Password Methodology


Recommended Posts

How do you guys choose passwords? 

 

After someone mentioning about LastPass on here, I decided to give it a go. I'm a complete convert!

 

Although most of my low security passwords are the same, does anyone have any sort of pattern with theirs?

 

For example, do you use the name of the site within the password like neowin.netPassword123 for example?

 

Just interested.

Link to comment
Share on other sites

I'm slowly but surely resetting passwords and getting LastPass to create one for me. 

 

I used to use the method that you mentioned, but there's just way too much valuable information available online now

  • Like 3
Link to comment
Share on other sites

Let your password manager generate something totally random for you.

 

All my passwords are totally random like this: Ma^Ce@JZ}dZGA7+GnFg:ruI~1x3g19DhwxqRBp*jUn1i!E%Jeb and are unique to every website.

  • Like 3
Link to comment
Share on other sites

22 minutes ago, spikey_richie said:

password_strength.png

Interestingly, if you go to https://howsecureismypassword.net/ and start typing that password out, at "correcthorsebatterystapl" it says it will take 7 quadrillion years to crack. When you add the e it drops down to "instantly" because of the comic. :laugh:

  • Like 1
  • Haha 1
Link to comment
Share on other sites

I use Lastpass then I don't need to remember any of them and it works on mobile with fingerprint too.

 

Just let Lastpass generate the passwords.

Link to comment
Share on other sites

LastPass generated for my 521 LastPass passwords.

 

Using your example of neowin.netPassword123 I'm assuming the password at the end is always the same and the domain is added to the front. That's good if they are trying to crack your password, but horrible if someone gets a hold of a single one of your passwords in a site breach and sees how you do it. Then your house of cards crumbles as they start going to every website putting the domain in front such as paypal.comPassword123

Link to comment
Share on other sites

Not a fan of auto lastpass generations. Have had several times now where I didn't have lastpass on hand on a public computer and had to basically reset my password,

 

I use a unique password for most services, but I won't let some service handle all my password needs. I need to have a memory of the passwords I'm using, or at least the most important things.

Link to comment
Share on other sites

45 minutes ago, shockz said:

Not a fan of auto lastpass generations. Have had several times now where I didn't have lastpass on hand on a public computer and had to basically reset my password,

 

I use a unique password for most services, but I won't let some service handle all my password needs. I need to have a memory of the passwords I'm using, or at least the most important things.

I'd reset my password anyway if I had to enter it on a public computer.

Link to comment
Share on other sites

1 minute ago, warwagon said:

I'd reset my password anyway if I had to enter it on a public computer.

Of course, but regardless having to rely on jibberish pws through a third party is not my idea of best security or reliability. 

Link to comment
Share on other sites

KeePassXC autogenerate. As far as being away from my personal computers/public places, I have the app on my phone, so my passwords are always with me. 

Link to comment
Share on other sites

1 hour ago, shockz said:

Of course, but regardless having to rely on jibberish pws through a third party is not my idea of best security or reliability. 

Yes, in my case I'm kind of stuck if I don't have LastPass with me on my phone. I do print them off and keep them on location and in a safety deposit box in case LastPass goes down. There are a few sites that I don't have gibberish for but they are secured with google authenticator. But I would also never enter those into a public terminal. For me personally,  two words that I would never put together are "Most Important Things" and "Public computer" . I just got the heebie jeebies thinking about it.

Link to comment
Share on other sites

7 minutes ago, warwagon said:

I do print them off and keep them on location and in a safety deposit box in case LastPass goes down.

Why not use a password manager that stores the database locally?

Link to comment
Share on other sites

5 minutes ago, JHBrown said:

Why not use a password manager that stores the database locally?

I have that too. I have an (Airforce 2) inside a database synced on two USB flash drives. But I also wanted a physical print out.

Link to comment
Share on other sites

1 hour ago, shockz said:

Not a fan of auto lastpass generations. Have had several times now where I didn't have lastpass on hand on a public computer and had to basically reset my password,

 

I use a unique password for most services, but I won't let some service handle all my password needs. I need to have a memory of the passwords I'm using, or at least the most important things.

Put the Lastpass app on your phone.

Link to comment
Share on other sites

11 minutes ago, shockz said:

It is on my phone. Having to type out an auto generated lastpass sucks. 

Lastpass allows you to copy the password to your clipboard and clears it after pasting. That's way easier than manually typing a couple dozen random characters.

Link to comment
Share on other sites

28 minutes ago, shockz said:

It is on my phone. Having to type out an auto generated lastpass sucks. 

If you are on a public machine that usually means you have a keyboard. I will agree that if you have to type a LastPass autogenerated password on a touch screen then yes, that sucks money nuts, but on an actual keyboard, you should be able to type that out in no time. (Assuming the person typing isn't hunting a pecking at the keyboard) .. I can type one out in seconds on a physical keyboard.

 

just tried typing 82!JoG#4vn@5 without looking at the keyboard and got it done in 9 seconds. ( took a little longer because I accidentally  screwed up some of the symbols)

Got fBMz8FHMz9y8 (done in 5 seconds)

Link to comment
Share on other sites

8 minutes ago, Zag L. said:

Lastpass allows you to copy the password to your clipboard and clears it after pasting. That's way easier than manually typing a couple dozen random characters.

Do tell how I'd copy and paste a password from my phone to a computer?

4 minutes ago, warwagon said:

If you are on a public machine that usually means you have a keyboard. I will agree that if you have to type a LastPass autogenerated password on a touch screen then yes, that sucks money nuts, but on an actual keyboard, you should be able to type that out in no time. (Assuming the person typing isn't hunting a pecking at the keyboard) .. I can type one out in seconds on a physical keyboard.

I'll just stick to using my own secure passwords that I know for the services I need, instead of relying on a service to tell me what my password is. And use lastpass as a backup should I suffer from amnesia on that particular day.

Link to comment
Share on other sites

3 hours ago, shockz said:

Do tell how I'd copy and paste a password from my phone to a computer?

I'll just stick to using my own secure passwords that I know for the services I need, instead of relying on a service to tell me what my password is. And use lastpass as a backup should I suffer from amnesia on that particular day.

So can you remember 50+ different passwords or do you use the same few passwords on a few sites?

Link to comment
Share on other sites

5 minutes ago, SnoopZ said:

So can you remember 50+ different passwords or do you use the same few passwords on a few sites?

Yes actually, and no, they're not the same password. For the times I do forget I can fall back to last pass and pull them out, but I'll forgo the random gibberish passwords that get generated and are impossible for a human to remember. And yes, I check my passwords through various tools for security/strength.

Link to comment
Share on other sites

Its best to allow apps like LastPass generate them for you.  There was a time I would just grab a medical dictionary to generate the framework for a password since most brute force attacks are in Websters.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.