My passwords keep getting rejected

Question

Everything I try to log into doesn't work. I constantly have to change my password through an email. It's really odd.

I do use the same password for most of my accounts. It's not something obvious mind you, but still, I use the same one or a variation of it. I have different special passwords and two-level steps for things that are important (like my email or my paypal account), but for Netflix and such I use my normal "easy" password.

That being said, I'm a rather cautions and aware user. I haven't downloaded or installed anything of suspicious nature. Also, I'm not sure this isn't a coincidence. Maybe I just forgot a few of my variations for these few different sites.

Anyway, to be on the safe side, what should I do now? Like, what's my immediate steps? I'm assuming my email wasn't hacked at this point.

I'm afraid that, as you've told us nothing about the application there really isn't anything anyone can do to help. Please reword to make things clearer. — Julian Knight, Oct 02 '16 at 10:28
you have not explained what you what us to solve or answer for you — schroeder, Oct 02 '16 at 17:26

score 3 · Accepted Answer · edited Mar 17 '17 at 13:21

Chances are, like you've said, you've forgotten the variations of your password.

It is possible that you have had all your accounts compromised, but, unless you're dealing with someone especially malicious and mischievous, they probably didn't go through the trouble of changing all your passwords for two reasons (at least in my mind):

The time and effort required to do this
You would quickly realize something is amiss when you can't log into the majority of your accounts; generally a malicious user wouldn't want to be discovered, so they wouldn't change your password in the first place.

So what is next regardless of being hacked? The true first step is admitting you have a password problem. We're all friends here, don't be embarrassed.

The next step is multiple steps, but TLDR; Get yourself a password manager. They are the best way to stay secure and have a variety of strong passwords for each account that you don't need to remember. You only have to remember your master password.

Step 1:

Figure out what password manager you want to use. There's plenty of options out there. Lastpass is a popular option. Keepass if you prefer something open source. There are plenty of options for this step. Some password managers have phone apps as well, which makes it easy to lookup your password when you're not at your computer/you don't want to add the browser extension to the computer you are using. Do a little research if you're feeling scholastic.

Step 2:

Think up a REALLY good master password. One that you can remember. XKCD style passwords, IMHO, are perfect, because they add a fun-load of entropy, and they are easier to remember than randomly generated passwords. Here is some OWASP material on what you're password should be comprised of if you're feeling really policy-oriented.

Step 3:

If you can't get into your accounts, reset the passwords like you have been. It'll be a pain the neck, but its better than throwing random passwords at the wall until one sticks.

Step 4 (AKA the grind):

Now its time to get rid of that common/slightly modified password of yours! Each password manager will have an option to create a randomly generated password. Create NEW randomly generated passwords and change your passwords for every online account you have.

Step 5 (depends on the manager you choose):

Add your passwords to the password manager. Either input them into the actual manager, or my preferred solution, log into ALL of your accounts in order to add the passwords to your password manager.

Step 6:

Breath ~~easy~~ easier.

This, obviously, will not guarantee your safety online. But this makes it MUCH harder to access your accounts. Hopefully hard enough that it's not worth the hassle to get into your accounts. Hope this wasn't all stuff you already knew and it was at least mildly helpful!

Isn't a password manager worse? I always thought that's exactly putting all your eggs in one basket. I'm familiar with that XKCD comic, and I use a pretty complicated password for paypal, my email and bank account. It seems like using an easy password for my other accounts is a good idea - I get to have an easy time while only needing to remember a handful of passwords for specific sites, without terribly risking myself — yuvi, Oct 13 '16 at 14:58
No, password managers are **absolutely not worse**. They are one of the best methods available now to secure your online accounts. It allows you to break bad habits like reusing passwords, or using variations on old passwords so you can remember them. Sure, there are cons, and the "all your eggs in one basket" argument is valid, but IMHO it doesn't outweigh the benefits of using a password manager. If you don't agree, you can use a hybrid approach, use the password manager for your "other accounts" and memorize strong passwords for your more sensitive accounts. — INV3NT3D, Oct 13 '16 at 15:09

My passwords keep getting rejected

1 Answers1