I use modified “HorseBatteryStaple” style passwords. I have a couple base phrases that I always remember, with special characters and numbers inserted. I modify them bit by bit for different sites, and keep a list of the changes - only the changes. Anyone who looks at the list would see random words, numbers, or symbols without context; only I know how it all fits together.
For example, let’s pretend HorseBatteryStaple1! Is my default password. I may have “cell phone, machine 5” on the list. That would mean the password for my cell phone’s payment website modifies the default password by changing one of the words in HorseBatteryStaple to “machine” and the number 1 to 5.
I know password managers exist, but I like to try to remember my own passwords. Especially since I may need them across different devices, including my work laptop that I can’t download new programs onto.
Ah but you see there’s the problem, you don’t have a committee to launch a working group that puts together investigative teams to research and write reports on the benefit of the solution, the ROI of the solution, the training costs of the solution, stakeholder buy in of the solution, and potential alternatives to the solution. You need at least a 10 month process before one jackass says they don’t want the solution so the committee can recommend to management that the solution be abandoned.
I basically use a childhood limerick in leetspeak. Easy to remember, tough to Crack. Like for example, Peter Piper pickedna peck of pickled peppers becomes “P3t3rP1p3rP1ck3d4P3ck0fP1ckl3dP3pp3rz!” Of course I never used that particular one, but you get the idea.
I function by only having 2 accounts I actually care about. Bank and e-mail. The rest get the same password over and over because I legitimately don’t care about them and never give them real personal data.
Yeah idk about that. I’ve worked in state govt for a very long time and our cybersecurity controls essentially mandates we use one. I’m also in our security audit team and have to talk to state offices about our NIST controls regularly. And the NIST DOD controls are even more stringent than ours. Something sounds off.
Not gonna get specific, but, I have access to a shitload of sensitive personal data. It’s more likely you ran into an agency policy rather than a federal policy.
Who TF isn’t using a password manager in 2025? Like how would you even function?
I use modified “HorseBatteryStaple” style passwords. I have a couple base phrases that I always remember, with special characters and numbers inserted. I modify them bit by bit for different sites, and keep a list of the changes - only the changes. Anyone who looks at the list would see random words, numbers, or symbols without context; only I know how it all fits together.
For example, let’s pretend HorseBatteryStaple1! Is my default password. I may have “cell phone, machine 5” on the list. That would mean the password for my cell phone’s payment website modifies the default password by changing one of the words in HorseBatteryStaple to “machine” and the number 1 to 5.
I know password managers exist, but I like to try to remember my own passwords. Especially since I may need them across different devices, including my work laptop that I can’t download new programs onto.
Because they seem to fall into two categories. Those that have been compromised
And those who haven’t… Yet
My employer, a fortune 500, blocks password managers and all other add-ons.
My employer, a 12 people big company, nowhere near any fortune list, mandates the use of 1password for all company related accounts.
Ah but you see there’s the problem, you don’t have a committee to launch a working group that puts together investigative teams to research and write reports on the benefit of the solution, the ROI of the solution, the training costs of the solution, stakeholder buy in of the solution, and potential alternatives to the solution. You need at least a 10 month process before one jackass says they don’t want the solution so the committee can recommend to management that the solution be abandoned.
When will he be hacked… Let’s place bets everyone!
Can I register your bet for 27 dollars or euros?
Sure, I’ll bet in Dollars and take the number equivalent payout in Euros
I basically use a childhood limerick in leetspeak. Easy to remember, tough to Crack. Like for example, Peter Piper pickedna peck of pickled peppers becomes “P3t3rP1p3rP1ck3d4P3ck0fP1ckl3dP3pp3rz!” Of course I never used that particular one, but you get the idea.
So you have the same password for everything? Which would mean a single password leak would compromise all of your accounts?
Brah
I function by only having 2 accounts I actually care about. Bank and e-mail. The rest get the same password over and over because I legitimately don’t care about them and never give them real personal data.
Federal and State jobs you can’t use password managers.
Yeah idk about that. I’ve worked in state govt for a very long time and our cybersecurity controls essentially mandates we use one. I’m also in our security audit team and have to talk to state offices about our NIST controls regularly. And the NIST DOD controls are even more stringent than ours. Something sounds off.
My federal job came with one pre-installed.
Depends on your clearance level/what you have access to.
Not gonna get specific, but, I have access to a shitload of sensitive personal data. It’s more likely you ran into an agency policy rather than a federal policy.
No it is literally determined by clearance level. It is mandated.
Okay so remember the one or two ones you need there (try a passphrase!)
For everything else - password manager.
Federal I had about 15 passwords. The State job I had about half that.
Yep.
I use pass phrases filtered through a mess of cyber chef.
Those are hackable too through
I have passwords I don’t care about, passwords I keep on the manager, and then important ones I enter manually every time
Don’t ever use lastpass and the likes, when good open source ones exist.
Like Bitwarden.