Passwords

Discussion in 'Computer Security' started by davidfromtas, May 9, 2004.

  1. davidfromtas

    davidfromtas Guest

    Hello,

    I am sure I am not the first person to encounter this problem. I hope
    somebody can point me in the right direction to a solution for it.

    I am a fairly low tech computer user. Over time I have accumulated a
    rather large collection of accounts and passwords.

    Some of them are for unimportant things like a on line forum I am a
    member of. Some of them allow access to my bank account or the like.

    I have a half decent system for keeping passwords that relies mostly
    on my own memory. But it regularly falls down on things I dont access
    for a long time. I am aware of other methods like:

    writing them down on a piece of paper that I hide.
    keeping a list in a computer file that I encrypt.
    using the same password for lots of things.
    allowing my browser to remember the passwords for me.
    getting a password management program.

    I am willing to spend some, but not a massive amount of time on
    managing these passwords. I think that there are probably people out
    there who are capable of getting my passwords whatever I do. I'd like
    to get some advice from the experts here on what is a good way to look
    after my passwords.

    I am leaning towards getting a password manager program. Is that too
    much of an all your eggs in one basket approach?

    Cheers,
    david
    davidfromtas, May 9, 2004
    #1
    1. Advertising

  2. davidfromtas

    Bit Twister Guest

    On Sun, 09 May 2004 12:01:23 -0700, davidfromtas wrote:

    > I am a fairly low tech computer user. Over time I have accumulated a
    > rather large collection of accounts and passwords.
    >
    > I am leaning towards getting a password manager program. Is that too
    > much of an all your eggs in one basket approach?


    downside is now you'll forget passwords faster and realy be up a creek if the
    data file/OS changes or a virus wipes it for you.
    Bit Twister, May 9, 2004
    #2
    1. Advertising

  3. davidfromtas

    ^reaper^ Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    In <>, davidfromtas
    <> says...

    > I am leaning towards getting a password manager program. Is that
    > too much of an all your eggs in one basket approach?


    Pwd mgmt proggies are great. Nice way to not only keep your pwds
    where you can easily find them, but most have other features too
    (like adding special categories, place for notes to self, etc.).
    Course, as with anything, if it's compromized, yer screwed. So don't
    use it to keep stuff like CC#s, SS#s, or other info that can give
    someone a way to steal your identity. I'd also try to find a proggie
    for a pda (if you have one). That way you've got it readily available
    no matter where you are.

    ^reaper^


    -----BEGIN PGP SIGNATURE-----
    Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

    iQA/AwUBQJ6LyVMeYoHj2dI5EQI8hQCePrbFsrVtDjcAuCchXEdnTV1Ci1sAniz7
    S9SYp2Coz1aC6dw9/rVknj3Z
    =KQtQ
    -----END PGP SIGNATURE-----
    ^reaper^, May 9, 2004
    #3
  4. davidfromtas <> wrote:
    > I am leaning towards getting a password manager program. Is that too
    > much of an all your eggs in one basket approach?


    I take a two pronged approach... one is a program with my passwords
    encrypted with my OpenPGP key. And the other is a relatively recent
    acquisition from http://www.mandylionlabs.com/ ..

    Cheers, -Ali

    --
    OpenPGP Key: 030E44E6
    --
    Was I helpful?: http://svcs.affero.net/rm.php?r=packetknife
    --
    Politics is the art of looking for trouble, finding it whether it
    exists or not, diagnosing it incorrectly, and applying the wrong
    remedy. -- Ernest Benn
    Ali-Reza Anghaie, May 9, 2004
    #4
  5. In article <>,
    says...
    > Hello,
    >
    > I am sure I am not the first person to encounter this problem. I hope
    > somebody can point me in the right direction to a solution for it.
    >
    > I am a fairly low tech computer user. Over time I have accumulated a
    > rather large collection of accounts and passwords.
    >
    > Some of them are for unimportant things like a on line forum I am a
    > member of. Some of them allow access to my bank account or the like.
    >
    > I have a half decent system for keeping passwords that relies mostly
    > on my own memory. But it regularly falls down on things I dont access
    > for a long time. I am aware of other methods like:
    >
    > writing them down on a piece of paper that I hide.
    > keeping a list in a computer file that I encrypt.
    > using the same password for lots of things.
    > allowing my browser to remember the passwords for me.
    > getting a password management program.
    >
    > I am willing to spend some, but not a massive amount of time on
    > managing these passwords. I think that there are probably people out
    > there who are capable of getting my passwords whatever I do. I'd like
    > to get some advice from the experts here on what is a good way to look
    > after my passwords.
    >
    > I am leaning towards getting a password manager program. Is that too
    > much of an all your eggs in one basket approach?
    >
    > Cheers,
    > david
    >
    >
    >
    >



    PGP is your friend.




    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
    Colonel Flagg, May 10, 2004
    #5
  6. In article <>,
    says...
    > Hello,
    >
    > I am sure I am not the first person to encounter this problem. I hope
    > somebody can point me in the right direction to a solution for it.
    >
    > I am a fairly low tech computer user. Over time I have accumulated a
    > rather large collection of accounts and passwords.
    >
    > Some of them are for unimportant things like a on line forum I am a
    > member of. Some of them allow access to my bank account or the like.
    >
    > I have a half decent system for keeping passwords that relies mostly
    > on my own memory. But it regularly falls down on things I dont access
    > for a long time. I am aware of other methods like:
    >
    > writing them down on a piece of paper that I hide.
    > keeping a list in a computer file that I encrypt.
    > using the same password for lots of things.
    > allowing my browser to remember the passwords for me.
    > getting a password management program.
    >
    > I am willing to spend some, but not a massive amount of time on
    > managing these passwords. I think that there are probably people out
    > there who are capable of getting my passwords whatever I do. I'd like
    > to get some advice from the experts here on what is a good way to look
    > after my passwords.
    >
    > I am leaning towards getting a password manager program. Is that too
    > much of an all your eggs in one basket approach?


    As others have recommended, pgp is a decent solution. However, there
    are tricks to maintaining many passwords that are secure, yet easy for
    you to remember. For example, come up with a phrase like "Ask not what
    you can do for your country". Take the first letter of each word while
    substituting numbers and symbols where appropriate. "Ask not what you
    can do for your country" becomes A!wycd4yc. This is a normal technique
    for passwords, but you want them unique for each site and still easy for
    you to remember which you used for what, so take it a step further.

    Add the first and last letter of the site you are registering for to the
    mix. For example, Ebay take the E and the y, place the E at the
    beginning of your hash, the y at the end. You now have EA!wycd4ycy. As
    a password for e-bay. Register for Yahoo and it becomes YA!wycd4yco.
    You end up with a unique password for everything that becomes very easy
    for you to remember for each site because all you really have to
    remember is one hash.

    This is just an example, come up with your own, put the last letter of
    the site or machine name first and the first last, place them in the
    middle instead of the ends if you want. Whatever you feel gives you a
    good hash mix and is easy for you to remember the structure. Then use
    that constistently and you'll have unique passwords for everything that
    are easy for you to remember.

    /steve
    --
    Protect yourself on-line. Hide your identifying details in e-mail,
    usenet, and more. A privacy service like no other.
    No one gives you more control over your e-mail than we do!
    http://www.cotse.net/servicedetails.html
    Stephen K. Gielda, May 11, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AdminKen

    Wireless LAN with PEAP and Passwords Aironet 1200

    AdminKen, Mar 30, 2005, in forum: Wireless Networking
    Replies:
    3
    Views:
    7,586
    Jeffrey Chong
    Sep 4, 2006
  2. Michael King

    Change password with 802.1x WinXP and cached Passwords.

    Michael King, Apr 25, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    935
    Michael King
    Apr 25, 2005
  3. =?Utf-8?B?bWlrZQ==?=

    passwords

    =?Utf-8?B?bWlrZQ==?=, Oct 10, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    548
    Clark
    Oct 11, 2005
  4. Axl
    Replies:
    6
    Views:
    1,177
    gmccx
    Sep 29, 2003
  5. Christian Dornes

    Migrate Saved Passwords?

    Christian Dornes, Dec 3, 2003, in forum: Firefox
    Replies:
    3
    Views:
    1,900
    Christian Dornes
    Dec 4, 2003
Loading...

Share This Page