Fork me on GitHub

How to NOT Remember Passwords

If you follow the good advice of not re-using passwords you end up with a lot of passwords.

If you make them reasonably secure by making them longer then you still have a lot of passwords. But they are much more difficult to guess. (which is really the point of passwords, right?)

So how do you remember them all?

My solution is to not remember them.

I use a password manager: It is a essentially a secure database of passwords. It allows me to do things like:

  • Not remember passwords - which is the main point
  • Automatically "type in" the passwords - so I don't have to. I don't even have to use copy/paste for this. Just one keystroke.
  • Generate new (random and long) passwords

As a result, I honestly do not know most of my passwords. I can clutter my brain with other things that are important to me instead.

Browser-based password managers are usually sufficient for most people - and (all things considered) much better for most people: It allows them to avoid re-using passwords and take away the pain of remembering them.

That is: Until you start using a different browser. Or a different computer.

The other browser (or other computer) will have no idea of what your passwords are (it shouldn't - otherwise hackers would just use that trick!). So many browsers now have features to synchronize them to your cloud account (Google, iCloud, Microsoft Cloud or whatever). But this means that you need to remember the username/password for your cloud provider instead - which may be a good compromise for you.1

For me, using the built-in password manager in a web browser is insufficient: I have lots of passwords which are NOT for stuff used in the browser - for example:

  • Wifi passwords
  • Shared network drives
  • Linux user passwords
  • Pin codes for credit cards
  • encryption password for my backups

and probably more that I (obviously!) cannot remember.

Besides:

  • I switch browsers a lot
  • I switch computers a lot
  • I do not want to be reliant on a cloud provider

With a password manager like KeePass, my passwords are saved on my computer in an encrypted database. I need a (very strong) password to unlock the database.

Since I do not want to use a cloud provider for this, I needed a different mechanism for keeping different computers in sync. More about this in a later post.

Disclaimer: I have no involvement in KeePass - other than being a happy user.

  1. This also solves the problem of backing up the passwords, while introducing a new attack vector: If a hacker can get access to your cloud account (because you chose a stupid password), then they have access to everything else too!!