|
How To Keep Track Of Passwords?
I'm drowning in account logins and passwords. There must be forty or fifty of the damn things in my life. Some are not terribly sensitive, others are financial accounts or otherwise quite sensitive.
How do you (1) keep track of all the logins and passwords, (2) keep a backup of that information, (3) keep all of that very secure or as secure as it needs to be? So far I have been storing them in Contacts on the iPhone with a sort of self-made code but that is a royal PITA, I'm afraid I will forget the code, and my iPhone could be stolen/lost and any moment. I would like an iPhone based solution, since that device is always with me. Ideally there would be a copy somewhere on the web, so if my iPhone is lost I could still get at the info. I should add that I use Macs at home (thought I'd mention this since some password managers are Windows only), and that I am not worried about the NSA being able to hack my passwords . . . |
Also, do you use a few passwords for all accounts, or generate a unique password for each account? Do you make them something that you can remember, or are they random sequences? Which types of accounts get the max security and which get the "password" password?
|
Not sure if this is a good idea or not, but I use an Excel spreadsheet with a password on it. I store it in my cloud so I can access it from anywhere (phone, tablet, any computer w/ internet connection). Has worked well for years. Since it's on the cloud my wife or I can update any password changes at anytime since it's a central document accessible from anywhere. While this is probably not 100% secure it's better than most other options that I have found.
Anyone use a password service? I know these are out there, I have heard many are a scam. Experiences?? |
I'm also leery of using a third-party service, since they then have my logins and passwords. That skepticism extends to the iPhone password apps.
|
I use My Eyes Only on my iphone and Mac.
I use it daily. |
I can't give away my secret without my security. ... I'll pm you. ...
|
Lstpass. Change the primary LP frequently. Only one to remember.
|
Keep mine in my head.
You could just write them on an index card and stow it somewhere secure. |
I store them in keepass program on a thumb drive. Mostly as a backup in case I forget them. http://keepass.info/
|
I have a system
3 levels of passwords, 2 passwords with variations on the domain/site it is used on Level 1 - "Darn, they want me to have a username and password for some reason" Level 2 - "Sure would like to keep this to myself" Level 3 - Things that grant real access - my root accounts, my linux user accounts, mail, bank, etc The something easy to remember but complex "Mary Had a Little Lamb" on pelicanparts may be MHADALLpelican Even if I've not used an account in a while, a few moments of thought lets me in |
|
KeePass
|
Remember when you had to keep lots of phone numbers stored in your head? I didnt lose that skill.
|
Here is a thought. Some reading suggests that when I enter a passcode on the iPhone, all data on the phone is encrypted and backups are encrypted as well, with very strong encryption. So, maybe I can simply keep all my passwords in a plain text document on the iPhone, since I password protect it. Sounds too easy?!
|
someday.....
NSA researches way to crack most computer encryption | Union-Bulletin WASHINGTON — In room-size metal boxes, secure against electromagnetic leaks, the National Security Agency is racing to build a computer that could break nearly every kind of encryption used to protect banking, medical, business and government records around the world. According to documents provided by former NSA contractor Edward Snowden, the effort to build “a cryptologically useful quantum computer” — a machine exponentially faster than classical computers — is part of a $79.7 million research program titled, “Penetrating Hard Targets.” Much of the work is hosted under classified contracts at a laboratory in College Park, Md. The development of a quantum computer has long been a goal of many in the scientific community, with revolutionary implications for fields like medicine as well as for the NSA’s code-breaking mission. With such technology, all forms of public key encryption would be broken, including those used on many secure websites as well as the type used to protect state secrets. Physicists and computer scientists have long speculated whether the NSA’s efforts are more advanced than those of the best civilian labs. Although the full extent of the agency’s research remains unknown, the documents provided by Snowden suggest the NSA is no closer to success than others in the scientific community. “It seems improbable that the NSA could be that far ahead of the open world without anybody knowing it,” said Scott Aaronson, an associate professor of electrical engineering and computer science at the Massachusetts Institute of Technology. The NSA appears to regard itself as running neck-and-neck with quantum computing labs sponsored by the European Union and the Swiss government, with steady progress but little prospect of an immediate breakthrough. “The geographic scope has narrowed from a global effort to a discrete focus on the European Union and Switzerland,” one NSA document states. Seth Lloyd, professor of quantum mechanical engineering at MIT, said the NSA’s focus is not misplaced. “The E.U. and Switzerland have made significant advances over the last decade and have caught up to the U.S. in quantum computing technology,” he said. The NSA declined to comment for this story. The documents, however, indicate the agency carries out some of its research in large, shielded rooms known as Faraday cages, which are designed to prevent electromagnetic energy from coming in or out. Those, according to one brief description, are required “to keep delicate quantum computing experiments running.” The basic principle underlying quantum computing is known as “quantum superposition,” the idea that an object simultaneously exists in all states. A classical computer uses binary bits, which are either zeros or ones. A quantum computer uses quantum bits, or qubits, which are simultaneously zero and one. This seeming impossibility is part of the mystery that lies at the heart of quantum theory, which even theoretical physicists say no one completely understands. “If you think you understand quantum mechanics, you don’t understand quantum mechanics,” said the late Nobel laureate Richard Feynman, who is widely regarded as a pioneer in quantum computing. Here’s how it works, in theory: While a classical computer, however fast, must do one calculation at a time, a quantum computer can sometimes avoid having to make calculations that are unnecessary to solving a problem. That allows it to home in on the correct answer much more quickly and efficiently. Quantum computing is so difficult to attain because of the fragile nature of such computers. In theory, the building blocks of such a computer might include individual atoms, photons or electrons. To maintain the quantum nature of the computer, these particles would need to be carefully isolated from their external environments. “Quantum computers are extremely delicate, so if you don’t protect them from their environment, then the computation will be useless,” said Daniel Lidar, a professor of electrical engineering and the director of the Center for Quantum Information Science and Technology at the University of Southern California. A working quantum computer would open the door to easily breaking the strongest encryption tools in use today, including a standard known as RSA, named for the initials of its creators. RSA scrambles communications, making them unreadable to anyone but the intended recipient, without requiring the use of a shared password. It is commonly used in Web browsers to secure financial transactions and in encrypted emails. RSA is used because of the difficulty of factoring the product of two large prime numbers. Breaking the encryption involves finding those two numbers. This cannot be done in a reasonable amount of time on a classical computer. In 2009, computer scientists using classical methods were able to discover the primes within a 768-bit number, but it took almost two years and hundreds of computers to factor it. The scientists estimated it would take 1,000 times longer to break a 1,024-bit encryption key, which is commonly used for online transactions. A large-scale quantum computer, however, could theoretically break a 1,024-bit encryption much faster. Some leading Internet companies are moving to 2,048-bit keys, but even those are thought to be vulnerable to rapid decryption with a quantum computer. Quantum computers have many applications for today’s scientific community, including the creation of artificial intelligence. But the NSA fears the implications for national security. “The application of quantum technologies to encryption algorithms threatens to dramatically impact the U.S. government’s ability to both protect its communications and eavesdrop on the communications of foreign governments,” according to an internal document provided by Snowden. A decade ago, some experts said developing a large quantum computer was likely 10 to 100 years in the future. Five years ago, Lloyd said the goal was at least 10 years away. Last year, Jeff Forshaw, a professor at the University of Manchester, told Britain’s Guardian newspaper, “It is probably too soon to speculate on when the first full-scale quantum computer will be built but recent progress indicates that there is every reason to be optimistic.” “I don’t think we’re likely to have the type of quantum computer the NSA wants within at least five years, in the absence of a significant breakthrough maybe much longer,” Lloyd told the Post in a recent interview. However, some companies claim to already be producing small quantum computers. A Canadian company, D-Wave Systems, says it has been making quantum computers since 2009. In 2012, it sold a $10 million version to Google, NASA and the Universities Space Research Association, according to news reports. That quantum computer, however, would never be useful for breaking public key encryption like RSA. “Even if everything they’re claiming is correct, that computer, by its design, cannot run Shor’s algorithm,” said Matthew Green, a research professor at the Johns Hopkins Information Security Institute, referring to the algorithm that could be used to break encryption like RSA. Experts believe one of the largest hurdles to breaking encryption with a quantum computer is building a computer with enough qubits, which is difficult given the very fragile state of quantum computers. By the end of September, the NSA expected to be able to have some basic building blocks, which it described in a document as “dynamical decoupling and complete quantum control on two semiconductor qubits.” “That’s a great step, but it’s a pretty small step on the road to building a large-scale quantum computer,” Lloyd said. A quantum computer capable of breaking cryptography would need hundreds or thousands more qubits than that. The budget for the National Intelligence Program, commonly referred to as the “black budget,” details the “Penetrating Hard Targets” project and noted this step “will enable initial scaling toward large systems in related and follow-on efforts.” Another project, called “Owning the Net,” is using quantum research to support the creation of new quantum-based attacks on encryptions like RSA, documents show. “The irony of quantum computing is that if you can imagine someone building a quantum computer that can break encryption a few decades into the future, then you need to be worried right now,” Lidar said. |
1Password
|
Passwordsafe.com
|
Obscurely named text document on computer not hooked up to internet.
|
I have an excel spreadsheet with my passwords. Like id10t I have levels of importance. For a lot of unimportant stuff I just use the same username and password and never change them. My financial institutions require me to change my password every 90 days and I do that with other important sites that don't require it. I keep the spreadsheet in a folder in boxcryptor, which is accessible from my phone, iPad, laptop, and work computer. The password for boxcryptor is in code in the middle of one of dozens of text documents on my computers. Chances are I'm OK, but I'm not really confident.
|
You could also just put a text file with everything inside of an encrypted & password protected .zip file. I only needed to remember the password to the zip file that way. That's what I used to do before I had KeePass.
|
Keepass is a good option. If you have Apple products, you can use the Keychain Access with iCloud.
Another option is an app called Truecrypt. With truecrypt you can encrypt a file, a bunch of files, a drive or your whole computer. |
I always remember my passwords, or can figure them out in a few tries? Why? I use the same passwords for everything. Well, everything financial uses the same ID/password. I have a different one for things like Pelican. There are arguments against this, which is why I don't mix "secure" passwords for banks that I feel have a higher level of security with other random websites that may have the passwords in clear text in a table. I feel being able to remember my passwords is better than to rely on some potentially unsecure password storage method.
An example of what I consider a good password: G0@tM1lk If I forget exactly what it is, I can figure it out knowing that the first letters are the capitals and all vowels are replaced. I can't stand passwords where random letters are replaced with no rhyme or reason. Too hard to remember. |
I used to remember them all. Until I had 3 dozen of them that I use daily and had to be 16 characters long with a numeric and a special character somewhere in the middle (but, no '&'s) and needed to be changed every 30 days and couldn't be a different variation of my last 10 changes or use my initials or have any part of my name or username in them, etc... I have too much other cryptic non-intuitive stuff to remember now so they all stay in an encrypted file or in KeePass. Except for my Pelican password... I havent changed that one in 10 years :)
|
its crazy here at work. i have 30+. i/we have to write them all down so how secure does that become. what also bad is when it is time to change a password, they may change the criteria but will not tell you what it is so you have to try different things. the one i like is we have a program that tells you 30 days out that your password will expire in 30 days.
then we have some that after changing your password it llocks you out for half an hour. what idiots come up with this crap. we have another program that tells you your password will expire in 3 days. if you dont change it it will lock you out. this is for all you security people out there. WHY DONT YOU JUST MAKE US CHANGE IT INSTEAD OF TELLING US IT WILL EXPIRE! another one of my favorites is the warning banner that says click here to exit, then takes you into the site instead of exiting. i also have programs that if you dont use then every few months they will lock you out. |
I just remember them.
Somebody posted an article about NSA's foray into quantum computing. That's more of an answer to an existing problem than anything nefarious. The existing problem? China already has quantum computers that can crack codes stupidly fast. Now, every encryption device we (DoD) develop MUST be quantum "resistant." Notice I say resistant; there's no such thing as quantom proof--not yet, at least. |
In a previous life I was a network engineer. You could do like my end users and write your username and password on a sticky note, and stick it under your keyboard.
|
Quote:
|
I just set all mine as "password" that way I don't forget.
|
2nd on the excel spreadsheet. The spreadsheet is also password protected.
|
Check this out. A former colleague started this company for the very reasons discussed here. Product is in beta.
MobileVaults | Beyond password management |
Android app. Secure. No hackable server. Google backups. Ad-driven free version, with in-app purchase to get rid of ads. APass by Airanza.
https://play.google.com/store/apps/details?id=com.airanza.apass |
Lastpass.com ftw
|
Before I retired I had to change passwords regularly and got a notice when it was time. So when I had to change my main password I got mixed up coming up with completely new passwords and had success with a method like this....start with a number and a phrase such as 5speedbikesrcool, next time go to 6speedbikesrcool, and so on. If the program says not enough of a change maybe something like ten10speedbikesrcool, eleven11speedbikesrcool and so on, capitalize one or two letters for variation. When the numbers get too big, reset with a lower number and a new phrase. If you need to keep track all you have to do is write down the number 11 somewhere and you''ll always know the phrase that goes with it.
Don't know how real secure this method is but it worked for me before retirement. |
LOL I used to write them on the underside of my desk. So if I forgot one I'd "Oops, I dropped my pen."
|
I've started storing screen shots of my spreadsheet with the passwords on it. I figure if someone is crawling looking for passwords they are looking for ASCII.
Would it be more secure if passwords could be images? You could have a picture of your bank and to get into the bank account you had to match your picture with the stored picture associated with the account? Superimpose the pics and if they match you're in, if they don't you're out. |
You must have a system for passwords. Here is an example:
1. Take a phrase that means something to you. The longer, the better. "I love dogs." 2. Replace certain alphabet characters with special ones and numbers and capital letters. 1L0v#D0gs 3. Add numbers that mean something to you somewhere in the beginning, middle or end. 1L0v#D0gs1925 4. To vary by website, add an associative word for that website. E.g. Wells Fargo, ticker symbol WFC. 1L0v#D0gs1925WFC 5. Next website, just change the associative word, e.g. For your life insurance, De@th. 6. If the website doesn't allow special characters, just change to capital. 7. If there is a limit on the number of characters, take just the initials of your special phrase. 8. In case of password change requirements, just change the number in step 3 every time. All you have to do is remember your associative word. Everything else stays the same. One other tip. Don't use your name as login name if possible. Don't use joesmith. Use smithjoe251 or some alias. |
I heard a nice easy solution lately.
Instead of trying to remember all your passwords for each system, best not try at all.. Make your password totally forgetable, even for you. Like XXX111XXSX Lovinit. When you get the password reminder reset it with similar. You will forget it. Rely on the password prompt. Continue with this. IT guys, ok or not...? Works for me. |
I tell my students there are a few, very few really things that should be written down and saved somewhere on PAPER. These include:
- user ID and associated passwords, - web URL's or IP addresses of special sites such as medical centers, hospitals, - special hints that some sites want, - ID numbers or account numbers such as one for Express Scripts, - Name, model #, IP address, encryption type, admin password, encryption code for the type of encryption you use and when it was last changed - The MAC address of all your devices including smart phones - IP addresses of a couple of sites that should always be there such as Google or ********.com so you can check if your DNS server has gone belly up. Do not use a password saver or any other way to keep them on your PC like in Chrome unless you pick a method and somewhere weird and then still print them out and hide them at home, NOT in your wallet. For your router, allow only the MAC addresses listed above to access the box and also limit the total number allowed and change the security code about every 30 days or so. |
I'm with John. Years in IT, my passwords are written down on paper. I do allow Chrome to save passwords, but never for anything important. The passwords I use for financial sites are different from the ones I use for sites like Pelican.
Sites and apps that save your passwords for you? Well, perhaps they will be secure. But the list of companies who had very sophisticated security measures in place and ended up getting hacked anyway is quite long, and growing by the day. That little notebook in the back of my desk drawer? Not very hackable. |
Quote:
|
| All times are GMT -8. The time now is 09:06 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0
Copyright 2025 Pelican Parts, LLC - Posts may be archived for display on the Pelican Parts Website