What ways/methods have you used to memorize passwords?
Of course I'm not asking you to give away your passwords. But for those of you who have so many, how do you keep track of them all? Do you use any unique methods?
I know many people struggle between having something that's easy to remember and something that's easy to guess. If you keep a note with your passwords on it, for example, it can be stolen, lost, or destroyed, or if you make them according to a pattern that's easy to remember, the wrong people might find them easier to guess.
This is 100% the best advise. But how do you remember your password managers password? I highly recommend Computerphiles tips, I've never seen it explained better: https://youtube.com/watch?v=3NjQ9b3pgIg
(Join 3-4 random, unrelated words for a strong, memorable password)
And because I'm getting into the demographic where my peers are going through end of life planning (whether for their parents or themselves), I have written my master password down and keep it with the will/"very important papers". Whoever settles your affairs will thank you.
Also, since I've wrangled with this one specifically, when a loved one passes keep their mobile number active so you can navigate mfa and password resets for their accounts.
I have Bitwarden set up with a feature called Emergency Access. The credentials to access that is just stores in plain text on a piece of paper in a drawer that I frequently use. If I ever forget my master password, I pull out the paper and use the Emergency Access feature, and start the timer, I set it at one or two weeks.
But I also would like to add: I use the Emergency Access feature in case of forgotten master password.
You basically set up another account and do a sort of "public key exchange handshake" with your main account. Then your secondary account becomes a way to recover your main account.
You can store the credentials to secondary account in plain text on a piece of paper in a drawer somewhere you have a habit of accessing (so you don't forget where you put it). Its doesn't matter if a snooping family member saw those credentials, theres a pre-set timer that needs to expire before access is granted. If I saw that timer being triggered, I'd know someone had been snooping, and I can just click deny access from my main account.
So if you somehow forget your main password, you find the paper with your secondary account and use it to request access to your primary account. And well you'd have to wait out the timer, but its better than losing your vault forever and having to reset every password.
For passwords you have to keep in your head, diceware. Surprised it’s not already mentioned! Basically you roll dice to choose words from a long wordlist until you have 6 or 7 words.
Human brains are good at remembering words. It’s way easier to remember a password that looks like:
For cases where I may not have access to a password manager, I have a standard procedure where I'll take the website url, add a fixed salt word, and run it through a hash function.
Theres.... There's something to it, I guess. Make sure your email is secure, and if not even you know your password, how can someone else. Christ, it sounds like a massive pain in the ass, though.
I used to have a couple of letters from the site/service followed by an obscure dialectal word that's not found in dictionaries with a few characters replaced by numbers and symbols. Those two letters kind of work like salting to keep every hash of my password unique.
I use a hardware password manager that connects over USB or bluetooth for most things. The few things that I use often I have a system for, and that system is popular culture.
Love "The Prisoner of Azkaban"? Initialize it, and add the publish date some where: HP&TPoA|1999
Starship troopers fan? Initialize a memorable quote.
"The enemy can not push a button... if you disable his hand. Medic!": Tecnpab...iydhh.M! Need numbers? Find a quote with numbers, or add the release year, or the number of times you watched it that one weekend where you and a friend watched it 32 times.
Like TV shows more? How about the fourth episode of family guy: S1-MindOverMuder-E4.
Metal Fan? I do love track three off of Metallica's 1983 album: #3|Motorbreath-1983
This is pretty much what I used to do before I got a password manager. Only difference is I would take that short phrase and randomly drop letters or replace them with numbers or symbols, and also random capitalization. Then I'd just practice typing it for 5 minutes until it was muscle memory. After about a week, I could no longer consciously remember the specifics of the password, just the key phrase and the associated muscle memory.
Before password managers I used to come up with a phrase or nonsense word that was personally significant to me, or an inside joke. Some sort of “catch phrase” that would only make sense to me and maybe my closest friends. Sometimes just an initialism of something I’d know, like my ex-gf Angie (not her real name) had a gap in her teeth, so I’d tell my friends “Angie’s got a gap in her teeth so my dick’s gots to fit!” and so my password would be “Agagihtsmdg2f!”
i have difficult & long unique passwords for each of the important things (emails, bank, any official gov or edu sites etc.) that i keep on a piece of paper in my notebook (with a few backup copies). And i also have 3 degrees of difficulty for my other passwords that i use like this: easy "i could not care less if this account got hacked, in fact i know this password has been leaked in plain text before so whatever", medium "i'd kinda suck if this got hacked but ultimately it'd not cause major issues", hard "i do not want this to be hacked"
I have four passwords I memorize: my password manager, my main email, my work login, and a throw away password for stuff that doesn't matter too much (signing up for giveaways, throw away social media accounts, etc). For everything else I have the password manager create some twenty character monstrosity.
The four memorized ones are all nine letter words with numbers and symbols replacing letters usually always including a comma somewhere as I heard once that a comma makes a password hardet to crack (but, now thinking about it, I don't know where I heard that and it sounds like a myth).
For the work passwords I have to remember and cannot always access a password manager, I use pass phrases instead. Statistically, 3 random, non-similar words, are more secure than normal passwords. Changing random letters to symbols and capitalizing can further improve the security. For instance...
I actually try to remember as few of my passwords as possible. Take away my password manager and switch my keyboard from QWERTY to DVORAK (and scramble the number pad), and I'm not getting into anything other than my email and 1 bank account.
Password manager. For things that I forsee I will end up needing to type often, I might choose a passphrase made of actual words. Some password managers can do this, or create passwords made of syllables you can pronounce. It's way easier to type correctly.
When I'm without a manager, I just look around for random objects, especially things with numbers and special characters.
I'll do as long a sentence as I can easily remember. Something silly, a memorable movie quote, an explanation of what the profile/app is for, a reminder for why I use the profile/app, goal I have in the area of life I need to use the app for.
Since most password fields require special characters, I'll slap an exclamation point or question mark at the end to complete the sentence. Sometimes I'll think to use a sentence that already has a number and type the digit instead of spelling it out. Or I'll just use a 2 for too or to.
Let's just say the book known as A Pickle for the Knowing Ones is surprisingly useful as a book cipher book if the book cipher is designated to construct passwords.
I use a password manager, and for that I take an uncommon saying, transcribe the first letter of each word in a leet-like code with a couple of modifications. This gives you a very long and secure password.
I only need a couple “real” passwords. They are long, complex, and backed by 2fa
Historically I re-used things from personal history. I know I shouldn’t but they’re easier to remember since I already memorized them. Usually they’re not public data, more like
my first PIN of my first ever bank card is now additional authentication for my app with my current bank
one password is the name and IP (with substitutions) of one of my favorite servers from a job 15 years ago when I ran my own lab
I gotta admit, I still have some trivial passwords for things that seem trivial
But my passwords are mostly generated (and the password to that is complex and unique, plus requires additional Auth). Anything from the last couple years also has a unique generated email
My company is pretty serious about such things: I have generated passwords, two separate 2fa apps and a yubikey. Plus they have some annoying shit on the laptop that is sometimes annoying
In the couple places where I don't use a password manager, I make up a silly sentence and use the first letter of each word and then mix in numbers and symbols. I guess that means the letters I use end up not being evenly distributed, but I think it'll be alright.