If I need to login to your site less than once or twice a year, "Forgot my password" is my password manager. Personally, I feel that the utility of me working to keep and maintain that information in a database for high availability is essentially zero.
As a result, I store very few accounts overall and checking out as "guest" hasn't been a problem of any sort. There's like 10 critical things that I feel the need to store the password on and they all use a hardware key for 2fa anyways.
For the two accounts that I absolutely can't lose access to, I just used the "Correct Horse Battery Staple" method and came up with two very long and secure passwords that I have no trouble remembering.
I don’t think there’s really any “maintaining” to be done when I sign in to a new service that I won’t be using often. Complete the sign-in page → Bitwarden asks me if I want to save the credentials → click yes. That’s it. I can auto-fill that the next time I log in.
For websites I really don't care about, I just get a disposable email on dropmail, and copy paste the email address to both the email and password fields to save time. Surprisingly, some websites check this and won't allow you to set your password to your email, but removing the last character or adding a 1 at the end works around it.
If it’s truly a throwaway I just use an email address like shitsinthewoods@mailinator.com, grab what I need, and go on with my life. If I ever happen to need to login again, I’ll just send a password reset to the mailinator address and once again carry on with life.
There are a lot of services that disallow email addresses to services like mailinator. That's why I stopped using them, and instead, I have a special "garbage" address on my mailserver.
The problem usually isn't that it's a cheap cloud service, the problem is usually that their cron task is hourly, or more commonly, their scheduled tasks depend on a non-cached page of their website being hit (how people generally mismanage WordPress), but traffic is of course inconsistent.
I just use a crappy password. It's been leaked before. I don't care.
If someone wants to take over my last.fm account that I haven't used in 3 years, sure go for it.
The important accounts get a randomly generated password stored in my password manager. And the really important accounts only have half the password saved, I manually fill in the other half.
I guess that's kinda fine, but there are at least two reasons to not do this:
- Access to any of your accounts could make impersonation easier. You might not be the one who suffers from whatever they do. Or if they can assemble enough PII, you might unexpectedly have a line of credit taken out on your name.
- Many websites use some form of federated login, or a crossover kinda situation where you have a username/password login that is linked to eg a Google account. Access to the username/password account could open you up to an attack on the juicy targets.
Personally, I'd rather none of my accounts are easily compromised, but that's a pipe dream - it's not up to us to secure the services we use. So best thing to do is just use a good password.
It's easy these days to use a good password, though I acknowledge still tedious/impossible to update all of your services.
Half of the password is randomly generated, the other half is something I add that I can derive easily (think last 5 letters of the website reversed, etc.)
That way if my bitwarden gets compromised, attacker still doesn't have my gmail, bank, etc. logins
It adds a little bit of security while being mega simple
Checking out with guest is okay, as long as you are judicious about not deleting emails.
I often order something and need to login and retrieve the order info for a return or warranty information. Or if I’m ordering an item or similar item and want to refer to prior purchase. And some ordering website absolutely do give good order tracking for Guest checkouts. We have no covered entry, so like to know when our packages will arrive if it is raining.
Yeah, I'm the same. Google and a few others. The rest all just get the new password that Firefox suggests and I don't even pay attention to what it is.
A password manager is not just a way to manage passwords. It's also a way to manage who holds your personal data, so you can GDPR request them to stop.
This. It's so valuable just to know how exposed you may be. I know a guy who missed a data leak and later got one of his accounts stolen. I think his Steam? It was way back in the day... For him, it was a cheap reminder to take passwords hygiene seriously. For someone else, it could have been a someone-took-out-a-line-of-credit-in-my-name reminder.
As a result, I store very few accounts overall and checking out as "guest" hasn't been a problem of any sort. There's like 10 critical things that I feel the need to store the password on and they all use a hardware key for 2fa anyways.
For the two accounts that I absolutely can't lose access to, I just used the "Correct Horse Battery Staple" method and came up with two very long and secure passwords that I have no trouble remembering.