Password Management

[Martha]

Greg and I have too many user names and passwords. It used to be we had a trick for creating passwords noone else could figure out. But now many places are requiring long passwords with numbers and letters and even sometimes variations in case.

To me this does not make things more secure it makes them less secure because you end up having to write them down.

Any way to store your passwords securely?

[cute fuzzy bunny]

This is the bane of my existence. Service providers that put some requirements on your user names and pins or forces regular password changes, which pretty much results in most people writing them down on a piece of paper and sticking them to their monitor or under the keyboard.

There are software 'vaults' you can get for free or small fee that store and will fill in your information. I went for a decidedly low tech solution.

You know those minuscule 8/16MB flash chips you get for free with every new digital camera purchase, immediately dropped in a drawer in favor of something that'll actually store more than 1 picture?

Got a flash card reader in your laptop or desktop? If not, go get an $8 flash reader or usb->flash adapter.

Put a zip file on the flash chip and password protect it. Put a file on there with all your user names and passwords on it. While you're at it, put your tax documents, will, any other pertinent emergency type files.

I leave it sitting in the reader but not all the way in. If I need to see a password, add a user/password, update a document...push it in, type in the zip file password and away I go...then eject it when i'm done.

My passwords and critical docs arent online but briefly, then still protected by password. I can grab that chip anytime and have everything important. And I can stick it in any computer and get my info, so my wife can snag it for her laptop if she wants to log into something.

[Rich_by_the_Bay]

I have two passwords, one which is longer, contains numbers, characters, etc and which will meet the requirments of almost any site. I also have a short easy one for trivial sites. That's it. Even I can remember 2 of them.

A few rules: if it isn't long enough I just type it twice til I hit the needed number of characters (3pass3pa if 8 characters are required). If new passwords are required every 3 months, I just add sequential numbers to the beginning (1pass gets changed to 2pass, etc.).

Finally, I store these in my usual contact DB/Palm but with only the first letter of the password (enough to remind me which one it is).

Seems to work so far.

[poboy]

http://www.roboform.com

I use roboform, free version. stores up to 10 username/passwords.

[cute fuzzy bunny]

Rich - thats the same thing I used to do...and that worked great until I hit a couple of 'service providers' who had specific demands that neither of my existing two passwords met and were incompatible with each other.

I quit on Digital Credit Union when they went to strong passwords that you have to change several times per year. That practically guarantees needing to write it down, although I got around that requirement in the working world by using the same password but rotating one digit in it from 0-9.

What kills me is the user names...some calling for email, some having to be under 8 characters, some more than 6, and somebody always having my name or other easily remembered thing. I suppose I could have adopted some implausible mnemonic and used that, but we also have some of my wifes accounts that she used her maiden name on and of course...cant change the user name without destroying and recreating the account. Two of which are her retirement plans.

:P

I'll be glad once some universal "key" is adopted and everything uses that...in 2039...

[CCdaCE]

From Mar '06...

Quote:

Kingston Technology Company Inc. this week introduced a USB flash drive that secures data using password protection and 128-bit hardware-based AES encryption. Offering up to 4GB of secure storage, Kingston’s DTE Privacy Edition device is designed to meet enterprise-level security and compliance requirements. The drive has a mechanism that locks out potential users after 25 consecutive failed password attempts.

... or most any $20 flash drive has the password capability.

My 1 GB Verbatim flash drive, was $13 and has a "secure area" and a "public" area. You specify the size - whether you want 20 MB or 999 MB secure. I got my Verbatim from Office Max or one of those type stores.

Put a .txt file (text file) in the secure area with all your passwords.

Or, if you really think someone will ever steal your USB drive, and be out to crack into it, buy the Kingston. It's a couple more bucks ($40-ish).

Kingston "only" gives them 25 tries to get the password, supposedly. So, they can't try a brute force crack where every possible combination is tried. This would take hours, if not days, I imagine. I'm not sure how to even go about it, but someone with a little time could potentially crack into my Verbatim.

-CC

Edit: I guess nothing is 100%, I mean, if your friendly electrical engineer wants to take the guts out of the Kingston and put it in another USB drive, maybe that'd work...

Same thing as if you wrap your car in steel plates.... Before long someone could have a torch, or a saw, workin' at gettin' in.

Damn, I'm paranoid.

[laurence]

Because I'm a freak, I have all dozen or so passwords stored in my head, my work alone has 4 for different systems/networks. The reason it's easy for me is I use passphrases using just the first letters of the words in the phrase. Let's say I love Britney Spears' Music, so I set one machine's password to "Oops I did it again! I played with your heart, got lost in the game, oh baby, baby." and my password would be "OIdia!Ipwyhglitgobb". I use better examples than this, usually with an obvious word that can be substituted with a number "Crazy for you" C4y etc. Then I try to use something obscure to link these passwords together some common relationship (trashy teeny pop singers - is this the Christina Agulara network?). It creates tough passwords that are easy to remember, I just have to be sure not to hum while entering it...

[cube_rat]

Quote:

Originally Posted by Laurence Because I'm a freak, I have all dozen or so passwords stored in my head, my work alone has 4 for different systems/networks. The reason it's easy for me is I use passphrases using just the first letters of the words in the phrase. Let's say I love Britney Spears' Music, so I set one machine's password to "Oops I did it again! I played with your heart, got lost in the game, oh baby, baby." and my password would be "OIdia!Ipwyhglitgobb". I use better examples than this, usually with an obvious word that can be substituted with a number "Crazy for you" C4y etc. Then I try to use something obscure to link these passwords together some common relationship (trashy teeny pop singers - is this the Christina Agulara network?). It creates tough passwords that are easy to remember, I just have to be sure not to hum while entering it...

Whatever works. I guess as long as your passwords aren't related to Paris Hilton or Britney Spear's hoo-ha, I guess you'll be okay

I've used base counting using calcuations with primes for my personal password and creation storage. It's my own weird methodology which has served me well for quite a few years.

[laurence]

Quote:

Originally Posted by cube_rat Whatever works. I guess as long as your passwords aren't related to Paris Hilton or Britney Spear's hoo-ha, I guess you'll be okay I've used base counting using calcuations with primes for my personal password and creation storage. It's my own weird methodology which has served me well for quite a few years.

Must you always point out the difference between us bottom feeder IT guys and you elite computer scientists? Base counting using primes....pass the grey poupon!

[donheff]

I use PasswordSafe. It stores all of your passwords in an encrypted file accessible with one password. I keep a copy of the application and the DB of passwords on a USB key.

For generating passwords I use a couple passphrases that I can use to come up with a simple or complex password. Passphrases use the first letter of each word in a phrase to come up with the password. For example: I wish I could remember my password would be Iwicrmp. Add in some dates and a hyphen and you are done.

[lazygood4nothinbum]

i have a pretty low-tech method. i have a username & password for private money stuff that i don't write down anywhere ever.

then i have another password or two (depending on the host site's requirements) & numerous usernames for everything else. the everything else goes to a multitude of various forums, online billings, services, online consumer sites, etc. each one of those also has different emails depending on how much i use them, generally utilities & such go to a business box i set up with my internet provider while most of the rest default to a junk email box i set up on yahoo.

i keep record of all that on a word document which is password protected with, yup, the same password i have for everything else.

[eridanus]

Quote:

Originally Posted by donheff I use PasswordSafe. It stores all of your passwords in an encrypted file accessible with one password. I keep a copy of the application and the DB of passwords on a USB key.

[fixed link] ==> http://passwordsafe.sourceforge.net

I use PasswordSafe as well. It can generate complex passwords and I just cut-n-paste them into the web field.

[donheff]

Quote:

Originally Posted by eridanus [fixed link] ==> http://passwordsafe.sourceforge.net I use PasswordSafe as well. It can generate complex passwords and I just cut-n-paste them into the web field.

Thanks Eridanus -- I usually check the links since I almost always generate typos.

[CCdaCE]

There's also a pen- or USB-sized device that has an LCD screen on it. You enter passwords and it stores them.

Then you enter a password to access your stored passwords.

But, damn if I can find a link to one right now.

-CC

[bssc]

Another Roboform user. At least at home.

[cute fuzzy bunny]

Quote:

Originally Posted by cube_rat I guess as long as your passwords aren't related to Paris Hilton or Britney Spear's hoo-ha, I guess you'll be okay

Oh oh.

[BUM]

More information than you need


http://geodsoft.com/howto/password/common.htm

[TromboneAl]

I like Acerose: http://www.dexadine.com/acerose.html

And it's free.

I've got a good password system, and I'd tell you about it, but then I'd have to kill you.

[CCdaCE]

C'mon Al, that SHA-1 encryption algorithm stuff is junk now.

-CC

[boots]

USB thumb drive with password information and PGP encryption software. Have used this method for years. Seems to work well for me. Have lost the thumb drive several times the PGP encryption is to tough to break you only get three tries and you are out. I make a back up of the information files to a CD once a month or when I have changed a lot of the files on the thumb drive.