To be struggling so much with passwords

[CameNhange]

I have always used the same password for everything which I know you shouldn’t do but honestly otherwise I don’t know how to stay on top without writing it down.

Mine was a complicated one with letters and numbers but it keeps being rejected for not having an uppercase letter which means I end up with something like Pets name year of birth which isn’t very secure!

How does everyone else manage it?

I have the same password for everything except my personal email and my work (government email). I write all but those two down in a notebook.

I have a formula I use...sort of use the same password for everything but slightly different.

So say my password is "password"

My email - passwordmail1988
Facebook -passwordbook1988
Mumsnet - passwordnet1988
Twitter - passwordter1988

So that way it's different for everything but easy for me to remember.

And of course "password" is not actually my password. I use a memorable word, followed by either the last word of the name of the thing I need a password for (like 'book' from Facebook) or the last three letters (like 'ter' from Twitter) and then my birth year.

I hope that makes sense. Only problem is when some places ask for a special character. Not many do, but if it's needed I usually put an exclamation mark in before the numbers.

I tend to base my passwords on two things I can see when I need to make up or change a password, then capitalise the start of each of the two words and swap letters for numbers.

carpet and table then becomes C4rp3tT4b13.

As an example.

Choose a phrase that is easy to remember and separate it with hyphens. It's been proven to be harder to crack for a computer than random letters and numbers.

eg my-dog-has-really-smelly-farts

A sentence that is easy to remember is recommended now

I use my iPad that manages my passwords. Is this safe

I store mine in a notebook but use *'s to disguise it so should anyone find it (or my DC decide to fleece me by buying crap on ebay) then it wouldn't mean anything.

This only works because most of my passwords are variations on 3 words and a couple of number combinations.

eg. if my passwords always involved Cushion, Hoover or Tabletop and involved either 987, 654 or 321 then I would write:

H3 and know that it was Hoover321
6C would be 654Cushion ...and so on

I only use a computer at home, my job doesn't involve them at all. At home we have a book for passwords, kept in a very secure place, but like BackforGood I write mine down in a form that no-one else would understand. I often use place-names and numbers from my childhood that no-one who knows me now would know, so what I actually write down might be something like "road Clare lived in, last 2 digits of Laura's phone number" or similar. Or use asterisks for most of the letters of a long word - say if it was Lutterworth23 I'd put L*h23.

For PINs, if I need a reminder the first few times, I usually write down on a piece of paper a phrase where the number of letters in each word is the number, and then write a completely unrelated number underneath so if anyone sussed that it was the prompt for a PIN, they'd probably be looking for a number. So for example if it was 4355 I might write down "John and Sally Jones, 01533 636902." (I have no idea if such a number really exists - please don't ring it!)

I use sentences that are easy to remember and then use the initials for a password and end with punctuation. I'll also substitute special characters and numbers for some letters

E.g. 'Patrick in accounts is a fucking sexual harasser' >>> P1a1af5|-|, where the 1 stands for i, 5 for s and |-| for h

Not my actual password, of course, but I've found anything that makes me feel sweary is very memorable to me.

Yet another one saying lastpass! We use it at work but also have it for my personal stuff.

Also recommend LastPass - the random password generator will let you pick length, whether you want special chars, whether you want something vaguely pronounceable and so on. It's really handy!

I would also strongly recommend to everyone who has reused a password or used similar passwords - get yourself over to haveibeenpwned.com/ and check if your email address has turned up in a data breach. That's the problem with reusing passwords - just one of the sites you use gets breached, and boom - every login you have is now vulnerable.

Write down a list of unusual 6 or 8 letter words, each beginning with a different letter of the alphabet, maybe mixture of foreign words.

Then I write down a list of friends' phone numbers & take the last 4 digits.

Decide on a place to split the word, eg after second letter, xx|xxxx.

Pick a word and a phone number from the lists.

Eg

ho7890over

You can then write it down in code in your notebook:

H-Sarah-2

(the H word + last digits of Sarah's no + split at the 2nd letter)

Make it a bit more complex by incorporating an uppercase & symbol into the system. Just be consistent about annotating it in code.

Also, when you're asked a security question, always put one specific random word in front of your answers. People who know you might be able to reset your PW otherwise, but they won't know you have a secret prefix word.

Name of first teacher: violin Mrs Jones

I use the name of the website with a capital first letter, followed by my house number and then !

It's rare I can't get into anything!!!!

Echoing PP with the four word method aka the xkcd 'correct battery horse staple' method ( if you don't want to use a password keeper like Lastpass or OnePassword)

xkcd.com/936/

There's a password reminder built into my iPhone. If you've got an iphone just hunt around the settings menu and you'll see it. Open it up and you can see iIt contains a list of all the sites you use and their passwords-you can only get into it using fingerprint recognition so it's safe

I've read you should have

Like Tesco TESBOB124
Topshop TOPBOB123

So links to the website but easy to remember the last bits

Just get Last Pass. An absolute game changer for me, my memory is so bad I'd really struggle otherwise.

I don't trust password managers. What happens if they get hacked?

I worry far less about Lastpass being hacked than I do about a notebook being stolen TBH.

Always turn on two factor authentication for any service that offers it

The most valuable thing in my house. I photograph it before holidays and then take it with me! I don't trust password managers. What happens if they get hacked?

So your phone or camera has ALL your passwords in plain view photographed from your notebook? You don't trust high level password encryption but you'll have all your passwords lovingly captured and ready and waiting for anyone who nicks your photos or camera, and happens to stumble upon gold dust?

Check out e.g. Lastpass after you've read this cartoon xkcd.com/936/ (already posted above) and this little analysis www.useapassphrase.com . Make the passphrase quite long. I think passwords such as "TOPBOB123" for some shop called "Top" is quite terrible, not only is it all caps, part of the word quite obvious ("Top") and it has numbers at the very end, next chosen password will probably be "TOPBOB124", counting upwards.

For a while I used to draw a diagonal straight line over a newspaper text, pick the letters thus crossed out, change some here and there and throw in some special characters and uppercase, and tried to make something memorable out of that. I really dislike passwords.

Oh, and the password to your bank should not go into Lastpass I think. From what I gather many banks in the UK seems to, for internet banking purposes, have passwords and 'memorable information' instead of (?) a security token and one time passwords ("something you have and something you know"). I don't know if it's true that many banks have just passwords but if they do surely that's a terrible idea? Also set up a separate email for banking, then you know it's a hoax if some email "from your bank" arrives at your ordinary email address. Terrible as it is, password security gets harder each year , I remember when a simple six-digit code was perfectly ok, those were the days !

I use two factor authentication on everything.

I do wish websites would put what their passwords require when sigining in that way I’d know.

Ie our password requires a minimimum 6 letters with capital and symbol type thing. I’d remember each one. Pisses me off when I go to reset and realise that it only let you limited symbols. As usually use £ or # in my passwords but some sites don’t allow you to use them.

So your phone or camera has ALL your passwords in plain view photographed from your notebook? You don't trust high level password encryption but you'll have all your passwords lovingly captured and ready and waiting for anyone who nicks your photos or camera, and happens to stumble upon gold dust?

I see your point. But this is crux of the problem for me. If I lose the book or my phone I can quickly and easily change the passwords. Also my bank informs people immediately for permission to change passwords as does my email account. So I have control in one respect.

However I have no backup or come back if a password manager is hacked.

But this thread is making me realise that I do need to up date my security system. I am currently changing all passwords and transfering them to a manager and getting rid of the notebook. I also contacted my bank who interestingly said that they do not recommend any form of password recording including any password manager. It has currently taken me 2 hours and I am still not finished - not an easy job. Also I do feel uncomfortable not having stuff written down. Just the way I am.

I have the same basic password for everything - but with a number suffix which is different for each, and at random so I might have 1, 56, 7 etc. If punctuation marks are asked for I add that, generally an ! I have a spreadsheet with said suffix in case I can't remember, but without the actual password. It's really not guessable. I like my system.

...my bank who interestingly said that they do not recommend any form of password recording including any password manager. ...

It's probably so as not to get sued if something should happen to your password manager. People are pretty good at tucking away and hide small notes of paper. People are less good at remembering say 100 unique passwords all at least 16 random characters with random upper- and lowercase and random characters and numbers inserted at random places. That'd form a text string of around 1600 characters, each password of random length and attached to random usernames and sites. It's much easier to remember 1600 decimals of pi, I think.