Re: Passwords

Discussion in 'Computer Support' started by VanguardLH, Jan 10, 2009.

  1. VanguardLH

    VanguardLH Guest

    howard wrote:

    > I have about a dozen passwords for different sites , all different.
    > Sometimes I forget which one is which, but manage in the end.
    > I never ask any site to remember log in details or passwords and always
    > log out when finished.
    > Here's my point. I downloaded an add on for my browser to remember log
    > on details, you have to "train" the programme at first to remember each
    > password.
    > Before I started I was looking at various options, one was "show
    > passwords" I assumed it would be empty , but it had a list of 13 sites
    > log in details and passwords.
    > Why and where does the computer store this info, what if I took my
    > machine in for repair. someone could have got my bank details etc.


    If you configured the web browser to remember you login credentials then
    it is possible that they get decrypted. Unlikely but possible. If you
    use software to remember password but it saves them as clear text than
    anyone can see your passwords because they weren't encrypted. Anyone
    with physical access to your computer can hack into your OS account
    (i.e., login as you) and use that same software to decrypt all the
    passwords that you saved using that program. It's all possible but some
    scenarios are far less likely to actually happen. If you're interested,
    go to http://www.nirsoft.net/password_recovery_tools.html where you'll
    find several utilities for extracting passwords for various programs.


    How to remember your passwords without using software

    The problem with using password archivers, even those that do encrypt
    the saved passwords (which obviously yours did not), is that you won't
    have that software to use when you travel, like on your employer's
    workstations, when on vacation, when using a friend's computer, or when
    at the library. You won't be able to install that software everywhere
    (to then access its data file with your passwords). If you're using
    someone else's host, you're probably under a limited user account that
    won't let you install any software. You might even be at some kiosk
    that ensures that you can't install any software, including within your
    own %userprofile% where you normally have permissions to save and
    execute files.

    Easier is to simply come up with an template for constructing a password
    that is always the same but has something variable within it that is
    depending on the domain of the site that you visit. For example, take
    your initials but change their order, like middle, first, and last
    initial, the last 2 digits of your birthyear, the 4 digits for your
    birthmonth and birthday, some substring of your social security number
    (but not the last 4 digits), and 4 or 5 characters of the domain name
    (if the domain name is shorter than 4 characters than start using
    characters from the top-level domain, like using "buyc" for "buy.com")
    and perhaps use them in reverse order (so you'd use "cyub"). You don't
    use all of these but mix together whichever "keys" for parts of it that
    you want in whatever order you want (but always the same order). Use
    non-alphanumeric characters, like period or dash, between the keys since
    some sites require at least one non-alphanumeric character in the
    password. Also be sure that one of the keys has digits in it because,
    again, some sites require at least one number in the password.

    So if your name was Ron T. Howard, born on 1980-02-12, your keys could
    be HR (last & first initials) and 80 (for birthyear) then your keys
    could be "<domain>.hr.80". That template (an example only) would remain
    the same for every site you visit. When visiting newegg.com, for
    example, you would use "ewen.hr.80" (4-char key for domain spelled
    backwards). You can use whatever order of keys you want in your
    password, separated by whatever non-alphanumeric characters you want.
    Some sites require an uppercase character, too, so when you try
    "ewen.hr.80" and it doesn't work then try "ewen.HR.80" (in your
    template, you select of the alphabetic keys to do double duty to be
    either lower- or uppercase, as needed by a site).

    Now you have a template that you can use at all sites for a password
    which is unique to each site but that you can reconstruct in your head
    when you visit the site rather than rely on remembering a bunch of
    unrelated passwords for them all or carrying around a data file and
    password utility program. Once you figure out your own special blend of
    keys that construct your password, and once you've used it a few times,
    you'll find it more easy to remember the template than the password
    because it's the same template you use over and over and everywhere.
    You don't need to install any software, especially considering you might
    not be able to install software on whatever host you use. You could
    even carry a cheat sheet in your wallet to let you remember your
    template, like saying "<domainrev>.<initsrev>.<byear>" (to match the
    example one provided here) and it is unlikely that anyone finding that
    slip of paper is going to understand what it is for.

    The domain portion is needed so your password is unique at each domain.
    The other keys are whatever you want. If you don't like using your
    initials, even in some unusual order, then use the first 2 characters of
    your car model, or the last 3 characters of mom's firstname, or the 3rd
    to 5th characters of your middle name, or whatever you like. The idea
    is to create a template with a set of keys within it where the template
    remains the same no matter which domain you visit but one of its keys
    varies according to the domain that you visit. The idea is that you can
    remember the template because most of its keys are tidbits of personal
    information that you can always recall with just the domain key being
    variable. The template never changes, your personal keys never change,
    just the domain changes but you use the same rule to generate that key
    for every domain (like first or last 4 characters or domain, and whether
    or not spelled backwards).

    By using a template, my password is unique on every domain. I don't
    need to install any software (and I may be using a host where I cannot
    install software). I don't lose all my passwords because a data file
    got lost or the software suddenly fails to cease functioning. I'm not
    even having to remember the passwords themselves. When I visit a site,
    I know the unchanging keys in the template and simply fill in the part
    for the domain key in that template. The template lets me figure out
    what password to use on a particular domain. The template never
    changes, only 1 or 2 keys within it have variable values but those are
    dependent on the domain that I visit so you'll know their values when
    you visit the site.
    VanguardLH, Jan 10, 2009
    #1
    1. Advertising

  2. VanguardLH

    Steve Guest

    On Sat, 10 Jan 2009 13:11:09 -0600, VanguardLH <> wrote:

    >howard wrote:
    >
    >> I have about a dozen passwords for different sites , all different.
    >> Sometimes I forget which one is which, but manage in the end.
    >> I never ask any site to remember log in details or passwords and always
    >> log out when finished.
    >> Here's my point. I downloaded an add on for my browser to remember log
    >> on details, you have to "train" the programme at first to remember each
    >> password.
    >> Before I started I was looking at various options, one was "show
    >> passwords" I assumed it would be empty , but it had a list of 13 sites
    >> log in details and passwords.
    >> Why and where does the computer store this info, what if I took my
    >> machine in for repair. someone could have got my bank details etc.

    >
    >If you configured the web browser to remember you login credentials then
    >it is possible that they get decrypted. Unlikely but possible. If you
    >use software to remember password but it saves them as clear text than
    >anyone can see your passwords because they weren't encrypted. Anyone
    >with physical access to your computer can hack into your OS account
    >(i.e., login as you) and use that same software to decrypt all the
    >passwords that you saved using that program. It's all possible but some
    >scenarios are far less likely to actually happen. If you're interested,
    >go to http://www.nirsoft.net/password_recovery_tools.html where you'll
    >find several utilities for extracting passwords for various programs.
    >
    >
    >How to remember your passwords without using software
    >
    >The problem with using password archivers, even those that do encrypt
    >the saved passwords (which obviously yours did not), is that you won't
    >have that software to use when you travel, like on your employer's
    >workstations, when on vacation, when using a friend's computer, or when
    >at the library. You won't be able to install that software everywhere
    >(to then access its data file with your passwords). If you're using
    >someone else's host, you're probably under a limited user account that
    >won't let you install any software. You might even be at some kiosk
    >that ensures that you can't install any software, including within your
    >own %userprofile% where you normally have permissions to save and
    >execute files.
    >
    >Easier is to simply come up with an template for constructing a password
    >that is always the same but has something variable within it that is
    >depending on the domain of the site that you visit. For example, take
    >your initials but change their order, like middle, first, and last
    >initial, the last 2 digits of your birthyear, the 4 digits for your
    >birthmonth and birthday, some substring of your social security number
    >(but not the last 4 digits), and 4 or 5 characters of the domain name
    >(if the domain name is shorter than 4 characters than start using
    >characters from the top-level domain, like using "buyc" for "buy.com")
    >and perhaps use them in reverse order (so you'd use "cyub"). You don't
    >use all of these but mix together whichever "keys" for parts of it that
    >you want in whatever order you want (but always the same order). Use
    >non-alphanumeric characters, like period or dash, between the keys since
    >some sites require at least one non-alphanumeric character in the
    >password. Also be sure that one of the keys has digits in it because,
    >again, some sites require at least one number in the password.
    >
    >So if your name was Ron T. Howard, born on 1980-02-12, your keys could
    >be HR (last & first initials) and 80 (for birthyear) then your keys
    >could be "<domain>.hr.80". That template (an example only) would remain
    >the same for every site you visit. When visiting newegg.com, for
    >example, you would use "ewen.hr.80" (4-char key for domain spelled
    >backwards). You can use whatever order of keys you want in your
    >password, separated by whatever non-alphanumeric characters you want.
    >Some sites require an uppercase character, too, so when you try
    >"ewen.hr.80" and it doesn't work then try "ewen.HR.80" (in your
    >template, you select of the alphabetic keys to do double duty to be
    >either lower- or uppercase, as needed by a site).
    >
    >Now you have a template that you can use at all sites for a password
    >which is unique to each site but that you can reconstruct in your head
    >when you visit the site rather than rely on remembering a bunch of
    >unrelated passwords for them all or carrying around a data file and
    >password utility program. Once you figure out your own special blend of
    >keys that construct your password, and once you've used it a few times,
    >you'll find it more easy to remember the template than the password
    >because it's the same template you use over and over and everywhere.
    >You don't need to install any software, especially considering you might
    >not be able to install software on whatever host you use. You could
    >even carry a cheat sheet in your wallet to let you remember your
    >template, like saying "<domainrev>.<initsrev>.<byear>" (to match the
    >example one provided here) and it is unlikely that anyone finding that
    >slip of paper is going to understand what it is for.
    >
    >The domain portion is needed so your password is unique at each domain.
    >The other keys are whatever you want. If you don't like using your
    >initials, even in some unusual order, then use the first 2 characters of
    >your car model, or the last 3 characters of mom's firstname, or the 3rd
    >to 5th characters of your middle name, or whatever you like. The idea
    >is to create a template with a set of keys within it where the template
    >remains the same no matter which domain you visit but one of its keys
    >varies according to the domain that you visit. The idea is that you can
    >remember the template because most of its keys are tidbits of personal
    >information that you can always recall with just the domain key being
    >variable. The template never changes, your personal keys never change,
    >just the domain changes but you use the same rule to generate that key
    >for every domain (like first or last 4 characters or domain, and whether
    >or not spelled backwards).
    >
    >By using a template, my password is unique on every domain. I don't
    >need to install any software (and I may be using a host where I cannot
    >install software). I don't lose all my passwords because a data file
    >got lost or the software suddenly fails to cease functioning. I'm not
    >even having to remember the passwords themselves. When I visit a site,
    >I know the unchanging keys in the template and simply fill in the part
    >for the domain key in that template. The template lets me figure out
    >what password to use on a particular domain. The template never
    >changes, only 1 or 2 keys within it have variable values but those are
    >dependent on the domain that I visit so you'll know their values when
    >you visit the site.


    Interesting. Not to nit, but some sites (particular government sites)
    require you to change your password every xx days. Also on occasion, I
    NEED to change my pw. Not a major problem (well, maybe I did nit) :)
    Steve
    Steve, Jan 11, 2009
    #2
    1. Advertising

  3. VanguardLH

    VanguardLH Guest

    Steve wrote:

    > On Sat, 10 Jan 2009 13:11:09 -0600, VanguardLH <> wrote:
    >
    >>howard wrote:
    >>
    >>> I have about a dozen passwords for different sites , all different.
    >>> Sometimes I forget which one is which, but manage in the end.
    >>> I never ask any site to remember log in details or passwords and always
    >>> log out when finished.
    >>> Here's my point. I downloaded an add on for my browser to remember log
    >>> on details, you have to "train" the programme at first to remember each
    >>> password.
    >>> Before I started I was looking at various options, one was "show
    >>> passwords" I assumed it would be empty , but it had a list of 13 sites
    >>> log in details and passwords.
    >>> Why and where does the computer store this info, what if I took my
    >>> machine in for repair. someone could have got my bank details etc.

    >>
    >>If you configured the web browser to remember you login credentials then
    >>it is possible that they get decrypted. Unlikely but possible. If you
    >>use software to remember password but it saves them as clear text than
    >>anyone can see your passwords because they weren't encrypted. Anyone
    >>with physical access to your computer can hack into your OS account
    >>(i.e., login as you) and use that same software to decrypt all the
    >>passwords that you saved using that program. It's all possible but some
    >>scenarios are far less likely to actually happen. If you're interested,
    >>go to http://www.nirsoft.net/password_recovery_tools.html where you'll
    >>find several utilities for extracting passwords for various programs.
    >>
    >>
    >>How to remember your passwords without using software
    >>
    >>The problem with using password archivers, even those that do encrypt
    >>the saved passwords (which obviously yours did not), is that you won't
    >>have that software to use when you travel, like on your employer's
    >>workstations, when on vacation, when using a friend's computer, or when
    >>at the library. You won't be able to install that software everywhere
    >>(to then access its data file with your passwords). If you're using
    >>someone else's host, you're probably under a limited user account that
    >>won't let you install any software. You might even be at some kiosk
    >>that ensures that you can't install any software, including within your
    >>own %userprofile% where you normally have permissions to save and
    >>execute files.
    >>
    >>Easier is to simply come up with an template for constructing a password
    >>that is always the same but has something variable within it that is
    >>depending on the domain of the site that you visit. For example, take
    >>your initials but change their order, like middle, first, and last
    >>initial, the last 2 digits of your birthyear, the 4 digits for your
    >>birthmonth and birthday, some substring of your social security number
    >>(but not the last 4 digits), and 4 or 5 characters of the domain name
    >>(if the domain name is shorter than 4 characters than start using
    >>characters from the top-level domain, like using "buyc" for "buy.com")
    >>and perhaps use them in reverse order (so you'd use "cyub"). You don't
    >>use all of these but mix together whichever "keys" for parts of it that
    >>you want in whatever order you want (but always the same order). Use
    >>non-alphanumeric characters, like period or dash, between the keys since
    >>some sites require at least one non-alphanumeric character in the
    >>password. Also be sure that one of the keys has digits in it because,
    >>again, some sites require at least one number in the password.
    >>
    >>So if your name was Ron T. Howard, born on 1980-02-12, your keys could
    >>be HR (last & first initials) and 80 (for birthyear) then your keys
    >>could be "<domain>.hr.80". That template (an example only) would remain
    >>the same for every site you visit. When visiting newegg.com, for
    >>example, you would use "ewen.hr.80" (4-char key for domain spelled
    >>backwards). You can use whatever order of keys you want in your
    >>password, separated by whatever non-alphanumeric characters you want.
    >>Some sites require an uppercase character, too, so when you try
    >>"ewen.hr.80" and it doesn't work then try "ewen.HR.80" (in your
    >>template, you select of the alphabetic keys to do double duty to be
    >>either lower- or uppercase, as needed by a site).
    >>
    >>Now you have a template that you can use at all sites for a password
    >>which is unique to each site but that you can reconstruct in your head
    >>when you visit the site rather than rely on remembering a bunch of
    >>unrelated passwords for them all or carrying around a data file and
    >>password utility program. Once you figure out your own special blend of
    >>keys that construct your password, and once you've used it a few times,
    >>you'll find it more easy to remember the template than the password
    >>because it's the same template you use over and over and everywhere.
    >>You don't need to install any software, especially considering you might
    >>not be able to install software on whatever host you use. You could
    >>even carry a cheat sheet in your wallet to let you remember your
    >>template, like saying "<domainrev>.<initsrev>.<byear>" (to match the
    >>example one provided here) and it is unlikely that anyone finding that
    >>slip of paper is going to understand what it is for.
    >>
    >>The domain portion is needed so your password is unique at each domain.
    >>The other keys are whatever you want. If you don't like using your
    >>initials, even in some unusual order, then use the first 2 characters of
    >>your car model, or the last 3 characters of mom's firstname, or the 3rd
    >>to 5th characters of your middle name, or whatever you like. The idea
    >>is to create a template with a set of keys within it where the template
    >>remains the same no matter which domain you visit but one of its keys
    >>varies according to the domain that you visit. The idea is that you can
    >>remember the template because most of its keys are tidbits of personal
    >>information that you can always recall with just the domain key being
    >>variable. The template never changes, your personal keys never change,
    >>just the domain changes but you use the same rule to generate that key
    >>for every domain (like first or last 4 characters or domain, and whether
    >>or not spelled backwards).
    >>
    >>By using a template, my password is unique on every domain. I don't
    >>need to install any software (and I may be using a host where I cannot
    >>install software). I don't lose all my passwords because a data file
    >>got lost or the software suddenly fails to cease functioning. I'm not
    >>even having to remember the passwords themselves. When I visit a site,
    >>I know the unchanging keys in the template and simply fill in the part
    >>for the domain key in that template. The template lets me figure out
    >>what password to use on a particular domain. The template never
    >>changes, only 1 or 2 keys within it have variable values but those are
    >>dependent on the domain that I visit so you'll know their values when
    >>you visit the site.

    >
    > Interesting. Not to nit, but some sites (particular government sites)
    > require you to change your password every xx days. Also on occasion, I
    > NEED to change my pw. Not a major problem (well, maybe I did nit) :)
    > Steve


    There are sites, especially at work, that will remember the last 10
    passwords which you are not allowed to reuse. Often just adding a digit
    or two on the end is sufficient. You could, for example, add another
    key in your password that keeps track of count. So your template might
    look like "<domainrev>.<otherkey>.<2count>.<otherkey>" where <2count> is
    a 2-digit counter starting at "01". Or the template is "...<postfix>"
    where <postfix> is a character you add, like "a" to "z". Just increment
    to retry until you eventually hit the value to which you last changed
    the counter key.

    Many times I simply added an alphabetic character onto the end of one of
    the keys to give a new password. It all depends on the sites you visit
    as to how you construct your template. I had a different template for
    work login versus those from my home. I didn't anyone at work to catch
    my personal template and possibly use them for my personal-use sites.
    At work, their rules often required a much more complex requirement for
    changing your password (like more than N characters must change, not
    just one, and the first or last 2 characters had to be different). The
    domain wasn't included in my template for work because I was always
    logging onto the same one at work. Plus, at work, forgetting a password
    was easily fixed by calling the help desk and having them reset my
    password (since even they couldn't read it) and then I'd change it to
    something else (so they wouldn't know what it was). I had reasonable
    recourse at work to fix a forgotten password. Not always true or doable
    outside of work.

    With non-school and non-work sites, I have yet to see my password expire
    so using a fixed template for those sites has worked for decades. I'll
    lose my account due to extended non-activity but I don't lose my
    password while the account existed. With the school and work sites, I
    use a different template, anyway, since they often employ much more
    complex permutation requirements for a new password when the old one has
    expired (yet you're talking only about 1 or 2 domains to remember those
    passwords plus you have folks that can quickly reset it). With work
    passwords, your IT folks should've setup their policies that result in
    you having to use your password at least once per day so every day it
    will get reinforced into your brain cells as to what is your password.
    It is the sites that you don't frequent every day and may leave
    unvisited for weeks that you'll want to have something to remember the
    password there.
    VanguardLH, Jan 13, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AdminKen

    Wireless LAN with PEAP and Passwords Aironet 1200

    AdminKen, Mar 30, 2005, in forum: Wireless Networking
    Replies:
    3
    Views:
    7,585
    Jeffrey Chong
    Sep 4, 2006
  2. Michael King

    Change password with 802.1x WinXP and cached Passwords.

    Michael King, Apr 25, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    935
    Michael King
    Apr 25, 2005
  3. =?Utf-8?B?bWlrZQ==?=

    passwords

    =?Utf-8?B?bWlrZQ==?=, Oct 10, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    548
    Clark
    Oct 11, 2005
  4. Axl
    Replies:
    6
    Views:
    1,175
    gmccx
    Sep 29, 2003
  5. Christian Dornes

    Migrate Saved Passwords?

    Christian Dornes, Dec 3, 2003, in forum: Firefox
    Replies:
    3
    Views:
    1,899
    Christian Dornes
    Dec 4, 2003
Loading...

Share This Page