Password managers or passwords from memory

[Z-tight]

Creating a password is very important, weak passwords means hackers can easily gain access to your accounts, and many of us have a lot of online accounts across different platforms, so creating a password for each account, including emails becomes a task. There are two ways of creating a password, either through your brain or with a password manager, like keePass for example.

The purpose of this topic is to know which of the two ways this community thinks is the safest!!!

If you create passwords from your mind it will have to be complex so hackers can't get it, and it will be difficult for you to remember so you'd have to write them down on paper, because if you save them in your email or online, then it is unsafe, but what of in a situation that the paper you used to back up your password is misplaced or damaged, what are the additional back ups for people who use this method to ensure their passwords are safe forever.

Password managers seem to be the safest, for those who use them, what are the 'do's and dont's', i do not have too much experience with password managers, so can anything go wrong when using them? Any knowledge or experience you have on password creation will be appreciated so others can learn from it.

[1715509311]

1715509311

[mk4]

Not-safe: using a bad password and using the same password on multiple accounts

Safe: using password managers(1password, dashlane) with a strong master password

Safest: using a self-hosted password manager(keepass, bitwarden) with a strong master password


On the top of my head I can't think of much dos and donts besides following the typical security guidelines like not installing shady software and all that.

[Munir575]

Choose LastPass or Bitwarden if you want the best free password manager. Dashlane is a good option too if you want something that's more than a password manager because of its wide range of security features and it provides more use than almost any other password manager.

[ImThour]

I don't use any password managers as I have a good enough memory to keep them safe in my mind however I do use a similar password for multiple websites.
That might be an issue but cracking it at first is the big deal. I am not sure If Password Managers are a good option or not, my iPhone's Facecam does a really great job though.

[Lucius]

I may be old school, but I don’t trust any password managers and I rely on creating strong and unique passwords for every service I use, and passwords are stored on paper in multiple copies. I’m not claiming it’s the best solution, but so far no one has hacked me and I’ve never lost a single important password.

If the password is complex enough (lowercase/uppercase letters, numbers, and special characters) it is enough to have up to 15 characters, each password strength meter for such passwords will show the time for their crack would be in billions of years. Maybe quantum computers will reduce that time a bit in the future, so no one will make a mistake if they use more complex passwords.

I don't use any password managers as I have a good enough memory to keep them safe in my mind however I do use a similar password for multiple websites.

No matter how safe you feel at the moment, the risk you take is very high - not only because you keep passwords in your mind, but also because you use similar passwords for all services. However, there is a better chance that you will hit your head and experience amnesia, than that someone will hack you if you have a somewhat strong password.

[NeuroticFish]

We should admit that password nowadays can be crack no matter how hard it was using brute force software so  choosing the best password is least of my concern but rather using secondary security such as sms verification and 2fa to enhance my security to maximum level that hackers can’t penetrate unless he has access to my phone. But all this hack event is only possible if you share your login details or you download malicious software that will give the hacker your login details.

Actually if the password is long enough and complicated enough it still takes longer than the hacker's lifetime to crack it.
Even more, while secondary security is a good goal, far too many don't understand that SMS can be stolen/impersonated and even more fail to understand that having a 2FA tool on the same device (phone) as the one used to go to the various websites and platforms pretty much voids the benefits of having two layers of security.

Take note bitwarden could be either self-hosted or use their cloud service.

Indeed, I am lazy enough to use Bitwarden with their cloud service. I hope though that my password is strong enough.


I will add that it's also good to not keep life changing amounts (of bitcoin) on online platforms and also it's a terrible idea to save HD seeds and private keys into password managers (and I've seen such ideas here and there).
I think that it's best to have a "good enough" security, but also ensure that if that one fails it won't be the end of the world for you.

[dkbit98]

Password managers seem to be the safest, for those who use them, what are the 'do's and dont's', i do not have too much experience with password managers, so can anything go wrong when using them?

It all depends what kind of password managers you are using.
Anything that uses centralized website service with registration account can be exploited and hacked, so I prefer using open source offline software like KeePass.
I would stay away from services like LastPass that was hacked already with master passwords being compromised, even if they claim that encrypted vault data was not affected.
There was also vulnerability in their browser plugin, and you can always have attack on their company servers.
Whatever password managers you use you need to have strong password that you keep offline in safe place that is ready for recovery, same thing like for bitcoin seed phrase.

[Z-tight]

I don't use any password managers as I have a good enough memory to keep them safe in my mind however I do use a similar password for multiple websites.
That might be an issue but cracking it at first is the big deal. I am not sure If Password Managers are a good option or not, my iPhone's Facecam does a really great job though.

That means if you are targeted by a hacker and they get hold of your password, they can also gain access to multiple accounts owned by you, that is risky, it's better to lose one account, than multiple of them.

I may be old school, but I don’t trust any password managers and I rely on creating strong and unique passwords for every service I use, and passwords are stored on paper in multiple copies. I’m not claiming it’s the best solution, but so far no one has hacked me and I’ve never lost a single important password.

Is there any particular reason you don't trust password managers, even the ones that are open source? Any past experience, or because you are old school, or you just have a method that has worked for you down the years.

[Taskford]

I don't use any password managers as I have a good enough memory to keep them safe in my mind however I do use a similar password for multiple websites.
That might be an issue but cracking it at first is the big deal. I am not sure If Password Managers are a good option or not, my iPhone's Facecam does a really great job though.

The risk for you to get hack on all of your accounts is huge once one of the platform where you register got hack and the account details of their users will be taken by the hackers. Also some cases their are times that we will forget what password we set that's why I don't trust saving some important details by using memory only because anything could happen so I mostly I always written up my password on multiple 2 notebooks then lock it on my computer desk, so far I never get encounter any issues since I can say I'm safe by using this to any online hacking.

[Lucius]

Is there any particular reason you don't trust password managers, even the ones that are open source? Any past experience, or because you are old school, or you just have a method that has worked for you down the years.

For starters, I'm not a person who needs to have hundreds of passwords, and that's where some see the advantage of a password manager. I just feel more secure if my password is completely offline than being stored by any software, no matter how secure someone thinks it is. In addition, there have been many different revelations about how some password managers have been hacked or found to have serious vulnerabilities - which means that user passwords are always at risk to be hacked.

[tranthidung]

You can use any mean to store your password, passphrase, mnemonic seed, private key but it should not be memory and should not be online. You can use either password manager, paper, metal sheet and more but it must be offline one and not be your memory. Your memory can be lost when you are ageing or get an accident. Online places are dangerous because you will be exposed with more risk.

Some people store their password in Gmail, in their social media account like Facebook, in Telegram, in cloud storage service. All of these are very bad practically.

[GUIDE] How to Create a Strong/Secure Password

[Smartvirus]

Password managers seem to be the safest, for those who use them, what are the 'do's and dont's', i do not have too much experience with password managers, so can anything go wrong when using them? Any knowledge or experience you have on password creation will be appreciated so others can learn from it.

I think the most important key to a safe password is not in the creating of a password that can't be guessed by anyone or brute forced by anyone. A mean, you can create a supper complex password bt mixing random alphabets using upper and lower case, numbers and special symbols in a completely randomised manner. It's nothing far from what the password managers do. The most important task for creating a password is in you ability to memorise and be able to reproduce it. If you can't, then you've ended up securing an account and you no longer own it

Am no big fan of password managers, not that I don't trust it as I find them to be supper complicated and can't he easy guessed as opposed to creating passwords out of your brain but, getting to memorise it and reproduce it out of memory could be tasking bacuse, its got zero relativism as per clue to its guessing. I'll go with my brain anytime and have got my ways to archiving maximum security.

[Maus0728]

I've been using Bitwarden for a while, and so far I haven't noticed or run into any major or minor issues. All of the passwords kept in Bitwarden are alphanumeric characters with a mix of symbols, capital and lowercase letters, making them virtually impossible to remember.

The interesting part about PM is that you may fiddle with the password character length up until the website screams that "the password is too long" for their database to store;D. Besides, it is intriguing to examine the website's quality to determine whether it can keep complex passwords or not.

[gagux123]

Choose LastPass or Bitwarden if you want the best free password manager. Dashlane is a good option too if you want something that's more than a password manager because of its wide range of security features and it provides more use than almost any other password manager.

some time ago I also used LastPass, I found it easy to use and very intuitive.
But unfortunately LastPass has already been hacked several times.
After that, I don't have much confidence in this password manager because of these events they had with LastPass

More info
"LastPass users are skeptical after company insists it wasn't hacked" - https://www.inputmag.com/culture/lastpass-denies-hack-alerts-users-of-security-breach

Another tool that is also interesting to use, is 2FA, because this is important nowadays. It's simple to use and it will give you an "extra layer" of security.

[xSkylarx]

I don't use any password managers as I have a good enough memory to keep them safe in my mind however I do use a similar password for multiple websites.
That might be an issue but cracking it at first is the big deal. I am not sure If Password Managers are a good option or not, my iPhone's Facecam does a really great job though.

Same for me, I haven't considered using password manager since I started to learn about crypto 6yrs ago. I just wrote them on a piece of paper, make multiple copies of it then store it on a safe place that I only know. So far, none of my accounts have been lost or hacked yet. I'm also very careful in visiting malicious links or opening files that can spread malware on my device. Password Manager are only a good option if you have some private account or huge assets that you really want to protect but if they have nothing to steal from you then it's not necessary to use it.

[tranthidung]

We should admit that password nowadays can be crack no matter how hard it was using brute force software so  choosing the best password is least of my concern

If you set up a long, strong and unique password, it's very hard to brute force it if you don't leak any part of it.

using secondary security such as sms verification and 2fa to enhance my security to maximum level that hackers can’t penetrate unless he has access to my phone. But all this hack event is only possible if you share your login details or you download malicious software that will give the hacker your login details.

You can use Yubikey as one of secondary protection.

Some people store 2FA and account password on the same device. It is not a good practice as it violates a basic that 2FA should be on different device and you should not store all eggs in a single basket.

If you login your email, your exchange account and install its 2FA on a same device, what will happen if you lose that device? 2FA can not protect you in this case if exchange does not detect suspicious things and ask for additional KYC before approving withdrawal request from that device.

[Rruchi man]

The purpose of this topic is to know which of the two ways this community thinks is the safest!!!

In my opinion they can both be considered safe and unsafe depending on the person using them. For password managers, they are susceptible to malware attacks from cyber criminals that can steal your master password and as a result gain access to all the passwords stored within, they can be considered safe for those with some tech awareness, and unsafe for those without any tech knowledge/awareness, those who have no idea when their device is under a malware attack. While for those who choose to play it safe and avoid hackers hence use passwords from memory can easily be disappointed by memory and mix up the passwords for different accounts or even forget some passwords. Using one password from memory is also not advisable, rather create a pattern that you use in setting unique passwords for any account, so whenever you remember the pattern you can easily recall your password.

[Note3]

Until now never use password manager or any kind of that, I just create password manually and always combined with lower upper cast also special characters, and write down all in notepad save in computer or flashdisk, I think this is a safe ways for me.

[Davidvictorson]

The issues I have with a password manager is that many of the most widely used password managers are proprietary software, they are owned and operated by a private company and I am not able to view the source codes of how my password is stored, the type of encryption used. It cannot be verified. In addition, a data breach of the server is likely if it is stored in the cloud. However, unless the password has been encrypted then nothing can be done with the password if there is a hack.

[Lafu]

Until now never use password manager or any kind of that, I just create password manually and always combined with lower upper cast also special characters, and write down all in notepad save in computer or flashdisk, I think this is a safe ways for me.

Thats not the safest way and very risky . Also if you get hacked or your computer gets compromised from Malware or Virus thats the first things the Malware Software is looking for.
The program searches the foulders in Notepad and all other foulders and how they are written or if they locked with a password.
If notepad is setup normaly you just have to open it and the last edited windows and things are open still there if you havnt closed them.

I would advise to never safe passords and keys in a file on the PC , write it down manual to paper or something.

[lovesmayfamilis]

There are several sites that offer to check the strength of your passwords.
Although you should be completely skeptical, you should also not trust these sites with your passwords. But having understood the principle of a quality password, which they speak of as reliable, it is easy to create another one in the same format.

https://www.security.org/how-secure-is-my-password/
https://password.kaspersky.com/

[Lida93]

Mind you Password manager are  not totally free from experiencing a crash like every other systems too. So its much safer to have a password out of your memory, one that's reliable and you can easily remember through attachment of the figures and letters of the password to things important in your life.
Remember you can't crash expect death but a system can at anytime.

[Dunamisx]

Creating a password is very important, weak passwords means hackers can easily gain access to your accounts

I think it's not all about having a long password that the user may apparently find difficult to remember but rather having a combination of alphanumeric use for password, this is one of the strongest ways we can secure ourselves against an attack because using an ordinary name or some common to us can be easily guessed by someone close to us, here are some common mistakes made by users about password combination.

First scenario, they uses a common number sequence of 0-9
Secondly, they make use of repeated numbers like 55555 which is in five place or more using any other number, lastly they use alphabetical words like their surname, mother's name, father's name, and names of common things that are favourite to them, these are some of the ways users creates vulnerability for an attack all by themselves unknowingly.

[jamyr]

Another safe way would be to create your own password manager in a secondary device that doesn't connect to the internet. If I am not mistaken, they call it like air-gap something...

This maybe a lot of work for password managing but I believe it to be very effective.

[AakZaki]

Another safe way would be to create your own password manager in a secondary device that doesn't connect to the internet. If I am not mistaken, they call it like air-gap something...

This maybe a lot of work for password managing but I believe it to be very effective.

yes it is more effective with methods like airgrab because this password manager is not connected to the internet. Devices that are still connected to the internet are still vulnerable to malware and hacking.
And some other offline storage can also use notes on a piece of paper or a special book that is stored properly.
The ultimate security depends on the user and the device, if the user is negligent and the device is easy to hack, then any way will be useless.

[Alisha-k]

It all depends on how good you are at memorizing complex characters and alphanumeric keys. I prefer password from my memory a million times to password managers. Since i make use of Characters, numeric keys and special characters i feel secured with my passwords, except this password managers are generated offline else no way

[KingsDen]

It all depends on how good you are at memorizing complex characters and alphanumeric keys. I prefer password from my memory a million times to password managers. Since i make use of Characters, numeric keys and special characters i feel secured with my passwords, except this password managers are generated offline else no way

For how long can you trust your memory? The human memory is already being over-used  for processing daily tasks, for work at office, memorising your relatives names, possibly for knowing the name of your country/state and the name of the president. You may think that it is normal for your brain to store all these. But take your brain like a computer memory, each thing you memorise is either running in KB, MB or GB. So, it is important to relieve the brain of some certain responsibilities.

Personal I have 5 strong passwords(alphanumeric and symbols) that I memorised. I categorised them as normal, secured and most secured. I apply different passwords depending on how important I percieve the website is. But now I'm trying a way to get them off my memory.

[Accardo]

The best thing is, do that which works for you. I remember forgetting the password of an account I logged into everyday. Not that the account is saved on the system, I entered password everyday and one faithful morning I forgot the password. So, the brain sometimes fails to recall things. Password manager I don't recommend for a sensitive account like wallets. Password manager can serve other social accounts that means nothing to your personal information or funds. Though, to escape hackers, use 2fa to backup sensitive accounts. And be careful with whatever backup you are using so that you won't bite yourself. Keep your phone numbers, email or google account used for the backup very safe.

[SuperMariob]

Creating a password is very important, weak passwords means hackers can easily gain access to your accounts, and many of us have a lot of online accounts across different platforms, so creating a password for each account, including emails becomes a task. There are two ways of creating a password, either through your brain or with a password manager, like keePass for example.

The purpose of this topic is to know which of the two ways this community thinks is the safest!!!

If you create passwords from your mind it will have to be complex so hackers can't get it, and it will be difficult for you to remember so you'd have to write them down on paper, because if you save them in your email or online, then it is unsafe, but what of in a situation that the paper you used to back up your password is misplaced or damaged, what are the additional back ups for people who use this method to ensure their passwords are safe forever.

Password managers seem to be the safest, for those who use them, what are the 'do's and dont's', i do not have too much experience with password managers, so can anything go wrong when using them? Any knowledge or experience you have on password creation will be appreciated so others can learn from it.

I never really trusted password managers. I don't like the idea of giving all my password to a software. If it gets hacked....all my passwords are gone.