Password Memorization

Password managers get talked about often and for good reason, but we don’t often discuss the passwords that exist outside our password managers. Obviously, the master password is something you have to remember. Additionally, I imagine that most don’t store their devices in their databases as well. If you’re using KeePass, then I imagine you’ll have another password memorized for your backups.

Personally, these are the passwords I have to have memorized:

  • Phone
  • LUKS Encryption on Laptop
  • User on Laptop
  • TOTP encrypted backup

I’d love to have an encrypted backup of my KeePass data base, but I don’t know how to handle the password situation. Which passwords do have memorized outside your password manager and why?

I use passphrases where I have to manually type the password. Passphrases are easy to remember and easy to type.

Outside the master password, laptop user password and phone passcode. I mostly use biometrics so don’t have to type it much.

I use passphrases as well, but hitting that 32 character mark gets to be a lot after a few accounts. Do you use Bitwarden or KeePass? If the latter, what does your backup strategy look like? I can’t think of one that doesn’t hinge on remember a password that’s seldom used.

Phone uses a pattern to unlock 90% of the time. In a scenario I off body carry my phone aka Back Pack, I use a password. This is usually a different threat model.
Then two KeePass pass phrases. One for the primary account, same for the back up. One pass phrase for the shared KeePass DB previously on NextCloud
Device passwords, Alias profiles etc are all in KeePass.
My work passwords are treated as KeePass Group. Most all those passwords are set up the same, not my problem. My point is the work profile is just another alias in my mindset. Mindset is key IMO and Groups help me stay in one profile of an alias.
My coworkers caught me talking on the phone this week. I was using a masked phone number talking to woman who was explaining the text I received was for a promotion to remind folks to set up an annual medical checkup. This would normally be ignored but this was on a phone number that is not used for SMS or medical insurance by myself. My family could have leaked it at a Dr. office.
My coworkers noticed I changed the pitch and tone of my voice to mirror who I was speaking too. I did this unintentional and at the wrong time. They have never heard me talk to someone as I was and joked about it. Now anytime I open IronVest I have another reminder to excuse myself. My situational awareness was low as I got too comfortable around coworkers.

I use Bitwarden and keychain.
I mainly use keychain to auto unlock encrypted disks.
I usually make a monthly offline backup of my Bitwarden vault.

According to Ebbinghaus’ forgetting curve once you get enough reps you tend to remember stuff for longer. Even though I mostly use biometrics, once in a while I manually type in the password (sometimes the OS itself force you to do that) just to make sure that I have it in memory
i.e.

The way I do it is construct a (pass phrase) sentence about something that is close and important to me in my life. That was I figure I’ll always be able to remember it. I do wonder what would happen if say I got hit by a bus, but then it probably wouldn’t matter too much anyway lol.

Heh?

I use Bitwarden, love it and trust it

Why would I want or need to make a backup???

I suppose I should’ve been clearing in stating that most of my questions were in regards to local password managers like KeePass, where backups are a must.

My password manger master password , My phone password , but my problem is with the seeds and 2fa thing , I don’t know where to save my seeds , If i saved them inside proton drive for example , I will need the 2fa seed of proton!! , So what should i do

P.s I don’t have enough money to buy Yubi Key or things like that as they are super expensive for my country

I know this isn’t the best option, but I keep my encrypted Aegis backup in an unencrypted USB drive. I use that password everyday, so I don’t have to worry about forgetting it, and I don’t have to struggle with remembering a password for the USB.

I have an inordinate number of passwords I need to remember, despite using a password manager. None of the following passwords are stored digitally:

I have multiple password databases, each with a different password. I compartmentalize logins in order to reduce threat surface. I also keep TOTP codes in a separate database.

I place all my password databases in an encrypted container, itself stored on a hardware encrypted keypad flash drive.

Then I also have the master password to my online backup database, hosted on Bitwarden. I upload the encrypted container as an attachment, which itself contains the encrypted databases, providing multiple layers of encryption.

I have multiple phone passwords for each profile (GrapheneOS).

My LUKS desktop password.
My desktop user password.
My desktop sudo password.

My desktop (2) user password.
My desktop (2) sudo password.

My LUKS laptop password.
My laptop user password.
My laptop sudo password.

Password that is used for various miscellaneous stuff.

Passcode used to unlock an old phone.

PIN codes to my SIM cards.

There’s probably more. In total, I probably have around 20+ individual passwords. I also need to remember two secret email addresses. Thankfully, I have a very good memory when it comes to this kind of thing. I haven’t figured out a better solution, putting all of them in a single database would defeat the purpose.

That’s a lot to keep track of. I have to say that uploading your container to Bitwarden as an attachment seems like a great idea. I’ve been trying to think of a cloud backup solution that I’m happy with. That might work!

1 Like

I forgot to mention my various hardware keys and wallets!

I’m not sure what you mean by “I don’t know how to handle the password situation” with your KeePass backup?

I was actually thinking about this the other day. I have passwords for the following that I keep memorized.

  • Bitwarden
  • Main email address
  • Laptop encrypted drive
  • 2 laptop user accounts
  • Phone
  • Spare laptop
  • Work laptop / Microsoft account
  • Second work related account

I feel like it’s a lot, especially considering these are all passphrases. I get by and have gotten used to it, but every so often I feel how much it is and it’s a little annoying. Good to keep in mind when wanting to talk passwords with people who are starting out in improving their security.