How many known passwords do you have?

Privacy Questions
1

Hello, I was wondering if it was normal to have many passwords to remember even when using a password manager.

I have 2 email addresses, a phone, a computer, and a password manager. This makes 8 different passwords in total for me to remember using multi-layer security settings. These passwords are hard: passphrases with many words and some quirks and inconsistencies to make them hard to guess. The rest is stored in my password manager. I feel that I am supposed to know email passwords, device passwords, master password, and SIM code ā€œby heartā€, because I use them so often, and because it feels insecure not to know my main email address password, my master password, or my phone code.

  • Is it okay/recommended to have that many passwords to remember?
  • Which password do you consider worthy to remember?
  • How do you get by?

Thank you guys.

2

I only remember my company laptopā€™s Windows password, which is very easy to guess. I complained about password policies to my security team many times but they rejected my pleas, so every 90 days I am only changing last digit of the password :slight_smile:

All of my personal passwords are stored in password managers, and master passwords are stored in my Yubikeys as static passwords and inside the password managers.

3

your own poetry, not previously published, of course.

be sure to choose the right passage so that it will pass the test.

4

I got to 26 passwords and pin codes I have in human memory.

Including alarms codes, pins for devices and credit cards, vaults, etc etc.

1 Like
5

Since writing i already thought of 4 more. So my list isnā€™t complete haha.

1 Like
6

I only have my phone password bc it also acts as my password manager. And also the password for my desktop.

7

Pins - phone, debit card, credit card, tablet, office door at work, Signal

Passwords - Proton, KeepassDX

8

2 laptopsā€™ passphrases, 2 password managersā€™ passphrases and various PINs, including phone, tablet, physical SIM card, bank cards and Yubikeyā€™s passkey PIN.

I donā€™t know the emailā€™s password, but I have a passkey set up in the Yubikey to be able to log into the email so that I can reset passwords in case I somehow lose access to the password manager and its backup.

9

One of my few friends who uses a password manager makes it a point to remember his bank password too. I personally donā€™t think itā€™s necessary.

The only password that I know and deliberately made a point to remember is the master password to my password manager. That is it. I donā€™t know my e-mail password by heart, or any other password by heart.

That said, I understand why in an extreme scenario, one would want to remember the password to the e-mail account they use for their password manager. I personally donā€™t.

WRITE YOUR PW PHYSICALLY IN A SECRET NOTEBOOK

However, I am not against the idea of physically writing down your password mangerā€™s master password and your e-mail password on a piece of paper that is safely hidden.

I personally recommend writing it in a notebook that is safely locked and hidden, and use an invisible ink pen, which will require a UV flashlight to see the password. If you have something written on the page with a real pen, that can be a decoy too.

Like you OP, I only use longs passphrases. I donā€™t recommend using random characters, especially if youā€™re going to secretly write down your password, because in time, you might not recognize your own handwriting, and confuse a 5 with S, or a dot with dash, etcā€¦

Just use a passphrase like:

Affluent-crab-finishes-300-gorgeous-minibikes!

EMERGENCY CONTACT

Iā€™m not currently in a relationship, and one of my biggest concerns is how do I let family/next of kin access my password manager is something happens to me. If youā€™re in a long term relationship, you can tell your partner about the secret notebook and its location. But I wish password managers has a mechanism for these scenarios. I know 1Password has one, but itā€™s only if you and your family member both use 1Password. In my opinion, it shouldnā€™t work that way.

I think that say, if you use your password manager every day like I do, they should be a rule that dictates that if you havenā€™t logged in a week or a month, an emergency contact is immediately reached out to to access your account. That emergency contact should have a verification process and a limited time to respond.

10

Two. Disk decryption password, and password for pw manager (might start reusing passwords here, I donā€™t see any downsides). Not counting PINs.

11

Not a ton, I let my password manager do most of the heavy lifting, I have:

  • Password manager master password,
  • Local user account password on my work computer
  • WiFi password (because Iā€™ve had to type it in and give it out a lot)
  • PiHole local admin password (another one Iā€™ve had to type in a lot and just memorized it)
  • Various PIN codes to devices, cards and Yubikeys

I donā€™t see a point in not letting my password manager remember everything else for me, I have backups in place and a recovery plan, in the extremely unlikely event that Bitwarden fails overnight or something, I can load a backup in KeepassXC.

12

I have a similar setup, where I use KeepassXC as a backup of my 1password. Out of curiosity, do you use the same password for both? I use different ones, but since I only unlock KeepassXC to add new items once a month, Iā€™m afraid Iā€™ll end up forgetting KeepassXCā€™s password.

13

No point in using a different password, use the same one.

1 Like
14

I see. Even when using password managers, people still have to remember some passwords. My guess for the future is that passkeys wonā€™t completely remove passwords. Because even with face recognition and fingerprints, you have to remember a password/pin to setup your device (phone, computer, ipadā€¦). Thank you for your reply, I no longer feel alone remembering passwords for my devices and important stuff :wink:

15

Thatā€™s because biometrics canā€™t be used for primary authentication, the reason why is because fingerpints and faces change or can be damaged, etc.

Theyā€™re also less secure than PINs or passwords.

16

I use the same password, I donā€™t keep a full copy of my vault loaded into KeepassXC, I just have the encrypted backup available to load if needed and that copy gets replaced when I do my monthly offsite backup.

1 Like
17

This is a very curious methodology that did not immediately occur to me. I am sure that everything is purely individual, but it is a fact that a certain percentage of passwords are used constantly and the rest are stored in the database without regular use.

An additional step in ensuring security can be considered storing the main pool of the database separately, this can safeguard information in certain scenarios if the device is compromised.

I would be interested to hear the methodologies of other users on this subject, the idea of a compromised device is always in the threat modeling, in such times we live, with the advent of AI in general it is not clear how all sorts of attacks on users will become more sophisticated and complex.

Comments from the kind of ā€œcoding will soon cease to exist in the usual senseā€ from authoritative people in the industry gives rise to such thoughts.

18

I only know my password for unlock screen of my devices, SIM Code, LUKS passphrase because I need to decrypt it everytime a kernel update is done to bind it again to TPM. Since, itā€™s passphrase easier to memorize.

And hell no, I donā€™t know any other password and I heavily rely on my password manager for anything else. I donā€™t even know my email password.