How To Keep Track Of Passwords?

[masraum]

Keepass is a good option. If you have Apple products, you can use the Keychain Access with iCloud.

Another option is an app called Truecrypt. With truecrypt you can encrypt a file, a bunch of files, a drive or your whole computer.

[Head416]

I always remember my passwords, or can figure them out in a few tries? Why? I use the same passwords for everything. Well, everything financial uses the same ID/password. I have a different one for things like Pelican. There are arguments against this, which is why I don't mix "secure" passwords for banks that I feel have a higher level of security with other random websites that may have the passwords in clear text in a table. I feel being able to remember my passwords is better than to rely on some potentially unsecure password storage method.

An example of what I consider a good password:
G0@tM1lk

If I forget exactly what it is, I can figure it out knowing that the first letters are the capitals and all vowels are replaced. I can't stand passwords where random letters are replaced with no rhyme or reason. Too hard to remember.

[Shuie]

I used to remember them all. Until I had 3 dozen of them that I use daily and had to be 16 characters long with a numeric and a special character somewhere in the middle (but, no '&'s) and needed to be changed every 30 days and couldn't be a different variation of my last 10 changes or use my initials or have any part of my name or username in them, etc... I have too much other cryptic non-intuitive stuff to remember now so they all stay in an encrypted file or in KeePass. Except for my Pelican password... I havent changed that one in 10 years

[T77911S]

its crazy here at work. i have 30+. i/we have to write them all down so how secure does that become. what also bad is when it is time to change a password, they may change the criteria but will not tell you what it is so you have to try different things. the one i like is we have a program that tells you 30 days out that your password will expire in 30 days.
then we have some that after changing your password it llocks you out for half an hour.
what idiots come up with this crap.
we have another program that tells you your password will expire in 3 days. if you dont change it it will lock you out.
this is for all you security people out there. WHY DONT YOU JUST MAKE US CHANGE IT INSTEAD OF TELLING US IT WILL EXPIRE!
another one of my favorites is the warning banner that says click here to exit, then takes you into the site instead of exiting.

i also have programs that if you dont use then every few months they will lock you out.

[gacook]

I just remember them.

Somebody posted an article about NSA's foray into quantum computing. That's more of an answer to an existing problem than anything nefarious. The existing problem? China already has quantum computers that can crack codes stupidly fast. Now, every encryption device we (DoD) develop MUST be quantum "resistant." Notice I say resistant; there's no such thing as quantom proof--not yet, at least.

[HardDrive]

In a previous life I was a network engineer. You could do like my end users and write your username and password on a sticky note, and stick it under your keyboard.

[gacook]

Quote:

Originally Posted by HardDrive

In a previous life I was a network engineer. You could do like my end users and write your username and password on a sticky note, and stick it under your keyboard.

It's unfortunate how often we run into this scenario, and many others like it. When you add in the fact that I work in a highly secure environment...these practices are just pure stupidity.

[cstreit]

I just set all mine as "password" that way I don't forget.

[72doug2,2S]

2nd on the excel spreadsheet. The spreadsheet is also password protected.

[Vipergrün]

Check this out. A former colleague started this company for the very reasons discussed here. Product is in beta.

MobileVaults | Beyond password management

[Ed_]

Android app. Secure. No hackable server. Google backups. Ad-driven free version, with in-app purchase to get rid of ads. APass by Airanza.

https://play.google.com/store/apps/details?id=com.airanza.apass

[MAS956]

Lastpass.com ftw

[UncleRay]

Before I retired I had to change passwords regularly and got a notice when it was time. So when I had to change my main password I got mixed up coming up with completely new passwords and had success with a method like this....start with a number and a phrase such as 5speedbikesrcool, next time go to 6speedbikesrcool, and so on. If the program says not enough of a change maybe something like ten10speedbikesrcool, eleven11speedbikesrcool and so on, capitalize one or two letters for variation. When the numbers get too big, reset with a lower number and a new phrase. If you need to keep track all you have to do is write down the number 11 somewhere and you''ll always know the phrase that goes with it.
Don't know how real secure this method is but it worked for me before retirement.

[Bill Douglas]

LOL I used to write them on the underside of my desk. So if I forgot one I'd "Oops, I dropped my pen."

[wdfifteen]

I've started storing screen shots of my spreadsheet with the passwords on it. I figure if someone is crawling looking for passwords they are looking for ASCII.
Would it be more secure if passwords could be images? You could have a picture of your bank and to get into the bank account you had to match your picture with the stored picture associated with the account? Superimpose the pics and if they match you're in, if they don't you're out.

[wildthing]

You must have a system for passwords. Here is an example:

1. Take a phrase that means something to you. The longer, the better. "I love dogs."
2. Replace certain alphabet characters with special ones and numbers and capital letters. 1L0v#D0gs
3. Add numbers that mean something to you somewhere in the beginning, middle or end. 1L0v#D0gs1925
4. To vary by website, add an associative word for that website. E.g. Wells Fargo, ticker symbol WFC. 1L0v#D0gs1925WFC
5. Next website, just change the associative word, e.g. For your life insurance, De@th.
6. If the website doesn't allow special characters, just change to capital.
7. If there is a limit on the number of characters, take just the initials of your special phrase.
8. In case of password change requirements, just change the number in step 3 every time.

All you have to do is remember your associative word. Everything else stays the same.

One other tip. Don't use your name as login name if possible. Don't use joesmith. Use smithjoe251 or some alias.

[Matt Smith]

I heard a nice easy solution lately.
Instead of trying to remember all your passwords for each system, best not try at all..
Make your password totally forgetable, even for you. Like XXX111XXSX Lovinit.
When you get the password reminder reset it with similar. You will forget it. Rely on the password prompt. Continue with this. IT guys, ok or not...? Works for me.

[John Rogers]

I tell my students there are a few, very few really things that should be written down and saved somewhere on PAPER. These include:
- user ID and associated passwords,
- web URL's or IP addresses of special sites such as medical centers, hospitals,
- special hints that some sites want,
- ID numbers or account numbers such as one for Express Scripts,
- Name, model #, IP address, encryption type, admin password, encryption code for the type of encryption you use and when it was last changed
- The MAC address of all your devices including smart phones
- IP addresses of a couple of sites that should always be there such as Google or ********.com so you can check if your DNS server has gone belly up.


Do not use a password saver or any other way to keep them on your PC like in Chrome unless you pick a method and somewhere weird and then still print them out and hide them at home, NOT in your wallet.

For your router, allow only the MAC addresses listed above to access the box and also limit the total number allowed and change the security code about every 30 days or so.

[HardDrive]

I'm with John. Years in IT, my passwords are written down on paper. I do allow Chrome to save passwords, but never for anything important. The passwords I use for financial sites are different from the ones I use for sites like Pelican.

Sites and apps that save your passwords for you? Well, perhaps they will be secure. But the list of companies who had very sophisticated security measures in place and ended up getting hacked anyway is quite long, and growing by the day. That little notebook in the back of my desk drawer? Not very hackable.

[jyl]

Quote:

Originally Posted by Matt Smith

I heard a nice easy solution lately.
Instead of trying to remember all your passwords for each system, best not try at all..
Make your password totally forgetable, even for you. Like XXX111XXSX Lovinit.
When you get the password reminder reset it with similar. You will forget it. Rely on the password prompt. Continue with this. IT guys, ok or not...? Works for me.

Most password reset processes take a couple minutes, you have to retrieve a link from your email. They allow you to reset your password, then you have to log in with the new password. So you have to tolerate a significant delay and then remember the new password, for a minute anyway.