Shop RadioShack for Great Gifts
Community Newsletter: Q&A: 2/24/06 Questions about storing and managing passwords
- 2/23/06 3:46 PM
not really...
by DevinCurrie - 2/25/06 10:09 PM In reply to: Smart... by firerantHi, I have already thought of that method before but again, Winzip is easy to hack into. I have tried the brute force dictionary attack plus several other tools and got in within minutes.
I use Passcrypt because it use military strength encryption (448-bit), meaning that it will take a reaaallllly long time to hack into the database unless you have a Quantum CPU!
password protection
by terryfowler - 2/24/06 2:12 AM In reply to: 2/24/06 Questions about storing and managing passwords by Marc Bennett
I use a freebie program called Whisper 32 which produces an encrypted file that can be stored on a floppy disk. I have used it for years and find it useful because you can store the answers to the multiple questions (quite reasonably) asked nowadays to get onto secure websites. Where you store the floppy is your personal choice.
I use Whisper32 as well, the notes field gets a lot of notes
by kschang - 2/24/06 10:36 AM In reply to: password protection by terryfowlerAnd it's free and all that.
Timex Data Link
by mallmand - 2/24/06 2:18 AM In reply to: 2/24/06 Questions about storing and managing passwords by Marc Bennett
I am terrible with numbers and passwords so I use a Timex Data Link. That way the information is always on me and it is also password protected in case it is lost or stolen. The Timex also syc's with my computer using Outlook and enters my contacts in the watch. Love it.
Alladin E-Token
by Shmendrik - 2/24/06 2:29 AM In reply to: Timex Data Link by mallmandThe e-token is a usb disk on key that is an encripted password key - simple, safe, generates passwords saves them organizes etc. realtive cheap - got mine as a freebie at a computer convention - I know that this may sound like a commercial but this is truly a safe and trustworthy product..
FireFox Master Password
by tatcom - 2/24/06 2:40 AM In reply to: 2/24/06 Questions about storing and managing passwords by Marc Bennett
I use Mozilla FireFox to store my passwords as you can have them all stored and encrypted but they are only accessible using a master password. When you set up the master password, FireFox even gives you a scale to show how secure your chosen password will be. Even viewing the saved passwords requires you to enter the master password, so as long as I remember to either log off of my computer, or close FireFox, after having entered my master password, nobody else can use my saved passwords! That is unless somebody finds a way to hack into the FireFox password management system!!
I Never use password programs or save my login
by Norm_Roberts - 2/24/06 2:51 AM In reply to: 2/24/06 Questions about storing and managing passwords by Marc Bennett
I have over 135 passworded logins. I save the website name, username, and passwords in an excel workbook with 31 day sheet for bills and alphabetical sheets for all the rest. I save the workbook to a removeable disk and print copies after each update and shred the old ones. I don't want any password information saved on my computers or on the network.
Passwords - why not keep it simple?
by cdteasdel - 2/24/06 2:54 AM In reply to: 2/24/06 Questions about storing and managing passwords by Marc Bennett
Now for me I keep passwords to mathematical simplicity - I have only one!.
Why! well if your 68 y.o. it's likely you're down to two working brain cells, which probably means that what you found out at 8 o'clock you've forgotten at 5 mins. past (more than one password!! I'd need a brain transplant.
What I do as a consequence of this memory deficiency is to use virus and anti-spyware overkill. I have as my main security Symantec/Norton 2005 and 4 # purchased antiSpyware downloaded programs and one on-line scanner.
Additionally I only go to trusted and large Company URL's thus, I believe, strickly limiting Internet intrusion.
I know I'm tempting fate here, but I seem to be avoiding problems - so long as I regularly update my protection features.
that's really sad
by mdsmedia - 2/24/06 3:13 AM In reply to: Passwords - why not keep it simple? by cdteasdelthe other alternative is to disconnect your computer from the internet.
How can you be sure that big company sites are not compromising your computer?
I wouldn't trust Microsoft with anything so why would I trust their sites? Maybe nobody's compromised them, but that's not to say they haven't compromised themselves.
Yes, by only using sites of big trusted companies, you've reduced your risk, but you haven't removed it.
Using password reminders.
by wotnwabbit - 2/24/06 5:28 AM In reply to: Passwords - why not keep it simple? by cdteasdelI use a password reminder system that is really secure I think. My actual password is never recorded in toto anywhere except my head, but I have reminders in several places. Even on my computer.
I only use a computer in one place, my den at home. I also use only three passwords for everything and rank them according to how sensitive the information might be. One is a "throw-away" password I use in places where I don't much care if anyone else might find out what it is. The next is for places/things where it could be detrimental if discovered but not financially damaging. The third is one I only use in critical (financial) situations. I choose the actual passwords by selecting something I can see from where I sit at my computer. An example of this selection might be:
I always have a calendar in my den. The calender is always from "First Federal Bank". I select "Federal" as the password and then add 2 or 3 numbers to it. The calendar then becomes my "reminder" when I need to use the pw. Also I will rename web shortcuts to include *part* of the password but not all. In the this case, I would rename the desktop shortcut or browser bookmark for let's say... Discover card to "Discover f....33"
(if my password for Discover card was "federal33"). Thus, I always have a reminder within sight of my computer chair and also on my computer. BTW.. "federal33" is not one of my passwords, so don't EVEN think about it.
I am the only user for this computer, so that does enter into my thinking on this.
Best Password Advice I've Ever Received
by Reframmellator - 3/9/06 11:28 AM In reply to: Passwords - why not keep it simple? by cdteasdelI'm one who's convinced that any password is crackable given enough time, resources, and determination. However, I like this suggestion I read a long time ago, and it has served me well. It even allows me to give the password to someone and they will be unable to remember it in 99% of cases.
Pick a word or phrase that is meaningful to you and easy to remember. As an example, let's use "community".
Now transpose each letter on the keyboard, say up one and to the left. So (and look at your keyboards now) "community" becomes "d9jj7j856". It's not going to prevent a truly determined entity from gaining access, but it's a little trick that will make your password much more opaque to others, especially if you choose a word or phrase that isn't readily obvious to someone who knows anything about you.
As for storing them, I favor password protected files, ideally stored off the PC in removable media such as a disk, flash drive, or PDA. Pieces of paper are much more likely to be scarfed up or lost by someone.
And you're asking for trouble if you run withour a software and hardware firewall; antispam and antivirus software; and fail to purge your browser history after every session.
From someone who learned the hard way.
A good password manager
by tommyward - 2/24/06 5:23 AM In reply to: 2/24/06 Questions about storing and managing passwords by Marc Bennett
I have different passwords for different groups of sites. Depending on the sensitivity of the information I enter at the site, I may use a lame password (to get to some free info site that requires you register and login) or up to a very complex, mixed case, alphanumeric password with more than 8 characters. There is no way I can remember them all. I used to keep a cheat sheet in my wallet (right along with my credit cards, drivers license and other written info that shouldn't be lost.)
Now, I use Password Safe, which is a free utility that is available from Bruce Schneier. http://www.schneier.com/passsafe.html
This program provides a secure place to store all my passwords, it has a function to generate a random password for me to use when I register at a new site, and it has a function to copy the password to the Windows clipboard so I can paste it into a login field. The whole thing is protected with a pass phrase, and the data is encrypted. Since Mr. Schneier is a noted authority on cryptography, I trust that the crypto is implemented correctly.
The two risk areas with using this application are: the passphrase used to open the application and database might be guessed (is someone gets my computer), so I use a 15 character, mixed case alpha-numeric phrase; a trojan or other malware on my computer could capture either my keystrokes opening the application or capture one of my passwords while it is in memory in the clipboard (so I keep my A/V software updated regularly.) Overall I am satisfied with this level of risk.
KeePass
by Eugene_Gant - 2/24/06 8:06 AM In reply to: A good password manager by tommywardKeePass is another rather good free open-source password manager: http://keepass.sourceforge.net/
Flash Drive
by skimps - 2/24/06 5:41 AM In reply to: 2/24/06 Questions about storing and managing passwords by Marc Bennett
I don't store the passwords either on my computer or via the website for websites where money can be spent. Mostly because I have teenagers in the house and because in the past a not-so-tech-savvy visitor bid on some auction items online mistakenly assuming they were using their own account. Doh. I use the internet a lot for research and news, so those passwords I will store.
The passwords range from passwords I don't care about which would be six characters and easy to remember to maximum security passwords of 14 or more characters. Also, depending on my opinion of the security needed for the account, when I'm recording the password info I may list the whole password or I may use hints/reminders instead of actually recording the password. So the hint may look something like this:
give favorite tv evenly divided integer sequence aunt's maiden exponetial alphabet
In the hints, some of the words actually refer to numbers and some of the words that seem to be referring to numbers refer to alphas, etc.
I store the passwords on flash media. This media doesn't travel - stays in the same place always until needed. When I need a password, I pop the media in a slot and copy/paste. Of course I also keep a hard copy printout and another external digital backup of the data. I also use the same media system for licenses/activations of software I've downloaded and related emails.
When travelling, I used to rely on the password retrieval systems from the websites when I couldn't remember a password. But I think it's time to invest in some security enabled flash media.
PS. The above example of a password hint is completely fabricated and has nothing to do with passwords I actually use.
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
