homepage Welcome to WebmasterWorld Guest from 23.23.22.200
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

This 71 message thread spans 3 pages: < < 71 ( 1 [2] 3 > >     
How do you manage your passwords?
I have them stored in such safe places...
jimbeetle




msg:300670
 3:52 pm on Feb 10, 2003 (gmt 0)

The recommendation for Mail Washer [webmasterworld.com] really peaked my interest until, reading through the tutorial I found that the setup utility didn't import from your e-mail accounts was the passwords.

Arrrgh! Where did I put all those little critters?

Sure, I jot them down. But with passwords for this, passwords for that and different passwords for those, that adds up to a lot of different jottings and many nooks and crannies in which they might -- or might not -- turn up.

Ah, here's one hiding under the smart card rebate I was supposed to send in last week.

What system don't you use?

Jim

 

jadakiss2




msg:300700
 1:56 pm on Feb 11, 2003 (gmt 0)

I have a little gray book just for passwords and I write them all in their. =:0

jose




msg:300701
 3:02 pm on Feb 11, 2003 (gmt 0)

Guess who is having a big laugh now?

Brett....

I would be worried if I was one of those who only use one or two passwords all the time :)

He knows all of them...

dalguard




msg:300702
 3:29 pm on Feb 11, 2003 (gmt 0)

I have four passwords I use depending on the level of security. Then in my Palm I put a hint about which of the passwords it is, like "college password".

But I had to get a new ATM PIN after 15 years of using the same one. That was seriously painful. I put it in my Palm as the last four digits of a made-up phone number.

Asandir




msg:300703
 8:21 pm on Feb 11, 2003 (gmt 0)

Pgp encrypted file on my personal web server. Anyone can view it, just can't decode it.

Then I only need one pw to access the others - which I can do from anywhere, as I can ssh home and use gpg.

:)

dingman




msg:300704
 8:50 pm on Feb 11, 2003 (gmt 0)

as I can ssh home and use gpg.

And so can the guy who stuck a key logger on the public machine you just used :)

I use one password for a bunch of stuff I'm not worried about - here, throwaway Yahoo mail account, BMG music service (no, they do *not* know my credit card number!), NYTimes, etc, etc. Actually, I've come to care enough about my reputation on here that I'd use a 'real' password if Brett used a secure authentication system.

I have another one for things I care a bit more about, but don't feel very exposed on. It gets re-used often.

Financial stuff and root on my machines are each unique.

It's all kept in my head. Along with some history in case I missed something last time I rotated my passwords. I'd use my Visor except that (a) I don't have encryption software for it that I'm confident in and (b) it forgot everything it knew this morning, and I won't be able to restore it until I get home. I couldn't go that long without using a password!

WebManager




msg:300705
 9:34 pm on Feb 11, 2003 (gmt 0)

You've got to be really careful with passwords.

Using the same one (or two) for low security stuff is fine - it's only really an identifier.

But it is crucial that you don't use a frequently used password for high security/financial access.

And desirable that each and every high security password is different.

Why?

Hackers understand the contents of this thread - it is really hard work keeping track of passwords (particularly when we're told to never write them down!) So it is possible to be enticed onto a site requiring an e-mail and password. The hacker can then try this e-mail and password on other high security sites you are likely to use - bingo - in a small proportion of cases he's in.

Regarding high security passwords. If you use the same unintuitive password to access your website as you do for your bank account; an unscrupulous developer at your web hosting service can again have a pretty good bet that your unintuitive password is being used elsewhere - bingo - he's in.

The solution:

Have one (or two) low security passwords for stuff that really doesn't matter.

Have a separate, non-intuitive, password for each individual high security purpose - they musn't *ever* be the same.

Where to store them:

Physically, in ink, in a little cash book on a shelf, or in the back of a book cover.

(make sure its a book that's boring enough for no-one to bother stealing, and expensive looking enough for your parner to not throw out)

visca




msg:300706
 9:52 pm on Feb 11, 2003 (gmt 0)

I have at least 100 passwords to manage, many of which I use on a frequent basis. So I devised an Excel spreadsheet that contains the columns Service, Account, Password, URL, Comments.

Example

Service - Yahoo
Account - user@yahoo.com
Password - pass
URL - members.yahoo.com
Comments - All-in-one Yahoo service login

Then you can divide the sheet into sections like "Mail Related", "Shopping Related", "Client FTP Server". I have had the spreadsheet for over a year and its been simple and great to use and maintain. I have over time expanded it out to do things like also track software serial numbers, support accounts, etc. Also for things like managaing internal and client dedicated server login accounts, ftp's, etc. - very handy!

IMPORTANT : I recommend password protecting the spreadsheet to guard against people seeing your account details in the event they somehow obtain the file.

macdanife




msg:300707
 9:58 pm on Feb 11, 2003 (gmt 0)

I'm a nyophyte at this site. If you know how I can change my password for THIS site, please let me know where to look on the Webmaster World.com page when I log on. Thanks!

mack




msg:300708
 10:39 pm on Feb 11, 2003 (gmt 0)

"I have a file that looks like an inocent text file with my car insurance details on it...but in hidden text between the bottom of the main text and the footer note there is hidden text with passwords I use :)
Not many people would think of looking there"

That was an example.... not the real file :)

Elliott




msg:300709
 1:13 am on Feb 12, 2003 (gmt 0)

I use a certain group of numbers from my old Army number. Nobody knows the number and even if they did they wouldn't know what combo I use orif it is used forward of backward or every other number, etc. Of course if you weren't in theArmy you would have to figure out another number group that nobody could figure out.

Macguru




msg:300710
 1:36 am on Feb 12, 2003 (gmt 0)

macdanife,

Welcome to the board!

Click control panel (extreme left in top menu) and Edit profile, bingo!
(while you are there, you can play with lots of stuff to customise how the board looks and feel)

kyr01




msg:300711
 5:55 pm on Feb 12, 2003 (gmt 0)

I use a simple password (six digits) for everything that is not crucial and that I feel could even be hacked without having to suffer losses. This password is always the same for all the accounts.
Then I have a different and longer password (8 digits) for anything that I would like to protect more but that's still not critical (most email accounts that I rarely use,like the one that the university gave me, are in this category). Again, this password is the same for all the accounts.
Finally, everything that I feel is important (financial or not) has a password of its own, that is changed often (sometimes it is just a matter of rotating the same digits...).
My favorite password pattern started using the address I had when I was living in Manhattan: it is really easy to mix number and letters when you look at any address in NYC. So, you may only need the business card of your favorite restaurant to have a perfect pwd (for example 200e3rd: it is a restaurant, but obviously not my favorite...).

jimbeetle




msg:300712
 6:25 pm on Feb 12, 2003 (gmt 0)

Hey kyr01, is that Mama's? Have to take a run down there seomtime soon.

Mr3Putt




msg:300713
 11:29 pm on Feb 12, 2003 (gmt 0)

My all-time fave utility for my Palm is SplashID... an encrypted and password-protected password storage program. Very nice. Lots of categories, custom fields... works for everything from PINs to Passwords to Credit Card Nums to Lock Combinations.

Google, PalmGear, or Tucows will turn it up. It's great.

<edit>
Oh yeah, it's got an encrypted and password protected desktop app, too. So, you don't have to input everything via Graffiti. Makes data entry a snap. And, let's you restore if your Palm goes *boink*.

I've got probably 150 entries in there. Insurance Policy numbers, Phone-Dialing instructions. Anything that requires even a modicum of security.

I'm sure there are other similar (and maybe even better) products available.
</edit>

mivox




msg:300714
 11:46 pm on Feb 12, 2003 (gmt 0)

Mine's called Lockbox. Freeware Palm app... nothing fancy, but it is encrypted, allows you to create categories for sorting entries, and gives you Account, Password, Username and Info fields for each entry.

I often use the info field for noting phone numbers or mailing addresses associated with each account...

pickman




msg:300715
 12:01 am on Feb 13, 2003 (gmt 0)

I use the model number of the under-side of my watch for high risk stuff. Gonna have to kill me or steal my watch at gun point.... clue..I no longer wear a watch

J_Mac




msg:300716
 5:06 am on Feb 13, 2003 (gmt 0)

I have created a folder in the Links toolbar at the top of my IE browser aptly titled "Accounts" which contains the bookmarks for all the pages requiring password access. I have renamed each link to show the first couple of characters of the respective username & password.

Example:
Webmasterworld.com ab.... 12....

Since I use under ten passwords total I only need the first couple of characters to remind me of the complete password.

This makes it very easy for me and I don't have to worry about someone using my computer and being able to retreive the full password.

rogerd




msg:300717
 1:59 pm on Feb 13, 2003 (gmt 0)

I'm a PDA password safe user too, mine's YAPS (Yet Another Password Safe). I sync at home and office for a triple backup (PDA + 2 PCs), and once in a while do a dump to paper & lock up in an inconspicuous file.

MetaFunk




msg:300718
 2:44 pm on Feb 13, 2003 (gmt 0)

I use same password for all trivial stuff e.g. news web sites etc. I use 2 or 3 different passwords for semi importnat things. The important passwords I store encrypted on my PDA.

delpino




msg:300719
 5:58 pm on Feb 13, 2003 (gmt 0)

I used to use "Password Safe" now I use "Any Password". I think "Password Safe" isn't up-to-date anymore, no folders for example.

[download.com.com...]

jamison




msg:300720
 6:28 pm on Feb 13, 2003 (gmt 0)

Since this thread started I have been using Whisper 32. Wow, great freeware program. I really like the autogenerate feature. I also will try the PDA programs. Previous to that I used 5 passwords and also had a text file with all of them.

Jamison

WebManager




msg:300721
 6:43 pm on Feb 13, 2003 (gmt 0)

I'm not happy about using encryption software at all.

The accepted cryptography rule (which has held for centuries!) is that *all* codes can be broken - a strong code merely takes longer to break.

How can you have confidence in encryption software - particlularly free/shareware?

Those using encryption programs should regard them as buying time: not absolute security.

In other words, a good encryption program on a PDA is useful only because it buys you time between noticing that it is lost/stolen - and changing all your passwords!

But if you've lost your PDA - now even you don't know your passwords!

No hacker can find passwords written in ink.

It's that simple


jimbeetle




msg:300722
 7:46 pm on Feb 13, 2003 (gmt 0)

But if you've lost your PDA - now even you don't know your passwords!

Same-o, same-o if you use Whisper 32, etc. and your machine goes down.

Think I'm just gonna gather up all those sticky notes and update the little black book. Maybe carve out a hole in the heel of my shoe for it.

mivox




msg:300723
 7:59 pm on Feb 13, 2003 (gmt 0)

How can you have confidence in encryption software - particlularly free/shareware?

Well, the PDA itself requires one password to even access the 'desktop' interface, and then you need to know where the passwords are stored, and then you need to know the passwords to access the storage software...

I'm willing to gamble on the odds that there aren't many competent PDA hackers in the middle of Alaska. If my PDA gets lost, the most likely worst-case scenario is that the person who finds it will just throw it away because they couldn't find the "on" button. If they found the "on" button, they'd see my contact info on the start up screen... so they might call me. And on the long chance that the finder is both PDA literate enough to know about the poke-somthing-into-the-reset-hole-while-holding-the-power-button trick and a basically dishonest person, they'd probably just reset the darn thing, and keep it for themselves...

If you store your passwords on a hidden piece of paper, I'd say you have a better chance of having it destroyed in a house fire than I have of seeing my passwords hacked out of my PDA. ;)

digitalghost




msg:300724
 8:22 pm on Feb 13, 2003 (gmt 0)

How can you have confidence in encryption software - particlularly free/shareware?

I don't have any confidence in any encryption system other than PGP. Most of the WINcrypt style of encryption systems can be hacked in an afternoon by someone with determination.

But, nearly all encryption methods deter the common snoop.

rogerd




msg:300725
 8:54 pm on Feb 13, 2003 (gmt 0)

But if you've lost your PDA - now even you don't know your passwords!

When you sync up with your PC, you are backing up the data. So if your PDA is stolen or suffers massive hardware failure, you should be able to get a new one and load all your data in from the PC.

The nice thing about the PDA is it travels with you. When I used paper files or hard-drive based files, I was always in the wrong place, i.e., I needed an office password when I was at home or vice-versa. I suppose a little-black-book could stay on your person, but would be subject to loss, theft, or damage.

WebManager




msg:300726
 9:12 pm on Feb 13, 2003 (gmt 0)

But if you sync your PDA to your main computer its files are now open to hackers through your broadband connection.

No-one can hack your passwords from a bit of paper in the same room as your computer!

mivox




msg:300727
 9:22 pm on Feb 13, 2003 (gmt 0)

But if you sync your PDA to your main computer its files are now open to hackers through your broadband connection.

Not if you 1.) don't have a broadband connection (my PDA sync files are on my laptop at home, which is tragically limited to a slow-@ss dial-up connection), or 2.) properly secure your broadband connection (my company pays a consultant good money to keep our network firewall up to date).

macdanife




msg:300728
 9:36 pm on Feb 13, 2003 (gmt 0)

1. I only asked how I may change my password AT THIS SITE;
2. Else, more importantly to everyone:
Ages ago, I used to be a legal secretary, where confidentiality is a number 1 rule of the work ethic. So are my clients' negotiating secrets as I broker (and consult on) real estate (especially investments and trading) for them now for the past 20 years. CONFIDENTIALITY is key to understanding the importance of our keeping our passwords and user names secret from anyone.

There is only one person in the world who may enter my safe deposit vault in case I die, which is my attorney at law, whom I appointed in my will as my secondary executor in case my executrix cannot or will not act. Now then, you give your most trusted person, such as your attorney/executor, a key to your safety deposit vault. In the vault, you store ALL of your user names and passwords in a book which you can keep up to date every time you go over to the bank vault.

Personally, I do not use too many user names/passwords, since I rely on my mind to remember all. However, I did learn in CIS school how important it is to use both alpha and numeric characters in a password. Now, then, if you take that one step further and only remember say three maximum passwords, you can always hash them around by just changing even one character for a different user name. Someone else who has posted said something similar to this. I do not carry nor do I want to carry a palm, but I do use one of those old-fashioned Day Timers (also you can get the same kind of scheduler through Franklin Mint, you see displays all the time at airports)...

You can just use a pen/pencil and know what tabs you use in your Address Book, hard copy (the paper one), and write them out in whatever type of coding method that makes sense to you. Obviously, you make at least ONE photocopy of this so that as you change them over time, you can store the changed photocopy outside of your place where you use your box.

However, I really feel that it's important, since so many of our estate-related items are on our boxes, to give a Power of Attorney to somebody you trust in case you kick the bucket and your box has to be accessed so that your estate doesn't agonize through probate.

sem4u




msg:300729
 9:37 pm on Feb 13, 2003 (gmt 0)

Just get a box of A-Z index cards and bingo a password system!

cherryl




msg:300730
 2:06 am on Feb 14, 2003 (gmt 0)

I've been using a product called Key Wallet and it has made my life sooo much simpler. Nice interface too. It can store the url where each password is used. It's a dream, and no I have no affiliation with the folks who developed it.

This 71 message thread spans 3 pages: < < 71 ( 1 [2] 3 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved