World Password Day

I have a system for creating my passwords, and I never use the same password for banking or financial accounts as other non-financial accounts. All it takes is for someone’s system to be hacked and whichever password you used to get into that company’s system (take facebook.com for example). Once Facebook’s system is hacked the hacker has your password. If you use that same password for multiple sites then it’s easier for the hacker to compromise your logins. If you create a system where you add something to each login and never use the same login twice, then your accounts will be safer.  

I've always been amazed when I come across settings where the password is required to be changed every 90 days, but the user can reuse the same password and there is no password complexity required. 

Lastpass with randomly generated passwords works for me. 

One of our major clients just had their password policy updated to a minimum of 16 characters, special characters, numbers etc and we did a big internal training overview with them on phishing and also good methods of password creation such as phrases or 3 random words erc

An encrypted flash drive and text file are magic for password storage. 

I use to do something similar using a Text file then Password protected zip RAR file.

I use a password that contains a mixture of everything but the problem is, I cannot use phrases for the life of me.

I can think of my most favorite phrase, and i’ll STILL forget it and have to reset my password.

Bad practise but it is what it is!

Bitwarden for me. I figure one less thing to worry about and a lot more things to not have to worry about remembering.

Combination of a couple of password managers used in our business - LastPass and one in our documentation tool.

Trying to get customers to use a password manager on the other hand…. Especially when most have an iOS device so have Keychain for Apple devices built-in. Why is it so difficult to make them understand the benefit vs using the same password on every site?! 

Long passwords are always better.

I finally manged to convince my partner to use a password manager - I’ll be collecting my halo tomorrow!

I couldn’t possibly remember all my passwords so I use a password manager and only have to remember 1 really long password now...

My company uses 1Passowrd. We have recently deployed this product internally and externally. 

At work I mainly use KeePass so that I can share the database with my manager -- you know, the hit-by-a-bus principle whereby you need a backup. It’s secured using a passphrase. Most typically I did use several passwords or forms of those passwords. I’ve been slowly going through the devices and making unique passwords for each device. For the ones I cannot cut and paste, I will use a passphrase.

However, I must admit that I use the convenience of my browser’s own password manager for website passwords and usually go with its default suggestions when I sign on to new sites. I do use it for both my corporate and personal accounts.

too true

I use lastpass and I like using passphrases for passwords as well.

LastPass for me. We get a free family license with our business licenses, so it was a no brainer. I agree with @TylerM though on changing the term from password to passphrase. We have completely eliminated “password” from all of our documentation and replaced it with passphrase. Doing what we can to get it in everyone’s head. 

For years sites rqyuires 1 capital some lower case and a special character giving rise to Andrew1! and similar.

The sheer stupidity that three words can’t be used as phrases on many sites still confounds me, they can be used to describe all the locations on earth (as the advert says).

Password reuse is rife amongst nearly every customer I’ve ever seen “hacked” or else they typed it in to a phishing site.

I didn’t know WR had a lastpass integration / bundle.  Is this available as an MSP product?

A password manager is essential in today's environment for good password security hygiene. I am curious, however, about the need for monthly or quarterly rotation of passwords if adhering to other best practices such as non-reuse of passwords, appropriate complexity, etc.

TylerM wrote:

I always love the idea of PHRASES. Most of my passwords are in my head and most are lines from movies or TV shows. I use the spaces between the words as my special characters [BTW some logins don’t allow spaces for PWs ]

I always make sure to change it up for each login or have a set pattern for certain types of movies for certain types of logins, I won’t go into detail for obvious reasons

 

My favorite password is always got to do with one of my favorite winter foods……. soup. so you can give me 0n3T0n$0Up4M3t0d@y! anytime……… 

For me I also like the phrase or sentence to use as passwords 

We’re using lastpass at the moment, seems to work well for us. Trying to push out to our customers as well, but some don’t want to pay for this 

I am always amazed when financial institutions have pretty lax rules for passwords to sign into your account.  I have used password managers for years.  It does help a lot.

End users are going to continue to use weak passwords, they just don’t care.  We need to more away from passwords.

I’m not sure if that’s an option in business offerings will check with @csaunders