Unless you are working in a public environment, writing things down is about as risk-free as you can get. Not something to do in a shared space with others though…
@graham I’m not tech savvy, but if a hacker can identify key-strokes, does it matter how complicated the password is?
Only if they have keylogging software installed covertly on your system often installed by clicking on links in suspect emails or websites.
Always keep your malware software up to date.
1 Like
Following advice on here, or perhaps elsewhere, I invented a common password based on a phrase very well known (but only to me) and then complicated it by altering it with numbers, capitals and symbols.
I then put it onto an external hard drive, which is only plugged in for a few minutes at a time when required, and copied and pasted it when needed. It differed for each application with a minor alteration based on the particular entity each time.
All was fine and I gradually introduced it to my system. Until I came upon a requirement which didn’t allow for copying and pasting. Then I had to write it out ‘longhand’ and the trouble began. Due to its length, a sometimes faulty keyboard and my hopelessly inaccurate arthritic fingers, I struggled to get it right and was in danger of being locked out completely.
So I have gone back for the most part to my unsafe system of obvious but numerous former passwords. 
Entrusting my passwords to someone else is not an option.
They won’t be taking any of our rather old computers either.
+1 for Bitwarden here. It’s open source and works well.
Anyway, you should have a second factor of authentication on anything important like a password vault. Either with a phone app, such as Google Authenticator or, if you don’t mind spending a few quid on something really convenient, I have one of these which are quite widely supported now:
Keep it on your key ring, configure compatible apps (like Bitwarden) to accept it as a second proof and your process becomes enter your password, plugin your key and press the button. It’s an extra step, but a very easy extra step and somebody needs both your password AND your physical key to login, so it’s not the end of the world if you don’t have a silly long password.
1 Like
Another good password manager is Truekey - this does have a cost attached to it. Also keeps details of credit cards, licences of various sorts and “safe notes” which can contain anything you want.
If not using a password manager, then using pass phrases is probably the next best thing. A passphrase is exactly that - a phrase that is only known to you.
IMHO. there are two types of password …those in everyday use to have acsess to online accounts often for shopping…Tesco, Casino, Darty John Lewis, and general sites requiring you to “sign into an account” eg Confuse.com, where i’m not really bothered if somebody accessed using my password …and on these sites I never link them to a payment process so I use just a couple of standard passwords of letters, number and a sign. Then there are financial sites, banks, health insurance etc which normally now have two factor authentication so passwords are much more supplier site driven so intrinsically safer.
1 Like
Ha ha, in my shed I have about 4 desktop computers dating back years kept simply because I didn’t know how to remove the hard drives and smash them with a sledge hammer before soaking them for days in salty water. The advice I got from one computer expert. 
I suspect that there is a bit too much paranoia about erasing hard drives and that almost any one of the secure erase utilities that are kicking around are sufficient (I tend to use “dd” in Linux) for 99.99% of all users.
Yes, in olden days there was genuine concern that magnetic information could be recovered, even if overwritten by fresh data but modern drives have data crammed so tightly that a) there is barely a square nanometre of “wasted” disk surface b) the process of reading and writing data needs masses of error correction and detection magic under the hood to make it work at all even under ideal conditions - oh, and c) anyone with the resources to get data off a correctly wiped hard drive probably has more straightforward ways to eavesdrop on your computing activity.
That said there are some things to know
- Just “reformatting” a drive or installing a fresh copy of the OS does NOT typically remove the old data, it just updates the housekeeping info on the disk which allows the OS to find files, which is why you need to write over the whole of the drive.
- Modern hard drives and SSD/Flash storage typically reserves a small amount of capacity to allow for bad blocks to be “mapped out” - in theory it might be possible to recover data from old mapped out blocks.
- SSD/Flash drives do something called “wear levelling” to use the drive evenly (each block has a fairly limited number of times it can be rewritten). This is transparent to the user and the OS and means that when you think that you are overwriting data it simply gets written to a new location on the drive and the old location marked as being available. Someone with the right tools could theoretically read this data - but that can still be mitigated by writing to the whole device.
Of course if you are really paranoid then the right thing to do is encrypt your disks and hire a steamroller when you need to upgrade to turn the old ones into pancakes 
Personally I write zeros to the whole drive, then random data, then partition and put a file system on it (usually NTFS) and leave it at that.
Our last computer went pfft, and we had to have the hard drive changed. Computer person gave us old one back, which of course we had done nothing to as wasn’t expecting it go pfft. So we now have a hard drive sitting looking at us that we don’t want just to put i to electrical recycling. We tried to smash it with sledgehammer, but sledgehammer head fell off and hard disc remains intact.
Ideas?
So, the hard drive went pfft?
I’m assuming no data which needs to be recovered.
If it were me I’d dismantle it (not difficult but you do need the right miniature, typically torx, screwdrivers) remove & break up the platters and tip the rest in the “computer” or “electrical” bin at the déchetterie.
I might be inclined to remove the neodymium magnets but if you do watch out - they are quite powerful and can easily nip a finger.
2 Likes
I tried with all the screwdrivers we have…what sort of person might have one of these type of screwdrivers? Car enthusiast, plumber, electrician?
Because I am hugely smug I backed up our computer when it started making whimpering sounds…
Feel free to be as smug as you like.
The bits usually come in sets like this one. Anyone doing mobile phone repairs or probably your computer guy has the necessary bits.
When you next go to sea …BF…? throw the hard drive overboard, then instead of worrying about data, most of it is probably only relevant to the author anyway, assuming no stored passwords on the hard drive which us silly, you can feel guilty about poluting the ocean!!
I used to have all my passwords written in my code! In my little dogeared blue book. About 2 years ago condensation from a water bottle leaked onto the book and smudged the writing. I managed to get the passwords and was happy using Lastpass, until now. I do have 2 factor identification but reading this it appears it’s not enough! Started by reading other options but they lost me halfway. I am bereft
Hi Sandi and welcome back to SF
We too but have moved over to Bitwarden which is every bit as good (if you pardon the pun!).
If you still have LastPass, you can export the passwords from there to Bitwarden quite simply and it can use what it calls 2 step login to make things even more secure.
ou might find this reference (in another thread) of some help (click on the link):
A recent news item on passwords and online security…
I have never understood why it was supposed to be a good idea to let some online company like google “save” my passwords.
To enable them to be migrated to a new phone or computer.