Community Newsletter: Q&A: 2/24/06 Questions about storing and managing passwords
- 2/23/06 3:46 PM
I prefer storing passwords off pc
by JmboCov - 2/24/06 1:52 PM In reply to: 2/24/06 Questions about storing and managing passwords by Marc Bennett
I dont really want to store passwords in the browser, in case my pc is ever stolen or compromised. I have stored my passwords for years using password maintenance because it stores pwd data outside of the pc (diskette or usb), I like the security but I guess Im picky on that stuff. 
I originally downloaded my <a href="http://www.softdd.com/password-manager/index.htm">password program</a> here.
PassCrypt
by DevinCurrie - 2/24/06 2:11 PM In reply to: 2/24/06 Questions about storing and managing passwords by Marc Bennett
Hello, I do agree with Kasey on many key area. The hacker will not feel motivated to waste their time to hack into your harddrive to get what they want; providing that you have the following security in place:
1) software firewall (i.e. ZoneAlarm is a good one)
2) hardware firewall (i.e. router - any is fine.)
3) adware/malware/spyware/virus protection (this is more complicate because you need to install multiple software and learn how to use it)
For more info re #3 above, there's a good article at:
http://reviews.cnet.com/5208-10149-0.html?forumID=7&threadID=157574&messageID=1749181&tag=nl.e497
Hackers will rather prey on someone who is an easier target. Or they'll rely on social engineering tricks to try and steal the info from you.
In general, you should not trust the Internet except for several legimate site that you can reasonably trust (i.e. banks). You need to make sure that they have their own security policy in place and that you can see the lock symbol BEFORE you can trust to send your login info on their website.
Personally, I use a password management utility called ''PassCrypt'' (www.seamistsoftware.com). It is an excellent software to use because of its compact size, ease of use, and is secure (448-bits). I have been using it for a long time now and I've not had any problem with it. And best of all, you can communicate directly with the person who have designed the software.
Some words to those people who use the Excel spreadsheet to manage their password, I strongly recommend that you do NOT USE this method!! It is _very_ easy to hack into Excel even with the password protection in place! I have conducted some test myself by hacking into my own Excel file and I've succeed within minutes. Obviously, a better solution is need.
What is the main reason that software developers use to market their password management utility software? It's because their password management utility software use "encryption" to protect the data (contained in a file) which Excel does not do!
Perhap this is one area that people need to be educated on.. simple password protection and file encryption are not the same thing! IOW, what you really want is.. you want to find a utility that offers _file encryption_ protection for your password management need.
HTH
Cheers,
Devin
I use Password Safe
by geeky*gal - 2/24/06 5:38 PM In reply to: PassCrypt by DevinCurrieI've found Password Safe (https://sourceforge.net/projects/passwordsafe/) to be a really easy to use and safe way of storing my many passwords on my PC. I read about it on the LangaList, which is a trusted source of tech. info for me (www.langal.com). Password Safe stores your passwords in encrypted format on your PC in a location you specify, and is protected by a master password (which should be a very strong password and changed often). I also use a hardware and software firewall and am careful about the sites I buy from. I do extensive e-commerce and have never had a problem with theft of my information in over five years of online shopping.
g*g
managing passwords
by junik2004 - 2/24/06 6:15 PM In reply to: 2/24/06 Questions about storing and managing passwords by Marc Bennett
Okay...so call me low-tech, but my password management system consists of a file box and file cards arranged alphabetically by company name. Works great.
Storing Passwords
by tjzoli - 2/24/06 7:11 PM In reply to: 2/24/06 Questions about storing and managing passwords by Marc Bennett
I store my passwords on a Disc. I do it alphabetically, according to site, and that makes it easy to add new ones.
I also thought about storing them on my PDA, which I keeped locked and can only be accessed by using a password. The only trouble with that is if the PDA is lost, you're stuck. My name and cell phone number is visible before signing on, so hopefully, if I would lose it, it would be returned.
Pass2go
by pevgyrt - 2/24/06 9:11 PM In reply to: 2/24/06 Questions about storing and managing passwords by Marc Bennett
I like this program and 64mb usb drive. With it I can use anybodies pc (key loggers do not work the only thing I type is the master password) When I pull my usb drive out of a computer all traces are gone.
Anyone Use Keywallet?
by iconoclastt - 2/24/06 9:19 PM In reply to: 2/24/06 Questions about storing and managing passwords by Marc Bennett
Hi, i have been using a program called "keywallet" for
some time and it stores all my passwords. The only problem i have had is that when i installed and ran
a program called "hijack this", my windows XP machine
crashed!!! for the first time when i tried to open keywallet. When i uninstalled highjack this, the
problem went away.
I use a floppy disk to store passwords
by edubaby - 2/25/06 12:03 AM In reply to: 2/24/06 Questions about storing and managing passwords by Marc Bennett
I can't remember all my passwords, so I put them on an Excel spreadsheet and save them on a 3.5 inch floppy disk, which I can hide easily in my office, AND carry easily if I'm traveling. They are NOT copied to my hard drive.
Password storage
by Mike69poigneur - 2/25/06 3:41 AM In reply to: 2/24/06 Questions about storing and managing passwords by Marc Bennett
I enjoyed the reply to this question as it is a concern for just about everyone using the internet today. The author of the reply gave a detailed response, and also admitted using a password manager, but does not say which one. I would be VERY interested to know which one he trusts (I use one as well -Roboform - and I do sometimes worry about the security of this method as would many readers I guess)and what he thinks of the imbedded Microsoft Wallet with XP?
Use a Flash, aka "Jump", Drive
by alswilling - 2/25/06 12:07 PM In reply to: 2/24/06 Questions about storing and managing passwords by Marc Bennett
I am founder of a nonprofit Native American advocacy organization, SENAA International. As such, my computer is and has been the target of several "special interest" hackers who have attempted to nuke and otherwise hack this machine, both directly and via e-mail, as well as denial of service applications and other tactics. One particular "special interest" group, which I call the DP (Donut People), has gone so far as to reroute my Internet access to a bogus IP.
It was only through the use of firewalls (hardware and software) and the encryption of sensitive data that I have foiled attempts to gather information from my system.
Make no mistake about it. Although it may seem time consuming for a hacker to go through all the possible hiding places for credit card and usable personal info, any hacker worth his salt who has this as his or her goal will know the most likely places to find such information and will also look for text, Word, Excel, Access, and other files with names that suggest the presence of personal or financial information. Knowing the likely locations of such data and common tricks used by people to try to conceal such data, a good hacker will know exactly where to look and will be able to locate such information quickly. Passwords are important targets because they provide access to encrypted or password protected information that could be the victim's undoing.
Needless to say, I do not trust any application for storing passwords that resides on the hard drive. If there is reason to believe that someone might gain access to your home and your computer, it is very important to store passwords--and any sensitive data, for that matter, on removable storage devices, either on CD, DVD, floppy disk, or a jump, or "flash", drive.
I personally opt for flash drives. They plug into your PC's USB port, require no drivers for Windows 2000 and above, and can be slipped into one's pocket, purse, or in the case of Corsair's Flash Voyager, put on one's key ring or on a cord or chain and worn as a necklace underneath one's shirt or blouse. Flash drives come in memory sizes from 128 MB to 4 GB. Their size is approximately 3/4" wide, 1/4"-1/2" thick, and 3" long, and weigh approximately 1/4-1/2 ounce. Most flash drives come with a 10 year warranty. If you have a USB port, you can use a flash drive--and virtually every computer that is still functional has a USB port.
The flash drive is superior to, and is fast replacing the floppy drive. In fact, some of the newer computers do not have floppy drives.
I have had problems with floppy disks becoming corrupted. The reason is that the stylus that reads the floppy disk actually comes into contact with the disk, which is a mylar base with magnetic dust attached to it. It is the magnetic material that stores the information. Since the stylus is in contact with the disk, wear is constantly occurring, and in the case of a floppy disk, flaking will occur over time, degrading and eventually rendering unusable the floppy disk. Even with infrequent use, floppy disks will degrade over time. Magnetic materials are also subject to corrosion--rust--and to the moisture content of the air. Some of my older disks have some files that are unrecoverable, even though I have stored the disks well away from any magnetic fields, such as speakers and other electronic devices. Floppy disks are just not a good idea any more. Flash drives do not depend upon magnetic film for storage, so they are not as susceptable to damage as floppy drives. In the case of Corsair's Flash Voyager, the case and the protective cap are covered with rubber, so they are moisture resistant, which further protects the data it contains. Prices for flash drives range from $24 to right around $100, depending on manufacturer, retailer, and storage capacity, with the 1-4 GB drives being the most expensive. However, given their versatility, warranty, and portability, they are worth every cent.
I also use PGP (Pretty Good Privacy) to encrypt all data related to SENAA International, including the names and addresses of members and supporters. I keep both the public and private key, along with other sensitive data, stored on a flash drive on my key ring. The pass phrase for those keys, which is as hard to crack as I could possibly make it, is not stored on any electronic device or paper. It is committed to memory. Whenever I am away from my computer, all access to any SENAA related information--and much of the information itself--is also away from my computer. The only way for anyone to access those documents that are on the hard drive is to get my keys out of my pants pocket and somehow extract the pass phrase from my brain--and that won't happen.
What if I lose my key ring and the flash drive? I won't. In the impossible event that I did lose my key ring and the drive, anyone who found it and tried to access the information it contains would have to know my pass phrase, because the folder containing the information is encrypted as a self-extracting PGP file.
Whenever I have to modify or create documents containing hacker-usable information, I wipe the file from the hard drive using PGP after I have saved the file to the flash drive or to CD or DVD.
By using CDs, DVDs, and a flash drive, no hacker usable files are left on the hard drive.
I am not a representative of the company, but I recommend Corsair's Flash Voyager, which can be seen at http://www.corsairmemory.com. They are, in my book, one of the top-end flash drives.
A word of warning: when I last tried them, the PNY brand flash drives would not work on USB ports located on the front of the computer case. Most newer computers have USB, firewire, and sometimes digital camera memory card ports on the front of the case for easy access. PNY, for whatever reason, did not work well on front ports. Corsair and SanDisk flash drives work very well on front ports. In fact, they were built with the front port in mind for convenience's sake.
For those who do not have front USB ports, Corsair's Flash Voyager comes with a shielded (to keep signals inside the cable) 25" cable that is long enough to connect to the rear USB port and provide access from the front. Corsair also provides a mini CD containing a utility that can be used to encrypt the flash drive so its data can only be accessed from the user's computer using the user's access key.
So, the bottom line is that the absolutely safest method of storing and protecting your passwords so they are easily accessible is to use a flash drive and keep the drive with you.
The low-tech alternative is to buy a paper memo pad, write all your passwords in it, and keep that memo pad with you or in a different location from your computer until you need it.
That's my two-cents worth.
Al
embarrassingly naive question about passwording
by alexandra Earle - 2/25/06 2:03 PM In reply to: Use a Flash, aka "Jump", Drive by alswillingIf I have 1) a home computer with access I control and 2) I've never uttered my password to another living being and 3) it's not a dictionary word, isn't that one password enough? Can my keystrokes be read from another computer? If so, how likely is that? Thanks AE
removable flashdrive
by DevinCurrie - 2/27/06 10:43 AM In reply to: Use a Flash, aka "Jump", Drive by alswillingHi Al, thanks for sharing us your insight.
I like the idea of storing the password on a mobile device such as flashstick and have it automatically encrypted.
In an ACTUAL case that you do LOSE your flashstick, what will you do? Do you keep a backup copy and if so, how often do you synchronzie it to the master file on your flashstick?
Thanks,
Devin
Depends on software
by laurenmisk - 3/14/06 2:15 AM In reply to: removable flashdrive by DevinCurrieHi Devin,
It's depends on software. Some of them allow to create backups. Some do it automaticaly.
I'am using USb stick only to access and lock my Windows account. There are some options to prevent lose the password:
http://www.rohos.com/prevent_forgotten_password.htm
Wow! I agree that this is a winning answer.
by newgirl327 - 2/25/06 2:10 PM In reply to: 2/24/06 Questions about storing and managing passwords by Marc Bennett
The writing talent seen in this young person's post is most evident. Can we see an evolving communication ability developing before our very eyes as chatting and emailing are replacing piano lessons? One draws the user, while in the other situation, the user is drawn sometimes kicking and screaming against being drawn. (I personally, love to type while playing CD piano music; it feels like I am playing the music.) This is all meant to say, great answer!
Passwords
by BobC1823 - 2/26/06 11:33 PM In reply to: 2/24/06 Questions about storing and managing passwords by Marc Bennett
Whats all the fuss about !
Create an Excel Spreadsheet, with 3 main fields
1. Site or software 2. Username 3. Password
Protect the whole thing with a password and your home and dry
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
