Tips For Strong Password

[sfx2000]

Does any password relate to you in the past? What would you advice for keeping a strong password?

 

[RMerlin]

I checked the website and the Pro version is currently $19.99 a year for unlimited devices. I'm looking at this, 1Password, and KeePass.

I have a grandfathered lifetime licence personally. But back in the day, I had to pay one licence for the desktop, and one licence for the smartphone, and syncing was limited to 3 devices (if I remember correctly). Their licensing model changed a couple of times over the years.

KeePass is fine (it's what I push to my customers who need a password manager), however it has zero sync capability. Some people work around it by storing their password database into a cloud service. It means however that one bad client can permanently trash your database if you don't make frequent backups. I prefer manual syncing, where one messed up device would still allow me to recover everything from another device (and I have daily backups of my desktop, including the desktop copy of my database). And I like that the mobile version can now use fingerprints for authentication - simpler than entering the password. I hate typing on a smartphone.

 

[RMerlin]

View attachment 16278

Seen that strip before, and I strongly disagree with it. That last password is just as hard to memorize as the first one. Even the last image has the order wrong, since "correct" is supposed to be the first word, not the last one... And that strip seem to assume that everyone only has one or two passwords to memorize. Try memoring 30-40 such random sequences of words... Even if one was to go with "well-known" quotes (youcanthandlethetruth! or wereofftoseethewizard), you will quickly enough be unable to remember which site requires which quote.

 

[Dave Parker]

At my age, just trying to remember the wife's birthday and anaversiry is a challenge. I have it written down on a post it note and stuck on the bottom of the keyboard.

 

[umarmung]

Passphrases, as shown in the famous XKCD comic, would be awful for casual usage with or without a password manager. They are space inefficient, which is still important on many platforms, and no better than randomly generated passwords if you do not need to remember them. Passphrases are only a good option for less than a handful of usages, maybe even only one for most people, i.e. for accessing the password manager itself which you may have to remember every day or when you are not using biometrics.

Another disadvantage of popularizing passphrases without guidelines on their use is that they may tempt people into thinking that you only need a single strong passphrase that you can use everywhere, as if its security is the only thing that matters. This is exactly the same as re-using passwords, even randomly generated ones. The end result is that when (yes, when not if) a given site is compromised or simply leaks, then that passphrase or password can be used to attack others, including perhaps critical ones like email services.

Not having to remember 1000+ passwords is the one of the main benefits of using a password manager. You should never have to care about the exact password, except its length and any character restrictions at time of creation (*).

(*) A good password manager will allow you to work around these restrictions and some password managers will allow you to save password formats so you can re-use the style of password elsewhere with similar restrictions.

 

[Doug Nix]

I run 1Password on all of the devices in our small business - two notebooks, two desktops, two iPhones and two iPads. Different 24-36 character passwords for every site, unless the site can't handle that length. Works like a champ. Worth the money for the licenses.

 

[parker55]

I always create password with the name or thing that I mostly remember. I just use upper case and symbols with that to make it stronger..

 

[parker55]

Don't need that password sites if you use simple passwords with some modifications

 

[coxhaus]

I have a small paper notebook I keep all my passwords in. I just can't remember the 100s of passwords I have. This is over 20 years of passwords. Everybody seems to have their own rules for passwords. Just when I think I have a good passwords somebody comes up with a rule where it will not work. Things like no hyphens, no blanks, no dual numbers, no repeat letters, and more. There always seems to be 1 where I need a new password.

 

[Peter Kendrick]

I use a long password with upper case, lower case, and symbols. Is it ok? or shall I ditch the symbols? Also, I use PassPack to store my passwords? How is PassPack compared to the software you guys mentioned? I read news in 2017 about lastpass being flawed.

 

[RMerlin]

I use a long password with upper case, lower case, and symbols. Is it ok? or shall I ditch the symbols?

It's fine, as long you are careful as some sites/devices don't like some special characters. I tend to stick to least likely problematic characters such as ,.!-. Characters like $ and % can cause problems with poorly written web code.

 

[Peter Kendrick]

Characters like $ and % can cause problems with poorlywritten web code.

I do use such characters.

 

[RMerlin]

I do use such characters.

As long you don't encounter any issue, you're fine. Just a heads up that they might not always be properly escaped/handled by web applications. It's probably more a risk with embedded devices such as routers and web cameras than with actual public websites however.

 

[umarmung]

By the way, one thing I particularly love about Keepass is the AutoType function. This enables you to automatically copy and paste AND into any application, even those that prevent pasting from the clipboard. It is as trivial to use as placing this in the Notes field even with any other text you like around it:

Auto-Type-Window: Notepad

You can also modify what gets sent. By default it sends the username, tab, password and enter, but you could have it just send the password or whatever,

Auto-Type-Window: Notepad
Auto-Type: {PASSWORD}{ENTER}

Then you can just press a global hotkey (Ctrl-Alt-A by default) at any time while the application is opened - or you can press an action within Keepass - and the password is sent.