Password Management

sitheris

sitheris

[H]ard|Gawd
Joined
Jul 30, 2004
Messages
1,733
I'm posting this here because imo it's a security related thing.

I was just wondering what everyone here does for password management? I'm looking for a better way to keep track of my accounts and passwords. I currently use an excel spreadsheet - yeah I know it's very insecure.

I'm looking for a better way to store everything and keep it encrypted. What do you guys do?
 
I store them in my mind
while most are derivatives of words they are non typical and multiple words in them.
 
I store them in my mind as well... so... many... passwords! <bleeds>

I found Keepass while searching for freeware password management solutions, looks about comparable to PINs or maybe even better. http://keepass.info/

There was one that my old company used to encourage us to use but I can't remember it now. :( It's been a while... Anyhow, if you're going to store your passwords in something, make sure it's encrypted. :)
 
Is there any way to encrypt/lock/password-protect a single file in windows? I know XP has the encryption feature but I don't really trust it since I can still open a file that's encrypted.
 
arent there windows versions (i.e. nice pretty gui) of pgp available free for personal use?

if you must store them in an excel format then at least encrypt it!

simple, but effective.
 
k1pp3r said:
How many passwords do you have, at this point i have about 120, lol, more will be added in a few months
Click to expand...

It may be benefical to syncronize some? :) Although it's more secure to have different passwords, doesn't do you a whole lot of good if you can't even remember them. In my opinion, it's very important to have a healthy balance between security and convienence.
 
Blitzrommel said:
It may be benefical to syncronize some? :) Although it's more secure to have different passwords, doesn't do you a whole lot of good if you can't even remember them. In my opinion, it's very important to have a healthy balance between security and convienence.
Click to expand...



I sync the ones i can, the big problem is that they all expire at different times, some 90 days, some 45 depending on the app security. I remember most of them, but i do need to keep something (which is also password protected) incase i forget one.
 
I use roboform and its great. (suprised it hasnt been mentioned yet). Its great for accounts and passwords. I used to be one of you who kept them all in my head, but between school, work and home I amassed too many and I started forgetting some (most passwords needed a different combo of letters/numbers/caps).
It has both password protection and 4 types of encryption. Id check it out.
 
k1pp3r said:
How many passwords do you have, at this point i have about 120, lol, more will be added in a few months
Click to expand...

about 50 base words most passwords are a combination of 2-3 words and numbers

no word is spelt the way it is in the dictionary

no word uses typical number-letter transposition
 
tacticus said:
about 50 base words most passwords are a combination of 2-3 words and numbers

no word is spelt the way it is in the dictionary

no word uses typical number-letter transposition
Click to expand...


Yeah, some passwords for me, can not even be based on a dictionary password. so i have some really random passwords, lol
 
piece of notepad paper.

Anything stored on a computer connected to the internet is potentially insecure. No matter what encryption you use. If they steal the DB file from the directory, they can use a few very fast computers 24/7 and eventually break the encryption.

Just store that piece of paper somewhere VERY secure. (like a safe) Being a small piece of notepad paper it can be kept nearly anywhere!! I keep mine in a condom in my rectum. j/k LOL!

The main few passwords that are most important/secure I store in my head. But for the multitude of various website passwords, etc. I have written down.

I abbreviate what sites & emails the passwords are for, so most people wouldnt know. Just in case the paper was somehow stolen off of my person. And the way its kind of jumbled & abbreviated most people would have trouble figuring out what anything is.

I figure a small worthless looking fold up piece of paper is much more secure in my house which has an alarm system, 2 dogs, and my Glock than a computer which is a virtual glass window to the whole world. (easily broken)
 
k1pp3r said:
I sync the ones i can, the big problem is that they all expire at different times, some 90 days, some 45 depending on the app security. I remember most of them, but i do need to keep something (which is also password protected) incase i forget one.
Click to expand...

I know whatcha mean. It took me about 2 months to get 'em all synchronized. I think the best case is to just reset htem all at once. I know some of my passwords expire in 45 days, some in 30.
 
I put PasswordSafe [sourceforge.net] onto one of the many thumb drives I have and try to keep most of my common passwords on it. Stuff like banking/credit card/computer passwords though, I keep in my mind, and they're all based on mathematical formulae, foreign words, and even just randomly generated strings. However, memorizing 20 passwords is still not as bad as having to remember all the crap for random websites. I probably end up resetting my semi-necessary passwords way too often because I don't use them after I set them, so I haven't committed them to memory.

I wish I could just do single sign on and use smart code/token single factor auth for most things. :D
 
I tried out PINs and Truecrypt, and will be using both of these programs from now on :)

Thanks for the suggestions
 
sitheris said:
I tried out PINs and Truecrypt, and will be using both of these programs from now on :)

Thanks for the suggestions
Click to expand...

I'm the one who recommended PINs, and after reading this thread and trying keepass, I think I'll be migrating to that.
 
okay, a password program is all fine but what about when your not at your comptuer? Your at a friends house, school/college, or work. I don't think I saw anyone talk about password sites like https://www.passwordsafe.com/. But as several people have said if it's attached to a comptuer all it takes is time.
 
Okay, a password program is all fine but what about when you’re not at your computer? You’re at a friend’s house, school/college, or work. I don't think I saw anyone talk about password sites like https://www.passwordsafe.com/. But as several people have said if it's attached to a computer all it takes is time.
 
raksasas said:
Okay, a password program is all fine but what about when you’re not at your computer? You’re at a friend’s house, school/college, or work. I don't think I saw anyone talk about password sites like https://www.passwordsafe.com/. But as several people have said if it's attached to a computer all it takes is time.
Click to expand...

Sounds great in theory, but I'd rather not hand over my entire Internet life to someone else. 10 to 1 odds that the admins of that site have at one time or another looked into their database... Nothing against them or anyone, but it just human nature.
 
I've been using KeePass for quite a while, great program & security with a lot of options for keeping your passwords as safe as possible, it's free and open source as well.
 
Sorry to bump the thread, but i'm looking for a freeware Roboform alternative that has the same features (Firefox integration, auto password insertion, Safenotes) and can work from a flash drive with Portable Firefox. Anyone have any suggestions?
 
randyc said:
no one here uses Gator?
Click to expand...

Nope, I prefer my software spyware free. Gator is known spyware and I would recommend getting rid of it for something else.

I have been using Password Safe (mentioned earlier in thread) for a couple of years. I just run it off my USB flash drive whenever I need it.

I like it because I can categorize passwords since I use several different ones and try to make sure that none of my work passwords and personal passwords get mixed.
 
Bean Dip said:
Nope, I prefer my software spyware free. Gator is known spyware and I would recommend getting rid of it for something else.

I have been using Password Safe (mentioned earlier in thread) for a couple of years. I just run it off my USB flash drive whenever I need it.

I like it because I can categorize passwords since I use several different ones and try to make sure that none of my work passwords and personal passwords get mixed.
Click to expand...
ooh, i know.
It was a sarcastic thing.

I'm glad to say I haven't had gator on my machine in years.
 
I would have to go with Truecrypt. mostly because I keep several different thinks on the drives I have encrypted.
 
i only have 2 passwords that i use for everything...

now for work.. we have more.. we just keep them in word files and put them in folders that only domain admins can access.. but they they are also printed out and put in file cabinets..

everytime we use verisign we have to call them up and have it reset.. it takes like 2 days.. tons of fun...
 
I've memorized my passwords. Including 4 16 digit alphanumeric passwords for various really secure stuff at my job...and it's not 4 made up passwords...4 random passwords.
 
You must log in or register to reply here.
Back
Top