Personal Password Strategy

IRJ

The "How do you store your passwords thread" got me thinking. How do you generate your passwords?

I currently use Dashlane to randomly generate a unique strong password for every website I visit. Obviously when using this method a password management database is necessary. If you don't use a database do you use the same password for all your personal stuff or do you have 3-5 different passwords you use?

If the latter, how do you determine which password is used where? It seems impossible to run your life without a password management utility.

IRJ

Odd reply from Vanessa

http://community.spiceworks.com/topic/1449235-personal-password-strategy?page=1#entry-5517742

Dashrender

@IRJ said:

If the latter, how do you determine which password is used where? It seems impossible to run your life without a password management utility.

People who don't use a password management utility (be it digital like Lastpass or paper, like a notebook) don't use different passwords everywhere. Period.

stacksofplates

Keepass has a generator built in. You could also use this script I wrote:

#!/bin/bash

#Create random string

read -p "Enter password length" length

cat /dev/urandom | tr -dc '[email protected]#$%^&*()[];:?><{}' | fold -w $length | head -n 1

Carnival Boy

@Dashrender said:

People who don't use a password management utility (be it digital like Lastpass or paper, like a notebook) don't use different passwords everywhere. Period.

Not necessarily. Before I used one, for a lot of sites, I would click on "reset password" every single time I wanted to the use the site. I'd then generate a new password, use the site, then forget the password. The next time I wanted to use the site, I'd click on "reset password", and so on and so on.

Carnival Boy

@IRJ said:

How do you generate your passwords?

Without wishing to give away my secrets to hackers lurking on ML

I generally pick the first two random words that pop into my head and a number. So, for example, if I was creating one right now I would use "Mango IRJ 25".

IRJ

@Dashrender said:

@IRJ said:

If the latter, how do you determine which password is used where? It seems impossible to run your life without a password management utility.

People who don't use a password management utility (be it digital like Lastpass or paper, like a notebook) don't use different passwords everywhere. Period.

Yeah. I can't see any other way.

coliver

@Carnival-Boy said:

@Dashrender said:

People who don't use a password management utility (be it digital like Lastpass or paper, like a notebook) don't use different passwords everywhere. Period.

Not necessarily. Before I used one, for a lot of sites, I would click on "reset password" every single time I wanted to the use the site. I'd then generate a new password, use the site, then forget the password. The next time I wanted to use the site, I'd click on "reset password", and so on and so on.

I've heard this from a few different people. They only remember their email password and maybe one or two other sites. When they need to remember something they simply reset it.

coliver

@IRJ said:

Odd reply from Vanessa

http://community.spiceworks.com/topic/1449235-personal-password-strategy?page=1#entry-5517742

I think (hope) she meant the random passwords you get when you reset your password on some sites. Although given the context I'm not so sure.

Dashrender

@coliver said:

@Carnival-Boy said:

@Dashrender said:

People who don't use a password management utility (be it digital like Lastpass or paper, like a notebook) don't use different passwords everywhere. Period.

Not necessarily. Before I used one, for a lot of sites, I would click on "reset password" every single time I wanted to the use the site. I'd then generate a new password, use the site, then forget the password. The next time I wanted to use the site, I'd click on "reset password", and so on and so on.

I've heard this from a few different people. They only remember their email password and maybe one or two other sites. When they need to remember something they simply reset it.

Wow - I've done that a few times as well - but it just seems weird. I suppose if you setup long passwords each time you reset it, it probably isn't any less safe than just storing those long passwords in a password vault.

Controlling your email account is of paramount importance though, but we knew that.

IRJ

@Dashrender said:

@coliver said:

@Carnival-Boy said:

@Dashrender said:

People who don't use a password management utility (be it digital like Lastpass or paper, like a notebook) don't use different passwords everywhere. Period.

Not necessarily. Before I used one, for a lot of sites, I would click on "reset password" every single time I wanted to the use the site. I'd then generate a new password, use the site, then forget the password. The next time I wanted to use the site, I'd click on "reset password", and so on and so on.

I've heard this from a few different people. They only remember their email password and maybe one or two other sites. When they need to remember something they simply reset it.

Wow - I've done that a few times as well - but it just seems weird. I suppose if you setup long passwords each time you reset it, it probably isn't any less safe than just storing those long passwords in a password vault.

Controlling your email account is of paramount importance though, but we knew that.

It is quite time consuming though. Sometimes those reset emails aren't instant. Even when they are instant it still takes at least 60 seconds to go through the process.

Dashrender

yeah I was thinking that was the major draw back.

And systems like Paypal or banking - those allowing a simple email reset just bug me.