The Future of Email Account Usernames

[anorlunda]

Doesn't this kind of solution only work on one computer at a time? And only until you clear your cache?

No. I don't understand why you say that.

Here's a PW my pw generator created: nnfwjwm. I'm free to use it as I see fit without future help from the pw generator. All I have to do is memorize it, or write it down.

A longer more difficult pw could be: 7cUq6&1*H^ncr@B*ZRKoRy0Qj@O19vkvoSmrkmwp*5VSvv0jnEM&atGeDn3cqtV#
That's different, because I could never reliably type that by hand. In that case, I become
dependent on my pw manager to fill in the password when I need it.

IMO, the primary value of a pw manager is not to create passwords, but to synchronize my account info across all my devices. That way I can use long pws, and I can easily change them every 30 days for much improved security. But the price of that is dependency on my pw manager vendor.

 

[DaveC426913]

No. I don't understand why you say that.

Here's a PW my pw generator created: nnfwjwm. I'm free to use it as I see fit without future help from the pw generator. All I have to do is memorize it, or write it down.

I thought the WHOLE POINT of password management was that you DIDN'T have to memorize passwords. Do you memorize a hundred of those? What you describe is the worst of all possible worlds.

 

[anorlunda]

Do you memorize a hundred of those?

No. I go the other way, with 64 character difficult passwords that nobody could reliably type by hand. Then I never memorize, and never type in a pw by hand.

 

[DaveC426913]

No. I go the other way, with 64 character difficult passwords that nobody could reliably type by hand. Then I never memorize, and never type in a pw by hand.

Right. So where do you keep them? How secure are they? What if you lose/crash that instance? Can you use them on other devices, such as, say, an office computer?

 

[anorlunda]

Right. So where do you keep them? How secure are they? What if you lose/crash that instance? Can you use them on other devices, such as, say, an office computer?

• They are kept on the LastPass service's computers. LastPass synchronizes all of my devices.
• LastPass' security is much better than mine.
• I have a master password. There is a recovery procedure if I loose that. I put a lot of thought into choosing my master password. That's easier to do once, than do for each web site's login. I do change the master password, but not frequently.
• I also use LastPass to store non-computer info such as bank account numbers, and passwords for non-Internet computers. I can call up that information on screen, then punch it in as I look at the phone's screen.
• If I die, the executor of my estate has has my master password so that he can get access to all of my assets. Since I change passwords often, the password manager is the simplest way to keep my executor up to date.
• The probability of someone guessing my password is perhaps 1%, but the probability of me dying is 100%. I need to balance the chance of my assets being stolen, with the chance of my assets being lost after death because they can't be found or can't be accessed.
• I believe it more likely that my password is stolen by a breach of the web site's database, than that my password is guessed. That is why I change passwords often. I believe that frequent changes give more security than difficult passwords. For a few sites, LastPass partially automates the task of changing passwords.

The usual objection people have to password managers is that you must trust someone. I trust a bank to store my money. I trust the password manager to store my security info. I drive a Mazda, and I trust Mazda not to give my key code away. If I trust no-one at all, then I need to bury my assets (including the Mazda) in the ground somewhere and risk forgetting where.

LastPass is not the only competent source of password management. I'm not promoting their service.

 

[kyphysics]

Why? I have two personal emails; normal and spam. I don't think I've had a total of more than 5.

So, again: password management. You're not supposed to remember them all.

Also: recovery contact info.

I don't like writing passwords down. Always scared someone will find them. ...It's an irrational fear.

So accounts are just ones I temporarily forgot password too and then randomly remembered...but, admittedly, I do have too many for no good reason.

 

[kyphysics]

Most online accounts have recovery capability, so that's another thing about kyphysics's problem I don't understand. I have actually forgotten passwords (or didn't have access to them so I reset the password anyway), but it's never caused me to lose an account. It's really the second part that has me confused.

I don't have phone recovery, but usually have email recover.

Problem is...I sometimes would forget several email passwords, includingn the recovery one...

 

[StevieTNZ]

I don't have phone recovery, but usually have email recover.

Problem is...I sometimes would forget several email passwords, includingn the recovery one...

You clearly need a better system in place. Have a try at Googling some solutions.

 

[kyphysics]

You clearly need a better system in place. Have a try at Googling some solutions.

I've never forgotten my absolute CORE email, b/c I use it every single day. ...I just forgot the less used ones.

 

[Vanadium 50]

hey are kept on the LastPass service's computers. LastPass synchronizes all of my devices.

Actually, LastPass doesn't know your passwords.

There is a function which takes your Master Password as input and the stored password as another input, and from that, calculates the site-specific password.

Trivial example: your site-specific password is the number 4, and your master password is 7. LastPass will store 4+7=11, and when you log in their servers and your browser together subtract 7 from 11 to get 4. If you break into LastPass' server, you only get 11.

The evil dark side of this is losing your master password is very very bad.