Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Online passwords!!!
Old 06-08-2016, 07:29 PM   #41
Full time employment: Posting here.
 
Join Date: Aug 2009
Posts: 522
Online passwords!!!

Quote:
Originally Posted by easysurfer View Post
Glad the system works for you. For me, I prefer to just create my passwords with a random generator without any specific pattern. Using something like your example, my memory isn't good enough without effort.



For example, for Schawbb, I'd be asking myself "Was that swb? or Sch? or Swbb?" You get the idea.

I use something similar to ERD. I solve your example by always using the 1st, 3rd and 6th letter of the url. E.g., schwab.com would be shb etc. you could make it more complex by adding a number as a prefix which might be the position of the first letter of the name in the alphabet, or something like that. Then it would be 19shb. Then of,course you could be really geeky and convert the number 19 to hexadecimal and then it would be 13shb.

As long as it's rule based, then you won't forget ..as long as u don't forget the rule


Sent from my iPad using Early Retirement Forum
__________________

__________________
bmcgonig is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 06-08-2016, 08:31 PM   #42
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,885
Quote:
Originally Posted by bmcgonig View Post
I use something similar to ERD. I solve your example by always using the 1st, 3rd and 6th letter of the url. E.g., schwab.com would be shb etc. you could make it more complex by adding a number as a prefix which might be the position of the first letter of the name in the alphabet, or something like that. Then it would be 19shb. Then of,course you could be really geeky and convert the number 19 to hexadecimal and then it would be 13shb.

As long as it's rule based, then you won't forget ..as long as u don't forget the rule


Sent from my iPad using Early Retirement Forum
I guess that would work as even if you happen to have a site with the 1st, 3rd, and 6th letter the same, that's probably a rare exception of having the same password for different sites. Do you commit the passwords to memory? Hmm...what happens when a site changes url? Do you update to use the new 1st, 3rd and 6th letters? Seems like a lot of effort to me.

But, I'm glad the system works for you. Knowing me, definitely I'd forget the rule .
__________________

__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Online passwords!!!
Old 06-08-2016, 09:11 PM   #43
Full time employment: Posting here.
 
Join Date: Aug 2009
Posts: 522
Online passwords!!!

Quote:
Originally Posted by easysurfer View Post
I guess that would work as even if you happen to have a site with the 1st, 3rd, and 6th letter the same, that's probably a rare exception of having the same password for different sites. Do you commit the passwords to memory? Hmm...what happens when a site changes url? Do you update to use the new 1st, 3rd and 6th letters? Seems like a lot of effort to me.

But, I'm glad the system works for you. Knowing me, definitely I'd forget the rule .

I don't think I've ever used a site that has changed urls..ever

No. I commit the rule to memory, that's the idea, one rule for a million sites.


Sent from my iPad using Early Retirement Forum
__________________
bmcgonig is offline   Reply With Quote
Old 06-08-2016, 09:15 PM   #44
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,885
Quote:
Originally Posted by bmcgonig View Post
I don't think I've ever used a site that has changed urls..ever

No. I commit the rule to memory, that's the idea, one rule for a million sites.


Sent from my iPad using Early Retirement Forum
Didn't HSA Adminstrators change urls with all their turnover of new custodians over the past few years? That's a site that came to mind. Anyhow, glad you like your password system.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 06-08-2016, 09:18 PM   #45
Full time employment: Posting here.
 
Join Date: Jul 2011
Posts: 573
Quote:
Originally Posted by Options View Post
After the massive attack of heartbleed bug a couple years ago, I started using the password manager Keepass. It has given me tremendous peace of mind, means I don't have to remember any passwords, and greatly reduces the time needed to access my protected sites. Keepass is locally stored (versus stored in the cloud like password manager lastpass). I don't store the password manager on my computer, but rather on four identical back-up thumb drives, two of which are protected behind an encrypted vault and kept at home, and two further back-up drives which are not encrypted are kept in my safe deposit box.

Keepassgenerates all of my passwords of a length as long as any site will allow (all of my passwords are very long and complex) and Keepass is only accessible with one global password, which I do not have written down anywhere. I've tested this global master password and it would take almost a hundred thousand years for my password manager to be hacked. The only two people know in the world know the global password are myself and my executor.

I would never use any password that is only eight words long, nor would I use one that doesn't contain numbers, special characters, and upper and lower case characters. Experts have advised strongly against using any password for more than one account, as this is one of the first things hackers look for. There has been considerable debate regarding password managers that are locally stored (as in on one's hard or thumb drive) versus stored in the cloud; however, I am personally extremely uncomfortable with cloud-based password managers and would never use them.
This is exactly what I do! My only addition is I use two factor as well on many accounts.

I have been convinced by people who know more than I do about this, that breaking passwords will work for the thief since they use sophisticated computers that can try infinite combinations. I am also convinced that some passwords, yours and mine, have been stolen already. Thieves have so many passwords that they may not have gotten to the ones in their inventory. Complicated passwords just take more time to break. Changing passwords means thieves need to start fresh. I think this is the key reason to change passwords frequently and to make major changes vs a character here and there.
__________________
davef is offline   Reply With Quote
Old 06-08-2016, 09:22 PM   #46
Thinks s/he gets paid by the post
 
Join Date: Mar 2010
Location: Kerrville,Tx
Posts: 2,712
Quote:
Originally Posted by easysurfer View Post
Another tip, don't have a simple answer to those password challenge questions.

For example, don't have a 16 character complex password and then answer "Spot" to "What's your dog's name?". Your dog Spot won't get offended .
Another question issue, if your mother has passed on, her obituary will contain her maiden name and your name since the survivors are often listed.
__________________
meierlde is offline   Reply With Quote
Old 06-08-2016, 09:24 PM   #47
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,278
Quote:
Originally Posted by bmcgonig View Post
I don't think I've ever used a site that has changed urls..ever

No. I commit the rule to memory, that's the idea, one rule for a million sites.


Sent from my iPad using Early Retirement Forum
I'm sure I've seen some of mine change the url. Their 'home' may be the same, but the page I want to get to directly to log in to the account changes. And sometimes not always easy to find from the home page, or takes a few extra clicks.

But I'll start looking, maybe mine are all a very basic start page now, it would help to have it rule based, But, whooops - just thought of something...

I put any required 'special chars' in the unique part of my 'prefix-suffix' system. I do that, because it seems that it isn't always the same set that are allowed/required, so they can't go in the common part. So that could mess up the 'rule'?

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 06-08-2016, 09:30 PM   #48
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,677
I have run into sites that force a password update. Or they force a new password criteria. Then I had to change my PW rules or create an exception. Too much memory work for me.

My lastpass vault has 94 sites in it. Some are ancient.
__________________
Lsbcal is offline   Reply With Quote
Old 06-08-2016, 10:05 PM   #49
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,885
Quote:
Originally Posted by meierlde View Post
Another question issue, if your mother has passed on, her obituary will contain her maiden name and your name since the survivors are often listed.
My answers have nothing to do with the questions and contain randomly generated numbers. Just because the challenge questions ask certain particular questions doesn't mean you have to answer them accordingly .
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 06-08-2016, 11:20 PM   #50
Full time employment: Posting here.
 
Join Date: Aug 2009
Posts: 522
Quote:
Originally Posted by ERD50 View Post
I'm sure I've seen some of mine change the url. Their 'home' may be the same, but the page I want to get to directly to log in to the account changes. And sometimes not always easy to find from the home page, or takes a few extra clicks.



But I'll start looking, maybe mine are all a very basic start page now, it would help to have it rule based, But, whooops - just thought of something...



I put any required 'special chars' in the unique part of my 'prefix-suffix' system. I do that, because it seems that it isn't always the same set that are allowed/required, so they can't go in the common part. So that could mess up the 'rule'?



-ERD50

Yes. I go only to the home page, and navigate from there. Otherwise they're always changing

It would mess up the rule I guess. Personally I haven't come across a site that causes me issues....yet.


Sent from my iPad using Early Retirement Forum
__________________
bmcgonig is offline   Reply With Quote
Old 06-09-2016, 12:30 AM   #51
Thinks s/he gets paid by the post
Sunset's Avatar
 
Join Date: Jul 2014
Location: Chicago
Posts: 4,727
Quote:
Originally Posted by Rustic23 View Post
I use Lastpass. While my Lstpass password is OK, it is not really that strong. It is based on an 18 character phrase using capital letters and some special characters.

I have an idea for a even stronger one. Something like this.

%s#!jfN9RxY2AwhWfEShxk5y

Now, I would never be able to remember this much less type it. However, I have access to a website. I could also use a free google site. I have thought of putting the password on an html and putting it online with no reference as to what it was for. Bring up the site, and copy paste. I have multiple gmail accounts, so it would be one I seldom use.

Thoughts?
You would not have access to it when that site , even gmail went down.
How about making a couple of image files on your computer, with a special name.
Then you simply copy the image file name + another image file name + a simple phrase "MomLovesMeTheBest".

So it could be like:
IMG_20160119_164443.jpgStates_for_Retirement.jpgMo mLovesMeTheBest
__________________
Sunset is online now   Reply With Quote
Old 06-09-2016, 07:41 AM   #52
Recycles dryer sheets
 
Join Date: May 2011
Location: Twin Cities
Posts: 434
Like others I use keepass for any password with financial implications. I honestly don't even know what my passwords are as I let keepass auto generate random strings and then just do a copy/paste to those sites whenever I need to log in.

For everything else I do keep an Excel document with non-important passwords. I probably have 200+ places I've set up accounts at. Most of them are different from each other but having the Excel doc is certainly a risk.
__________________
Fishingmn is offline   Reply With Quote
Old 06-09-2016, 09:01 AM   #53
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,278
Quote:
Originally Posted by W2R View Post
That is SO COOL!!! I really, really like your prefix & suffix method and I am so impressed. I had never heard of that idea before. It seems ingenious to me, so much so that I might switch over to that method. I tried password software but do not like depending on it.
Thanks. And if you like that, maybe some day I'll share how I chose a new email address, one that I could reliably give over the phone with little chance of a mix up.

BTW, I was thinking that rather than prefix-(unique)-suffix, I could just use a longer prefix. But one of the sites limited the length of the password to something shorter than my prefix-suffix alone! But that was easily handled. On that site, my cheat sheet just says something like:

mybank --- lclb$ (nada)

instead of my usual:

mybank --- lclb$ ---

Where the "---" marks the prefix or suffix is to be added.

I mentioned this has worked for me for about 3 years, as I often find that many systems that I come with (for anything, not just computers, passwords, etc), seem great at first, but fade away after a year. Something makes them not as great as first thought.

I need to start doing a similar thing for those pesky challenge questions. APPLE123Timbuktu would be a better answer than just Timbuktu, and again, I can just write it down as ---Timbuktu.

And as noted, best to sub a more complex random string, but still easily remembered and typed (try it! - keep caps sequential for example). An earlier suggestion was the first letters of the words to a song or phrase. But be careful! I found a list of 64,000 common passwords, and I was surprised to find fsa7ya in that list! Spolier .... scan down, and highlight for the answer....






(Highlight for answer)
Four Score And 7 Years Ago
(/Highlight for answer)

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 06-09-2016, 09:14 AM   #54
Thinks s/he gets paid by the post
ExFlyBoy5's Avatar
 
Join Date: May 2013
Posts: 1,977
This thread has resulted in me spending an inordinate amount of time trying to "secure" my passwords. I elected to download Dashlane since it has pretty darn good reviews but so far, it has been a huge pain in my arse. The "auto changer" doesn't work at all and I can't seem to figure out why. Even trying to change them manually is being a pain. It has divided Amazon into 3 different accounts (retail site, seller site and video site) and I have had to spend about 20 minutes just going in and making them all match. I know I am getting older which means I will become more and more technically challenged, but this is ridiculous.

So, I think I am going to use the password generator and just manually change the websites that REALLY matter (financial, etc.) and forget the rest of them since the automated process just doesn't work very well. If someone wants to hack into my forum account...more power to them.

I would say over the last two days, I have spent about 6 hours on this. Damn good thing I am retired!
__________________
Founder and Head Lounger @ The Life of Leisure Institute
Retired in 2014 at the Ripe Age of 40.
ExFlyBoy5 is offline   Reply With Quote
Old 06-09-2016, 09:19 AM   #55
Administrator
W2R's Avatar
 
Join Date: Jan 2007
Location: New Orleans
Posts: 38,860
Thanks, ERD50. Great food for thought and honestly I think this is the most ingenious solution to the password issue that I have ever seen. I can keep the three letter "middle" part written down in my password protected Excel file, without worrying about how easy it would be for hackers to break into it. Even if they did, it wouldn't do them any good.
__________________
Already we are boldly launched upon the deep; but soon we shall be lost in its unshored, harbourless immensities.

- - H. Melville, 1851
W2R is online now   Reply With Quote
Old 06-09-2016, 09:40 AM   #56
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,885
Quote:
Originally Posted by FlyBoy5 View Post
This thread has resulted in me spending an inordinate amount of time trying to "secure" my passwords. I elected to download Dashlane since it has pretty darn good reviews but so far, it has been a huge pain in my arse. The "auto changer" doesn't work at all and I can't seem to figure out why. Even trying to change them manually is being a pain. It has divided Amazon into 3 different accounts (retail site, seller site and video site) and I have had to spend about 20 minutes just going in and making them all match. I know I am getting older which means I will become more and more technically challenged, but this is ridiculous.

So, I think I am going to use the password generator and just manually change the websites that REALLY matter (financial, etc.) and forget the rest of them since the automated process just doesn't work very well. If someone wants to hack into my forum account...more power to them.

I would say over the last two days, I have spent about 6 hours on this. Damn good thing I am retired!
Some password managers are a bit overkill which kind of defeats the purpose.

For saving passwords, I don't separate by groups as I think that's just extra wasted effort. I can see perhaps, a group for work, another for personal. But for me, I don't distinguish say "games" vs "finances" groups for passwords.

Too many features at the price of simplicity. I'm happy with Password Corral (Windows only, though I also have it working on my Linux laptop). Password Corral isn't as popular as some of the others, but I think has a good interface, allows for copy/paste of user id/passwords, has freehand "comments" section for adding thing like the Q & A of those darn challenge questions, stored locally as encrypted file. Plus, it is free. I used to use Password Safe (among others), but IMO, found Password Corral easier to use.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 06-09-2016, 10:02 AM   #57
Thinks s/he gets paid by the post
ExFlyBoy5's Avatar
 
Join Date: May 2013
Posts: 1,977
Quote:
Originally Posted by easysurfer View Post
Some password managers are a bit overkill which kind of defeats the purpose. Too many features at the price of simplicity.
I think that's the issue I *had* with it. Just logging onto a page required 2 or 3 separate clicks and it just complicated things. I have a list of passwords that haven't been changed in a while and I will deal with that in the next couple of days. I am going to my old way, just make them a bit longer and add in a couple extra special characters.
__________________
Founder and Head Lounger @ The Life of Leisure Institute
Retired in 2014 at the Ripe Age of 40.
ExFlyBoy5 is offline   Reply With Quote
Old 06-09-2016, 10:10 AM   #58
Thinks s/he gets paid by the post
zinger1457's Avatar
 
Join Date: Jul 2007
Posts: 1,452
Because of the OPM hack they offered free monitoring with MyIDCare so I signed up. Got a notice last week that my email address and password has shown up on a list that the bad guys sell. No details were provided on what web site the email address and password were taken from, I rarely use my email address to login to any accounts. They didn't even show the password, just a string of asterisks. I use LastPast to manage my passwords so it was easy to go in and search for all my accounts with my email as a login, then went out and changed all the passwords. I use the LastPass password generator to create the passwords so they are all very secure and unique, never use the same one on multiple site.
__________________
zinger1457 is offline   Reply With Quote
Old 06-09-2016, 11:55 AM   #59
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,885
Quote:
Originally Posted by FlyBoy5 View Post
I think that's the issue I *had* with it. Just logging onto a page required 2 or 3 separate clicks and it just complicated things. I have a list of passwords that haven't been changed in a while and I will deal with that in the next couple of days. I am going to my old way, just make them a bit longer and add in a couple extra special characters.
Feeling the complexity in the past, I thought about just creating a spreadsheet that I can encrypt and cut and paste. But then for security, I'd have to encrypt/decrypt back and forth. Plus, sorting too.

I like Password Corral because it kind of looks like a spreadsheet and my password list is sorted by descriptions I use (for example, Amazon ... to Yahoo). Just checked and I happen to have exactly 200 entries. I can easily scroll through my list. As mentioned earlier, I don't use groups as that would just complicate things as I prefer to go through my list A through Z, non-grouped.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 06-09-2016, 12:22 PM   #60
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,278
Quote:
Originally Posted by easysurfer View Post
Glad the system works for you. For me, I prefer to just create my passwords with a random generator without any specific pattern. Using something like your example, my memory isn't good enough without effort.

For example, for Schawbb, I'd be asking myself "Was that swb? or Sch? or Swbb?" You get the idea.
Quote:
Originally Posted by easysurfer View Post
Feeling the complexity in the past, I thought about just creating a spreadsheet that I can encrypt and cut and paste. But then for security, I'd have to encrypt/decrypt back and forth. Plus, sorting too.
...
But you see, because I don't keep the (easily remembered) prefix and suffix together with the unique 'key' for each site, I just keep the keys written down right by the computer.

There's really only about 5 or 6 sites that I regularly check with this more secure system (plus maybe a dozen more that I don't access regularly), so those got memorized really quickly, and I can glance at the sheet if I need. No clicks, no web site access, no digging up and sorting/scrolling from a spreadsheet.

I use a simpler, common one for sites where I don't really care about security that much.

-ERD50
__________________

__________________
ERD50 is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Yahoo Passwords Hacked easysurfer Other topics 8 07-12-2012 06:57 PM
Keeping passwords safe summer2007 FIRE and Money 46 03-21-2008 12:34 PM
Default passwords cute fuzzy bunny Other topics 0 02-22-2006 11:13 AM
Website to Borrow Passwords? haha Other topics 9 06-23-2005 12:09 PM

 

 
All times are GMT -6. The time now is 12:30 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.