As long as that obvious easy free choice isn’t lost or stolen.
Keeping it at home the chances are really slim anything would happen to it as opposed to keeping it where the entire world has access to the info.
Nothing is full proof but a notebook at home (if you cannot remember the passwords) perhaps in a safe is a great way to go. If you have use a handful of phrase passwords and keep them memorized even better!
Nothing is full proof but a notebook at home (if you cannot remember the passwords) perhaps in a safe is a great way to go.
Apparently you have never been victim of a house fire. Or a flood. Or a tornado.
Good for you.
Apparently you have never been victim of a house fire. Or a flood. Or a tornado.
True, but if that happens I’ve got more serious problems than missing passwords that can be reset.
Apparently you have never been victim of a house fire. Or a flood. Or a tornado.
True, but if that happens I’ve got more serious problems than missing passwords that can be reset.
Exactly. Natural disaster versus hacking, hmmm.
True, but if that happens I’ve got more serious problems than missing passwords that can be reset.
On the other hand, it would be one more thing to deal with on top of everything else, when that is the last thing you need.
Apparently you have never been victim of a house fire. Or a flood. Or a tornado.
Or don’t travel or be somewhere where you don’t have the notebook with you. I use my passwords as much or more on my phone when I’m not home as anywhere.
Plus you have to type in all that info on a minuscule phone keyboard when all I have to do is touch the blank space for username/password and have it filled for me. No trying to type something like Ny65&*dpX without making a error.
Good on you. I’m not even trying that.
glh
Plus you have to type in all that info on a minuscule phone keyboard when all I have to do is touch the blank space for username/password and have it filled for me. No trying to type something like Ny65&*dpX without making a error.
The standard keyboard layouts for most languages suck - they were deliberately designed to suck, because on a well-designed keyboard a half-skilled typist could type faster than the early mechanical typewriters (where these standards were set) were capable of keeping up with.
This is DEFINITELY true of the QWERTY keyboard that is the standard in the US.
And it’s even worse on most touchscreen keyboards, because those screens are tiny. QWERTY is designed for two hands, not one or two fingers.
There are plenty of alternatives. I like and recommend the MessagEase keyboard, which comes configured suitably for American English but has at least 25 other layouts available. It WILL take some getting used to. There are only 14 keys, but you don’t just poke them - there are as many as 20 different things you can do with a single key, and they are intelligently arranged (e.g. if you do something with a key to get a lower-case letter, there is a standard thing you do with the same key to get the same letter upper-case). Without using a shift key, the standard American English layout has approximately 145 symbols and functions.
I just had no trouble typing Ny65&*dpX - of course tomorrow I’ll be wondering what that entry in my grocery list is supposed to mean…
Still, even with this much-better, much-easier (once you’re used to it) keyboard, I’d rather use a password manager.
I’ve used LastPass for several years and really like it. It works across multiple browsers, is relatively easy to set up, etc. You can set it up so that some logins are kept private to you and others are shared.
I try to help here but keep using those password managers, especially the ones that have been and still get hacked or have attempted hacks where things go weird but they claim nothing was stolen.
shttps://9to5google.com/2021/12/28/some-lastpass-users-are-mysterious…
https://9to5google.com/2021/12/28/some-lastpass-users-are-my…
https://appleinsider.com/articles/21/12/28/lastpass-master-p…
https://www.theverge.com/2021/2/26/22302709/lastpass-android…
Keeping it at home the chances are really slim anything would happen to it as opposed to keeping it where the entire world has access to the info.
Sure if you stay home at your desktop computer all the time. Some of us leave the house. Some of us access websites on multiple devices. There is no way I’m carrying a notebook every time I leave the house.
PSU
Keeping it at home the chances are really slim anything would happen to it as opposed to keeping it where the entire world has access to the info.
I’m the one that started this thread on using a system to adjust a passphrase. Carrying a notebook is out of the question. Remembering 50 passphrases for 50 websites is out of the question. So it comes down to a password manager or a passphrase that is easy to remember and has small modifications for each website. It would be a passphrase that is hard to hack yet if compromised, it should only affect the one website since it is unique to that website. The one reason I started the thread is over the concern of having all passwords in one location.
PSU
I looked at some of the articles people posted about LastPass and still feel comfortable using it because:
One of the articles was over five years old and things have certainly changed since then.
One of the articles dealt with the master passwords being stolen – but that’s a problem with the owner not keeping their machine secured, not whatever password manager you happen to use.
I’m the one that started this thread on using a system to adjust a passphrase. Carrying a notebook is out of the question. Remembering 50 passphrases for 50 websites is out of the question. So it comes down to a password manager or a passphrase that is easy to remember and has small modifications for each website. It would be a passphrase that is hard to hack yet if compromised, it should only affect the one website since it is unique to that website. The one reason I started the thread is over the concern of having all passwords in one location
A conundrum. ^^^
I’ll go back to one of my first posts:
Have a few pass phrases and use them depending on the services and how important they are. Use 2nd step authentication for all the important stuff or anywhere that is a backup like email where you can recover a password. Using spaces in passphrases and mixing words from other languages that you know will make it damn near impossible to break. Not works like “hello” in another language, you get the idea. No notebook, no central storage to be hacked, unless they can read your mind you are as safe as you can be.
You can make a negative argument for the notebook however that person probably does stuff from home and it cannot be hacked, perfect for their situation.
You can determine what’s best for you after reading through the info here, links etc… Password managers are bad news, there I said it. For every article I post about hacked services someone will say “I’ve used XYZ with no problem” okay great keep using a method or service that has been hacked.
Bottom line: If it’s stored online, on your computer plugged into the internet, it CAN BE HACKED. With PW managers you are down to their security and convenience for you if you decide to take the PW manager route. I will not use one, PW managers are huge targets. If hacked you get everything not just one account or site. Another note even if the PW manager makes huge strings that cannot be guessed the site where you do business could have a security flaw and let hackers in regardless of password complexity. 
Have a few pass phrases and use them depending on the services and how important they are. Use 2nd step authentication for all the important stuff or anywhere that is a backup like email where you can recover a password. Using spaces in passphrases and mixing words from other languages that you know will make it damn near impossible to break. Not works like “hello” in another language, you get the idea. No notebook, no central storage to be hacked, unless they can read your mind you are as safe as you can be.
Many of the passphrase articles advise several random whole words. For example, use something like dogstonelintappletruck. As you mentioned at the end of your post, sometimes it is the business that compromises it. Then whoever has these five random words may try it for other websites. That’s why I was looking for a passphrase I could remember but instead of full words, use the first letter of each word and mix in some numbers and symbols along with mixed capitalization. Then the final root password before adding information to identify each website would look random and a product of some strong password generator. Sure, someone may be able to figure out my system but it seems more secure than five random words.
Example: iDw2uaPM&iUapp@wltx
Phrase: I don’t want to use a password manager and instead use a passphrase at Walmart
Where the website is the first, third, last letter plus first letter in alphabet after first letter in website name.
Walmart - wltx
Citibank - ctkd
If I have a passphrase like above, it is easy to remember since I use it for multiple websites and easy to type as I say it in my head while typing.
PSU
Many of the passphrase articles advise several random whole words. For example, use something like dogstonelintappletruck. As you mentioned at the end of your post, sometimes it is the business that compromises it. Then whoever has these five random words may try it for other websites. That’s why I was looking for a passphrase I could remember but instead of full words, use the first letter of each word and mix in some numbers and symbols along with mixed capitalization.
“dogs tone lint apple truck” That would take longer than a lifetime for current computers to break.
The above is much better than “@sk*&1sa_mple” by the way, however both are complex enough for sure! Length of pw will always win out over what a human perceives as complex.
There are sites that will tell you approximately how long your PW will take to break. Granted that is for attacking something that does not cut you off after a few attempts which is not common these days.
Use the 2nd step authentication, at least text, authentication app is better and has been pointed out by someone already. 2nd step with not so complex PW is great actually versus just a PW.
Use the 2nd step authentication, at least text, authentication app is better and has been pointed out by someone already. 2nd step with not so complex PW is great actually versus just a PW.
I don’t know why you keep repeating this over and over. I never said anywhere that I don’t use 2nd step authentication.
PSU
"dogs tone lint apple truck’
Actually, it was dog stone lint apple truck.
PSU
I don’t know why you keep repeating this over and over. I never said anywhere that I don’t use 2nd step authentication.
It’s important and YOU “not saying something something” is NOT the reason I mention it often.
Keep your stuff safe!
Whatever you use to remember the passwords you need to remember, consider making it vague or misleading.
The password reminder for my wifi hotspot (on a previous piece of hardware that had such provisions) is “cats”. What the heck would an attacker know from that?
The password reminder for my password-manager, appears to be a reference to a certain television series that I know almost nothing about. To me, it means something else entirely.