Password Management

Martha

Martha

Moderator Emeritus
Joined
Feb 27, 2004
Messages
13,228
Location
minnesota
Greg and I have too many user names and passwords. It used to be we had a trick for creating passwords noone else could figure out. But now many places are requiring long passwords with numbers and letters and even sometimes variations in case.

To me this does not make things more secure it makes them less secure because you end up having to write them down.

Any way to store your passwords securely?
 
This is the bane of my existence. Service providers that put some requirements on your user names and pins or forces regular password changes, which pretty much results in most people writing them down on a piece of paper and sticking them to their monitor or under the keyboard.

There are software 'vaults' you can get for free or small fee that store and will fill in your information. I went for a decidedly low tech solution.

You know those minuscule 8/16MB flash chips you get for free with every new digital camera purchase, immediately dropped in a drawer in favor of something that'll actually store more than 1 picture?

Got a flash card reader in your laptop or desktop? If not, go get an $8 flash reader or usb->flash adapter.

Put a zip file on the flash chip and password protect it. Put a file on there with all your user names and passwords on it. While you're at it, put your tax documents, will, any other pertinent emergency type files.

I leave it sitting in the reader but not all the way in. If I need to see a password, add a user/password, update a document...push it in, type in the zip file password and away I go...then eject it when i'm done.

My passwords and critical docs arent online but briefly, then still protected by password. I can grab that chip anytime and have everything important. And I can stick it in any computer and get my info, so my wife can snag it for her laptop if she wants to log into something.
 
I have two passwords, one which is longer, contains numbers, characters, etc and which will meet the requirments of almost any site. I also have a short easy one for trivial sites. That's it. Even I can remember 2 of them.

A few rules: if it isn't long enough I just type it twice til I hit the needed number of characters (3pass3pa if 8 characters are required). If new passwords are required every 3 months, I just add sequential numbers to the beginning (1pass gets changed to 2pass, etc.).

Finally, I store these in my usual contact DB/Palm but with only the first letter of the password (enough to remind me which one it is).

Seems to work so far.
 
Rich - thats the same thing I used to do...and that worked great until I hit a couple of 'service providers' who had specific demands that neither of my existing two passwords met and were incompatible with each other.

I quit on Digital Credit Union when they went to strong passwords that you have to change several times per year. That practically guarantees needing to write it down, although I got around that requirement in the working world by using the same password but rotating one digit in it from 0-9.

What kills me is the user names...some calling for email, some having to be under 8 characters, some more than 6, and somebody always having my name or other easily remembered thing. I suppose I could have adopted some implausible mnemonic and used that, but we also have some of my wifes accounts that she used her maiden name on and of course...cant change the user name without destroying and recreating the account. Two of which are her retirement plans.

:p

I'll be glad once some universal "key" is adopted and everything uses that...in 2039...
 
From Mar '06...

Kingston Technology Company Inc. this week introduced a USB flash drive that secures data using password protection and 128-bit hardware-based AES encryption.

Offering up to 4GB of secure storage, Kingston’s DTE Privacy Edition device is designed to meet enterprise-level security and compliance requirements. The drive has a mechanism that locks out potential users after 25 consecutive failed password attempts.
Click to expand...

... or most any $20 flash drive has the password capability.

My 1 GB Verbatim flash drive, was $13 and has a "secure area" and a "public" area. You specify the size - whether you want 20 MB or 999 MB secure. I got my Verbatim from Office Max or one of those type stores.

Put a .txt file (text file) in the secure area with all your passwords.

Or, if you really think someone will ever steal your USB drive, and be out to crack into it, buy the Kingston. It's a couple more bucks ($40-ish).

Kingston "only" gives them 25 tries to get the password, supposedly. So, they can't try a brute force crack where every possible combination is tried. This would take hours, if not days, I imagine. I'm not sure how to even go about it, but someone with a little time could potentially crack into my Verbatim.

-CC

Edit: I guess nothing is 100%, I mean, if your friendly electrical engineer wants to take the guts out of the Kingston and put it in another USB drive, maybe that'd work...

Same thing as if you wrap your car in steel plates.... Before long someone could have a torch, or a saw, workin' at gettin' in.

Damn, I'm paranoid.
 
Because I'm a freak, I have all dozen or so passwords stored in my head, my work alone has 4 for different systems/networks. The reason it's easy for me is I use passphrases using just the first letters of the words in the phrase. Let's say I love Britney Spears' Music, so I set one machine's password to "Oops I did it again! I played with your heart, got lost in the game, oh baby, baby." and my password would be "OIdia!Ipwyhglitgobb". I use better examples than this, usually with an obvious word that can be substituted with a number "Crazy for you" C4y etc. Then I try to use something obscure to link these passwords together some common relationship (trashy teeny pop singers - is this the Christina Agulara network?). It creates tough passwords that are easy to remember, I just have to be sure not to hum while entering it...
 
Laurence said:
Because I'm a freak, I have all dozen or so passwords stored in my head, my work alone has 4 for different systems/networks. The reason it's easy for me is I use passphrases using just the first letters of the words in the phrase. Let's say I love Britney Spears' Music, so I set one machine's password to "Oops I did it again! I played with your heart, got lost in the game, oh baby, baby." and my password would be "OIdia!Ipwyhglitgobb". I use better examples than this, usually with an obvious word that can be substituted with a number "Crazy for you" C4y etc. Then I try to use something obscure to link these passwords together some common relationship (trashy teeny pop singers - is this the Christina Agulara network?). It creates tough passwords that are easy to remember, I just have to be sure not to hum while entering it...
Click to expand...

Whatever works. I guess as long as your passwords aren't related to Paris Hilton or Britney Spear's hoo-ha, I guess you'll be okay :LOL:

I've used base counting using calcuations with primes for my personal password and creation storage. It's my own weird methodology which has served me well for quite a few years.
 
cube_rat said:
Whatever works. I guess as long as your passwords aren't related to Paris Hilton or Britney Spear's hoo-ha, I guess you'll be okay :LOL:

I've used base counting using calcuations with primes for my personal password and creation storage. It's my own weird methodology which has served me well for quite a few years.
Click to expand...

Must you always point out the difference between us bottom feeder IT guys and you elite computer scientists? Base counting using primes....pass the grey poupon! ;) :LOL:
 
I use PasswordSafe. It stores all of your passwords in an encrypted file accessible with one password. I keep a copy of the application and the DB of passwords on a USB key.

For generating passwords I use a couple passphrases that I can use to come up with a simple or complex password. Passphrases use the first letter of each word in a phrase to come up with the password. For example: I wish I could remember my password would be Iwicrmp. Add in some dates and a hyphen and you are done.
 
i have a pretty low-tech method. i have a username & password for private money stuff that i don't write down anywhere ever.

then i have another password or two (depending on the host site's requirements) & numerous usernames for everything else. the everything else goes to a multitude of various forums, online billings, services, online consumer sites, etc. each one of those also has different emails depending on how much i use them, generally utilities & such go to a business box i set up with my internet provider while most of the rest default to a junk email box i set up on yahoo.

i keep record of all that on a word document which is password protected with, yup, the same password i have for everything else.
 
There's also a pen- or USB-sized device that has an LCD screen on it. You enter passwords and it stores them.

Then you enter a password to access your stored passwords.

But, damn if I can find a link to one right now.

-CC
 
Another Roboform user. At least at home.
 
C'mon Al, that SHA-1 encryption algorithm stuff is junk now.

-CC
 
USB thumb drive with password information and PGP encryption software. Have used this method for years. Seems to work well for me. Have lost the thumb drive several times the PGP encryption is to tough to break you only get three tries and you are out. I make a back up of the information files to a CD once a month or when I have changed a lot of the files on the thumb drive.
 
I have a folder in one of my Yahoo e-mail accounts for passwords and access codes. I send myself an e-mail with the info on my e-bay account, for example, and put it there. I remember most of them anyway and the wife has a separate set, but it helps jog the memory when needed. It is probably as secure as anything else and I don't have to carry anything around with me.
 
You do realize that emails are sent clear text over the internet and that there are no shortage of people looking at these data streams? And that ebay accounts are a top target for break-ins?
 
Good point, CFB,

I believe that my Yahoo e-mail, even the log-in, is with a secure socket layer. The prefix is https:// Is this good enough?

I do muddle the subject line and content, too.

Probably not the best. I refer to them very infrequently, which may or may not help.

Suggestions?
 
Your login security is a separate thing...when the mailer tasks on the yahoo/ebay servers send email, its generally not encrypted. There are some services you can employ, such as a secure mail agent and key encryption of the content and attachments, but thats not done by default on most mail systems.

We're again in the land of "possible but not highly probable", yet a fair number of incidents have occurred where people have trapped and scanned open data for things that look like username/password pairs.

Makes me crazy when I create a login at a site and they jump you through hoops to make a good password, then they send you an email with "hi...your account is ready and your username is...and password is..."

::)

Ebay has also lost some account information periodically, so your user/password login to ebay may have been disclosed to some ill intentioned 3rd party at some point.
 
You must log in or register to reply here.

Similar threads

S
TurboTax on a Mac puts an unknown password on the file
Replies
10
Views
347
braumeister
braumeister
PaunchyPirate
Helping an elderly parent stay on top of their financial accounts
Replies
24
Views
935
1242Vintage
1
H
Anyone use Google Password Manager?
Replies
14
Views
737
target2019
target2019
S
Google Password Manager Failed
Replies
10
Views
970
rk911
rk911
B-Guy
Password Managers
Replies
23
Views
1K
Rustic23
Rustic23

Latest posts

Back
Top Bottom