My thoughts on why some bad advice is very bad advice.

I'm 73 and use a password manager. ALL of my passwords are generated by the PWM and thus are unique 16 random characters. The master key is a longer passphrase. I was relieved to find that you recommended exactly that. Using the PWM is much easier than looking up and correctly typing long passwords.

I write down passwords. However I do it in braille. Also, I live in the mountains and no one ever comes to my house.

Consider that it's probably a very good idea to write down your passwords, including the one to the password manager, so that if something were to happen to you, someone can get into areas for you. I have a list of sites, usernames, and passwords so that if I'm incapacitated someone can act in my stead. Also something to consider... The target audience of AARP are older people who are going to be using a tablet or laptop in their home. They're retired and a password list on paper in their home is only at risk if people break into their home and decide to go through their papers for records (it's more likely jewelry and electronics will be at risk). These people can use a password manager, and the likely result is that because of complex password requirements, they'll write down the password to their password manager and every one of their passwords will be just as insecure as that piece of paper. And yes, I've seen people forget how to get into their password manager because they got a new monitor and it looks different so it confused them. And they then pull out the paper with their password manager password. After a long time of telling people to write down their password, and then telling them not to, I'm not sure either way is better or worse.

Keeping your written list under lock and key is probably a bad idea, though. As a general rule, it's much easier to hide your valuables in inconspicuous places, than it is to hide a bulky safe or anything with a lock. Especially a piece of paper with passwords. Works better against your family, because they will know all about the safe and the locked drawers, and all those kinds of obvious places, anyway. If you have kids, they can know more than you think. Usually drawers can also be lock-picked with a paper-clip or something. Works better against your friends as well, because they don't know your house like you do. And if a """"friend"""" is left alone in your home and decides to go through your stuff, there's also a higher chance they'll find a bulky safe than a piece of paper. Works better with burglars for the same reason. And when it comes to burglars, you also don't want things locked, you want them well hidden. Because locks are completely useless and maybe even dangerous, unless no one's home. If they find the safe, the safe is open, because burglars carry with them the universal keys called knife-to-your-throat or gun-to-your-head, which are also very unhealthy to you. It's for that reason that I personally feel like having a safe at home is actually rather dangerous. And more so if any of your friends learns about it. My personal preference is for hidden compartments. The imagination is the limit. A fake electrical plug on a wall, can be a great little nook to hide small things, and absolutely no one will ever suspect it. The safe no one ever suspects to exist, is the best safe you can ever have. There's also furniture with hidden compartments. Many of them aren't that well hidden, so you have to choose very wisely. Some work with magnets, which can be bad if you misplace the magnet (long term, the magnet can also mark the wood, which is bad). The best example that I've ever seen is the _Secret Compartment Box II,_ built by the youtuber Dustin Penner. The hidden drawer is well disguised as part of the lower rim, and the "key" to the drawer is even part of the box itself, in a completely inconspicuous way. Pretty damn brilliant, imo.

Sir, keep up the good work. Too many people ignore commons sense and basic cyber security. I use your videos to get the point across.

At least 99% of the passwords I use are for corporate web apps for where I work, and websites for my personal use. The only passwords that don't work in my browser are the ones I need to log into the corporate domain. And the corporate rules for domain passwords are just idiotic. Inadequate length requirements, along with bizarre prescriptions for alpha, numeric and symbols. It's really hard to remember whatever I dream up to meet the requirements, and no, I can't get a password manager to type it in for me; I'm not logged in. To make matters worse, we have to change our insane passwords every three months, whether the network has been compromised or not. So muscle memory and regular memory goes out the window on a three month schedule.

One of the problems with something like LastPass is that it too frequently fills the wrong password; so I MUST either use my brain's memory to put in the correct one, or I need to look for the correct password in Vault. And then still type in the needed password. But in general fairly short password choices with a few bits of complexity ARE my practices. As for actually physically writing my passwords,.... that is tricky. I avoid stating my actual practice here.

You are right Leo. Everything is so insecure nowadays. Storms, tornadoes, fire etc can cause you to lose things.

I use keypass with a key file and secure master password. All other passwords have a "system" that I use to create that is easy, for me, to remember.

As you say, I use a password manager, cryptic password are REALLY hard to type and not get you locked out of an account as you either got it wrong too many times, or it timed out. However, when it comes to my 90 year old aunt, I really hope she has written them down on paper, otherwise I'm going to be in a real pickle when she asks for help. Her using another program (password manager), please no - that's from experience supporting her. If I did I'd get called for a visit, "So where is XXX password", It's in that thing you put there the other day, "So what's the password managers password ?", I don't know, it's in that thing you put there - I did what was suggested and put them all in there, and now I cannot pay my power bill. As for someone else seeing her paper password list on her desk, that is the least of her problems, the main one is she now has an intruder in her house, forget the computer, get out of there, call the police.

Sorry, I will continue to use my easy to remember and type passwords so that I don't have to reset them every time I use a web site that I only access once or twice/year. Also, I keep them all in an alphabetized address book in my home office desk drawer. I have both mine and my husband's in there so if one of us should pass away--we would have access to everything we need.

Not an universal advice! Depends on the individual. I, for example, live alone - no peek possible. If and when I die or am incapacitated (Alzheimer, hospital), nobody knows my practical details. So there is a cardboard file, prominently visible, labeled "In case of decease", which records everything necessary: not only passwords but also the financial accounts I have, the medical data, the websites I have an account with but also realworld associations I am a member or user, the phone and bank card and ID codes, whatever. Along with the list of people to inform. For things "For my eyes only" I have created a selfmade "alphabet". I am also a bit paranoid. Each website or app must store your password, and I don't trust their personnel or hacking vulnerability. That's one password at a time. Instead, the password manager people can access all your passwords in one go! Brrr! Frightening. And then, I use various machines to access the internet: a desktop, a laptop, a iPad tablet and a smartphone. Password management differs, and I don't want to multiply the copies of my passwords list.

writing things on paper keeps secrets from your computer

Us older seniors write them down, then find a good hiding place. The only problem is, it will never be seen again by anyone

This is what I do. I use Excel and save the file with a password. I use lines for different entries and I use columns to write down the type ot entry (emails, stores, and so on), addresses, logins, passwords, contacts (like sellers), store type, phone numbers, orders, whatever, 1 column for every field that I am interested in. This way, I can sort the entries any way I want. Instead of Excel, you can use Word or Notepad. If I still want more security, I can encript the file with winrar or similar software. This way I only need to remember 1 or 2 passwords and leave the file on my desktop. Then I store a backup somewhere else, like, on another PC, laptop, flash drive, external drive, you get the idea. If I also want to access the password file anywhere in the world, I upload a copy of the password file to some cloud, like google drive, onedrive, mega, rapidgator, nitroflare, ...

HI, thank you for the video. Do you have a secured Back up of your passwords (digital or printed) in the case Password manager service is for some reason down or unavailable? and if you do and it's digital do you encrypt it as well?

Or write down mnemonics that only you understand. A password of a password, to generalize. Good luck to anyone trying to decode that.

I have over 200 passwords in a book. sounds bad but it is in code, they are basically password reminders. when you have so many passwords you need to know what password is for what account/site. you cant rely on browser or third party vender's to remember your passwords.

Thanks Leo! good one!

Great. Now I not only don't know what a password manager is, I've got an idea, but don't know which ones are good. LOL

I write down on my personal book using pencil so that I can keep erasing for entering new passwords and I feel safe no one can see my book. Using password manager hackers can hack.

or keep it in notepad on a pendrive flash drive is that ok is that safe still

If you rely on a written list of passwords, and that piece of paper disappears, then you are screwed (or do you have a copy of that written list somewhere else?). Someone in your office decides to stick it to you, and takes your list. Your dog eats it. You are burglarized. You get a new computer, and you are locked out of all of your sites. Perhaps you can use their "Forgot Password" feature, and cross your fingers. Most password managers are easy to use, and you can save a copy of your password database on a separate drive. You can even keep a copy of your password database with a cloud storage service. If you have a strong master password, that remote copy of your password database is useless to anyone other than you. And having a copy, elsewhere, will get you out of a world of trouble if your storage drive fails, and it had your password database. Or if you are burglarized, etc. Use a password manager. Use a strong master password. Make a copy of your password database, and keep that copy in a different room (or with a neighbor or friend or cloud service). You can purchase a 1GB flash drive for under $1. It will easily hold your password database (which will likely be ~5MB or smaller).

what if power fails I do write down passwords in a safe place

Hi there, is it possible to recover my youtube back after I've accidentally deleted my Gmail & I can't recover it because I totally forgotten my email & password

Leo! Writing Down Passwords. Consider this. Husband and Wife where the Husband is the sole user of the computer and the Wife has little or no knowledge of using PC’s. He has created accounts on the internet for his Banking, Share Trading, Email, -- You get the idea! He passes away and the wife or the Executor of his Estate is left stuck trying to sort out all the on-line accounts. The can’t find the passwords or even the user names of the on-line accounts in order to close them or transfer funds in those accounts to the wife’s account. In this case writing down complete information about on-line accounts is very important. Type up the information, print it out, attach it to your Will and delete the file from the pc.

Are there free password managers that offer unlimited password storage? If yes, can you make a video on it? Thanks.

hi leo

Also, if you lose your notepad all of your passwords will be gone. Password managers can't get lost or be destroyed.

Well browsers password manger not so bad like the one on the macs and iPhone pretty good its also windows cross platform it can be locked as well its a lot safer than hum hum last o pass data hack

AARP... I'm 69 and counting, haven't fallen for any of their suggestion.

what if power fails and you cant get at anything??

Well, I'll argue this. Keep in mind the targeted audience of AARP. Old folks. For that demographic, this is probably the best and most reasonable advice - for them.

nice hairdo