Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Re: Passwords

Reply
Thread Tools

Re: Passwords

 
 
VanguardLH
Guest
Posts: n/a
 
      01-10-2009
howard wrote:

> I have about a dozen passwords for different sites , all different.
> Sometimes I forget which one is which, but manage in the end.
> I never ask any site to remember log in details or passwords and always
> log out when finished.
> Here's my point. I downloaded an add on for my browser to remember log
> on details, you have to "train" the programme at first to remember each
> password.
> Before I started I was looking at various options, one was "show
> passwords" I assumed it would be empty , but it had a list of 13 sites
> log in details and passwords.
> Why and where does the computer store this info, what if I took my
> machine in for repair. someone could have got my bank details etc.


If you configured the web browser to remember you login credentials then
it is possible that they get decrypted. Unlikely but possible. If you
use software to remember password but it saves them as clear text than
anyone can see your passwords because they weren't encrypted. Anyone
with physical access to your computer can hack into your OS account
(i.e., login as you) and use that same software to decrypt all the
passwords that you saved using that program. It's all possible but some
scenarios are far less likely to actually happen. If you're interested,
go to http://www.nirsoft.net/password_recovery_tools.html where you'll
find several utilities for extracting passwords for various programs.


How to remember your passwords without using software

The problem with using password archivers, even those that do encrypt
the saved passwords (which obviously yours did not), is that you won't
have that software to use when you travel, like on your employer's
workstations, when on vacation, when using a friend's computer, or when
at the library. You won't be able to install that software everywhere
(to then access its data file with your passwords). If you're using
someone else's host, you're probably under a limited user account that
won't let you install any software. You might even be at some kiosk
that ensures that you can't install any software, including within your
own %userprofile% where you normally have permissions to save and
execute files.

Easier is to simply come up with an template for constructing a password
that is always the same but has something variable within it that is
depending on the domain of the site that you visit. For example, take
your initials but change their order, like middle, first, and last
initial, the last 2 digits of your birthyear, the 4 digits for your
birthmonth and birthday, some substring of your social security number
(but not the last 4 digits), and 4 or 5 characters of the domain name
(if the domain name is shorter than 4 characters than start using
characters from the top-level domain, like using "buyc" for "buy.com")
and perhaps use them in reverse order (so you'd use "cyub"). You don't
use all of these but mix together whichever "keys" for parts of it that
you want in whatever order you want (but always the same order). Use
non-alphanumeric characters, like period or dash, between the keys since
some sites require at least one non-alphanumeric character in the
password. Also be sure that one of the keys has digits in it because,
again, some sites require at least one number in the password.

So if your name was Ron T. Howard, born on 1980-02-12, your keys could
be HR (last & first initials) and 80 (for birthyear) then your keys
could be "<domain>.hr.80". That template (an example only) would remain
the same for every site you visit. When visiting newegg.com, for
example, you would use "ewen.hr.80" (4-char key for domain spelled
backwards). You can use whatever order of keys you want in your
password, separated by whatever non-alphanumeric characters you want.
Some sites require an uppercase character, too, so when you try
"ewen.hr.80" and it doesn't work then try "ewen.HR.80" (in your
template, you select of the alphabetic keys to do double duty to be
either lower- or uppercase, as needed by a site).

Now you have a template that you can use at all sites for a password
which is unique to each site but that you can reconstruct in your head
when you visit the site rather than rely on remembering a bunch of
unrelated passwords for them all or carrying around a data file and
password utility program. Once you figure out your own special blend of
keys that construct your password, and once you've used it a few times,
you'll find it more easy to remember the template than the password
because it's the same template you use over and over and everywhere.
You don't need to install any software, especially considering you might
not be able to install software on whatever host you use. You could
even carry a cheat sheet in your wallet to let you remember your
template, like saying "<domainrev>.<initsrev>.<byear>" (to match the
example one provided here) and it is unlikely that anyone finding that
slip of paper is going to understand what it is for.

The domain portion is needed so your password is unique at each domain.
The other keys are whatever you want. If you don't like using your
initials, even in some unusual order, then use the first 2 characters of
your car model, or the last 3 characters of mom's firstname, or the 3rd
to 5th characters of your middle name, or whatever you like. The idea
is to create a template with a set of keys within it where the template
remains the same no matter which domain you visit but one of its keys
varies according to the domain that you visit. The idea is that you can
remember the template because most of its keys are tidbits of personal
information that you can always recall with just the domain key being
variable. The template never changes, your personal keys never change,
just the domain changes but you use the same rule to generate that key
for every domain (like first or last 4 characters or domain, and whether
or not spelled backwards).

By using a template, my password is unique on every domain. I don't
need to install any software (and I may be using a host where I cannot
install software). I don't lose all my passwords because a data file
got lost or the software suddenly fails to cease functioning. I'm not
even having to remember the passwords themselves. When I visit a site,
I know the unchanging keys in the template and simply fill in the part
for the domain key in that template. The template lets me figure out
what password to use on a particular domain. The template never
changes, only 1 or 2 keys within it have variable values but those are
dependent on the domain that I visit so you'll know their values when
you visit the site.

 
Reply With Quote
 
 
 
 
Steve
Guest
Posts: n/a
 
      01-11-2009
On Sat, 10 Jan 2009 13:11:09 -0600, VanguardLH <(E-Mail Removed)> wrote:

>howard wrote:
>
>> I have about a dozen passwords for different sites , all different.
>> Sometimes I forget which one is which, but manage in the end.
>> I never ask any site to remember log in details or passwords and always
>> log out when finished.
>> Here's my point. I downloaded an add on for my browser to remember log
>> on details, you have to "train" the programme at first to remember each
>> password.
>> Before I started I was looking at various options, one was "show
>> passwords" I assumed it would be empty , but it had a list of 13 sites
>> log in details and passwords.
>> Why and where does the computer store this info, what if I took my
>> machine in for repair. someone could have got my bank details etc.

>
>If you configured the web browser to remember you login credentials then
>it is possible that they get decrypted. Unlikely but possible. If you
>use software to remember password but it saves them as clear text than
>anyone can see your passwords because they weren't encrypted. Anyone
>with physical access to your computer can hack into your OS account
>(i.e., login as you) and use that same software to decrypt all the
>passwords that you saved using that program. It's all possible but some
>scenarios are far less likely to actually happen. If you're interested,
>go to http://www.nirsoft.net/password_recovery_tools.html where you'll
>find several utilities for extracting passwords for various programs.
>
>
>How to remember your passwords without using software
>
>The problem with using password archivers, even those that do encrypt
>the saved passwords (which obviously yours did not), is that you won't
>have that software to use when you travel, like on your employer's
>workstations, when on vacation, when using a friend's computer, or when
>at the library. You won't be able to install that software everywhere
>(to then access its data file with your passwords). If you're using
>someone else's host, you're probably under a limited user account that
>won't let you install any software. You might even be at some kiosk
>that ensures that you can't install any software, including within your
>own %userprofile% where you normally have permissions to save and
>execute files.
>
>Easier is to simply come up with an template for constructing a password
>that is always the same but has something variable within it that is
>depending on the domain of the site that you visit. For example, take
>your initials but change their order, like middle, first, and last
>initial, the last 2 digits of your birthyear, the 4 digits for your
>birthmonth and birthday, some substring of your social security number
>(but not the last 4 digits), and 4 or 5 characters of the domain name
>(if the domain name is shorter than 4 characters than start using
>characters from the top-level domain, like using "buyc" for "buy.com")
>and perhaps use them in reverse order (so you'd use "cyub"). You don't
>use all of these but mix together whichever "keys" for parts of it that
>you want in whatever order you want (but always the same order). Use
>non-alphanumeric characters, like period or dash, between the keys since
>some sites require at least one non-alphanumeric character in the
>password. Also be sure that one of the keys has digits in it because,
>again, some sites require at least one number in the password.
>
>So if your name was Ron T. Howard, born on 1980-02-12, your keys could
>be HR (last & first initials) and 80 (for birthyear) then your keys
>could be "<domain>.hr.80". That template (an example only) would remain
>the same for every site you visit. When visiting newegg.com, for
>example, you would use "ewen.hr.80" (4-char key for domain spelled
>backwards). You can use whatever order of keys you want in your
>password, separated by whatever non-alphanumeric characters you want.
>Some sites require an uppercase character, too, so when you try
>"ewen.hr.80" and it doesn't work then try "ewen.HR.80" (in your
>template, you select of the alphabetic keys to do double duty to be
>either lower- or uppercase, as needed by a site).
>
>Now you have a template that you can use at all sites for a password
>which is unique to each site but that you can reconstruct in your head
>when you visit the site rather than rely on remembering a bunch of
>unrelated passwords for them all or carrying around a data file and
>password utility program. Once you figure out your own special blend of
>keys that construct your password, and once you've used it a few times,
>you'll find it more easy to remember the template than the password
>because it's the same template you use over and over and everywhere.
>You don't need to install any software, especially considering you might
>not be able to install software on whatever host you use. You could
>even carry a cheat sheet in your wallet to let you remember your
>template, like saying "<domainrev>.<initsrev>.<byear>" (to match the
>example one provided here) and it is unlikely that anyone finding that
>slip of paper is going to understand what it is for.
>
>The domain portion is needed so your password is unique at each domain.
>The other keys are whatever you want. If you don't like using your
>initials, even in some unusual order, then use the first 2 characters of
>your car model, or the last 3 characters of mom's firstname, or the 3rd
>to 5th characters of your middle name, or whatever you like. The idea
>is to create a template with a set of keys within it where the template
>remains the same no matter which domain you visit but one of its keys
>varies according to the domain that you visit. The idea is that you can
>remember the template because most of its keys are tidbits of personal
>information that you can always recall with just the domain key being
>variable. The template never changes, your personal keys never change,
>just the domain changes but you use the same rule to generate that key
>for every domain (like first or last 4 characters or domain, and whether
>or not spelled backwards).
>
>By using a template, my password is unique on every domain. I don't
>need to install any software (and I may be using a host where I cannot
>install software). I don't lose all my passwords because a data file
>got lost or the software suddenly fails to cease functioning. I'm not
>even having to remember the passwords themselves. When I visit a site,
>I know the unchanging keys in the template and simply fill in the part
>for the domain key in that template. The template lets me figure out
>what password to use on a particular domain. The template never
>changes, only 1 or 2 keys within it have variable values but those are
>dependent on the domain that I visit so you'll know their values when
>you visit the site.


Interesting. Not to nit, but some sites (particular government sites)
require you to change your password every xx days. Also on occasion, I
NEED to change my pw. Not a major problem (well, maybe I did nit)
Steve

 
Reply With Quote
 
 
 
 
VanguardLH
Guest
Posts: n/a
 
      01-13-2009
Steve wrote:

> On Sat, 10 Jan 2009 13:11:09 -0600, VanguardLH <(E-Mail Removed)> wrote:
>
>>howard wrote:
>>
>>> I have about a dozen passwords for different sites , all different.
>>> Sometimes I forget which one is which, but manage in the end.
>>> I never ask any site to remember log in details or passwords and always
>>> log out when finished.
>>> Here's my point. I downloaded an add on for my browser to remember log
>>> on details, you have to "train" the programme at first to remember each
>>> password.
>>> Before I started I was looking at various options, one was "show
>>> passwords" I assumed it would be empty , but it had a list of 13 sites
>>> log in details and passwords.
>>> Why and where does the computer store this info, what if I took my
>>> machine in for repair. someone could have got my bank details etc.

>>
>>If you configured the web browser to remember you login credentials then
>>it is possible that they get decrypted. Unlikely but possible. If you
>>use software to remember password but it saves them as clear text than
>>anyone can see your passwords because they weren't encrypted. Anyone
>>with physical access to your computer can hack into your OS account
>>(i.e., login as you) and use that same software to decrypt all the
>>passwords that you saved using that program. It's all possible but some
>>scenarios are far less likely to actually happen. If you're interested,
>>go to http://www.nirsoft.net/password_recovery_tools.html where you'll
>>find several utilities for extracting passwords for various programs.
>>
>>
>>How to remember your passwords without using software
>>
>>The problem with using password archivers, even those that do encrypt
>>the saved passwords (which obviously yours did not), is that you won't
>>have that software to use when you travel, like on your employer's
>>workstations, when on vacation, when using a friend's computer, or when
>>at the library. You won't be able to install that software everywhere
>>(to then access its data file with your passwords). If you're using
>>someone else's host, you're probably under a limited user account that
>>won't let you install any software. You might even be at some kiosk
>>that ensures that you can't install any software, including within your
>>own %userprofile% where you normally have permissions to save and
>>execute files.
>>
>>Easier is to simply come up with an template for constructing a password
>>that is always the same but has something variable within it that is
>>depending on the domain of the site that you visit. For example, take
>>your initials but change their order, like middle, first, and last
>>initial, the last 2 digits of your birthyear, the 4 digits for your
>>birthmonth and birthday, some substring of your social security number
>>(but not the last 4 digits), and 4 or 5 characters of the domain name
>>(if the domain name is shorter than 4 characters than start using
>>characters from the top-level domain, like using "buyc" for "buy.com")
>>and perhaps use them in reverse order (so you'd use "cyub"). You don't
>>use all of these but mix together whichever "keys" for parts of it that
>>you want in whatever order you want (but always the same order). Use
>>non-alphanumeric characters, like period or dash, between the keys since
>>some sites require at least one non-alphanumeric character in the
>>password. Also be sure that one of the keys has digits in it because,
>>again, some sites require at least one number in the password.
>>
>>So if your name was Ron T. Howard, born on 1980-02-12, your keys could
>>be HR (last & first initials) and 80 (for birthyear) then your keys
>>could be "<domain>.hr.80". That template (an example only) would remain
>>the same for every site you visit. When visiting newegg.com, for
>>example, you would use "ewen.hr.80" (4-char key for domain spelled
>>backwards). You can use whatever order of keys you want in your
>>password, separated by whatever non-alphanumeric characters you want.
>>Some sites require an uppercase character, too, so when you try
>>"ewen.hr.80" and it doesn't work then try "ewen.HR.80" (in your
>>template, you select of the alphabetic keys to do double duty to be
>>either lower- or uppercase, as needed by a site).
>>
>>Now you have a template that you can use at all sites for a password
>>which is unique to each site but that you can reconstruct in your head
>>when you visit the site rather than rely on remembering a bunch of
>>unrelated passwords for them all or carrying around a data file and
>>password utility program. Once you figure out your own special blend of
>>keys that construct your password, and once you've used it a few times,
>>you'll find it more easy to remember the template than the password
>>because it's the same template you use over and over and everywhere.
>>You don't need to install any software, especially considering you might
>>not be able to install software on whatever host you use. You could
>>even carry a cheat sheet in your wallet to let you remember your
>>template, like saying "<domainrev>.<initsrev>.<byear>" (to match the
>>example one provided here) and it is unlikely that anyone finding that
>>slip of paper is going to understand what it is for.
>>
>>The domain portion is needed so your password is unique at each domain.
>>The other keys are whatever you want. If you don't like using your
>>initials, even in some unusual order, then use the first 2 characters of
>>your car model, or the last 3 characters of mom's firstname, or the 3rd
>>to 5th characters of your middle name, or whatever you like. The idea
>>is to create a template with a set of keys within it where the template
>>remains the same no matter which domain you visit but one of its keys
>>varies according to the domain that you visit. The idea is that you can
>>remember the template because most of its keys are tidbits of personal
>>information that you can always recall with just the domain key being
>>variable. The template never changes, your personal keys never change,
>>just the domain changes but you use the same rule to generate that key
>>for every domain (like first or last 4 characters or domain, and whether
>>or not spelled backwards).
>>
>>By using a template, my password is unique on every domain. I don't
>>need to install any software (and I may be using a host where I cannot
>>install software). I don't lose all my passwords because a data file
>>got lost or the software suddenly fails to cease functioning. I'm not
>>even having to remember the passwords themselves. When I visit a site,
>>I know the unchanging keys in the template and simply fill in the part
>>for the domain key in that template. The template lets me figure out
>>what password to use on a particular domain. The template never
>>changes, only 1 or 2 keys within it have variable values but those are
>>dependent on the domain that I visit so you'll know their values when
>>you visit the site.

>
> Interesting. Not to nit, but some sites (particular government sites)
> require you to change your password every xx days. Also on occasion, I
> NEED to change my pw. Not a major problem (well, maybe I did nit)
> Steve


There are sites, especially at work, that will remember the last 10
passwords which you are not allowed to reuse. Often just adding a digit
or two on the end is sufficient. You could, for example, add another
key in your password that keeps track of count. So your template might
look like "<domainrev>.<otherkey>.<2count>.<otherkey>" where <2count> is
a 2-digit counter starting at "01". Or the template is "...<postfix>"
where <postfix> is a character you add, like "a" to "z". Just increment
to retry until you eventually hit the value to which you last changed
the counter key.

Many times I simply added an alphabetic character onto the end of one of
the keys to give a new password. It all depends on the sites you visit
as to how you construct your template. I had a different template for
work login versus those from my home. I didn't anyone at work to catch
my personal template and possibly use them for my personal-use sites.
At work, their rules often required a much more complex requirement for
changing your password (like more than N characters must change, not
just one, and the first or last 2 characters had to be different). The
domain wasn't included in my template for work because I was always
logging onto the same one at work. Plus, at work, forgetting a password
was easily fixed by calling the help desk and having them reset my
password (since even they couldn't read it) and then I'd change it to
something else (so they wouldn't know what it was). I had reasonable
recourse at work to fix a forgotten password. Not always true or doable
outside of work.

With non-school and non-work sites, I have yet to see my password expire
so using a fixed template for those sites has worked for decades. I'll
lose my account due to extended non-activity but I don't lose my
password while the account existed. With the school and work sites, I
use a different template, anyway, since they often employ much more
complex permutation requirements for a new password when the old one has
expired (yet you're talking only about 1 or 2 domains to remember those
passwords plus you have folks that can quickly reset it). With work
passwords, your IT folks should've setup their policies that result in
you having to use your password at least once per day so every day it
will get reinforced into your brain cells as to what is your password.
It is the sites that you don't frequent every day and may leave
unvisited for weeks that you'll want to have something to remember the
password there.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Wireless LAN with PEAP and Passwords Aironet 1200 AdminKen Wireless Networking 3 09-04-2006 04:03 AM
passwords =?Utf-8?B?bWlrZQ==?= Wireless Networking 1 10-11-2005 03:52 PM
Change password with 802.1x WinXP and cached Passwords. Michael King Wireless Networking 0 04-25-2005 02:03 PM
Migrate Saved Passwords? Christian Dornes Firefox 3 12-04-2003 07:02 PM
TB 0.2 - Not remember passwords Axl Firefox 6 09-28-2003 11:38 PM



Advertisments