Questa volta abbiamo cercato: Am I the only one that gets incredibly stressed/annoyed over ridiculous password requirements and constantly having to pick a new password?
I have so many passwords and half of them have ridiculous requirments and either force you to make a new one from time to time, or you can never remember it so you have to reset it and use a password “not previously used” thus making you even more likely to forget it next time. It’s insane. I finally had to start writing down all my different passwords which just makes it even less secure. I’m absolutely fed up with it. If I want to use an “insecure” password then just let me. Also, I shouldn’t be required to have my phone with me at all times to login to things. It’s getting increasingly more difficult to do a password reset, or even just login on a new computer, without having to verify with your cell phone. For example, I used multiple computers at work and constantly have to be logged into my email. Right now anytime I login to one of these computers I have to wait and verify it’s me via a cell phone text. Meaning if I don’t have my phone I literally cannot work. I truly want legislation to stop this shit. It’s ridiculous. I would rather risk being “hacked” than deal with these frustrations.
Ed ecco le risposte:
Not the only one. Get a password manager. I use 1Password.
As for having your phone with you all the time, you probably do anyway. And you can install the app on your computer or as a Chrome extension.
If you can’t do that, you probably shouldn’t be using that computer for anything secure anyway. (Or it’s in a secure air-gapped facility)
If you don’t have a constant computer, but have a requirement to always be available by email, ask your work for a work phone or laptop.
You only say that because you haven’t yet had your identity stolen.
Instead of fighting change and getting angry, try the password managers others have mentioned.
If you don’t want to spend the money, there are free ways to make your life easier.
For example, say you like Radiation and Junk.
You can make your template password
Rad@Junk
So your work (ex Walmart) would be.
Rad@JunkW01
Your Instagram would be
Rad@JunkI01
Then just cycle through the numbers.
Sounds like you might benefit from a password manager. I use LastPass and it doesn’t remove every inconvenience, but it makes it much easier to use properly secure long/random passwords.
When I’m on my own computer, I sign in once to unlock the “vault”, and after that it can supply every password I need (in most cases it’ll fill it directly into the login form, either automatically or with a right click – in some cases where sites have weird login processes I might need to open the extension to copy the password out).
Means I don’t have to remember any password except the one for the password manager itself. There are a few other key passwords I choose to have memorised, but it’s a more contained problem. And since I don’t have to remember them with my squishy fallible human brain they can be all 20+ characters of true-random gibberish.
Using a new computer might be a bit more of a pain – would need to either download/install the browser extension or sign into the phone app to get at my passwords.
2FA codes would still be a separate issue. I agree the SMS ones suck – prefer TOTP codes as generated by Google Authenticator and similar apps, wherever possible. But not every site is set up for those.
Like I said, doesn’t solve every issue, but some of those issues are just inherent to the problem of stopping remote hackers from hijacking your account.
You may be interested in using a password manager like DashLane or 1Pass. It autogenerates passwords for you so you can have a secure unique password on every website, and you only have to remember one password to have access to all of your records and it’s not as unsafe as physically writing them all down.
You mentioned in a previous reply that a password manager isn’t a great solution.
It can be easy to generate unique passwords that fit requirements and are also easy to remember. Do you have a favorite song?
For this example I am going to use the first three lines of Hotel California.
>On a dark desert highway
>
>
>
>Cool wind in my hair
>
>
>
>Warm smell of colitas
Most passwords require 3 of the following: Upper case, lower case, number, punctuation. Lets include that by default. This song is Hotel California, so I am going to start my password with ‘HC’. I need punctuation and a number so I will add a dash followed by the line number (starting with the first line. So far that is ‘HC-1″.
Technically I have met the requirements for complexity, but not length. We usually need to have at least 8 characters in a password, so I will add another dash followed by the first letter of each word in the line (maintaining capitalization from the official lyrics). The password would now be ‘HC-1-Oaddh’. That password is 10 characters long, has upper case and lower case letters, along with numbers and punctuation, and if you know the song it should be easy to remember.
You can probably guess what I am going to say for when the password expires and you need a new one, we just do the same thing with the next line. the new password using the second line of the song is ‘HC-2-Cwimh’. Then ‘HC-3-Wsoc’.
If you want different passwords, just use different songs for each account. If you forget the password you can look up the lyrics to the song, or set the hint to be ‘Eagles’. It won’t eliminate all of the hassle, and these will not be as secure as a randomly generated password from a password manager, but it might be a useful middle ground. At the very least it is better that using ‘Potato!june’ then “Potato!july’. Anyone seeing that could easily guess what the pattern is going to be, while the method above is less obvious to a shoulder surfer.