@@MichaelJessen That's a good topic. What I do is save them to a file (plain text) in a Cryptomator-encrypted folder. That allows them to be backed up, and accessible as and where needed. The "traditional" approach is to print them out and put them in a safe location. In theory that works, but people often lose them, and have a less-than-appropriate definition of "safe place".
@@mrmifflin I'd involve a trusted friend or family member to do it for them. But with a password vault they need only remember one thing. (And I'll absolutely admit there's no simple solution to this scenario.)
I could not disagree more with your advice. Password keeper programs are far more likely to be hacked than the notebook I keep in my desk (that no one else has access to). I will never keep all my passwords in one place online.
Consider that it's probably a very good idea to write down your passwords, including the one to the password manager, so that if something were to happen to you, someone can get into areas for you. I have a list of sites, usernames, and passwords so that if I'm incapacitated someone can act in my stead. Also something to consider... The target audience of AARP are older people who are going to be using a tablet or laptop in their home. They're retired and a password list on paper in their home is only at risk if people break into their home and decide to go through their papers for records (it's more likely jewelry and electronics will be at risk). These people can use a password manager, and the likely result is that because of complex password requirements, they'll write down the password to their password manager and every one of their passwords will be just as insecure as that piece of paper. And yes, I've seen people forget how to get into their password manager because they got a new monitor and it looks different so it confused them. And they then pull out the paper with their password manager password. After a long time of telling people to write down their password, and then telling them not to, I'm not sure either way is better or worse.
Just because someone is retured doesn't mean they're incapable. Yes, preparing for death or other incapacity is important, but need ONLY be the password to a password vault. Then, by definition, everything within the vault is present and up-to-date. I've written/spoken about this here: askleo.com/preparing-for-the-ultimate-disaster/ (video coming in a couple of weeks).
@@ChibiKeruchan Then your wife throws away the shampoo bottle because it's empty. I mention this because I can't keep an empty bottle anywhere in the house. My wife will detect it and recycle it. No matter where I try to hide it.
I am an elderly retired engineer (have been programming computers since 1968) and use a password protected XL file for my passwords. The password to this file contains a non-keyboard ASCII character (as does the PC itself) and I believe it to be pretty unhackable.
I'm 73 and use a password manager. ALL of my passwords are generated by the PWM and thus are unique 16 random characters. The master key is a longer passphrase. I was relieved to find that you recommended exactly that. Using the PWM is much easier than looking up and correctly typing long passwords.
This is what I do. I use Excel and save the file with a password. I use lines for different entries and I use columns to write down the type ot entry (emails, stores, and so on), addresses, logins, passwords, contacts (like sellers), store type, phone numbers, orders, whatever, 1 column for every field that I am interested in. This way, I can sort the entries any way I want. Instead of Excel, you can use Word or Notepad. If I still want more security, I can encript the file with winrar or similar software. This way I only need to remember 1 or 2 passwords and leave the file on my desktop. Then I store a backup somewhere else, like, on another PC, laptop, flash drive, external drive, you get the idea. If I also want to access the password file anywhere in the world, I upload a copy of the password file to some cloud, like google drive, onedrive, mega, rapidgator, nitroflare, ...
Yep, that's exactly what I do, too. I just put the passwords and related info in a Word document, then encrypt it using 7zip and save it on my computer. And for remote access if i ever need it, I emailed a copy of the encrypted doc to myself.
At least 99% of the passwords I use are for corporate web apps for where I work, and websites for my personal use. The only passwords that don't work in my browser are the ones I need to log into the corporate domain. And the corporate rules for domain passwords are just idiotic. Inadequate length requirements, along with bizarre prescriptions for alpha, numeric and symbols. It's really hard to remember whatever I dream up to meet the requirements, and no, I can't get a password manager to type it in for me; I'm not logged in. To make matters worse, we have to change our insane passwords every three months, whether the network has been compromised or not. So muscle memory and regular memory goes out the window on a three month schedule.
One of the problems with something like LastPass is that it too frequently fills the wrong password; so I MUST either use my brain's memory to put in the correct one, or I need to look for the correct password in Vault. And then still type in the needed password. But in general fairly short password choices with a few bits of complexity ARE my practices. As for actually physically writing my passwords,.... that is tricky. I avoid stating my actual practice here.
Keeping your written list under lock and key is probably a bad idea, though. As a general rule, it's much easier to hide your valuables in inconspicuous places, than it is to hide a bulky safe or anything with a lock. Especially a piece of paper with passwords. Works better against your family, because they will know all about the safe and the locked drawers, and all those kinds of obvious places, anyway. If you have kids, they can know more than you think. Usually drawers can also be lock-picked with a paper-clip or something. Works better against your friends as well, because they don't know your house like you do. And if a """"friend"""" is left alone in your home and decides to go through your stuff, there's also a higher chance they'll find a bulky safe than a piece of paper. Works better with burglars for the same reason. And when it comes to burglars, you also don't want things locked, you want them well hidden. Because locks are completely useless and maybe even dangerous, unless no one's home. If they find the safe, the safe is open, because burglars carry with them the universal keys called knife-to-your-throat or gun-to-your-head, which are also very unhealthy to you. It's for that reason that I personally feel like having a safe at home is actually rather dangerous. And more so if any of your friends learns about it. My personal preference is for hidden compartments. The imagination is the limit. A fake electrical plug on a wall, can be a great little nook to hide small things, and absolutely no one will ever suspect it. The safe no one ever suspects to exist, is the best safe you can ever have. There's also furniture with hidden compartments. Many of them aren't that well hidden, so you have to choose very wisely. Some work with magnets, which can be bad if you misplace the magnet (long term, the magnet can also mark the wood, which is bad). The best example that I've ever seen is the _Secret Compartment Box II,_ built by the youtuber Dustin Penner. The hidden drawer is well disguised as part of the lower rim, and the "key" to the drawer is even part of the box itself, in a completely inconspicuous way. Pretty damn brilliant, imo.
Sorry, I will continue to use my easy to remember and type passwords so that I don't have to reset them every time I use a web site that I only access once or twice/year. Also, I keep them all in an alphabetized address book in my home office desk drawer. I have both mine and my husband's in there so if one of us should pass away--we would have access to everything we need.
Not an universal advice! Depends on the individual. I, for example, live alone - no peek possible. If and when I die or am incapacitated (Alzheimer, hospital), nobody knows my practical details. So there is a cardboard file, prominently visible, labeled "In case of decease", which records everything necessary: not only passwords but also the financial accounts I have, the medical data, the websites I have an account with but also realworld associations I am a member or user, the phone and bank card and ID codes, whatever. Along with the list of people to inform. For things "For my eyes only" I have created a selfmade "alphabet". I am also a bit paranoid. Each website or app must store your password, and I don't trust their personnel or hacking vulnerability. That's one password at a time. Instead, the password manager people can access all your passwords in one go! Brrr! Frightening. And then, I use various machines to access the internet: a desktop, a laptop, a iPad tablet and a smartphone. Password management differs, and I don't want to multiply the copies of my passwords list.
i also write down my passwords ~ i live alone & no one visits me at my new location ~ my passwords are long & complicated so i have to or else having to forever change them ~ one thing i also like to do is spell words wrong in some of them ~ as an alone person writing them down is also for when i expire or get deleted from this world ~
Keeper used to be free for the basic limited function version. I became dependent. Now they've changed their policy. I feel it's extortion and how do I know KEEPER wont be universally compromised or is without some back door portals?
And then they tell you, you have to ad an extra this or that on the end that isn't a letter and then a number as well. So things have become more and more painful since computerisation started thirty years go. Back then, we had a couple of passwords to remember. NOW WE HAVE HUNDREDS. And they're impossible. The computerised world has made life unliveable.
HI, thank you for the video. Do you have a secured Back up of your passwords (digital or printed) in the case Password manager service is for some reason down or unavailable? and if you do and it's digital do you encrypt it as well?
I often think I have dementia because the saved password, written down password agree but when I type it in. it gets rejected. This seems to happen when any company updates a program. If you don't want it written down and others say don't use PW Managers how are to to remember all those special passwords we have to create almost monthly?
Yesterday my computer wouldn't start until I had logged into Microsoft. It doesn't usually do this, and I don't know why. Any computer-based password "vault" wasn't available to me. Because it's complicated, I certainly can't remember it. Scary, hey?
Leo! Writing Down Passwords. Consider this. Husband and Wife where the Husband is the sole user of the computer and the Wife has little or no knowledge of using PC’s. He has created accounts on the internet for his Banking, Share Trading, Email, -- You get the idea! He passes away and the wife or the Executor of his Estate is left stuck trying to sort out all the on-line accounts. The can’t find the passwords or even the user names of the on-line accounts in order to close them or transfer funds in those accounts to the wife’s account. In this case writing down complete information about on-line accounts is very important. Type up the information, print it out, attach it to your Will and delete the file from the pc.
I still haven't seen an explanation of why a password manager isn't a one-stop-shop for the bad guys. Instead of having to hack all your systems and passwords to get at all your stuff, if you use a password manager they only have to hack one.
As you say, I use a password manager, cryptic password are REALLY hard to type and not get you locked out of an account as you either got it wrong too many times, or it timed out. However, when it comes to my 90 year old aunt, I really hope she has written them down on paper, otherwise I'm going to be in a real pickle when she asks for help. Her using another program (password manager), please no - that's from experience supporting her. If I did I'd get called for a visit, "So where is XXX password", It's in that thing you put there the other day, "So what's the password managers password ?", I don't know, it's in that thing you put there - I did what was suggested and put them all in there, and now I cannot pay my power bill. As for someone else seeing her paper password list on her desk, that is the least of her problems, the main one is she now has an intruder in her house, forget the computer, get out of there, call the police.
I have 63 accounts written on my password list at work alone. There are simply too many to remember. Many of them protect absolutely nothing of any importance. I have a training portal that has zero personal info and is only used for basic mandatory trainings. Every single time I log in, I'm required to create a new 15 character password. I would be willing to give a perfect stranger my log in info for the account because there is no reason for it to be this secure. I trust my locked up and hidden list way more than some app that is likely to be breached any day now.
"likely to be breached any day now" - On this I disagree strongly. The chances of your password vault getting breached is low. Even if it happens the chances of it actually impacting you is even lower. The chances of some other technique leaking your info into the wild is much higher.
@@askleonotenboom yet multiple password managers can and have already been hacked. I'm not as worried about a coworker breaking into my locked desk as a foreign state sponsored group attacking one of these. I'll stick to my list. I think the big thing is that companies that don't hold sensitive data need to stop requiring complex passwords that change frequently. It's making passwords less secure, not more.
Given that "multiple" means any number 2 or greater, yes there have been intrusions I can recall only 2. HOWEVER, user passwords were not compromised even in those cases. You are much more likely to be compromised a myriad of other ways, many of which using a password manager helps you stay more secure.
@@askleonotenboom a simple Google search shows that more than 2 password managers have had major security flaws or breaches. And yes, I'm sure a coworker could break into a locked cabinet on security camera and make unauthorized changes to our company website or perhaps even cause me to fail my violence in the workplace training. But only 2 of the 63 passwords at work contain anything I'd actually be concerned with anyone getting into. And those have two factor authentication. My personal password list at home would be extremely difficult to locate and use even if I told you it was somewhere in my house and let you search for hours. Sorry, but I'm going to have to emphatically disagree with you on password managers. I think they are flat out a dumb idea.
Google recently improved the password manager in Chrome I believe, but prior to that it was incredibly vulnerable. So long as you were logged into Chrome - and, let's face it, most people configure it to auto-login on start up - all you had to do was call up the password management page, find the relevant website on the list and click on the show password icon. They seem to have changed that recently, as it now requires me to input my Window's password, though that seemed to start around the time I invested in MS Office, so I'm not sure whether the two events were related. In any case, I don't store anything important like banking passwords in Chrome, but I bet there are some that happily do. Just a thought - how about storing passwords on in an encrypted document?
I write down my passwords for important accounts in a way that nobody else can read them. My passwords are random, but the randomness is in my past, not on the paper. I do this by having each letter of the password being the answer to a written question I only know the answer to. For example, one of the questions is "what is the first letter of the name of the building where I crashed my bicycle." Since nobody but me knows this, this is a random letter from anyone else's point-of-view, but very easy for me to remember.
If you rely on a written list of passwords, and that piece of paper disappears, then you are screwed (or do you have a copy of that written list somewhere else?). Someone in your office decides to stick it to you, and takes your list. Your dog eats it. You are burglarized. You get a new computer, and you are locked out of all of your sites. Perhaps you can use their "Forgot Password" feature, and cross your fingers. Most password managers are easy to use, and you can save a copy of your password database on a separate drive. You can even keep a copy of your password database with a cloud storage service. If you have a strong master password, that remote copy of your password database is useless to anyone other than you. And having a copy, elsewhere, will get you out of a world of trouble if your storage drive fails, and it had your password database. Or if you are burglarized, etc. Use a password manager. Use a strong master password. Make a copy of your password database, and keep that copy in a different room (or with a neighbor or friend or cloud service). You can purchase a 1GB flash drive for under $1. It will easily hold your password database (which will likely be ~5MB or smaller).
Hi there, is it possible to recover my youtube back after I've accidentally deleted my Gmail & I can't recover it because I totally forgotten my email & password
So you deleted your GOOGLE account, which is both your UA-cam account and your Gmail account. All you can do is try the account recovery process. I'd start you here: askleo.com/access-gmail-without-phone-verification/ but be sure to try ALL the options, including google recovery at the end.
I use a password-manager since 3 years for daily use and changed to more complex passwords since then. Besides that, I have a well hidden paper-notebook to backup passwords non-digital and offline. My passwords are created by a password-generator (minimum 16 characters, letters capitalized and non-capitalized, numbers and additional characters). I copy them temporarily in a text-editor and sometimes edit them further more, to print them afterwards glue the printout into my paper-notebook. The notebook itself is well hidden (at first I needed several hours to find it by myself). I have a fake paper-notebook hidden not so well.
I have a lot of things that need passwords and at times they need to be used as in switching users or an error of any kind , I find some times loging on with my creds they have no record of me , but later it will
Regular .txt or .docx files are generally not encrypted, so anyone who has access to your flash drive has access to your login information. If you are going to do something like this, I'd recommend using a Keepass database file (.kdbx). You then have searchability, hierarchical organization of entries, easy copy/paste, the ability to link a browser extension, and the database is encrypted using a password, a password+keyfile, or password+Yubikey combination. It's then trivial to copy the file anywhere you like as a backup. Keepass and KeepassXC are pretty light applications, so you won't need to be concerned with them using too many computer resources just to manage your login information. The caveat is you will need to construct an easy-to-remember (or easy-to-reconstruct) password or passphrase that you can readily type in when you open the database. If you don't know how, Leo has an article and video on this very topic. I have a few methods of my own, as well.
Nordpass, Bitwarden, Zoho Vault, Keepass (or KeepassXC), ProtonPass, and Synology C2 all have free options with unlimited login entries across all of your devices. Out of these, I find Bitwarden and Zoho Vault to have some of the best browser extensions with user-triggered auto-fill. I personally haven't tried Proton or Synology, because I'm quite happy paying $10/yr for Bitwarden. I have tried Nordpass, 1Password, Bitwarden, Zoho Vault, KeepassXC, and Roboform. I definitely wouldn't use LastPass.
Keepass or KeepassXC. (I've always used KeepassXC, but I presume Keepass is also unlimited.) Keepass is only for windows, iirc. If you're not on windwos you'll need KeepassXC.
Create a fake password book. Leave it prominently on your desk. Should a burglar happen by, he'll take that, and never bother looking for the real one, hidden somewhere else. Won't they be surprised later to find that none of the passwords will work.
I'm actually slowly making my own alphabet so I can write it down easily. And making a unique character for Double letters, double numbers or a double consonant.
Disagree. But it depends on discipline. There are more thieves on the internet than there are in my house. More likelihood of having so-called secure data hacked than my coded, written down passwords accessed and decoded. For most websites the security of the password is pretty irrelevant, who cares if someone hacks your BBC online account? Others are critical, such as bank accounts. Two stage authentication is then a must.
Best solution I've found is to design my own alphabet for most of the letters. Even if someone were to find my notebook, nobody will be able to understand it.
If you use a password manager, you can save your password database (probably a single, small file) to another storage device (such as a USB drive). Since you have no power, you might use some other computer, in a different location, that has power. So you take your USB drive with you, and you have your password database available to use on that other computer. But you have to trust that other computer, if you are going to load and unlock your password database on that other computer.
You may have a mobile device (battery powered) available, and need to remember certain passwords on your own even if means without password manager. Maybe you could run a password manager on the mobile devices too.
Your criticism simply does not apply to me on all counts. My passwords are random and complex. This is inconvenient but I do it anyway. Password managers can be hacked. A piece of paper cannot be hacked on the internet!!
@@askleonotenboom I would, in most cases, have time to create new passwords if they were forcibly robbed from me at gun point, or if I lost the paper. Without explaining here, I have hiding places that are simple for me (giving me quick access to them) but which no burglar would find (you would agree if I explained). This is much more secure than anything online.
I also admit writing down passwords. However I do not write it on paper. And I can probably be sure enough noone will find them out anytime soon. I won't tell you guys where they are though.
I write down on my personal book using pencil so that I can keep erasing for entering new passwords and I feel safe no one can see my book. Using password manager hackers can hack.
I agree. Leo says anyone who walks the house. That potentially might be a very few people. None of whom, I'm sure, will be au fait with what password matches which site. Or should I trust my personal access to the very people or other technically proficient others that can access it either honesty or deviously just because I've put my trust in them. I write my important info onto A4 sheet and some copies. Criticise all you you like, but it's not out there for some nefarious bastard to glean.
I use both Bitwarden and KeepassXC. The latter is not connected to the internet at all, it is stored on a flash drive. If the firm should go bust, I will still have all my passwords safe and secure. It will not go obsolete, I always check for updates.@@MarcusCactus
Well browsers password manger not so bad like the one on the macs and iPhone pretty good its also windows cross platform it can be locked as well its a lot safer than hum hum last o pass data hack
Well, I'll argue this. Keep in mind the targeted audience of AARP. Old folks. For that demographic, this is probably the best and most reasonable advice - for them.
To be clear, I'M IN THEIR AUIDIENCE. (They start grabbing people at their 50th birthday, so perhaps younger than you think.) This simply reinforces the stereotype that "old" (whatever definition you use) people are incapable. That's simply NOT TRUE.
@@askleonotenboom Agreed on that. I was also a little disappointed with AARP's approach. They really didn't even bring up the idea of using a password manager, but just went straight to the "write your passwords down" solution. Instead of talking down to their intended audience like they're clueless and helpless because they're older, they could have done a well-written segment educating readers on the basics of password managers. They fumbled the ball on that one. As for "old folks", I'm a 68+ retired sysadmin and I've seen my share of people of ALL ages with sticky notes on their monitors with passwords for all to see, and I'll attest to the fact that age is irrelevant when it comes to following best practices (or failing to).
That's a strange and persisent fallacy. The internet is not new. The 'information superhighway' went mainstream in 1995, the same year Windows 95 turned PCs into home appliances. The IBM PC came out in 1981. I figure you'd have had to be retired in 1990 to not ever had to use a computer at work, which would make you 98 years old today.
I have over 200 passwords in a book. sounds bad but it is in code, they are basically password reminders. when you have so many passwords you need to know what password is for what account/site. you cant rely on browser or third party vender's to remember your passwords.
LOL! .........don't write down your passwords and hide them in the house where only you and a trusted family member knows.... Store them on the world wide web with some big tech company. LMAO!
My password list is a list of clues that only I know. I moved around a lot as a child. Example( Hint Ages 10,14) means the addresses I was at when those ages. Example 53imaginaryroad125madeuplane. Hint first 2 records. Hint name and address of 1st girlfriend. etc:
My thoughts on why some bad advice is very bad advice.
Thankyou Leo. I'd also be interested in your thoughts on securing single-use recovery codes.
@@MichaelJessen That's a good topic. What I do is save them to a file (plain text) in a Cryptomator-encrypted folder. That allows them to be backed up, and accessible as and where needed. The "traditional" approach is to print them out and put them in a safe location. In theory that works, but people often lose them, and have a less-than-appropriate definition of "safe place".
so what is the best way for somone just getting dimentia to manage passwords
@@mrmifflin I'd involve a trusted friend or family member to do it for them. But with a password vault they need only remember one thing. (And I'll absolutely admit there's no simple solution to this scenario.)
I use a spreadsheet thats password protected. Your thouths?
Us older seniors write them down, then find a good hiding place. The only problem is, it will never be seen again by anyone
Why hide it? From whom?
Remember E.A.Poe and the Hidden Letter. Easy access but no one thinks it is what it is.
I write down passwords. However I do it in braille. Also, I live in the mountains and no one ever comes to my house.
unless they break in or have a visitor
writing things on paper keeps secrets from your computer
And makes them available to anyone who gets the paper.
@@askleonotenboom ok, so how many people have access to your personal papers? vrs how many can access your digital files?
@@mayamachine Anyone that walks into the house. Only me. (With the exception of an appropriate disaster plan.)
'writing things on paper keeps secrets from your computer' - that was _intended_ to be a joke, right?
@@askleonotenboom where are you writing down your password manager password? Same issue, different dress.
I could not disagree more with your advice. Password keeper programs are far more likely to be hacked than the notebook I keep in my desk (that no one else has access to). I will never keep all my passwords in one place online.
Exactly!
Consider that it's probably a very good idea to write down your passwords, including the one to the password manager, so that if something were to happen to you, someone can get into areas for you. I have a list of sites, usernames, and passwords so that if I'm incapacitated someone can act in my stead. Also something to consider... The target audience of AARP are older people who are going to be using a tablet or laptop in their home. They're retired and a password list on paper in their home is only at risk if people break into their home and decide to go through their papers for records (it's more likely jewelry and electronics will be at risk). These people can use a password manager, and the likely result is that because of complex password requirements, they'll write down the password to their password manager and every one of their passwords will be just as insecure as that piece of paper. And yes, I've seen people forget how to get into their password manager because they got a new monitor and it looks different so it confused them. And they then pull out the paper with their password manager password. After a long time of telling people to write down their password, and then telling them not to, I'm not sure either way is better or worse.
Just because someone is retured doesn't mean they're incapable. Yes, preparing for death or other incapacity is important, but need ONLY be the password to a password vault. Then, by definition, everything within the vault is present and up-to-date. I've written/spoken about this here: askleo.com/preparing-for-the-ultimate-disaster/ (video coming in a couple of weeks).
Writing down your passwords is stupid. Don’t do it
@@SnowyRVulpix. Writing unsupported statements is stupid. Don't do it.
I do you one better. convert your password to QR code.
and attach it to one of your favorite shampoo bottle.
thank me later.
@@ChibiKeruchan Then your wife throws away the shampoo bottle because it's empty. I mention this because I can't keep an empty bottle anywhere in the house. My wife will detect it and recycle it. No matter where I try to hide it.
Sir, keep up the good work.
Too many people ignore commons sense and basic cyber security. I use your videos to get the point across.
I am an elderly retired engineer (have been programming computers since 1968) and use a password protected XL file for my passwords. The password to this file contains a non-keyboard ASCII character (as does the PC itself) and I believe it to be pretty unhackable.
I'm 73 and use a password manager. ALL of my passwords are generated by the PWM and thus are unique 16 random characters. The master key is a longer passphrase. I was relieved to find that you recommended exactly that.
Using the PWM is much easier than looking up and correctly typing long passwords.
This is what I do. I use Excel and save the file with a password. I use lines for different entries and I use columns to write down the type ot entry (emails, stores, and so on), addresses, logins, passwords, contacts (like sellers), store type, phone numbers, orders, whatever, 1 column for every field that I am interested in. This way, I can sort the entries any way I want. Instead of Excel, you can use Word or Notepad. If I still want more security, I can encript the file with winrar or similar software. This way I only need to remember 1 or 2 passwords and leave the file on my desktop. Then I store a backup somewhere else, like, on another PC, laptop, flash drive, external drive, you get the idea. If I also want to access the password file anywhere in the world, I upload a copy of the password file to some cloud, like google drive, onedrive, mega, rapidgator, nitroflare, ...
Yep, that's exactly what I do, too. I just put the passwords and related info in a Word document, then encrypt it using 7zip and save it on my computer. And for remote access if i ever need it, I emailed a copy of the encrypted doc to myself.
At least 99% of the passwords I use are for corporate web apps for where I work, and websites for my personal use. The only passwords that don't work in my browser are the ones I need to log into the corporate domain. And the corporate rules for domain passwords are just idiotic. Inadequate length requirements, along with bizarre prescriptions for alpha, numeric and symbols. It's really hard to remember whatever I dream up to meet the requirements, and no, I can't get a password manager to type it in for me; I'm not logged in. To make matters worse, we have to change our insane passwords every three months, whether the network has been compromised or not. So muscle memory and regular memory goes out the window on a three month schedule.
One of the problems with something like LastPass is that it too frequently fills the wrong password; so I MUST either use my brain's memory to put in the correct one, or I need to look for the correct password in Vault. And then still type in the needed password. But in general fairly short password choices with a few bits of complexity ARE my practices. As for actually physically writing my passwords,.... that is tricky. I avoid stating my actual practice here.
Keeping your written list under lock and key is probably a bad idea, though. As a general rule, it's much easier to hide your valuables in inconspicuous places, than it is to hide a bulky safe or anything with a lock. Especially a piece of paper with passwords. Works better against your family, because they will know all about the safe and the locked drawers, and all those kinds of obvious places, anyway. If you have kids, they can know more than you think. Usually drawers can also be lock-picked with a paper-clip or something.
Works better against your friends as well, because they don't know your house like you do. And if a """"friend"""" is left alone in your home and decides to go through your stuff, there's also a higher chance they'll find a bulky safe than a piece of paper.
Works better with burglars for the same reason. And when it comes to burglars, you also don't want things locked, you want them well hidden. Because locks are completely useless and maybe even dangerous, unless no one's home. If they find the safe, the safe is open, because burglars carry with them the universal keys called knife-to-your-throat or gun-to-your-head, which are also very unhealthy to you.
It's for that reason that I personally feel like having a safe at home is actually rather dangerous. And more so if any of your friends learns about it.
My personal preference is for hidden compartments. The imagination is the limit. A fake electrical plug on a wall, can be a great little nook to hide small things, and absolutely no one will ever suspect it. The safe no one ever suspects to exist, is the best safe you can ever have. There's also furniture with hidden compartments. Many of them aren't that well hidden, so you have to choose very wisely. Some work with magnets, which can be bad if you misplace the magnet (long term, the magnet can also mark the wood, which is bad). The best example that I've ever seen is the _Secret Compartment Box II,_ built by the youtuber Dustin Penner. The hidden drawer is well disguised as part of the lower rim, and the "key" to the drawer is even part of the box itself, in a completely inconspicuous way. Pretty damn brilliant, imo.
You seem to have particularly mean family and "friends"! What about cutting ties loose?
@@MarcusCactus Nothing that I said was referring to my own family or friends.
Sorry, I will continue to use my easy to remember and type passwords so that I don't have to reset them every time I use a web site that I only access once or twice/year. Also, I keep them all in an alphabetized address book in my home office desk drawer. I have both mine and my husband's in there so if one of us should pass away--we would have access to everything we need.
Not an universal advice! Depends on the individual.
I, for example, live alone - no peek possible.
If and when I die or am incapacitated (Alzheimer, hospital), nobody knows my practical details. So there is a cardboard file, prominently visible, labeled "In case of decease", which records everything necessary: not only passwords but also the financial accounts I have, the medical data, the websites I have an account with but also realworld associations I am a member or user, the phone and bank card and ID codes, whatever. Along with the list of people to inform.
For things "For my eyes only" I have created a selfmade "alphabet".
I am also a bit paranoid. Each website or app must store your password, and I don't trust their personnel or hacking vulnerability. That's one password at a time. Instead, the password manager people can access all your passwords in one go! Brrr! Frightening.
And then, I use various machines to access the internet: a desktop, a laptop, a iPad tablet and a smartphone. Password management differs, and I don't want to multiply the copies of my passwords list.
i also write down my passwords ~ i live alone & no one visits me at my new location ~ my passwords are long & complicated so i have to or else having to forever change them ~ one thing i also like to do is spell words wrong in some of them ~ as an alone person writing them down is also for when i expire or get deleted from this world ~
Keeper used to be free for the basic limited function version. I became dependent. Now they've changed their policy. I feel it's extortion and how do I know KEEPER wont be universally compromised or is without some back door portals?
And then they tell you, you have to ad an extra this or that on the end that isn't a letter and then a number as well. So things have become more and more painful since computerisation started thirty years go. Back then, we had a couple of passwords to remember. NOW WE HAVE HUNDREDS. And they're impossible. The computerised world has made life unliveable.
Use a password manager. That way you need remember only one password, and the passwords you use online can be as complex as you like.
@@askleonotenboom I do, and even it isn't infallible.
I use keypass with a key file and secure master password. All other passwords have a "system" that I use to create that is easy, for me, to remember.
HI, thank you for the video. Do you have a secured Back up of your passwords (digital or printed) in the case Password manager service is for some reason down or unavailable? and if you do and it's digital do you encrypt it as well?
Yes and yes. I regularly export my 1Password database, and store that encrypted.
You are right Leo. Everything is so insecure nowadays. Storms, tornadoes, fire etc can cause you to lose things.
I often think I have dementia because the saved password, written down password agree but when I type it in. it gets rejected. This seems to happen when any company updates a program. If you don't want it written down and others say don't use PW Managers how are to to remember all those special passwords we have to create almost monthly?
Use password managers. I disagree strongly with whoever is telling you not to.
Yesterday my computer wouldn't start until I had logged into Microsoft. It doesn't usually do this, and I don't know why. Any computer-based password "vault" wasn't available to me. Because it's complicated, I certainly can't remember it. Scary, hey?
Leo!
Writing Down Passwords.
Consider this. Husband and Wife where the Husband is the sole user of the computer and the Wife has little or no knowledge of using PC’s.
He has created accounts on the internet for his Banking, Share Trading, Email, -- You get the idea!
He passes away and the wife or the Executor of his Estate is left stuck trying to sort out all the on-line accounts. The can’t find the passwords or even the user names of the on-line accounts in order to close them or transfer funds in those accounts to the wife’s account.
In this case writing down complete information about on-line accounts is very important. Type up the information, print it out, attach it to your Will and delete the file from the pc.
Sounds exactly like my situation. We solve it with a password manager that allows us to share entries. (1Password)
@@askleonotenboom Not a solution when you are living alone. Far'away family. And no friend enough to trust.
I still haven't seen an explanation of why a password manager isn't a one-stop-shop for the bad guys. Instead of having to hack all your systems and passwords to get at all your stuff, if you use a password manager they only have to hack one.
Exactly!
Or write down mnemonics that only you understand. A password of a password, to generalize. Good luck to anyone trying to decode that.
I used to do that (my wife still does), but I found that I couldn't always decipher my own passwords correctly!
As you say, I use a password manager, cryptic password are REALLY hard to type and not get you locked out of an account as you either got it wrong too many times, or it timed out.
However, when it comes to my 90 year old aunt, I really hope she has written them down on paper, otherwise I'm going to be in a real pickle when she asks for help. Her using another program (password manager), please no - that's from experience supporting her.
If I did I'd get called for a visit, "So where is XXX password", It's in that thing you put there the other day, "So what's the password managers password ?", I don't know, it's in that thing you put there - I did what was suggested and put them all in there, and now I cannot pay my power bill.
As for someone else seeing her paper password list on her desk, that is the least of her problems, the main one is she now has an intruder in her house, forget the computer, get out of there, call the police.
I have 63 accounts written on my password list at work alone. There are simply too many to remember. Many of them protect absolutely nothing of any importance. I have a training portal that has zero personal info and is only used for basic mandatory trainings. Every single time I log in, I'm required to create a new 15 character password. I would be willing to give a perfect stranger my log in info for the account because there is no reason for it to be this secure. I trust my locked up and hidden list way more than some app that is likely to be breached any day now.
"likely to be breached any day now" - On this I disagree strongly. The chances of your password vault getting breached is low. Even if it happens the chances of it actually impacting you is even lower. The chances of some other technique leaking your info into the wild is much higher.
@@askleonotenboom yet multiple password managers can and have already been hacked. I'm not as worried about a coworker breaking into my locked desk as a foreign state sponsored group attacking one of these. I'll stick to my list. I think the big thing is that companies that don't hold sensitive data need to stop requiring complex passwords that change frequently. It's making passwords less secure, not more.
Given that "multiple" means any number 2 or greater, yes there have been intrusions I can recall only 2. HOWEVER, user passwords were not compromised even in those cases. You are much more likely to be compromised a myriad of other ways, many of which using a password manager helps you stay more secure.
@@askleonotenboom a simple Google search shows that more than 2 password managers have had major security flaws or breaches. And yes, I'm sure a coworker could break into a locked cabinet on security camera and make unauthorized changes to our company website or perhaps even cause me to fail my violence in the workplace training. But only 2 of the 63 passwords at work contain anything I'd actually be concerned with anyone getting into. And those have two factor authentication.
My personal password list at home would be extremely difficult to locate and use even if I told you it was somewhere in my house and let you search for hours.
Sorry, but I'm going to have to emphatically disagree with you on password managers. I think they are flat out a dumb idea.
You should have one password at work. That's what SSO (single sign on) was invented for.
Google recently improved the password manager in Chrome I believe, but prior to that it was incredibly vulnerable.
So long as you were logged into Chrome - and, let's face it, most people configure it to auto-login on start up - all you had to do was call up the password management page, find the relevant website on the list and click on the show password icon. They seem to have changed that recently, as it now requires me to input my Window's password, though that seemed to start around the time I invested in MS Office, so I'm not sure whether the two events were related. In any case, I don't store anything important like banking passwords in Chrome, but I bet there are some that happily do.
Just a thought - how about storing passwords on in an encrypted document?
I write down my passwords for important accounts in a way that nobody else can read them. My passwords are random, but the randomness is in my past, not on the paper. I do this by having each letter of the password being the answer to a written question I only know the answer to. For example, one of the questions is "what is the first letter of the name of the building where I crashed my bicycle." Since nobody but me knows this, this is a random letter from anyone else's point-of-view, but very easy for me to remember.
If you rely on a written list of passwords, and that piece of paper disappears, then you are screwed (or do you have a copy of that written list somewhere else?).
Someone in your office decides to stick it to you, and takes your list.
Your dog eats it.
You are burglarized. You get a new computer, and you are locked out of all of your sites. Perhaps you can use their "Forgot Password" feature, and cross your fingers.
Most password managers are easy to use, and you can save a copy of your password database on a separate drive. You can even keep a copy of your password database with a cloud storage service. If you have a strong master password, that remote copy of your password database is useless to anyone other than you. And having a copy, elsewhere, will get you out of a world of trouble if your storage drive fails, and it had your password database. Or if you are burglarized, etc.
Use a password manager.
Use a strong master password.
Make a copy of your password database, and keep that copy in a different room (or with a neighbor or friend or cloud service). You can purchase a 1GB flash drive for under $1. It will easily hold your password database (which will likely be ~5MB or smaller).
What if a group manages to hack the password manager. It just sounds like a juicy target.
their business model is based on offering a free version and eventually extortion to continue to use even the most basic access
Hi there, is it possible to recover my youtube back after I've accidentally deleted my Gmail & I can't recover it because I totally forgotten my email & password
So you deleted your GOOGLE account, which is both your UA-cam account and your Gmail account. All you can do is try the account recovery process. I'd start you here: askleo.com/access-gmail-without-phone-verification/ but be sure to try ALL the options, including google recovery at the end.
I use a password-manager since 3 years for daily use and changed to more complex passwords since then. Besides that, I have a well hidden paper-notebook to backup passwords non-digital and offline. My passwords are created by a password-generator (minimum 16 characters, letters capitalized and non-capitalized, numbers and additional characters). I copy them temporarily in a text-editor and sometimes edit them further more, to print them afterwards glue the printout into my paper-notebook. The notebook itself is well hidden (at first I needed several hours to find it by myself). I have a fake paper-notebook hidden not so well.
Thanks Leo! good one!
Great. Now I not only don't know what a password manager is, I've got an idea, but don't know which ones are good. LOL
I have a lot of things that need passwords and at times they need to be used as in switching users or an error of any kind , I find some times loging on with my creds they have no record of me , but later it will
what if power fails I do write down passwords in a safe place
or keep it in notepad on a pendrive flash drive is that ok is that safe still
Regular .txt or .docx files are generally not encrypted, so anyone who has access to your flash drive has access to your login information. If you are going to do something like this, I'd recommend using a Keepass database file (.kdbx). You then have searchability, hierarchical organization of entries, easy copy/paste, the ability to link a browser extension, and the database is encrypted using a password, a password+keyfile, or password+Yubikey combination. It's then trivial to copy the file anywhere you like as a backup. Keepass and KeepassXC are pretty light applications, so you won't need to be concerned with them using too many computer resources just to manage your login information.
The caveat is you will need to construct an easy-to-remember (or easy-to-reconstruct) password or passphrase that you can readily type in when you open the database. If you don't know how, Leo has an article and video on this very topic. I have a few methods of my own, as well.
A most interesting suggestion made!
It's safe if you encrypt the file, but otherwise, no, it's not safe if anyone who gets access to the flash drive can just open the file.
My dog ate my passwords
The password managers do not hold the pwds for the main programs like Google, apple, microsoft. Why
They do for me. And even if they don't auto fill, you can copy paste.
Are there free password managers that offer unlimited password storage? If yes, can you make a video on it? Thanks.
Bitwarden?
Nordpass, Bitwarden, Zoho Vault, Keepass (or KeepassXC), ProtonPass, and Synology C2 all have free options with unlimited login entries across all of your devices. Out of these, I find Bitwarden and Zoho Vault to have some of the best browser extensions with user-triggered auto-fill. I personally haven't tried Proton or Synology, because I'm quite happy paying $10/yr for Bitwarden. I have tried Nordpass, 1Password, Bitwarden, Zoho Vault, KeepassXC, and Roboform. I definitely wouldn't use LastPass.
Keepass or KeepassXC. (I've always used KeepassXC, but I presume Keepass is also unlimited.)
Keepass is only for windows, iirc. If you're not on windwos you'll need KeepassXC.
Thanks @@andy_3_913
Bitwarden is great in my experience
Create a fake password book. Leave it prominently on your desk. Should a burglar happen by, he'll take that, and never bother looking for the real one, hidden somewhere else. Won't they be surprised later to find that none of the passwords will work.
i write down passwords in a code. example: nme-by-pt, Name-birth year-pet name. Every 4th letter in caps
I'm actually slowly making my own alphabet so I can write it down easily. And making a unique character for Double letters, double numbers or a double consonant.
Sure, I printed out my Onepass passwords and taped them to the wall next to my computer.
Disagree. But it depends on discipline. There are more thieves on the internet than there are in my house. More likelihood of having so-called secure data hacked than my coded, written down passwords accessed and decoded. For most websites the security of the password is pretty irrelevant, who cares if someone hacks your BBC online account? Others are critical, such as bank accounts. Two stage authentication is then a must.
Best solution I've found is to design my own alphabet for most of the letters. Even if someone were to find my notebook, nobody will be able to understand it.
20-30 character password? That's not going on paper, but a in text file haha. Especially ones that expire.
what if power fails and you cant get at anything??
Well, then you won't be signing in to anything, will you? :-)
If you use a password manager, you can save your password database (probably a single, small file) to another storage device (such as a USB drive).
Since you have no power, you might use some other computer, in a different location, that has power. So you take your USB drive with you, and you have your password database available to use on that other computer.
But you have to trust that other computer, if you are going to load and unlock your password database on that other computer.
You may have a mobile device (battery powered) available, and need to remember certain passwords on your own even if means without password manager. Maybe you could run a password manager on the mobile devices too.
Your criticism simply does not apply to me on all counts. My passwords are random and complex. This is inconvenient but I do it anyway. Password managers can be hacked. A piece of paper cannot be hacked on the internet!!
But it can be lost or stolen at home.
@@askleonotenboom I would, in most cases, have time to create new passwords if they were forcibly robbed from me at gun point, or if I lost the paper. Without explaining here, I have hiding places that are simple for me (giving me quick access to them) but which no burglar would find (you would agree if I explained). This is much more secure than anything online.
I also admit writing down passwords. However I do not write it on paper. And I can probably be sure enough noone will find them out anytime soon. I won't tell you guys where they are though.
I write down on my personal book using pencil so that I can keep erasing for entering new passwords and I feel safe no one can see my book. Using password manager hackers can hack.
I agree. Leo says anyone who walks the house.
That potentially might be a very few people. None of whom, I'm sure, will be au fait with what password matches which site.
Or should I trust my personal access to the very people or other technically proficient others that can access it either honesty or deviously just because I've put my trust in them.
I write my important info onto A4 sheet and some copies.
Criticise all you you like, but it's not out there for some nefarious bastard to glean.
Also, if you lose your notepad all of your passwords will be gone. Password managers can't get lost or be destroyed.
But password managers can get hacked.
And password management firms can go bust.
And technology can make your PMsystem obsolete.
I use both Bitwarden and KeepassXC. The latter is not connected to the internet at all, it is stored on a flash drive. If the firm should go bust, I will still have all my passwords safe and secure. It will not go obsolete, I always check for updates.@@MarcusCactus
Well browsers password manger not so bad like the one on the macs and iPhone pretty good its also windows cross platform it can be locked as well its a lot safer than hum hum last o pass data hack
Problem is, passwords be stored in one browser on one device. Maybe a way to use same browser on more than one device?
I use only one password for all.
AARP... I'm 69 and counting, haven't fallen for any of their suggestion.
Well, I'll argue this.
Keep in mind the targeted audience of AARP.
Old folks.
For that demographic, this is probably the best and most reasonable advice - for them.
To be clear, I'M IN THEIR AUIDIENCE. (They start grabbing people at their 50th birthday, so perhaps younger than you think.) This simply reinforces the stereotype that "old" (whatever definition you use) people are incapable. That's simply NOT TRUE.
@@askleonotenboom Agreed on that. I was also a little disappointed with AARP's approach. They really didn't even bring up the idea of using a password manager, but just went straight to the "write your passwords down" solution. Instead of talking down to their intended audience like they're clueless and helpless because they're older, they could have done a well-written segment educating readers on the basics of password managers. They fumbled the ball on that one. As for "old folks", I'm a 68+ retired sysadmin and I've seen my share of people of ALL ages with sticky notes on their monitors with passwords for all to see, and I'll attest to the fact that age is irrelevant when it comes to following best practices (or failing to).
That's a strange and persisent fallacy. The internet is not new. The 'information superhighway' went mainstream in 1995, the same year Windows 95 turned PCs into home appliances. The IBM PC came out in 1981. I figure you'd have had to be retired in 1990 to not ever had to use a computer at work, which would make you 98 years old today.
@@user-iy6rm6pm4j Interestingly enough I've been exchanging email with a gentleman who's TEACHING tech. He's 100. 👍🏻👍🏻
@@askleonotenboom, I have known a few old people. Some of them are INCAPABLE. Stubborn; not understand; confused.
hi leo
Write them in an archaic alphabet or something.
I have over 200 passwords in a book. sounds bad but it is in code, they are basically password reminders. when you have so many passwords you need to know what password is for what account/site. you cant rely on browser or third party vender's to remember your passwords.
LOL! .........don't write down your passwords and hide them in the house where only you and a trusted family member knows.... Store them on the world wide web with some big tech company. LMAO!
You think you're being sarcastic, but you're actually correct. A properly implemented and encrypted password manager is safer. Period.
nice hairdo
My password list is a list of clues that only I know. I moved around a lot as a child. Example( Hint Ages 10,14) means the addresses I was at when those ages. Example 53imaginaryroad125madeuplane. Hint first 2 records. Hint name and address of 1st girlfriend. etc:
thanks for the ancient advice, invest in memory.