Importance of Proper Password management

[Ambatman]

As much as keeping and safekeeping our private keys is very important, same also applies to our passwords.
Not the best opening but felt like sharing something since I have been on th  receiving end of poor Password management.

Faced first hand the disadvantage of having different password for different platforms or medias

Don't let this experience sway you towards bad password habits. It's a very good thing to use a different password for each online account. I mean, it's almost a given that you'll be affected by a data breach at some point, and when that happens, you don't want it to cascade into multiple problems, and you really don't want it to result in your e-mail account(s) getting compromised, too, because then you're up shit creek without even a canoe.

Haven't found a proper solution yet but I believe am more tempered than before.

Use a password manager. (An offline one like KeePassXC, and remember to back up the database file once in a while, too.)

I was adviced by a reputable member of the forum on managing my passwords and was even recommended a password manager which I'm currently using.

I always knew that using same password for various platform is quite risky and not advisable but my implementation was poor.
I overestimated my brain to recall all passwords despite them been different but was failed when I logged out of my BTT account and couldn't find even recall my password.

What I'm saying is, like was said in the quoted section. It is good to use different password for different platforms for security purposes but we shouldn't rely on our brains alone but take proper record and a secured password manager can help with this (mind you is not the only method in keeping passwords).


Experiences is quite an harsh teacher so is better you learn from others mistakes than yours.


Further recommendations would be appreciated.  
 

These are the few points I could add for Now

Is there any tools or apps that could help us to manage and change passwords of various accounts that we have?

• [Mega resources for newbies] Check here, find most of your need, before asking. Get password managers there.
• [GUIDE] How to Create a Strong/Secure Password
• Are your passwords in the green?

Password Managers

|

Name

|

Open-source

|

Windows

|

MacOS

|

Linux

|

iOS

|

Android

|

Cloud

|

|

Proton Pass

|

Yes

|

Yes

|

No

|

No

|

Yes

|

Yes

|

Yes

|

|

KeePass

|

Yes

|

Yes

|

No

|

No

|

No

|

Yes

|

No

|

|

Password Safe

|

Yes

|

Yes

|

No

|

Yes

|

Yes

|

Yes

|

No

|

|

KeepassXC

|

Yes

|

Yes

|

Yes

|

Yes

|

No

|

No

|

No

|

Anything you can remember is always subject to hacking. Passwords should be long, not have any semantic load, and include various symbols. This is done so that it is difficult for those who brute force (guess) passwords to hack.

~snip~
What I'm saying is, like was said in the quoted section. It is good to use different password for different platforms for security purposes but we shouldn't rely on our brains alone but take proper record and a secured password manager can help with this (mind you is not the only method in keeping passwords).

I would not agree with the way you wrote it, because it seems to me like a very frivolous suggestion - the only correct thing would be to say that you should never use the same password anywhere, and I would also emphasize that you should always remember not to use any simple passwords or those that an attacker could "crack" if he has enough information about us. To clarify, if the attacker knows that you have children named Bob and Melinda, and if he knows their dates of birth, then he will definitely try to use a combination of those characters.

[Kamustapo]

Is there any tools or apps that could help us to manage and change passwords of various accounts that we have?

For someone who have short time memory like me, it's quite pain in the ass every time I try to login to a platform and I have to ask the email for passwords recovery because I keep forgetting the password.

[lovesmayfamilis]

Is there any tools or apps that could help us to manage and change passwords of various accounts that we have?

For someone who have short time memory like me, it's quite pain in the ass every time I try to login to a platform and I have to ask the email for passwords recovery because I keep forgetting the password.

I think it will be enough to read the advice from this post

You certainly missed the point that after registering an account, you need to carefully store your data so that there are no incidents, like the one that happened recently, when a person simply forgot their password.

Likewise, do not save your passwords in the browser, since all your cookies can be decrypted, and others can get the password for the forum.

The common advice for account security is using a strong password which is misunderstood by many people. Being unique is the first important specification of a strong password. Because if you use one password on many platforms for multiple accounts, no matter how strong that password is in length and character combination, it breaks basic rule for password setup.

If one platform is compromised, you will have risk of losing all of your accounts that have only one password.

[GUIDE] How to Create a Strong/Secure Password
Use Password managers.

And to save passwords, use password managers with an open source code (for example, KeePass, Bitwarden).  Or just save them in a blanket encrypted document.

Links to some password manager softwares are above.

[tranthidung]

Is there any tools or apps that could help us to manage and change passwords of various accounts that we have?

• [Mega resources for newbies] Check here, find most of your need, before asking. Get password managers there.
• [GUIDE] How to Create a Strong/Secure Password
• Are your passwords in the green?

Password Managers

|

Name

|

Open-source

|

Windows

|

MacOS

|

Linux

|

iOS

|

Android

|

Cloud

|

|

Proton Pass

|

Yes

|

Yes

|

No

|

No

|

Yes

|

Yes

|

Yes

|

|

KeePass

|

Yes

|

Yes

|

No

|

No

|

No

|

Yes

|

No

|

|

Password Safe

|

Yes

|

Yes

|

No

|

Yes

|

Yes

|

Yes

|

No

|

|

KeepassXC

|

Yes

|

Yes

|

Yes

|

Yes

|

No

|

No

|

No

|

[Hatchy]

Using different passwords, is a good thing and the best way to maximize the security of your passwords. What most people fail to understand that the human memory is due to mistakes and sometimes when we don't often make use of a particular term in this case passwords, it might mix the whole thing up. So we tend to forget. This is another reason why I don't advise brains wallets at all. We can't always rely on our memory as it sometimes fails. Using password managers is the best method to store your different passwords as well as increasing the security of your passwords.

[Saint-loup]

I agree with you, it's better to use password-managers allowing you to generate different secured passwords for every websites you use, you can safely use the one from your browser(Google Chrome for example) for websites using 2FA or for not critical ones.
But if you can't do that (or don't want to) you can use a convenient feature for Bitcointalk preventing to forget your BTT password : the Secret Question option.
You can find it in the Account Related Settings section of your Profile.

[Mia Chloe]

Using different passwords, is a good thing and the best way to maximize the security of your passwords. What most people fail to understand that the human memory is due to mistakes and sometimes when we don't often make use of a particular term in this case passwords, it might mix the whole thing up. So we tend to forget. This is another reason why I don't advise brains wallets at all. We can't always rely on our memory as it sometimes fails. Using password managers is the best method to store your different passwords as well as increasing the security of your passwords.

Yeah managing passwords can be difficult sometimes. Passwords are used in almost everything that concerns funds or any stuff like apps that carry private information. Sometimes people find it difficult to secure their passwords because of the fact that they can easily hit generate passwords on their chrome browser when the login to website and web apps and then Google automatically saves the passwords for them.

However the truth is it seems to be safe and easy but it's a hell lot of risk as if your Google should be compromised you literally put all your accounts without 2FA  at risk.
Well I'm not surprised that the Blockchain isn't based on passwords rather it uses seed phrases, because if not wallet hacking and brute forcing would be the order of the day.

[SamReomo]

I believe password management is one of the most important things for anyone who register accounts at various sites. I personally use different passwords on each platform only so I can be safe from data breaches.

I don't prefer any password manager to the ones who have a air gapped setup because they can literally save all their passwords as a text file and then save it on their air gapped system. It's that simple.

[Troytech]

I could remember you were inactive for some time. And i wondered what may have been the issue. However, welcome back to the forum.

Honestly, this has been a very concerning problem these days. I lost my phone recently and i could access my Gmail because i could not remember some passwords it was so painful because i though everything was cool not until I couldn't sign in at all. Up till these day i still regret why i didn't store my password physically or write it down.

[nakamura12]

Password management tools or apps won't exist if it doesn't help secure an account. That's why it is really important that a person should always take it to mind that the importance of proper password management would surely help someone make their account more secured and safe rather than doing nothing at all. Generating password may help but it would be useless if you forgot it hence that's where the tool comes in if you haven't memorized it yet. Having same password wouldn't be a good choice because if your private data is compromised then there's a possibility that your other account may get accessed by someone.

[Egii Nna]

Is there any tools or apps that could help us to manage and change passwords of various accounts that we have?

For someone who have short time memory like me, it's quite pain in the ass every time I try to login to a platform and I have to ask the email for passwords recovery because I keep forgetting the password.

Yea, you have a point, but when managing your password, you have to do that with caution. Not all passwords are saved in an app, although apart from apps, some browsers also save passwords, but that is based on your own permission because if you don’t approve it to save, it won’t save. But the main concern is the risk you are in when saving all your valuable passwords in an app because if someone has access to your device, that means all your information will be linked out. 
 
So for you that have a short time memory to save things, all you need to do is have similar codes on your own that you will hardly forget and save some of the app so that you can have some privacy and not be fully dependent on apps that can run all you have worked for. 

[lovesmayfamilis]

So for you that have a short time memory to save things, all you need to do is have similar codes on your own that you will hardly forget and save some of the app so that you can have some privacy and not be fully dependent on apps that can run all you have worked for.

Wrong. Didn't you read the topic suggested by tranthidung in this topic? Anything you can remember is always subject to hacking. Passwords should be long, not have any semantic load, and include various symbols. This is done so that it is difficult for those who brute force (guess) passwords to hack.

But if you can't do that (or don't want to) you can use a convenient feature for Bitcointalk preventing to forget your BTT password : the Secret Question option.
You can find it in the Account Related Settings section of your Profile.

You are talking nonsense now. The secret question has been disabled for a long time, and anyone who wants to restore an account through it will be blocked.

[Saint-loup]

No, I don't think this option has been disabled, otherwise it wouldn't appear anymore in the Account Related Settings menu. Besides that, you are right, your account will be locked if you use this option to recover the access of your account after forgetting your password. But you can unlock it by just showing a signed message from any address you've published in a post on the forum.

https://bitcointalk.org/index.php?topic=5438111
https://bitcointalk.org/index.php?topic=5089777

[ABCbits]

I was adviced by a reputable member of the forum on managing my passwords and was even recommended a password manager which I'm currently using.

Further recommendations would be appreciated. 

Not all password manager have equal security or convenience. For example,
1. Password manager application on your device (such as KeePass) require you to make sure your device is secure.
2. Few online/cloud-based password manager have bad history. For example, LastPass got hacked few times.

You also should consider using random password generator, which usually included by the password manager.

[hd49728]

The secret question has been disabled for a long time, and anyone who wants to restore an account through it will be blocked.

It was disabled a long time ago since 2015 and it is an unofficial lock button. Ratimov used it to exit the forum.
PSA: ACCOUNTS WILL BE LOCKED IF THE SECRET QUESTION IS USED TO RECOVER IT

Just check out Ratimov BPIP profile, he obviously locked his account with via secret question trigger on December 29.
For someone who is allegedly died account he knows very well how forum is working, and he looks very much alive.
Anyway, it's finally time to stop talking about him.


https://bpip.org/Profile?id=2627711

[Kamustapo]

Is there any tools or apps that could help us to manage and change passwords of various accounts that we have?

• [Mega resources for newbies] Check here, find most of your need, before asking. Get password managers there.
• [GUIDE] How to Create a Strong/Secure Password
• Are your passwords in the green?

Password Managers

|

Name

|

Open-source

|

Windows

|

MacOS

|

Linux

|

iOS

|

Android

|

Cloud

|

|

Proton Pass

|

Yes

|

Yes

|

No

|

No

|

Yes

|

Yes

|

Yes

|

|

KeePass

|

Yes

|

Yes

|

No

|

No

|

No

|

Yes

|

No

|

|

Password Safe

|

Yes

|

]Yes

|

No

|

Yes

|

Yes

|

Yes

|

No

|

|

KeepassXC

|

Yes

|

Yes

|

Yes

|

Yes

|

No

|

No

|

No

|

Thank you very much for the guides. I'll make a bookmark of it.
I'm sorry for asking questions that already have an answer, that was my mistake a s beginner.

I will do some study on what you provided us with.

[erep]

I could remember you were inactive for some time. And i wondered what may have been the issue. However, welcome back to the forum.

Honestly, this has been a very concerning problem these days. I lost my phone recently and i could access my Gmail because i could not remember some passwords it was so painful because i though everything was cool not until I couldn't sign in at all. Up till these day i still regret why i didn't store my password physically or write it down.

You can still recover your email with the authentication code sent by your phone number or you can recover your email by sending a notification to your recovery email, unless your email is registered with an inactive phone number and there is no recovery email then you have no way to recover your email, I usually save my password data on my hard drive and I remember the password for my main email access so if I lose my phone then I can log in to my email with the password or recover to my recovery email.

I am not sure about using an application tool to save any account access, I prefer to save my password on my hard drive which is much safer than using a tool, but everyone has their own perspective to secure account data.

[dkbit98]

Anything is better than using one password for all accounts and websites... and you would be surprised how many people are doing that all the time 
KeePass is a great open source choice for password manager, it can even be used to temporary save TOTP codes for 2FA, and it's not storing anything in other people computers aka cloud.
Just don't use KeePass or any other password managers for storing important bitcoin seed words, and use strong password.

[NeuroticFish]

Password Managers

You should really consider adding Bitwarden to that list.

Thank you very much for the guides. I'll make a bookmark of it.
I'm sorry for asking questions that already have an answer, that was my mistake a s beginner.

You should also take a look at Bitwarden and the reviews.

Also you should bookmark https://ninjastic.space/search and https://search-beta.ninjastic.space/ for better search in this forum
They have the potential to get you a lot of info, since a lot of beginner things were already asked in the past.

[Porfirii]

Two pictures are worth a thousand words:




Source: Malwarebytes on Twitter

BTW, I think that the image from statista is outdated, as I don't believe that a password with only 11 lowercase characters + 1 uppercase would take (edit: as long as) 300 years to get cracked by a malicious person nowadays. If that was the case, we could even think of writing our passwords down in a personal diary instead of anywhere online (much like our private keys or seeds).

Just in case, long alphanumeric passwords with uppercase, lowercase and symbols is the way to go. And, as suggested by malwarebytes, enable 2FA when possible.