password safety

[frank]

I was wondering how most folks here store there passwords for all the sites used. I have a paper tablet where I physically write down passwords and security phrases for different acccounts. I think there should be some way to save it on my computer and have it password protected. any suggestions? thanks

frank

 

[braumeister]

https://1password.com

Easy and safe.

 

[frank]

what does it cost after the 6 month free trial?

 

[savory]

There have been at least 2 discussions on this. I have responded on those threads. You may want to review them. I am confident you will get an answer and be confused at the same time

 

[W2R]

I was wondering how most folks here store there passwords for all the sites used. I have a paper tablet where I physically write down passwords and security phrases for different acccounts. I think there should be some way to save it on my computer and have it password protected. any suggestions? thanks

frank

ERD50 explains his appealing method for creating strong passwords that are easy to remember or store on your computer safely:

http://www.early-retirement.org/forums/f27/those-pesky-security-questions-82952.html#post1765353

 

[EastWest Gal]

Many passwords expire every 3-6 months. A trick I do is stick a 4 digit number in the middle of my chosen password. That number is the month and day I changed the password. For example, if I change a password today, I put the number 0909 in the middle of it. That way I am not surprised when it is time to change it again.


Sent from my iPhone using Early Retirement Forumle
Wm

 

[FIREmenow]

Lastpass

 

[easysurfer]

I was wondering how most folks here store there passwords for all the sites used. I have a paper tablet where I physically write down passwords and security phrases for different acccounts. I think there should be some way to save it on my computer and have it password protected. any suggestions? thanks

frank

I use password management software with randomly generated passwords and security answers.

If you don't want to go that route but still want to store on your computer, how about storing on a spreadsheet then using encrypting software that encrypts the spreadsheet with a master phrase or password?

I still prefer to use a password manager program. But the encrypted spreadsheet way doesn't seem that different than your paper tablet method.

 

[gauss]

I finally broke down and have been storing everything in LastPass.

I feel now that having a centralized list of accounts/passwords that could be quickly changed if needed outweighs the risk of using such a system.

I held off for quite some time before doing this.

-gauss

 

[tulak]

LastPass. I pay $12/year for their premium service. Works great.

 

[ChiliPepr]

Lastpass

+1

I now do not remember any of my passwords. (Except the password to LastPass!!!)

 

[MichaelB]

I use LastPass. In addition to storing username and PW, it also has a "secure notes" section to store other access information, like Q&A's to the "secret questions" some websites persist in using.

Access to my LastPass file is a critical component of my "what if" plan. Should I be incapacitated or die, the family member that takes charge will immediately have all the access info he / she needs to immediately take charge of financial matters while things get sorted out.

 

[Sojourner]

I still haven't gotten comfortable with trusting all of my passwords to an online and potentially hackable service like LastPass. I'm probably being somewhat irrational about the risks (kind of like a fear of flying), but I'm comfortable with the system I use and find it to be pretty convenient. I store all my passwords locally in a program called Password Agent Lite, and then I use replication software to keep the program data sync'ed between my desktop and laptop and other devices.

 

[GalaxyBoy]

keepass

 

[Sunset]

keepass

+1

works on most operating systems and is free, you can put it on a thumb drive to keep it separate from computer and you can make backups easy.

 

[Lsbcal]

LastPass. I pay $12/year for their premium service. Works great.

I agree. Will add that if you have a phone with fingerprint reader then it is super easy to get at your info either to (1) look up the login/password, or (2) to inject the login/password into one of your banking apps.

 

[tulak]

I agree. Will add that if you have a phone with fingerprint reader then it is super easy to get at your info either to (1) look up the login/password, or (2) to inject the login/password into one of your banking apps.

TouchID integration is excellent with LastPass.

As for those worried about passwords being secure, it's all about layers. I assume that somebody might get my password (unlikely) and make sure that if it happens, I'm still protected.

 

[FIREmenow]

I still haven't gotten comfortable with trusting all of my passwords to an online and potentially hackable service like LastPass. I'm probably being somewhat irrational about the risks (kind of like a fear of flying), but I'm comfortable with the system I use and find it to be pretty convenient. I store all my passwords locally in a program called Password Agent Lite, and then I use replication software to keep the program data sync'ed between my desktop and laptop and other devices.

You have a master password that is used as a key to encrypt all of your other 12+ digit passwords for all of your sites. Lastpass does not have access to this, so they do not have all of your other passwords.

Private Master Password
The user’s master password, and the keys used to encrypt and decrypt user data, are never sent to LastPass’ servers, and are never accessible by LastPass.

 

[mpeirce]

When using Apple phones and computers you can use the integrated Keychain. It's shared across your iPhone, iPad, and macintosh computers. And it's free once you own the devices.

I use if for almost all my passwords and it works virtually flawlessly.

I do keep my most important accounts (where I keep my largest balances) committed to memory - not stored on the computer, not written down. It's only a couple, so it's doable.

 

[upset264]

I keep everything in an Excel spreadsheet that is password protected. Even then I use *** for some of the characters that I know for sure.

 

[Chuckanut]

Here's one person's view on Lastpass. Search for 'Even the ipad' to get close to the starting point.

https://www.grc.com/sn/sn-256.htm

 

[Sunset]

I keep everything in an Excel spreadsheet that is password protected. Even then I use *** for some of the characters that I know for sure.

I had used this too a number of years ago, and then I forgot the password

I spent a couple of days trying to remember it, then I downloaded a hacker program told it to start with the minimum number of characters I would have used and set it running.

In 2 days it cracked the Excel password and I could use my spreadsheet of passwords.

Then of course I worried what if someone ever stole my laptop

 

[Lsbcal]

...
In 2 days it cracked the Excel password and I could use my spreadsheet of passwords.

Then of course I worried what if someone ever stole my laptop

I am guessing that your password was not many characters long and did not contain some of these: numbers, special characters, and caps. Also one would not want to use words in a dictionary.

I've used the Excel spreadsheet in the past too. My password was 15 characters with some of those constraints mentioned above. I doubt any hacker program could crack it in under many many years.

Anyway, I still like Lastpass (or some other password manager) because it is so easy to set up and use. A smart way to keep your master password is imperative.

 

[Fermion]

I use the last six digits of PI

 

[Car-Guy]

Excel spreadsheet. Password protected and encrypted w/TrueCrypt