Warning: angry rant below
So I lost lost the Username and Passwords to all my 3 credit bureau accounts, and also the email account, this appened like earlier this year, (or maybe last year not sure… anyways…). I didn’t bother resetting at the time since I didn’t need to get a credit card or loan or anything.
But today I decided to reset those accounts to check my credit. So I started with calling Experian to try to reset the account. So right away, I’m already mildly annoud that a fucking automated voice Bot took the call and then on top of that, they fucking played a fake “keyboard typing” sound to mimic a human typing on a keyboard after every response 🤦♂️, like yo I know its a bot, stop with this BS. So it asks what I need help with, “accessing account”, okay it asks for SSN and zip code, okay gave that, then this bot just sent a reset to my email, WHICH I DONT HAVE ACCESS TO!!!, okay no problem, I’ll just talk to a person, “talk to a representative”, okay this is the most infuriating part, bot says “I’M SORRY, I’M ONLY ABLE TO DO THAT IN LIMITED CIRCUMATANCES” (paraphrased, I don’t remember the exact wording)… excuse me what the fuck, this audacity of this fucking bot, I say it again, but the only 2 options are “continue” with the automatic self-help system, or “end call”… MOTHERF****R 🤬🤬🤬
Jesus Fucking Christ, who gave these stupid “Credit Bureaus” their authority?
I see a future of:
“Hello 911, please send an ambulance, I’m dying.”
Bot: “Sorry, not blood detected, unable to dispatch an ambulance”
dude was having a heart attack, of course no blood was detected
Did you not write it down? I write mine down and put in the safe.
I put mine on a Post-It on my monitor with my other passwords
You laugh but it is often much easier for people to understand physical security especially for older people. They can get a small notebook and then guard it.
It’s funny because it’s true.
If your home threat model involves people breaking in and having physical access to your personal computer, then you have bigger problems than them getting your passwords. There’s really no reason you can’t just write them down.
Precisely. Once they reach the dungeon, they’ve already passed all the really nice stuff anyway. Besides, at this point it’s easier to just hack my accounts the old-fashioned way.
I don’t have a safe to put the password in, and I’m too skeptical of my family to just have it in plaintext.
But now I found a solution, a compromise, instead of writing the actual master password, I paid for premium so that I can set up emergency access and make my secondary account as the trusted contact, then put the username and password to this secondary user on a piece of paper in plain text and even write “Bitwarden Emergency Access” on it.
Even if a snooping family member got it, they wouldn’t be able to access my vault, I set the timer to at least 2 weeks, and I check the emergency contacts webpage every few days to make sure the timer hasn’t started ticking. If I ever get an email, or check the page and see the emergency access request being made, I’ll know I have to confront someone.
And meanwhile, this also protect me in case I forget the master password to the main account, or like have anmesia or something. The drawer is a prominent visible place, so even if I lose my memory, I’d probably be looking for clues and find the paper with the log in info. Then wait 2 weeks and voila!
I love the Emergency Access feature, what a wonderful Idea! I wish I used it the first time.
It sounds like you have this sorted now, but I will share my tip anyway.
My master password was a randomly generated pass phrase of a few words, such as what you can generate with Bitwarden’s password generator set to “passphrase”
Using an example I’ve just generated with that tool, if I had decided on a master password of “Daily-Exorcist-Nappy-Cornmeal”, then I would generate a few more passwords and write those down too. So I’d have a list that might look like this:
snowman
daily
uncanny
backer
exorcist
thinner
showoff
nappy
cornmeal
nifty
(I have bolded the words belonging to the actual master password from my example above, but obviously that’s not how it’d be written down. To remember that the passphrase has the words separated by hyphens, you could draw dashed lines around the list, like a decorative border. Here, I have also written words all in lowercase, even though the password has uppercase. (Though I would advise keeping the passphrase in the correct order, as I have in this example, because it’s easy to pick out the correct four words from a list like this, but harder to remember the right order for them).
I don’t have a safe either, but writing things down like this felt like a sufficient level of security against snooping family and the like. Though like I say, it seems like you’ve resolved this differently, so this is more for others who may stumble across this than for you.
I agree with you that the emergency access feature is great. A couple of years ago, my best friend died and I ended up being a sort of “digital steward” of all his stuff, because I was his tech guy and he had shitty passwords that I couldn’t convince him to change. In the end, his laziness meant we got to preserve some digital mementos that would otherwise be lost (such as his favourite decks on Magic:Arena). At the time, I was using a personal system to generate and remember passwords, and I was shaken to consider how much would be lost if I died. I feel far more at ease now with the Emergency Access feature from Bitwarden Premium (I also like being able to use Bitwarden for 2FA codes). I’m sorry that you had the unfortunate experience of being locked out of your stuff, but I’m glad you were able to secure yourself such that you’re protected from that in future.
I just keep my master password written on a piece of paper tucked into my wallet.
That… seems insecure…
I hope nobody just steal the paper and your entire digital identity.