Active discussions

Meet the Other Phone. A phone that grows with your child.

Meet the Other Phone.
A phone that grows with your child.

Buy now

Please or to access all these features

Talk
Chat

Join the discussion and chat with other Mumsnetters about everyday life, relationships and parenting.

Original poster

How do you manage passwords?

70 replies

JustGettingStarted · 10/12/2018 11:21

I have trouble remembering passwords for so many sites. I have a password that works for everything (upper case/lower case, numbers, letters and a punctuation character, 8 characters long) but it's not safe to use the same one on everything, so I'm going to be changing them this week. I'm thinking of creating one that has all the necessary characters, but varies by one character, based on the name of the site. Like "F07896a!" for Facebook and "M07896a!" for mumsnet, etc.

I still think someone might figure out the system. What do you do?

OP posts:
LadyinLavende · 10/12/2018 17:18

I have a bookend system but what really annoys me is sites that insist on me using their format, but they don't prompt you as to what that format is if you can't remember the password: like the ones which insist on passwords at least 12 elements long. If it said "hint" your password is at least 12 letters long I would know what I'd used.... but my standard password is "only" 11 digits.

I'm totally paranoid about entrusting my passwords to a password manager.....

DGRossetti · 10/12/2018 17:25

but what really annoys me is sites that insist on me using their format, but they don't prompt you as to what that format is

In a world drowning in standards, you'd think password management would have an ISO or IEEE standard somewhere ?

Tuptup · 10/12/2018 17:32

Meet, you don't need to download, you can just log in, bottom menu item on the site.

How do you manage passwords?
putthesneckon · 10/12/2018 18:36

I do similar to cjt110

I use my postcode plus the website name. so for Mumsnet it would be
"M first part of postcode ** second part of postcode T"

Never forgotten one since :-)

MeetOnTheSIedge · 10/12/2018 18:45

Thanks all. I guess the thing to do is start an account and add one thing at a time until I'm happy with how it all works.

justaperson · 10/12/2018 20:50

I use KeePass which is pretty good, you can store it locally and back it up to wherever you store your backups normally. It's free and open source, no need to be online to use it, you can also run it from a USB stick too if you want to.
I'd second the 2FA advice though, many more places do it now so no real excuse not to use it at least for email and other important accounts.

Scallywag1903 · 10/12/2018 21:25

I am most probably going to get slammed for this, but I once read a comment from Stephen Fry that your chances of being burgled were tiny compared to being hacked. Sooo in the spirit of OLD SKOOL, I have a box with cards and I write all my passwords down. Only exceptions are ofc bank accounts and credit cards. I remember all of those and change regularly. It has been invaluable I have to say.As I have sooo many and work ones too.

ragged · 10/12/2018 21:39

It's funny reading this.

I need to login my desktop machine at work. So I can't use a lastpass system to get on them. My fingers need to know what to do.

We don't get mobile reception in my building. So a 2-step encryption system with phone would require waiting around outside to get a msg.

My current phone is truly crap & can't install any more apps (no room). This may change, tbf.

I don't actually turn my phone on very often, tbh, but obviously I could choose to have it on all the time if super useful to me. After phone has been off, it takes about 35 minutes to start receiving texts quickly. Until that initial period ends, texts sent to me just don't arrive within 2 minutes. Anyway, I'd have to coordinate the phone being on at right times in right places. Wifi... well, let's just say sometimes I can connect devices to it at work, and sometimes I can't.

We hotdesk at work, so could be using any of many computers to login to other sites from.

I HAVE resorted to taping passwords for some sites to documents at work. Typically p'wds allow me to read an encrypted pdf sent only to me. Colleagues can knock selves out trying to find a way to use that.

mastertomsmum · 10/12/2018 21:49

Never tell people stuff like this on an ope forum

Scallywag1903 · 10/12/2018 22:00

fairplay *@mastertomsmum * I agree....tbh I am talking passwords to libraries, Whistles, Tesco etc. Not anything financial IYSWIM. But yep - discretion is key I agree

Spagyetti · 10/12/2018 22:46

This thread is weird - is it written by a bunch of people working for Lastpass? It certainly reads like it. Reporting.

Stupomax · 10/12/2018 22:54

This thread is weird - is it written by a bunch of people working for Lastpass? It certainly reads like it. Reporting.

This post is weird.

happyclutterchucker · 10/12/2018 22:55

I write them down in a book

^ me too

(And no, I don't work for Paperchase) Grin

Tuptup · 10/12/2018 22:58

This thread is weird - is it written by a bunch of people working for Lastpass?
Grin Well I can't comment for others but I don't, was just answering questions that the op asked as its the one I use. Most people are probably answering from the perspective of lastpass as its one of the most used ones.

JamieVardysHavingAParty · 10/12/2018 23:18

^I use my postcode plus the website name. so for Mumsnet it would be
"M first part of postcode ** second part of postcode T"^

I would recommend you change your username, tbh.

DGRossetti · 11/12/2018 10:04

We don't get mobile reception in my building. So a 2-step encryption system with phone would require waiting around outside to get a msg.

A good 2FA system will be designed for offline use. Facebook and Google both allow you to generate some codes which you can write down/print out and keep in your wallet/wherever and use when challenged for 2FA without mobile coverage. (Although Google also allow you to use the Google Authenticator app, which doesn't need connectivity).

(Bear than in mind when people start whinging about banks forcing 2FA on people for large/unusual purchases).

DGRossetti · 11/12/2018 10:07

This thread is weird - is it written by a bunch of people working for Lastpass? It certainly reads like it. Reporting.

Report away. MNHQ will tell you (if they haven't) that I'm a regular poster.

Also, it's hard to comment on how many times I said other solutions were available ???????

I just happen to use Lastpass, happily, and I know it's probably a bit old fashioned these days, but as a satisfied customer (I have a paid for version) they deserve the praise on the basis that I will quite happily name shit products and companies too.

ReflectentMonatomism · 11/12/2018 10:13

Although Google also allow you to use the Google Authenticator app, which doesn't need connectivity

As do Facebook and Twitter.

I leverage that by using Facebook, Google or Twitter to login to services which I think need 2FA but which don't offer it, or only offer it via SMS. It's marginal, as those oauth-based services aren't without their own considerable risks, but on balance I think it's slightly better (but not clearly better enough to advise other people to do the same).

Lastpass's authenticator is Google-compliant, but also backs up the secrets to your Lastpass vault. That's also not risk-free, but having dealt with recovering from a wiped phone which had all my 2FA secrets on it, I think the risk is worth it. My ultimate backstop for Lastpass 2FA is a Yubikey in a safe at work.

AllTakenSoRubbishUsername · 11/12/2018 11:14

I have a little book that I write them all in (hidden, of course!)

putthesneckon · 16/12/2018 11:51

JamieVardysHavingAParty
Not exactly as posted and other features so game not given away Wink

New posts on this thread. Refresh page