I’m not IT, just a college instructor, but you’d be amazed at how many Gen Z students have told me that they can’t log into their email because they don’t know their own password. Not even forgot; they don’t even know it in the first place because every device remembers everything for them.
To be fair that is basically what we are trying to get people to do though. Use a good password vault with a single strong password and two factor authentication. All other passwords should be a uniquely generated password for that application.
Caring about that has been beaten out of them by increasingly absurd password requirements over dozens of systems. They won’t memorize it, won’t write it down physically, and use the web browser to save it.
“But my system is different, I…”
Nobody cares. The password is just a speed bump in doing the thing they actually want to do.
I’ll be honest as an IT professional of 25 plus years I don’t know .y passwords either but that’s because I let a password manager deal with it for me.
I have had people older than me complain the comp forgot the pass in my desktop days.
There was also it’s cousin. I am definitely meeting the complexity requirements why isn’t it saving
My favorite are the services that keep rejecting the randomized passwords so I have to manually think of a password. I ain’t creative enough on the spot for that! Just accept my /dev/urandom output dammit!
Ease of syncing across devices has me using an internet-based password manager (Bitwarden), but I keep a second local-only password manager (Keepass) that only stores my Bitwarden password. Just in case.
Hey that’s real smart but what if you forget the Keepass password when trying to retrieve the Bitwarden password you forgot lol?
I use Bitwarden myself and love them. Great software great organization it seems. They didn’t even send any bullshit marketing “noooo come back YOULL LOSE EVERYTHING” emails companies love to send when you downgrade from paid to free tier and that right away bumps them up in my mind.
My wife and I also keep our Keepass passwords in each other’s Bitwarden vaults.
So to lose access we’d both have to simultaneously forget our Bitwarden passwords AND be locked out of any biometric login. I consider that sufficiently unlikely.
Like others have said they’re probably using Google as a password manager. When you’re making an account for anything while in the Chrome browser it recommends strong passwords for you such as UjafUif&i$ureT6hj9gzq5hvc$tcgo0be3. Would you memorize it?
I get it, but I also don’t understand the idea of letting Google suggest a random secure password for me. Probably just the Genx/Millenial in me, but I subscribe to the xkcd school of random password generation (password generator), which makes it really easy to have secure passwords that meet complexity requirements and are also easy to memorize.
Definitely. I don’t really do anything that is particularly sensitive, so I only have 3-4 standard passwords (that meet the most common complexity criteria) that I separate by how sensitive the information/service is, but if I truly needed more, I would absolutely be using a 3rd party password vault. I just don’t have the need right now, so I haven’t bothered.
What gets me is the people that don’t know their own passwords, don’t know how/where to look them up, and don’t even understand how to reset their passwords (because they can’t log into their own email). I don’t even know how they function in modern society.
What gets me is the people that don’t know their own passwords, don’t know how/where to look them up, and don’t even understand how to reset their passwords
I worked support for a phone manufacturer for a while and helped a lot of poor lost souls struggle to get back into their Google accounts on their new and replacement devices. I got a lot of them in, but some may have never gotten out of authentication hell
Yeah, I have my own password generation scheme. Not the most secure thing in the world but I’m at least able to log in to my accounts from other people’s computers. One of these days I’ll get around to using a password manager but I just can’t be bothered.
My girlfriend (millenial) is like that as well and it is infuriating. I tell her time and time again, just use a password manager that isn’t the browser’s password manager and you are golden. You just need to remember one “complicated” password, i.e. something with more than 8 characters and that’s it.
The many times she doesn’t know her password to important account is mind boggling.
Tip for anyone using Google Chrome password manager they can access it from any other device by going to passwords.google.com in the browser and logging in (probably best in incognito if not your device).
ironically I think tech literacy is going down with future gens thanks to so many functions getting automated. Kids aren’t learning how their computers work because it does all of work for them
I hate to be a “kids these days” person, but you’re absolutely right. My Gen Z students don’t even understand how folder/file structure works; they just download everything onto their desktop and use the search function to find what they need later. If they can’t remember what something was called, they’re SOL.
Don’t get me wrong, I have a lot of faith in Gen Z and Alpha, but their strengths are definitely not the strengths of Millenials or Gen X.
My kid sister is the same way. Bought her a quest 3 for her bday. Took 3 days to get up and running because a) she had no idea what her meta account passwords were… had always just logged in on her phone… and b) none of the forgot password functions worked because she never cleared her Gmail mailbox so it had filled up and bounced previous facebook emails landing her on their internal do not send list.
I’m not IT, just a college instructor, but you’d be amazed at how many Gen Z students have told me that they can’t log into their email because they don’t know their own password. Not even forgot; they don’t even know it in the first place because every device remembers everything for them.
To be fair that is basically what we are trying to get people to do though. Use a good password vault with a single strong password and two factor authentication. All other passwords should be a uniquely generated password for that application.
Yeah, I don’t know any of my passwords but the one password to rule them all.
Can you recommend a good, safe password vault?
Keepass and Bitwarden are the highly recommended password managers.
If you’re brave enough to roll your own: KeePass XC. If not, Bitwarden. (edit for clarity)
That’s not hosting, it’s just a local file.
If you want to access your KeePass safe from multiple devices (phone, tablet, PC, etc), you have to host it somewhere.
You can put it on Google drive or something similar. You could also use syncthing (like how I do it) and you still don’t have to host anything.
or just sync the file using syncthing or plain old rsync?
I recommend bitwarden. Make sure to have a good 2fa also like Aegis or raivo
+1 for Bitwarden, wife and I use it and it works well. It lets you securely share passwords for free.
Caring about that has been beaten out of them by increasingly absurd password requirements over dozens of systems. They won’t memorize it, won’t write it down physically, and use the web browser to save it.
“But my system is different, I…”
Nobody cares. The password is just a speed bump in doing the thing they actually want to do.
I’ll be honest as an IT professional of 25 plus years I don’t know .y passwords either but that’s because I let a password manager deal with it for me.
I have had people older than me complain the comp forgot the pass in my desktop days.
There was also it’s cousin. I am definitely meeting the complexity requirements why isn’t it saving
My favorite are the services that keep rejecting the randomized passwords so I have to manually think of a password. I ain’t creative enough on the spot for that! Just accept my /dev/urandom output dammit!
If they use a password manager and randomly generated passwords, then it’s acceptable.
One of the reasons why I don’t want to use a password manager, actually. If you get locked out of that, you’re fucked.
Good ones have an unlock token or another one time use way of unlocking it in case you forget your master password.
Ease of syncing across devices has me using an internet-based password manager (Bitwarden), but I keep a second local-only password manager (Keepass) that only stores my Bitwarden password. Just in case.
For those who want to keep their ass.
Hey that’s real smart but what if you forget the Keepass password when trying to retrieve the Bitwarden password you forgot lol?
I use Bitwarden myself and love them. Great software great organization it seems. They didn’t even send any bullshit marketing “noooo come back YOULL LOSE EVERYTHING” emails companies love to send when you downgrade from paid to free tier and that right away bumps them up in my mind.
My wife and I also keep our Keepass passwords in each other’s Bitwarden vaults.
So to lose access we’d both have to simultaneously forget our Bitwarden passwords AND be locked out of any biometric login. I consider that sufficiently unlikely.
Backups + OSS.
I use Bitwarden and JSON backups inside a 7zip. I ALWAYS backup after I make a new password that can’t be changed via email.
Like others have said they’re probably using Google as a password manager. When you’re making an account for anything while in the Chrome browser it recommends strong passwords for you such as UjafUif&i$ureT6hj9gzq5hvc$tcgo0be3. Would you memorize it?
I get it, but I also don’t understand the idea of letting Google suggest a random secure password for me. Probably just the Genx/Millenial in me, but I subscribe to the xkcd school of random password generation (password generator), which makes it really easy to have secure passwords that meet complexity requirements and are also easy to memorize.
Why not both then? Make your own human readable passwords, but do a different one each time and store them in a password vault.
Definitely. I don’t really do anything that is particularly sensitive, so I only have 3-4 standard passwords (that meet the most common complexity criteria) that I separate by how sensitive the information/service is, but if I truly needed more, I would absolutely be using a 3rd party password vault. I just don’t have the need right now, so I haven’t bothered.
What gets me is the people that don’t know their own passwords, don’t know how/where to look them up, and don’t even understand how to reset their passwords (because they can’t log into their own email). I don’t even know how they function in modern society.
I worked support for a phone manufacturer for a while and helped a lot of poor lost souls struggle to get back into their Google accounts on their new and replacement devices. I got a lot of them in, but some may have never gotten out of authentication hell
Yeah, I have my own password generation scheme. Not the most secure thing in the world but I’m at least able to log in to my accounts from other people’s computers. One of these days I’ll get around to using a password manager but I just can’t be bothered.
My girlfriend (millenial) is like that as well and it is infuriating. I tell her time and time again, just use a password manager that isn’t the browser’s password manager and you are golden. You just need to remember one “complicated” password, i.e. something with more than 8 characters and that’s it.
The many times she doesn’t know her password to important account is mind boggling.
Tip for anyone using Google Chrome password manager they can access it from any other device by going to passwords.google.com in the browser and logging in (probably best in incognito if not your device).
That’s a great tip. I don’t use chrome, so I didn’t know that.
ironically I think tech literacy is going down with future gens thanks to so many functions getting automated. Kids aren’t learning how their computers work because it does all of work for them
I hate to be a “kids these days” person, but you’re absolutely right. My Gen Z students don’t even understand how folder/file structure works; they just download everything onto their desktop and use the search function to find what they need later. If they can’t remember what something was called, they’re SOL.
Don’t get me wrong, I have a lot of faith in Gen Z and Alpha, but their strengths are definitely not the strengths of Millenials or Gen X.
I’m GenX and I don’t know my email password…
Though I’m 99% sure it’s in keepass somewhere.
average keepass enjoyer
My kid sister is the same way. Bought her a quest 3 for her bday. Took 3 days to get up and running because a) she had no idea what her meta account passwords were… had always just logged in on her phone… and b) none of the forgot password functions worked because she never cleared her Gmail mailbox so it had filled up and bounced previous facebook emails landing her on their internal do not send list.
I was livid.
I’ve had the same issue with gen z to gen x. It hurts my soul each time
I know people who don’t use a password manager so every time they have to type in a pw they have to go through the reset process.