Forum Discussion

jim2525's avatar
jim2525
Occasional Contributor
4 months ago

Newbie question re passwords

So I definitely get it re good passwords...
But I am kind of skeptical about the need for super strong passwords for every site, such as yahoo mail, a discussion forum, etc... A

And in the past I have used the same password for all such "unimportant" sites, one that I know by heart; my logic being that I really don't care that much if someone reads what I write on a forum or such where I really don't care if someone breaks in to it.

I find it unsettling to have all my passwords consist of letters and/or words that mean nothing to me, that I could never guess.

What if I get hit by a car, lose my memory, at the hospital and forget my MAIN password and don't have access to my 1password, and need to withdraw $5000 from my bank from the emergency room before they'll admit me? 

And yeah I know you can say you forgot it and have it sent by email. BUT I have had that issue recently with Amazon and using various devices and they have blocked me out of my account because I couldn't even remember which of various email aliases I used, for them to send me the password!

Advice? Comments? Does anyone else have a password manager BUT only use it for remembering which one of, say, 8 passwords, you have used? I know everyone says that's bad but ... makes sense to me.
By the way, in 30 years of using the net I've never had any of my accounts broken into!

best practices
discussion

3 Replies

  • AJCxZ0's avatar
    AJCxZ0
    Silver Expert
    4 months ago

    Why do you find it unsettling?

    Password are for the systems to identify you, not for you to remember, with a very small number of exceptions which should all be passphrases which you can remember and which don't compromise security. Guessing should never involved.

    As for disaster scenarios in which your mail hosting provider divorces you for getting hit by the bus because you were distracted by the mobile device which provides all your one-time passwords just exploded, you do what we all do and plan the best you can.
    Don't worry about the hospital. They will treat you and - depending on where you live - send you an enormous indecipherable bill, or not. The problem will be that all your medical providers' online services will use the worst, most broken and insecure platforms you've ever seen.

    PS. You forgot the necessary qualifier for your laudable claim about the brief time you've spent on the net: "as far as I know".

    • jim2525's avatar
      jim2525
      Occasional Contributor
      4 months ago

      My point is that certain sites don't seem to require a highly complicated long password, and so I have always used a few memorized but random passwords for those sites, and for the more secure sites I used a few long memorized passwords that I wrote in code on a paper that I keep accessible.

      It is unsettling to me to use a system such as a password manager to invent and remember my passwords for me because the only way I have access to them is through the app or the web page, not my own mind and memory. 

      I guess I was really just kind of wondering if other people feel this way? I wonder if other people had trouble getting used to a password manager such as this, and if anyone else feels that it is acceptable to just use one or 2 memorable passwords, at least on sites that don't require heavy security?

      It just seems almost counterintuitive to put all of one's passwords to access all of one's websites in the hands of one software or app...

      And yet here I am, because I have somehow been convinced that I need this. 🤷😉

       

       

      • AJCxZ0's avatar
        AJCxZ0
        Silver Expert
        4 months ago

        It is unsettling to me to use a system such as a password manager to invent and remember my passwords for me because the only way I have access to them is through the app or the web page, not my own mind and memory.

        At the risk of sounding like a shill for 1Password, our minds stopped being a sufficient tool to storing a sufficient number of secrets even before the use of multi-factor authentication such as TOTP and passkeys made this beyond question.

        Those of us who have been using passwords for a long time all did some or all of picking weak ones, re-using them, storing them unsafely, failing to update them when compromised, and struggling to recover accounts after we forgot them. Keeping up this practice today is the digital equivalent of not washing you hands... ever.
        The horrific cost of weak credentials and their handling is paid literally every day, frequently on such as scale as to get widespread general media coverage.
        Not only do modern password managers completely solve this problem, but when used to anywhere near their full capability make using sites and services easier as well as safer.

        It just seems almost counterintuitive to put all of one's passwords to access all of one's websites in the hands of one software or app

        I'd go so far as to say that having only 1Password keep all your secrets is a terrible idea, in the egg basket sense.
        What to do about this depends on our technical capabilities and the amount of effort we're prepared to expend. Exporting our data from 1Password is easy, as is importing it into several other good and trustworthy password managers. Keeping those exports stored securely on our own systems or a trusted third party's systems - properly encrypted and with suitable access control - is not that difficult. Passkeys require a different approach for now.

        Even so, most of us still end up having to remember master password(s), passwords and PINs for our various computers, door codes, voicemail PINs, codewords for our spy handlers, and more. It's going to be a while until we all have sufficiently good technologies to completely stop keeping all these secrets in our failing memories.