Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 12-30-2014, 02:51 PM   #41
Full time employment: Posting here.
GalaxyBoy's Avatar
 
Join Date: Jul 2009
Location: The Beautiful Blue Ridge Mountains
Posts: 853
Another keepass user, plus minikeepass on the iphone. I keep my encrypted database in the cloud, so I'm using the same database on the home pc, the work pc, the ipad and both iphones.

Another plus is that there's a version that doesn't need to be installed so it can even be run off a thumb drive. That was handy when megacorp wiped all non-approved software off my work machine the other week.

Edit: I checked and I have 150 entries in the database, including 36 work-related entries that will go away once I RE.

Plus: I got a chuckle the other day when I called the local library because I was having login troubles. When the librarian logged into my account I heard a long pause, then she said to someone near her desk, "What's that ? It can't be his password!" Then I knew I had forgotten that I'd used keepass to generate a random password. She didn't know quite what to make of something like ilO,p!HnTpvNP.X@HnRD as a password!
__________________

__________________
GalaxyBoy is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 12-30-2014, 03:08 PM   #42
Thinks s/he gets paid by the post
sengsational's Avatar
 
Join Date: Oct 2010
Posts: 3,837
That's poor practice if they can see your password, luckily it's only preventing someone from checking out books in your name. The best practice is for them to only keep a salted hash of the password. That's why most of the time, the password reset process involves them creating a new password, sending it to you, and then you are forced to change it.
__________________

__________________
sengsational is offline   Reply With Quote
Old 12-30-2014, 03:25 PM   #43
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,686
Thanks Sengsational, that was a good description of what's going on with LastPass.
__________________
Lsbcal is online now   Reply With Quote
Old 12-30-2014, 06:12 PM   #44
Full time employment: Posting here.
 
Join Date: Aug 2007
Posts: 892
I used Keepass, but found it cumbersome. I moved over to LastPass about a year ago and have been very happy. I pay the $10/year, since I use it on multiple devices and want to support its development.

I'd also recommend enabling two factor authentication. This way even if somebody does figure out my LastPass password, they still can't get to my other passwords.
__________________
Eat, Drink and Be Merry.
tulak is offline   Reply With Quote
Old 12-30-2014, 09:31 PM   #45
Full time employment: Posting here.
 
Join Date: Sep 2012
Location: San Jose
Posts: 607
Quote:
Originally Posted by davef View Post
I just got the Yubikey, a Google product, that works with Lastpass and Chrome.
I think YubiCo is a separate company. Per their website, they're privately held: https://www.yubico.com/about

I think the YubiKey works with several other companies' products, like Google's and LastPass', but YubiCo is a separate company from them.
__________________
LoneAspen is offline   Reply With Quote
Old 12-30-2014, 09:40 PM   #46
Full time employment: Posting here.
GalaxyBoy's Avatar
 
Join Date: Jul 2009
Location: The Beautiful Blue Ridge Mountains
Posts: 853
Quote:
Originally Posted by sengsational View Post
That's poor practice if they can see your password, luckily it's only preventing someone from checking out books in your name. The best practice is for them to only keep a salted hash of the password. That's why most of the time, the password reset process involves them creating a new password, sending it to you, and then you are forced to change it.
I couldn't agree more, and that experience reinforced in me why it's so important not to use the same password for all accounts.
__________________
GalaxyBoy is offline   Reply With Quote
How do you keep track of passwords?
Old 12-31-2014, 03:41 AM   #47
Full time employment: Posting here.
gcgang's Avatar
 
Join Date: Sep 2012
Posts: 928
How do you keep track of passwords?

I always use the same password for non financial sites.
__________________
In theory, there's no difference between theory and practice. In practice, there is. YB
gcgang is online now   Reply With Quote
Old 12-31-2014, 12:12 PM   #48
Recycles dryer sheets
Cat-tirement's Avatar
 
Join Date: Mar 2013
Posts: 188
1Password, but I don't copy or sync it through any cloud service. In case of disaster and something happening to me, DW has my master password in her 1Password, and vice versa. I also have our master passwords on paper (but not identified) buried in a file cabinet as an additional fallback. My multiple redundant backup scheme also assures that our encrypted password files are never lost.
__________________
How can you tell when a cat is retired?
Cat-tirement is offline   Reply With Quote
Old 06-15-2015, 06:30 PM   #49
Full time employment: Posting here.
 
Join Date: Jul 2011
Posts: 573
Quote:
Originally Posted by LoneAspen View Post
I think YubiCo is a separate company. Per their website, they're privately held: https://www.yubico.com/about

I think the YubiKey works with several other companies' products, like Google's and LastPass', but YubiCo is a separate company from them.
I stand corrected. Thanks!
__________________
davef is offline   Reply With Quote
Old 06-15-2015, 08:39 PM   #50
Thinks s/he gets paid by the post
 
Join Date: Jan 2008
Posts: 1,495
Quote:
Originally Posted by kiki View Post
I used Keepass, but found it cumbersome. I moved over to LastPass about a year ago and have been very happy. I pay the $10/year, since I use it on multiple devices and want to support its development.

I'd also recommend enabling two factor authentication. This way even if somebody does figure out my LastPass password, they still can't get to my other passwords.
Nope. Didn't find Keepass cumbersome at all; in fact, just the opposite, quite easy and robust. Lastpass, OTOH, has been breached, as they found "suspicious activity" on their network.

See this: https://blog.lastpass.com/2015/06/la...y-notice.html/

I predicted this and that's why I went with Keepass; info stays in my control.
__________________
Options is offline   Reply With Quote
Old 06-15-2015, 08:52 PM   #51
Full time employment: Posting here.
 
Join Date: Jul 2011
Posts: 573
Lastpass hacked. This is why I elected not to use the cloud for password storage. (Having said that, I think it is impossible to be "safe". I heard on NPR 60-80% of SS numbers are already compromised). I am using 2-factor as much as possible for the sites where I can.

If you use LP, I suggest you open the link as they have suggestions for how to proceed.

Time to change your master password, LastPass was hacked
__________________
davef is offline   Reply With Quote
Old 06-16-2015, 08:47 AM   #52
Thinks s/he gets paid by the post
 
Join Date: Sep 2012
Location: Seattle
Posts: 2,906
I try to remember a few passwords, those I use quite often. The rest I keep on two pieces of paper, torn in half (half of the password on each page). I have these squirreled away in different locations.
__________________
Fermion is offline   Reply With Quote
Old 06-16-2015, 09:39 AM   #53
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,284
I've been using a system for probably two years now, and it is working well for me. No reliance on any tech. I usually find that a system that starts out OK sometimes falls apart after 6 months or so, so I'm confident this one is 'here to stay' for me. Here's a basic description of my system, you could modify in many ways for your own use:

A) I created a prefix that is ~ 5 char long, a mix of upper case, lower case, and numbers.

B) I created a suffix that is ~ 5 char long, lower case (to avoid multiple SHIFT key operations) and numbers.

C) A & B are committed to memory (also written down away from the computer) - they are short enough and the mnemonic is easy for me to remember.

D) For every site that I feel I need security, I have a log of the site address (or just a reminder of what it would be), and I create a unique, short, simple 'key' for that site - like local bank might be "lclbnk" - I write down that "key", as "-lclbnk-" and it is of no use to anyone, because the actual PW is my prefix&lclbnk&suffix. And the combined PW is pretty complex, yet simple to recall.

E) For sites where I don't really care about security, I use a common, easy to remember and type PW with a mix of U/L and numbers, so it works at almost every site.

Works for me.

-ERD50
__________________
ERD50 is online now   Reply With Quote
Old 06-16-2015, 09:53 AM   #54
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,891
I use a password program which keeps an encrypted file on the computer. Passwords randomly generated.

No way could I use a mnemonic. One problem with that is that some sites require a special character. Others do not. Some want at least 8 chars. Some want longer. Too taxing for me .

Of course, the risk in having the passwords on a file, nothing is safe from theft and decryption (just ask the British spies from the decrypted Snowden files ).
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 06-16-2015, 10:25 AM   #55
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,891
Another security measure I've been taking is putting better challenge question answers.

For example, to reset a password using an answer like "Spot" as the name of your first is kind of self-defeating .

So, instead of "Spot", I'd use "Spot" plus a randomly generated pin number.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 06-16-2015, 10:27 AM   #56
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,284
Quote:
Originally Posted by easysurfer View Post
...

No way could I use a mnemonic. One problem with that is that some sites require a special character. Others do not. Some want at least 8 chars. Some want longer. Too taxing for me . ...
I've had almost zero problems with my method (if that was directed to my post). Since my prefix and suffix combined use both upper and lower case and numbers, the short 'key' can contain a 'special' char (like "#") if required ("lclbnk#"). I don't use 'special' chars in the prefix/suffix, in case the site does not allow those.

The only problem I've had is my combo was too long for one site (odd as the prefix-suffix combined are only 8-10 chars) - so for that one, I just dropped the suffix, and my cheat sheet just says " - mykey", instead of " - mykey - ".

EZ, and the complete passwords do not exist in any form. The prefix and suffix are not stored on my computer, or on any paper near the 'keys'.


-ERD50
__________________
ERD50 is online now   Reply With Quote
Old 06-16-2015, 10:46 AM   #57
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,334
2nd factor authentication is, alas, still necessary, as the bad guys are developing ways of intercepting passwords. Obviously, local hoodlums won't crack them, but organized crime and malevolent governments may have that power in the future
.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 06-16-2015, 10:46 AM   #58
Full time employment: Posting here.
 
Join Date: Aug 2007
Posts: 892
I use Lastpass.

I also save my password in the web browser for non-essential sites.
__________________
Eat, Drink and Be Merry.
tulak is offline   Reply With Quote
Old 06-16-2015, 11:08 AM   #59
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,891
Quote:
Originally Posted by ERD50 View Post
I've had almost zero problems with my method (if that was directed to my post). Since my prefix and suffix combined use both upper and lower case and numbers, the short 'key' can contain a 'special' char (like "#") if required ("lclbnk#"). I don't use 'special' chars in the prefix/suffix, in case the site does not allow those.

The only problem I've had is my combo was too long for one site (odd as the prefix-suffix combined are only 8-10 chars) - so for that one, I just dropped the suffix, and my cheat sheet just says " - mykey", instead of " - mykey - ".

EZ, and the complete passwords do not exist in any form. The prefix and suffix are not stored on my computer, or on any paper near the 'keys'.


-ERD50
No. Wasn't directed to your post. What works fine for one person doesn't for another.

I have a brother who uses the one password method. . You know, the same password across accounts. But he really doesn't use the computer for stuff like online banking. So, I guess things balance out.
__________________

__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Yahoo Passwords Hacked easysurfer Other topics 8 07-12-2012 06:57 PM
Keeping passwords safe summer2007 FIRE and Money 46 03-21-2008 12:34 PM
Default passwords cute fuzzy bunny Other topics 0 02-22-2006 11:13 AM
Website to Borrow Passwords? haha Other topics 9 06-23-2005 12:09 PM

 

 
All times are GMT -6. The time now is 09:34 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.