A few days ago for reasons totally beyond me I was required to log in to my Google Calendar, always my first port of call for the day, so I had to go and search for my password. Then it happened with the BBC exchange rate site, Orange , and worst of all Facebook. The only reason I am on FB is to keep in touch with my son (he prefers that to Skype) and one person who never responds any other way but I thankfully rarely want to speak to. But it refused to accept any form of username, email address or password. Then suddenly it called me by my real name and I was in.
What is going on? What have I done? I always shutdown at night in the approved manner and start the day with History/Restore Previous Session. No change. Even just now I got into SF but when I tried to make a reply it suddenly asked for a password but, by the time I had found it and turned back, I was in anyway.
Please donât go on about clouds and single passwords, clouds are for rain, anything else I donât trust, and I have done without them up to now, so what has changed?
Not as far as I know, but doesnât that destroy the point of a password? I have had Firefox updates before but never this has happened and the last update was not just before all this started.
It started one night after I had shut down then remembered something I wanted to do so logged on again. That was a few days ago and every day since it has happened.
So what is the remedy if it continues? We have just had a 90 minute power cut and I thought I would have to go through the whole lot again, but not here it appears.
I am wondering if the age of the operating platform in Davidâs phone may be the issue? Programs and company servers are being constantly updated, especially regarding security. If a mobile phone is not also getting current tech updates, doesnât it start to âstutterâ a bit?
Being required to re-enter passwords may also happen if the cookies and cache have been deleted or are no longer automatically recognised.
I am currently drawing out the final breathe of life of my old faithful iPhone 7, so can relate.
Sorry, how old is the computer? Sadly, in tech five years is âoldâ. Your operating platform (IOS if it is Mac) or a Microsoft program will no longer receive updating after a certain time. The hard drive is usually is pretty filled up by then anyway, so that can mean the end of life. All sorts of weird things (technical term) start happening as the poor thing is on its last leg
I have an extremely old PC amongst a number of other machines (Windows XP!!!) and the browser works fine with no password requests apart from the sites I deliberately enter each time. Last time everything was cleared was when I cleared out the caches and the time before was one of the periodic âsecurityâ resets done by the site in question. Losing all of them at ones has never happened to me except when I had deliberately cleared everything out.
EDIT We also have a habit of clearing out really old machines, archiving any data, and then installing an appropriate version of Linux on them. I donât believe in coninuously getting new kit unless it really is essential for what I want to doâŚ
If you use a password manager it can auto fill your credentials for you. It also means you can have massively complex passwords because you donât need to remember them. It also helps against password reuse.
@Griffin36 is right I only bought it last year so age canât have anything to do with it.
@Gareth That is just what I donât want to do, how much worse would it be if I did not have this list of passwords alongside me if this âpassword managerâ went belly up for some reason.
In any case not having a password manager did not effect it before a few days ago, something changed and I canât pin it down. It did it on Trucknet an hour or so ago but I ignored the request and, like here on SF, it let me in anyway. PAD, the Dobermann rescue forum often, but not always, asks for a password but again I ignore it and go straight in.
A commercial offering is going to provide you with 24/7 support, resiliency and redundancy. Do you have an off-site backup of your written down passwords in case something happens to your handwritten list?
Otherwise storing credentials in your browser is another option, instead of typing them manually.
⌠for scammers logging in to your system and stealing you data.
Best using a secure password manager like Bitwarden rather than commit them to the browser to store
This is a great article about storing passwords in browsers vs using a password manager, written by someone who works at Googleâs Project Zero Initiative
To me that is the same as entrusting your passwords to someone else, something I am not prepared to do, who knows what is going to happen to the best run orgaisations in the future, or who can get hold of whatever they have?
So yes, the written down ones alongside me now are just temporary until I can get past this nuisance, otherwise they are only on 2 separate external hard drives.
Not really. Youâre putting your trust in cryptography, not someone or some company.
Password Managers encrypt your passwords using a key that is made up of 2 parts: the password to your account (which the company knows) and a secret key (which they donât know).
This prevents an employee or an attacker who compromises their network from being able to decrypt your data.
The actual encrypting of your passwords is always performed locally on your machine because itâs the only place where both components of the key is known.
Even if a rogue employee or an attacker did get access to your encrypted data and your account password, theyâd be unable to crack your secret key due to its entropy. 1Password, for example, uses a 25 character, alphanumeric secret key which produces more than 2^128 possible combinations (or roughly 340,282,366,920,938,463,463,374,607,431,768,211,456 potential secret keys).
Itâs actually more complicated than that because often the secret key is whatâs known as a âderivative keyâ whereby the original value is passed multiple times to a function and the derived output is used. The recommendation these days is to use 600,000 iterations (for PBKDF2). This iterating doesnât take a password manager long because itâs only doing it once, but it thwarts an attacker from brute forcing your secret key because they have to do 600,000 iterations of each 2^128 possible combination.
I know you mean well @Gareth and I have heard it all before but it is all way beyond my comprehension. What happens if the company which knows the password to my account, as you put it, simply disappears into the ether, goes bust, bought out, catastrophic failure? Not really a question because I know I wouldnât understand the answer.
All acedemic now though 'till the next time (when I might myself have disappeared into the ether) because when I logged on a few moments ago everybody knows me and no need for a single password. In any case we are not talking about sensitive information here, a couple of forums for chat, whether or not an aide is due to arrive in half an hour, if there is a hello from my son in Thailand. Nothing important to anyone else. If I want to deal with my bank accounts of course I expect to have to use the appropriate passwords.