>>But surely you don't use complex ones for sites like here do you, and other unimportant stuff?
I have a useless email address and a crap password that I use for everything I don't care about and duplicate all the time. Both the email address and the password have been hacked a gazillion times and I haven't changed them in years.
Everything else (around 100 accounts I think) has a long, complicated and unique password, unknown to me, managed by a password manager, with a 29 character password of upper and lower case, numbers and special characters. I maintain two different password managers, both backed up, and 2FA access on everything that allows it.
My phone is encrypted and you would need two different passwords and my fingerprint to use it. I can't stop someone resetting it if they try hard enough, but no normal thief will get any data off it.
I don't know if my password managers would share credentials with someone else because I don't, and wouldn't ever, do it.
I still worry.
[all pretty simple to use and maintain, somewhat of an a*** to set up)
|