Newbie question re passwords

So I definitely get it re good passwords... But I am kind of skeptical about the need for super strong passwords for every site, such as yahoo mail, a discussion forum, etc... A And in the past I h...

best practices

discussion

jim2525

Occasional Contributor

4 months ago

My point is that certain sites don't seem to require a highly complicated long password, and so I have always used a few memorized but random passwords for those sites, and for the more secure sites I used a few long memorized passwords that I wrote in code on a paper that I keep accessible.

It is unsettling to me to use a system such as a password manager to invent and remember my passwords for me because the only way I have access to them is through the app or the web page, not my own mind and memory.

I guess I was really just kind of wondering if other people feel this way? I wonder if other people had trouble getting used to a password manager such as this, and if anyone else feels that it is acceptable to just use one or 2 memorable passwords, at least on sites that don't require heavy security?

It just seems almost counterintuitive to put all of one's passwords to access all of one's websites in the hands of one software or app...

And yet here I am, because I have somehow been convinced that I need this. 🤷😉

AJCxZ0

Silver Expert

4 months ago

It is unsettling to me to use a system such as a password manager to invent and remember my passwords for me because the only way I have access to them is through the app or the web page, not my own mind and memory.

At the risk of sounding like a shill for 1Password, our minds stopped being a sufficient tool to storing a sufficient number of secrets even before the use of multi-factor authentication such as TOTP and passkeys made this beyond question.

Those of us who have been using passwords for a long time all did some or all of picking weak ones, re-using them, storing them unsafely, failing to update them when compromised, and struggling to recover accounts after we forgot them. Keeping up this practice today is the digital equivalent of not washing you hands... ever.
The horrific cost of weak credentials and their handling is paid literally every day, frequently on such as scale as to get widespread general media coverage.
Not only do modern password managers completely solve this problem, but when used to anywhere near their full capability make using sites and services easier as well as safer.

It just seems almost counterintuitive to put all of one's passwords to access all of one's websites in the hands of one software or app

I'd go so far as to say that having only 1Password keep all your secrets is a terrible idea, in the egg basket sense.
What to do about this depends on our technical capabilities and the amount of effort we're prepared to expend. Exporting our data from 1Password is easy, as is importing it into several other good and trustworthy password managers. Keeping those exports stored securely on our own systems or a trusted third party's systems - properly encrypted and with suitable access control - is not that difficult. Passkeys require a different approach for now.

Even so, most of us still end up having to remember master password(s), passwords and PINs for our various computers, door codes, voicemail PINs, codewords for our spy handlers, and more. It's going to be a while until we all have sufficiently good technologies to completely stop keeping all these secrets in our failing memories.

Forum Discussion

Newbie question re passwords

Featured discussions

November at 1Password: the Access-Trust gap, planning your estate, and an updated unlock experience

Recent discussions

Support for Zen browser

Pixel 10 Pro Issues

1Password extension (Chrome/Edge) not integrating with desktop app.

Autofill suggestions only show "Open 1Password"

Ongoing Autofill Issues on Android