I need to get into the habit of changing my key passwords at least once a month. Banking, etc.

I can't keep coming up with unique passwords that contain at least one upper case and one lower case letter, at least one number and a special character that are at least 8 characters long. None that I can remember anyway.

I need a database just to keep my passwords, but then the database will get hacked and I am screwed anyway.

Write it down or get one of those secure password holders on the net.

Still a crap shoot either way.

info anywhere--just manually sync. I surely would not go with one of the cloud services. Not in a million years.

I hate when I come up with a password & then get a message that it contains unacceptable characters or it doesn't contain them or whatever!

I keep mine in Excel & password protect the file & the flash drive the file is on. I keep a printed version at my desk, which gets edited as I add & change passwords & it goes in the shredder when I print a new one. The file is now two pages, front & back.

and I too keep them in a little notebook.....

Banking first-- and then all my bill pay sites, etc. Surprised at how many I have.

I don't do anything online except AMAZON. No banking or buying from other vendors. Wonder if DU will get hacked...

Last time around, I changed every single password that held any level of identifying info to a unique complex code for each--after the "https" related hack.

There surely isn't much information provided on this one. It sounds as though they went for the major email sites and probably facebook, twitter and the like. If I were to bet, it would be gmail that was targeted and I don't use it or any other google related crap.

I think I will merely change my primary email password (I don't do facebook or other social media) and leave it at that this time.

I'm in the Cyber Security biz--- This was Botnet shit rearing it's hidden head.

If folks only new how infected our networks were they'd freak and demand action. Then again-- maybe not.

I know that even though I use a very reputable credit union--over the big gargantuan banks--that they share info too. They do use triple layer login protection, which seems appropriate--even my utility companies do that.

That said, it just seems to be the big retailers and social media sites that are really lax with security. I've started using paypal as much as possible when I purchase online to decrease how many times my credit card numbers get out there and I change papal password monthly. My billing and shipping residential address are kept separate. Obviously, I am scrupulous about maintaining security on my own machines and every peace of crap mail that comes ot my home is shredded.

I'll be damned if I know what else to do.

Even the little black notebook isn't perfect. I'm probably going to start using my banks bill pay system. One source for all my bills.

Currently I just hop onto the site that I have to pay---electric, cell, etc...and pay on their site. this opens me up to all kinds of passwords and vulnerability.

Best thing to do is only use your pay info on sites that will give you your money back if they get hacked or fraud was committed.

.......you still need to change passwords for lots of things. I pay all of my bills from my bank's bill pay page, but don't forget that sites like utilities (phone, gas electric, water, cable etc) all still have personal info that could be useful to hackers (address & phone #, for instance) and sites where you shop with any regularity might have credit card information (like Amazon or stores where you buy online). Also the sites for any of your credit cards themselves. Even if you actually pay your credit card bill from your bank's site, the card issuer still has your information on their site, so you need to change those, too. And PayPal has your card, and maybe bank account, information, too. Ebay, too.

I use a password manager (be sure to use one that allows you to export your PW data as a backup.....NOT TO THE CLOUD) and I have a list of the sites that I need to change passwords for on occasions like this so I don't forget anything. That way I can just blow through and change the passwords on the sites and update the password manager and it doesn't take a significant amount of time.

Just spent a couple of hours changing all passwords. Chose really unconnected gibberish this time. Harder to remember, without my little notebook, but more difficult to hack, I HOPE.

Money passwords I am very careful with. The message boards - hey you hack them people see odd posts - I complain to admins - other than that, does it matter?
most e-mail passwords are set up for specific things. since I am not using e-bay right now and not using paypal, no money in it., I guess I don't care about them either. Don't shop that much on line mostly because I have enough stuff and don't need to buy anything else. Or I can just pick it up at costco or something. Not buying big ticket items. Do not let my credit card reside on-line, and generally have to report lost credit cards almost annually, and then when the new one arrives, I find the old one - sheesh - I am getting so old!
The banking and they e-mail connected to banking are very carefully monitored. I don't want to sign up for any other banking on-line even though I have 3 checking accounts (you get higher interest rates on a CD if you have an empty checking account.) Even my files on my computer are scrambled or kept on a thumb drive only - and yes I have lost thumb drives but figure no information about who it belongs to on the files.
Hope that is enough, Don't change things monthly, have a coded password sheets with some numbers lited, Igenerally associate one word with different numbers so that Is all I need, but if I die, so do all the passwords.

Free, open source, and looks quite secure:

http://keepass.info/

All of the benefits you mention, plus very easy to use.

http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html?_r=0

A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.


Hold Security would not name the victims, citing nondisclosure agreements and a reluctance to name companies whose sites remained vulnerable. At the request of The New York Times, a security expert not affiliated with Hold Security analyzed the database of stolen credentials and confirmed it was authentic. Another computer crime expert who had reviewed the data, but was not allowed to discuss it publicly, said some big companies were aware that their records were among the stolen information.

“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” said Alex Holden, the founder and chief information security officer of Hold Security. “And most of these sites are still vulnerable.”

I asked them politely to put a notice on their website.

nt

Although they will filter only the important ones.

Good advice.