If you don’t want to use a password manager it’s not that hard to create long passwords. Just create a nonsense sentence with a misspelling with a character between each word and add some obscure personal info that isn’t directly linked to you, like a phone number of an old childhood friend or pizza place you used to call often when you were young so it’s easy to remember but not info another person can find about you. Then add a special character.
Like:
Wideo1Pasta1Is1The1Grawy1555-22334!!!
And in six weeks… It’s time to change your password! No repeats.
Has to be 16 characters
So long as I can use more than that, I won’t complain. I don’t remember the service, but I definitely remember one where they wouldn’t allow over a certain amount of characters and that was annoying because that was when I was still using repeat passwords back in highschool. My preferred password at the time was roughly 20 characters, but apparently that was too much because who cares about security, am I right?
Who TF isn’t using a password manager in 2025? Like how would you even function?
Because they seem to fall into two categories. Those that have been compromised
And those who haven’t… Yet
I use modified “HorseBatteryStaple” style passwords. I have a couple base phrases that I always remember, with special characters and numbers inserted. I modify them bit by bit for different sites, and keep a list of the changes - only the changes. Anyone who looks at the list would see random words, numbers, or symbols without context; only I know how it all fits together.
For example, let’s pretend HorseBatteryStaple1! Is my default password. I may have “cell phone, machine 5” on the list. That would mean the password for my cell phone’s payment website modifies the default password by changing one of the words in HorseBatteryStaple to “machine” and the number 1 to 5.
I know password managers exist, but I like to try to remember my own passwords. Especially since I may need them across different devices, including my work laptop that I can’t download new programs onto.
I function by only having 2 accounts I actually care about. Bank and e-mail. The rest get the same password over and over because I legitimately don’t care about them and never give them real personal data.
I basically use a childhood limerick in leetspeak. Easy to remember, tough to Crack. Like for example, Peter Piper pickedna peck of pickled peppers becomes “P3t3rP1p3rP1ck3d4P3ck0fP1ckl3dP3pp3rz!” Of course I never used that particular one, but you get the idea.
Federal and State jobs you can’t use password managers.
Yeah idk about that. I’ve worked in state govt for a very long time and our cybersecurity controls essentially mandates we use one. I’m also in our security audit team and have to talk to state offices about our NIST controls regularly. And the NIST DOD controls are even more stringent than ours. Something sounds off.
Kiester password manager?
Get a password manager. It’s a lot more secure and easier to only have to remember one strong main password and have the rest randomly generated
^ I love Bitwarden
I enjoy self hosting it
(Rather vaultwarden)
If it’s something of vital importance, my mantra is to pay for someone else to host it.
They can have the responsibility of security / updates / etc. because a company full of people can do that better than I ever can.
That’s my reasoning as well. The only drawback I currently see for bitwarden is that it’s US based and I have zero trust in their current government not going to cut off the rest of the world at some point. I’m still using it, but I make sure to make regular encrypted backups of my vaults.
KeePassXC, donor, and I sync it with my (self-hosted) SyncThing server.
Ah yeah ok I got you covered
RasputiaSalmon87876@
There you go, real easy.
BatmanSupermanSpidermanCaptainAmerica@2025
Just 4 characters are enough. And it includes Cap.
TheDoctor&CaptainJack
16 characters and a cap
Huh, I only see ****************
I just checked my password manager vault and I currently have 311 passwords stored there.
I have 401 entries, but only 384 unique passwords.
Hmm. Most of these are junk from job applications that I really should put in a trash category. I’m so glad all those places don’t share a password with something important. I think.
I just started merging 3 common passwords I use through my life in chronological order. It’s a 32 letter behemoth with lowercase, uppercase, numbers, and symbols. All in random patterns.
The middle password is one that I started using 2 years ago when I wanted a new password for my new OS installation called FreeBSD at the time. It had numbers and symbols but also “Frbsd” to stand for that name.
Now when I am signing up to a new service I change that portion in the middle of the 32 letter password so “…Frbsd…” becomes “…Gthb…” or “…Dscrd…” etc.
This way even if someone finds my password for gml it won’t work for others either.
What? No punctuation marks? Special characters like !@#$%^&*()_+?
I got a “we’ve had customers accounts breached, please update your password” email the other day.
They specifically called out you can’t use # in your password, and it’s been bugging me why that is. What part if their system let’s in other special characters but # is off limits?
Now that I’m thinking about this it’s bugging me too. If they are passing it to shell scripts maybe it’s interpreted as a comment? Some databases like Oracle use # to separate schema prefix from schema user and table name in a query? But none of those would really make sense here 🤷
EDIT they are storing it in plain text, with other values using # as a delimiter? lol
I considered database stuff, but my password shouldn’t go anywhere near the database!
If they are storing it as plain text in this day and age, then there is no hope for the human race 🤦
It’s not so bad once you develop a system.
