If you think having a backup is too expensive, try not having one

[harborsparrow]

That is dangerous in companies that deal with classified data. A security person will see that, try it, and you will be fired. A password safe is a better place to store passwords. In the old days, that was a physical safe. Now it is an app.

Of course I would not have done it in that situation. But USGS had been very heavy handed, coming in and demanding that we send them all our data but without even understanding why our data model was more complex than theirs. So we had to do all this extra work to send them dumbed-down data because they didn't actually know anything useful about algae. And then they had this sanctimonious attitude about privacy and security. I was extremely underpaid and overworked, in a research institution that could barely keep its toilets functioning. When we needed that password, we needed it, and it was either write it on paper or send it over email, which would actually be worse I think.

Please understand I did admire a lot of things about USGS, but they were one of the first agencies gutted by the cutbacks of the new administration in 2016. This whole website disappeared overnight, as did the contacts we had at USGS. We couldn't even raise them on the phone and they had never given us cell phones out of an abundance of privacy zeal. And of course, a lot of our funding went with them. The algae data I worked with--a precious scientific resource reaching back to the 1960's covering streams and lakes all over the US--has now all been archived offline, whereas before the funding cuts, it was available to scientists anywhere in the world via my institution's web services.

Well, that is a vent and a digression. I knew it was boneheaded, but I'm just saying that's what people DO when password security goes overboard.

 

[gyorgiy]

That is dangerous in companies that deal with classified data. A security person will see that, try it, and you will be fired. A password safe is a better place to store passwords. In the old days, that was a physical safe. Now it is an app.

Demanding people change passwords in that way is a known risk. Password safes will eventually be cracked. I'm possibly a crackpot, but where it's important, I use an automatically-generated password once and then change a few characters to ones I can remember (and don't allow those to be saved).
BTW, I don't need it for online banking because they already have a second stage that serves the same purpose and is slightly more robust. (On the other hand, having the three-digit code printed on the same side of their debit/credit cards as all other details makes them even less secure than they were originally)

 

[FactChecker]

Demanding people change passwords in that way is a known risk. Password safes will eventually be cracked. I'm possibly a crackpot, but where it's important, I use an automatically-generated password once and then change a few characters to ones I can remember (and don't allow those to be saved).

I think I will not live long enough to worry that someone owning a quantum computer will try to crack my password safe file. IMO, by that time the technology of password safes will offer quantum safe encryption.