To feel irritated about passwords

[Yayaga]

Seriously, how have we not changed how online passwords work since the Internet was invented?

I'm so sick of "choose a password that meets this criteria", then you forget it or put it in wrong or whatever so have to do a "reset password". You put in a new password or one of your usual variations and get "this password has already been used. Please choose a new password". Which inevitably you arent going to remember since it's not one of your standards.

Shouldn't we have moved on from this archaic system now? Why cant websites just evolve to make log in accessible via your device or an app or something? Its fucking annoying.

What annoys me more is the multi-factor authentication

It seems to be required everywhere now.

Most decent security sites use at least "two factor" authorisation. i.e. a password plus something else, typically a one-time code sent to a phone.

The problem is.... security is critical on the internet. Everything is a complete and utter pain, passwords are a git to remember, etc. ... until you suddenly find that you are a victim of identity theft.

A password these days is normally simply a gateway to deeper security checks, at least for anything bank/finance related. Replacing that with some form of app... they are STILL going to want you to "login", as the company/application you are connecting to has no idea if your device is being used by someone else.

As mentioned - this is why many sites make it a two stage process.... once based on your memory (i.e. hopefully cannot be stolen :-) ) the other based on a separate physical device.

Mind you...if it is the password remembering that is the issue, you ca get password "minders" that both generate and record all your passwords (and before anyone asks, these are stored encrypted, so no, they cannot just be "read" by someone or "hacked")

Good luck

Just use password manager, surely?

It generates the password for you and saves it.

I use fingerprint and facial recognition on my pretty basic and old Samsung galaxy

My banking app uses both as well

I use a password generator and password safe for anything else.

Its impossible to remember all the passwords, especially as they are meant to be unique, and with many types of characters.

Use a password manager.

You do realise it takes seconds for even a basic computer program to crack a simple password, which includes your name, you address, your kids names, your pets names etc? Seconds. Seconds for a hacker to steal all your money, your identity, everything you have tied to that password.

Passwords suck, but they are a necessary evil. By having a password like fluffy123, you may as well just leave your bank card next to a card machine with your pin number.

Yes I agree OP but equally don't want to leave myself vulnerable to hackers. I use a password function on my iPhone but still have issues as it doesn't always save the password / I need to access the site on computer and change it / the site wants a shorter password without special characters etc etc. Drives me mad.

Sounds like my job today will be sorting myself out with a password manager then!

Stresses me out, too, OP.

When I worked for NHS, I had about 9 different passwords to different systems -- and no Password Manager option. They demanded password changes at varying intervals, so of course I kept a master file of 'hints' to help me keep track.

I currently have 2 'employers' -- one tends to let you use same login for all systems but obviously I better not put that in any external password management system.

For my private life, there are legacy logins -- dozens or maybe 100s. I'm not transferring them all into a password management system.

I also hate having to find my phone to login into any/every system.

Well, if you were around a few years ago when Mumsnet got hacked.

Usernames and passwords were leaked.

I was able to login as user, then view their profile and get there email address. I then used the same password to get into their email account. Which led me to be able to login to other services such as payday loans, Amazon etc.

This would have never have happened if things like Mumsnet, websites and email providers had 2FA.

This is why MN changed it to using email to login, because it's 'secret' information. If I know your username, I have half of the login information already etc

What I hate is websites where you have log in and password and yet they still make you read those wonky letters that take 5 attempts or click on cars in this pictures. Why? It’s not MI5 I want to log into I just want order some shopping and then still have to do extra checks on my card payment anyway.

As pp said use a password manager or configure biometric id if you can. Also make sure 2 factor authentication is turned on.
At the risk of repeating what someone said previously this stuff is critical, especially for sites where you've entered payment information etc.
If the IT industry could make it easier they would as the easier it is the more sales e commerce sites will generate.

@2020isnotbehaving

What I hate is websites where you have log in and password and yet they still make you read those wonky letters that take 5 attempts or click on cars in this pictures. Why? It’s not MI5 I want to log into I just want order some shopping and then still have to do extra checks on my card payment anyway.

It's because it's possible to run scripts to login to those accounts. If you've had some sort of spyware in your machine your account could be compromised.

All the security systems, whilst inconvenient, are protecting your information and your money.

@2020isnotbehaving that's to stop automated software logging in to their sites and potentially crashing it via a denial of service attack (I believe that happened to Mumsnet a year or two ago.)

Everyone complains about security untill it is needed especially on websites.

@2020isnotbehaving
🤣 I know, plus now we have a big massive cookies banner to close followed by the privacy pop up and the "sign up to our newsletter for 10% off"

What do people suggest as a way to protect your personal information and money?

The system is good now.

You have to often know an email/username, a password, or parts thereof and you have to have access to another account (be it email, authentication app, text message etc)

Is rather have the mild inconvenience than have to deal with my accounts being abused and all that comes with it.

I dont mind it but for somewhere like ravelry where your literally logging in to see free knitting patterns I do not see why I need a password that is a certain length style with numbers etc there is no protected information its free! Maybe have a sign in on the part where you might need to pay (I can't remember if they do paid patterns part) but just to view a free pattern....why the password

I use the same password for EVERYTHING😢. I know its wrong

On my phone banking app I use fingerprint Id. if aI want to do online banking on my laptop I need a membership number, then put my bank card in a PINsentry device, enter my PIN and it generates an 8 digit code to access my accounts with.

I use LastPass as a password manager- works across phone and several computers and does a good job.

It does take a while to get it set up properly but is worth it.

If you are writing down & remembering passwords, use XKCD style for the best security

xkcd.com/936/

I'm looking at one called Password Safe now which is an offline app. So I would need to export regularly for backup. Would I be able to save a database of passwords to Google Drive? Or would that be dumb? 🤔

@femfemlicious

I use the same password for EVERYTHING😢. I know its wrong

Please start to change them so each one is unique. It's a pita but better than regretting it after the event.

It's the websites for some innocuous thing, that you know no-one will ever want to hack, that ask for passwords that annoy me

Best advice I saw on this was from a previous Mumsnet thread
Think of a memorable phrase - eg Jack and Jill
Take the first letter of each word JAJ
add the first letter of the website URL eg M for Mumsnet
Plus a memorable PIN and symbol
So the password is
JAJM1234? for Mumsnet
JAJT1234? for Tesco
JAJA1234? for Amazon
This has really helped me remember passwords (obviously not what I actually use)