[Discuss] Password managers

[Kent Borg]

On 5/6/20 7:32 PM, Rich Pieri wrote:
> I have over 250 site passwords in my vaults. I can't remember and track
> them all. Therefore I have programs do it for me. Since I don't have to
> remember them all myself there is no need to constrain my passwords to
> memorable patterns.

I'm not opposed to using software. I am opposed to assuming password 
software is for some reason bug-free and choosing according to 
convenience features. Choose password software extremely carefully. And 
once you have chosen something, use it even more carefully. And even 
then be really worried that, though your password software and how you 
use it might be really, really excellent, if someone has spyware on your 
machine that targets your password software, you are *so* screwed.

This stuff is terrifying.

I have no idea what my brokerage user name is let alone the password, 
because both are password (not encryption) quality strings*. I have to 
look them up. But once I do, I certainly can read what they are, 
remember each long enough to type, and even type each without too bad a 
chance of an error.

I, too, have hundreds of passwords. I only remember a few--the ones I 
use a lot. I have to look up the others. But at least some days I never 
look up a password.

-kb


* Why have a password-quality username? To keep my account from being 
disabled when someone probes too many times. I was changing my brokerage 
password every couple weeks at one point. I wasn't worried my password 
would be guessed, but the brokerage was. A secret username also makes 
bogus password recovery attempts by crooks harder.


P.S. When choosing how to manage your passwords don't just consider 
security, think a lot about reliability, too: Will you accidentally get 
locked out?