My feed
Premium
Please
or
to access all these features

Join the discussion and meet other Mumsnetters on our free online chat forum.

Chat

How do you manage passwords?

70 replies

JustGettingStarted · 10/12/2018 11:21

I have trouble remembering passwords for so many sites. I have a password that works for everything (upper case/lower case, numbers, letters and a punctuation character, 8 characters long) but it's not safe to use the same one on everything, so I'm going to be changing them this week. I'm thinking of creating one that has all the necessary characters, but varies by one character, based on the name of the site. Like "F07896a!" for Facebook and "M07896a!" for mumsnet, etc.

I still think someone might figure out the system. What do you do?

OP posts:
Report
LadyinLavende · 10/12/2018 17:18

I have a bookend system but what really annoys me is sites that insist on me using their format, but they don't prompt you as to what that format is if you can't remember the password: like the ones which insist on passwords at least 12 elements long. If it said "hint" your password is at least 12 letters long I would know what I'd used.... but my standard password is "only" 11 digits.

I'm totally paranoid about entrusting my passwords to a password manager.....

Report
DGRossetti · 10/12/2018 17:25

but what really annoys me is sites that insist on me using their format, but they don't prompt you as to what that format is

In a world drowning in standards, you'd think password management would have an ISO or IEEE standard somewhere ?

Report
Tuptup · 10/12/2018 17:32

Meet, you don't need to download, you can just log in, bottom menu item on the site.

How do you manage passwords?
Report
putthesneckon · 10/12/2018 18:36

I do similar to cjt110

I use my postcode plus the website name. so for Mumsnet it would be
"M first part of postcode ** second part of postcode T"

Never forgotten one since :-)

Report
MeetOnTheSIedge · 10/12/2018 18:45

Thanks all. I guess the thing to do is start an account and add one thing at a time until I'm happy with how it all works.

Report
justaperson · 10/12/2018 20:50

I use KeePass which is pretty good, you can store it locally and back it up to wherever you store your backups normally. It's free and open source, no need to be online to use it, you can also run it from a USB stick too if you want to.
I'd second the 2FA advice though, many more places do it now so no real excuse not to use it at least for email and other important accounts.

Report
Scallywag1903 · 10/12/2018 21:25

I am most probably going to get slammed for this, but I once read a comment from Stephen Fry that your chances of being burgled were tiny compared to being hacked. Sooo in the spirit of OLD SKOOL, I have a box with cards and I write all my passwords down. Only exceptions are ofc bank accounts and credit cards. I remember all of those and change regularly. It has been invaluable I have to say.As I have sooo many and work ones too.

Report
ragged · 10/12/2018 21:39

It's funny reading this.

I need to login my desktop machine at work. So I can't use a lastpass system to get on them. My fingers need to know what to do.

We don't get mobile reception in my building. So a 2-step encryption system with phone would require waiting around outside to get a msg.

My current phone is truly crap & can't install any more apps (no room). This may change, tbf.

I don't actually turn my phone on very often, tbh, but obviously I could choose to have it on all the time if super useful to me. After phone has been off, it takes about 35 minutes to start receiving texts quickly. Until that initial period ends, texts sent to me just don't arrive within 2 minutes. Anyway, I'd have to coordinate the phone being on at right times in right places. Wifi... well, let's just say sometimes I can connect devices to it at work, and sometimes I can't.

We hotdesk at work, so could be using any of many computers to login to other sites from.

I HAVE resorted to taping passwords for some sites to documents at work. Typically p'wds allow me to read an encrypted pdf sent only to me. Colleagues can knock selves out trying to find a way to use that.

Report

Want to see more?

Find more threads and control what you see

 Get started
mastertomsmum · 10/12/2018 21:49

Never tell people stuff like this on an ope forum

Report
Scallywag1903 · 10/12/2018 22:00

fairplay *@mastertomsmum * I agree....tbh I am talking passwords to libraries, Whistles, Tesco etc. Not anything financial IYSWIM. But yep - discretion is key I agree

Report
Spagyetti · 10/12/2018 22:46

This thread is weird - is it written by a bunch of people working for Lastpass? It certainly reads like it. Reporting.

Report
Stupomax · 10/12/2018 22:54

This thread is weird - is it written by a bunch of people working for Lastpass? It certainly reads like it. Reporting.

This post is weird.

Report
happyclutterchucker · 10/12/2018 22:55

I write them down in a book

^ me too

(And no, I don't work for Paperchase) Grin

Report
Tuptup · 10/12/2018 22:58

This thread is weird - is it written by a bunch of people working for Lastpass?
Grin Well I can't comment for others but I don't, was just answering questions that the op asked as its the one I use. Most people are probably answering from the perspective of lastpass as its one of the most used ones.

Report
JamieVardysHavingAParty · 10/12/2018 23:18

^I use my postcode plus the website name. so for Mumsnet it would be
"M first part of postcode ** second part of postcode T"^

I would recommend you change your username, tbh.

Report
DGRossetti · 11/12/2018 10:04

We don't get mobile reception in my building. So a 2-step encryption system with phone would require waiting around outside to get a msg.

A good 2FA system will be designed for offline use. Facebook and Google both allow you to generate some codes which you can write down/print out and keep in your wallet/wherever and use when challenged for 2FA without mobile coverage. (Although Google also allow you to use the Google Authenticator app, which doesn't need connectivity).

(Bear than in mind when people start whinging about banks forcing 2FA on people for large/unusual purchases).

Report
DGRossetti · 11/12/2018 10:07

This thread is weird - is it written by a bunch of people working for Lastpass? It certainly reads like it. Reporting.

Report away. MNHQ will tell you (if they haven't) that I'm a regular poster.

Also, it's hard to comment on how many times I said other solutions were available ???????

I just happen to use Lastpass, happily, and I know it's probably a bit old fashioned these days, but as a satisfied customer (I have a paid for version) they deserve the praise on the basis that I will quite happily name shit products and companies too.

Report
ReflectentMonatomism · 11/12/2018 10:13

Although Google also allow you to use the Google Authenticator app, which doesn't need connectivity

As do Facebook and Twitter.

I leverage that by using Facebook, Google or Twitter to login to services which I think need 2FA but which don't offer it, or only offer it via SMS. It's marginal, as those oauth-based services aren't without their own considerable risks, but on balance I think it's slightly better (but not clearly better enough to advise other people to do the same).

Lastpass's authenticator is Google-compliant, but also backs up the secrets to your Lastpass vault. That's also not risk-free, but having dealt with recovering from a wiped phone which had all my 2FA secrets on it, I think the risk is worth it. My ultimate backstop for Lastpass 2FA is a Yubikey in a safe at work.

Report
AllTakenSoRubbishUsername · 11/12/2018 11:14

I have a little book that I write them all in (hidden, of course!)

Report
putthesneckon · 16/12/2018 11:51

JamieVardysHavingAParty
Not exactly as posted and other features so game not given away Wink

Report
New posts on this thread. Refresh page
Please create an account

To comment on this thread you need to create a Mumsnet account.