struggling

I have a system for remembering passwords. I don't like password managers and I never let browsers save passwords. I just don't trust these things, and I operate on the belief that everyone gets hacked eventually.

My phone is pattern-locked and most apps are separately pin-locked. I've been using complicated passwords for at least 20 years. Not always "strong" because of repeating characters and lack of mixed case or symbols, but nothing easy to guess.

Usually I remember what a password is for by looking at it. Word or pattern association. Sometimes when forced to change a password I agonise over what I can choose that I will remember. Used to be that sticking a long number and some underscores in front of the old password was good enough, but mostly not, these days.

So I do have a long list of plain text passwords (not on my phone) that I use as a cheat sheet, but they don't say what they're for, or which email address is associated with the account (I have a lot of active addresses). I also leave old passwords on the list to add confusion. So if the list did ever fall into nefarious hands, good luck to that poor sod.

Anyway.

Sometimes my brain isn't with it when I assign a new password to a new thing and after a while I have no idea what it was. Applies here. I figured it out eventually by comparing time stamps on several things and deciding that the one which hadn't been moved up the queue (therefore had only been used once or twice) must be it. Which it was. Phew!

---//---

None of the above is what I came here to say, but I'm tired and a headache is starting, so it will have to do.

tffb

I have the worst PW system ever. But it works in my eyes.

I have

A) a "throwaway" PW for most sites. Sites I care little about. I get hacked, and no big loss.

B) a "good" PW (no words, no repeating characters, incls special characters, etc (and generated via Keepassxc)) that I use with "important" accts, but I also use a Yubikey 5C (and 5C nano) with those *important* accts, so I'm probably safe there

I cannot stand PW managers. They have failed me many times over (didn't save the new PW properly, won't auto-fill when I need it to, etc). I lost my old/main ProtonMail acct to a bad PW entry into LastPass years ago, not going back.

So, this is bad/unwise advice. And the handwritten, local (encrypted, even) .txt file I don't use, either, because that adds inconvenience, and life is too short to care about my garble from being stolen on the Web.

Again, *real* accts I have get better treatment, most accts I have are not "important"

Hope you're good!

Hello, nice to see you back!

I just don't trust these things ...

Well, I try to keep trust small, too. So I basically use a plain text file, edited in emacs (upon which I trust almost all my words to not send them elsewhere) and gnupg, which is called by emacs when opening and saving said file. This has helped me through several dozen or so iterations of accounts.

~bartender? A hot chocolate with spices, please.

I, on the other hand, am very grateful for my password manager. I don't spend any brain power coming up with a new password, nor remembering them. It's a simple life.

inquiry

One thing your post accomplished - despite not being what you came here to say - is reminding me that peace is more in the direction of leaving systems that are clearly no longer nearly as interesting as they seemed when obsessing over joining them.