Password manager tip

Here’s a little tip , for people worried about passwords and security.

It’s a strategy/tip I haven’t seen mentioned anywhere, but I’m probably not the person who invented it.

A lot of people are concerned about password managers (e.g. Lastpass) because in theory, if someone had your MASTER password, then they would have instant access to all your passwords. (Which is true)

So what’s the tip?

Well… Before I get to that…

  1. Always use 2-factor authentication where possible, but ESPECIALLY on your critical identity and financial apps, e.g. email, banking, and so on.
  2. Use a password manager and long, complex passwords. Longer is more important than complex.
  3. DONT EVER use the same passwords on your critical identity and financial apps. You don’t want someone to have access to your Facebook AND email at the same time.

The most critical identity apps are like,
Facebook, email, work email, gov sites, bank and financial, etc.

What’s the theory behind the tip?
The theory is that we can add to multi factor auth with extra factors based on

  • Something you have (like your phone)
  • Something you know (like a PIN or a password)
  • Something you are (like your fingerprint)

Ok so on to the actual tip.
WHATS THE TIP???

The tip is to have the “Something you know” , the password, separated into the Password (from your Password manager) and a SECRET or a PIN which is only known to you, and not stored in the p/w manager.

So basically, your banking password will be

[Bank password] + [PIN code which you memorised]

The bank password is stored on your password manager, but the PIN isn’t. It’s in your head. It doesn’t have to be unique or complex or long, it could be something simple and memorable, but the simple fact that you have joined together 2 x “secrets” which are in multiple locations (your cloud and your brain) means that it is going to be so much harder to break.

so EVEN if someone gets your bank password, they can’t get into your bank login.

EVEN IF someone gets into your password manager, they can’t get into your email or bank login.

Simple tip but haven’t seen it promoted anywhere, so I thought I would share it.

7 Likes

Or also use Face ID.

I use that on my iPhone to login to my bank deets.

All my other stuff for financials(eg share trading etc) requires 2 factor authentication with mobile.

I just use “farkcarlton” - international hackers will never get that.

2 Likes

Send this advice to big corporate.

The FaceID on your apps doesn’t change the underlying password, which could still be compromised.

Also the 2FA normally has a ‘recovery’ backdoor which is tied to your email.

It’s hard to create an infallible system.

[email protected]

5 Likes

well yes, so if all your passwords on your password manager were incomplete unless they had ‘farkcarlton’ added to them, then that’s perfect.

e.g.
Bank password = asg$556J872F&&0farkcarlton
email password = (*&DFHn3j3nh78farkcarlton

etc

1 Like

BDB uses a different kind of biometric to sign in

ComposedLawfulAmericancrayfish-max-1mb

2 Likes

Or you can just send me your passwords and I’ll remember them for you, for a very reasonable fee.

1 Like

Is the 2FA simply a text with a code to your mobile? That’s what I mean! If you don’t have access to your phone then I guess that’s a problem. I’d probably have to go into the branch to do a 100 point check.

Other simple strategies that makes it much much harder for people to access your data at home, is to change the default password on your router/modem. It doesn’t need to be complex just different prom the standard “Admin” or “Password” that they all come with. The second tip is to start using passphrases rather than paswords. “Cal!forn!4” could be a password for example, but “Idanced!nCal!forn!4” is levels of complexity harder to hack. Add in 2-factor authentication and it makes your data very secure. My PIN will never be written down anywhere, and while I use a standard 4-5 passwords for all my socials, none of them are remotely like any I use for my financials. I could care less about my social footprint, apart from Blitz it is almost non-existent.

and “farkumpires” for your bank accounts?

Yes
There’s 2 passwords for your wifi
The password to join the wifi network
The password to access the router administration.

In order to get into the router administration you need to get onto the network with the wifi password OR have physical access to the router.

Now even if I have access to your router admin, (let’s say I parked outside your house and guessed your wifi password) , I can’t get your data that’s sitting on your laptop hard drive, unless I can log onto that, which would rely on having remote access eg RDP to Windows, open SMB file shares.
So it’s actually really unlikely that just having router access will get me any closer to your computer data.
It’s the online data that is the weak point, and your email and website passwords are the gateway to that data.

… no.

You’re one step closer.
Significant one, at that.

That’s a crude attempt to hack my accounts.

Until they prove otherwise, I refer to the corrupt AwFL game fixers as “maggots”.

Do I have to change my bank password now, or can I trust you with this?

1 Like

I use the fark x wifes name plus farkcarlton…its like double protection

protip: the whole punctuation or captial letters or whatever is a load of sht and won’t make much of a difference to a brute force attack (trying every single combination) if it’s your classic 8 characters long.

have a short sentence as your password. 20+ characters, then add an initial for the service (eg f for facebook, g for gmail, o for onlyfans)

ain’t no fkn quantum computer cracking something that long, and it’s pss easy to remember

protip would work if ■■■■ ■■■■ websites/companies would accept strings

Exactly. All this bullshit that imposed by Micro$oft and their cronies to renew passwords all the time forcing you to have all of lowercase, UPPERCASE, numb3r5, $pec!@l [email protected] etc is crap. They are just making it very difficult for people but easy for computers to hack. Fkg idiots.