I keep all my passwords on a spreadsheet on a thumb drive. There are several apps and accounts that require me to change the password every 90 days. I don't know how these password managers handle that. If you get one that says you have to change it, it requires that you manually enter the current password. If you don't know what it is - you're outta luck.

Do you carry the thumb drive with you so that when you are sitting at the square and try to login to a site you have your passwords? Which slot do you use to insert the thumb drive in your phone?

When you need to change your password the password manager inserts your old password - that's what a password manager does. When you are asked for a new password, most of the password managers will offer to generate one for you. When you hit the submit button the password manager will ask if you want to update your stored password.

A Disney employee, Van Andel, a middle aged father of two, used 1Password and his work computer was hacked. And he had 3 types of malware detectors on both his work and home computers. All his digital details were posted on line so that his identity could be stolen by anyone, and it was. He lost his job, he was faced with a huge debt and is literally fighting to get his life back.

‘The breach upended Van Andel’s life. The hacker stole his credit-card numbers and racked up bills—and leaked his account login details, including those to financial accounts. The attacker published Van Andel’s personal information online, ranging from his Social Security number to login credentials that could be used to access Ring cameras within his home.’


Then WSJ published an article as to what can be done to avoid what happened to Van Andel:

‘How to Keep Hackers From Destroying Your Digital Life
A few digital hygiene measures can help secure online accounts and passwords.’

By
Robert McMillan Feb 27, 2025 Wall Street Journal

The article emphasizes two-factor identification, one on a physical device like phone etc. biometric is best.

Yes they are safe however you need to come up with a very strong master password. Be sure to write it down and have several copies of it put away.

My recommendation
 

1Password has been my choice for years. Allows access to your passwords from multiple devices. Plus you can keep much more than passwords. Licenses, memberships, credit cards, etc... Very secure.

Please read what happened to Van Andel, his 1Password was hacked by AI.

Not hacked by AI at all.

According to reporting, he downloaded an AI tool that happened to include malware. The malware stole information from his machine including his keystrokes as he typed his 1Password login and password. Once they had the 1Password login information they had all his other logins and passwords too.

Two quick takeaways: Be careful about what software you download and make use of 2FA.

Right, I did not write out the whole story. Thank you for clarifying.

And even 2FA is insufficient for a number of widely used email accounts. Now passcode is recommended in addition to 2FA for gmail, yahoo, etc. The hacking community is way out in front of the rest of us.

from one cheesehead to another, but this one has a background in cyber security. NO!

You need to keep your passwords somewhere that isn't under the keyboard, on your computer, in the cloud, basically only accessable to you alone. What I find is the easiest method, is to find a password that is long, easy to remember, and variable. Typically you make it with 2 pieces of information no one would ever know or think of.

for example - grandpa's middle name (as long as it's not in your name)+ a series of characters or numbers + maybe your favorite packer's nickname. just an example but you should strive for at least 8-12 characters. That would cover just about any website password. As for your computer and phone both different and neither of them your other password. also with that example design make 3 of them. that's really all you need.... if you need it for porn sites then just PM me LOL that's an entirely different art form.

I believe you mean a passkey (there's a difference).

Passkeys currently have some shortcomings in that they don't work across all devices or accounts and they are difficult to use without your specific device (though 2FA has the same limitation). Passkeys are a good idea but until they are a bit more universal I will stick with a password manager.

I agree with all of the above. For non-important things, like web forums, I use whatever password(s) I like. For important things, like an investment account, I let the 1Password randomly select a 25+ random character password. I do NOT put that on the computer, and instead hide it written down and tell my spouse and another trusted family member of its location. That other trusted family member also has copy of the password written down and in a sealed envelope they keep at their house (just in case mine burns down). Secure redundancy that is non-digital for the important things.

Password Manager
 

LastPass, I have used it for many years.

It just seems to be the unknown out there for using any pass manager
that changes more offend then we change our shorts.

Ex: The one site of AI.
How much do we really know about it's presents and future?

Life’s too short. It’s a gamble. Best one can do is reduce the probabilities. Then go out and play golf… or whatever you like to do.