• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Password Methodology

Recommended Posts

Sir Topham Hatt    254

How do you guys choose passwords? 

 

After someone mentioning about LastPass on here, I decided to give it a go. I'm a complete convert!

 

Although most of my low security passwords are the same, does anyone have any sort of pattern with theirs?

 

For example, do you use the name of the site within the password like neowin.netPassword123 for example?

 

Just interested.

Share this post


Link to post
Share on other sites
dipsylalapo    1,690

I'm slowly but surely resetting passwords and getting LastPass to create one for me. 

 

I used to use the method that you mentioned, but there's just way too much valuable information available online now

  • Like 3

Share this post


Link to post
Share on other sites
+InsaneNutter    1,291

Let your password manager generate something totally random for you.

 

All my passwords are totally random like this: Ma^Ce@JZ}dZGA7+GnFg:ruI~1x3g19DhwxqRBp*jUn1i!E%Jeb and are unique to every website.

  • Like 3

Share this post


Link to post
Share on other sites
Human.Online    8,074

I let Keychain generate a long password, and then never type it, leaving Keychain to authenticate via facial or fingerprint.

Share this post


Link to post
Share on other sites
spikey_richie    211

password_strength.png

  • Like 2
  • Thanks 1

Share this post


Link to post
Share on other sites
CrashGordon    433

LastPass  autogenerate

Share this post


Link to post
Share on other sites
Nick H.    9,435
22 minutes ago, spikey_richie said:

password_strength.png

Interestingly, if you go to https://howsecureismypassword.net/ and start typing that password out, at "correcthorsebatterystapl" it says it will take 7 quadrillion years to crack. When you add the e it drops down to "instantly" because of the comic. :laugh:

  • Like 1
  • Haha 1

Share this post


Link to post
Share on other sites
SnoopZ    220
Posted (edited)

I use Lastpass then I don't need to remember any of them and it works on mobile with fingerprint too.

 

Just let Lastpass generate the passwords.

Share this post


Link to post
Share on other sites
+warwagon    12,744

LastPass generated for my 521 LastPass passwords.

 

Using your example of neowin.netPassword123 I'm assuming the password at the end is always the same and the domain is added to the front. That's good if they are trying to crack your password, but horrible if someone gets a hold of a single one of your passwords in a site breach and sees how you do it. Then your house of cards crumbles as they start going to every website putting the domain in front such as paypal.comPassword123

  • Like 1

Share this post


Link to post
Share on other sites
shockz    5,289
Posted (edited)

Not a fan of auto lastpass generations. Have had several times now where I didn't have lastpass on hand on a public computer and had to basically reset my password,

 

I use a unique password for most services, but I won't let some service handle all my password needs. I need to have a memory of the passwords I'm using, or at least the most important things.

Share this post


Link to post
Share on other sites
+warwagon    12,744
45 minutes ago, shockz said:

Not a fan of auto lastpass generations. Have had several times now where I didn't have lastpass on hand on a public computer and had to basically reset my password,

 

I use a unique password for most services, but I won't let some service handle all my password needs. I need to have a memory of the passwords I'm using, or at least the most important things.

I'd reset my password anyway if I had to enter it on a public computer.

Share this post


Link to post
Share on other sites
shockz    5,289
1 minute ago, warwagon said:

I'd reset my password anyway if I had to enter it on a public computer.

Of course, but regardless having to rely on jibberish pws through a third party is not my idea of best security or reliability. 

Share this post


Link to post
Share on other sites
+JHBrown    13,102

KeePassXC autogenerate. As far as being away from my personal computers/public places, I have the app on my phone, so my passwords are always with me. 

Share this post


Link to post
Share on other sites
+warwagon    12,744
1 hour ago, shockz said:

Of course, but regardless having to rely on jibberish pws through a third party is not my idea of best security or reliability. 

Yes, in my case I'm kind of stuck if I don't have LastPass with me on my phone. I do print them off and keep them on location and in a safety deposit box in case LastPass goes down. There are a few sites that I don't have gibberish for but they are secured with google authenticator. But I would also never enter those into a public terminal. For me personally,  two words that I would never put together are "Most Important Things" and "Public computer" . I just got the heebie jeebies thinking about it.

Share this post


Link to post
Share on other sites
+JHBrown    13,102
7 minutes ago, warwagon said:

I do print them off and keep them on location and in a safety deposit box in case LastPass goes down.

Why not use a password manager that stores the database locally?

Share this post


Link to post
Share on other sites
+warwagon    12,744
5 minutes ago, JHBrown said:

Why not use a password manager that stores the database locally?

I have that too. I have an (Airforce 2) inside a database synced on two USB flash drives. But I also wanted a physical print out.

Share this post


Link to post
Share on other sites
SnoopZ    220
1 hour ago, shockz said:

Not a fan of auto lastpass generations. Have had several times now where I didn't have lastpass on hand on a public computer and had to basically reset my password,

 

I use a unique password for most services, but I won't let some service handle all my password needs. I need to have a memory of the passwords I'm using, or at least the most important things.

Put the Lastpass app on your phone.

  • Like 1

Share this post


Link to post
Share on other sites
shockz    5,289
10 minutes ago, SnoopZ said:

Put the Lastpass app on your phone.

It is on my phone. Having to type out an auto generated lastpass sucks. 

Share this post


Link to post
Share on other sites
+Zag L.    681
11 minutes ago, shockz said:

It is on my phone. Having to type out an auto generated lastpass sucks. 

Lastpass allows you to copy the password to your clipboard and clears it after pasting. That's way easier than manually typing a couple dozen random characters.

Share this post


Link to post
Share on other sites
+warwagon    12,744
28 minutes ago, shockz said:

It is on my phone. Having to type out an auto generated lastpass sucks. 

If you are on a public machine that usually means you have a keyboard. I will agree that if you have to type a LastPass autogenerated password on a touch screen then yes, that sucks money nuts, but on an actual keyboard, you should be able to type that out in no time. (Assuming the person typing isn't hunting a pecking at the keyboard) .. I can type one out in seconds on a physical keyboard.

 

just tried typing 82!JoG#4vn@5 without looking at the keyboard and got it done in 9 seconds. ( took a little longer because I accidentally  screwed up some of the symbols)

Got fBMz8FHMz9y8 (done in 5 seconds)

Share this post


Link to post
Share on other sites
shockz    5,289
Posted (edited)
8 minutes ago, Zag L. said:

Lastpass allows you to copy the password to your clipboard and clears it after pasting. That's way easier than manually typing a couple dozen random characters.

Do tell how I'd copy and paste a password from my phone to a computer?

4 minutes ago, warwagon said:

If you are on a public machine that usually means you have a keyboard. I will agree that if you have to type a LastPass autogenerated password on a touch screen then yes, that sucks money nuts, but on an actual keyboard, you should be able to type that out in no time. (Assuming the person typing isn't hunting a pecking at the keyboard) .. I can type one out in seconds on a physical keyboard.

I'll just stick to using my own secure passwords that I know for the services I need, instead of relying on a service to tell me what my password is. And use lastpass as a backup should I suffer from amnesia on that particular day.

Share this post


Link to post
Share on other sites
SnoopZ    220
3 hours ago, shockz said:

Do tell how I'd copy and paste a password from my phone to a computer?

I'll just stick to using my own secure passwords that I know for the services I need, instead of relying on a service to tell me what my password is. And use lastpass as a backup should I suffer from amnesia on that particular day.

So can you remember 50+ different passwords or do you use the same few passwords on a few sites?

Share this post


Link to post
Share on other sites
shockz    5,289
5 minutes ago, SnoopZ said:

So can you remember 50+ different passwords or do you use the same few passwords on a few sites?

Yes actually, and no, they're not the same password. For the times I do forget I can fall back to last pass and pull them out, but I'll forgo the random gibberish passwords that get generated and are impossible for a human to remember. And yes, I check my passwords through various tools for security/strength.

Share this post


Link to post
Share on other sites
farmeunit    653

I just look on my phone for the password and use it.  But I also rarely use public computers.

  • Like 1

Share this post


Link to post
Share on other sites
Jazmac    2,389

Its best to allow apps like LastPass generate them for you.  There was a time I would just grab a medical dictionary to generate the framework for a password since most brute force attacks are in Websters.

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.