that Phrase (min of 18 characters).
For example: AlaskaSalmonFishing4MyRetirement

That password is uncrackable. AND (more importantly), I will never forget it.



No
combat wombat™
How long do you want to ignore this user?
AG
I use Dashlane.
permabull
How long do you want to ignore this user?
AG
SlackerAg
How long do you want to ignore this user?
AG
hypeiv said:

Quinn said:

How does last pass work? Is it a plugin for your browser/phone? What happens if you forget that password?


My master password is written on a piece of paper in my safety deposit box at the bank. If I die, my family will be able to easily get into all my accounts.
I like this idea a lot & will do the same.
UmustBKidding
How long do you want to ignore this user?
I use Google death. Hope they don't die before me
MarylandAG
How long do you want to ignore this user?
I use Keeper but after checking out the pricing on LastPass I need to switch over, I'm paying way more than that for Keeper
Refresh
Page 1 of 1
 
×
subscribe Verify your student status
See Subscription Benefits
Trial only available to users who have never subscribed or participated in a previous trial.