Safe way to list passwords on a computer

Discussion in 'Computer Security' started by Edw. Peach, Dec 30, 2005.

  1. Edw. Peach

    Edw. Peach Guest

    Is there a relatively safe way to store a list of passwords and
    sign-up info on a computer? I have no reason to think that anybody
    would be interested in me or what I do, and from all the tests I've
    run, at places like GRC.COM, my firewall is doing a swell job of
    keeping me in stealth mode. Computers are great tools for organizing
    and that's the temptation: I want to organize my scads of user names
    and passwords to gain entry to various groups and email accounts.

    I'm not interested in buying a new program, and already have the
    typical office programs like various word processing programs, Excel,
    and Access.

    Maybe encrypting some files would do the trick? I've never done that.

    If you have some suggestions, please postum. As I said, my stuff
    isn't important to anybody really (except someone who just wants to
    mess with me because they can) and I have no reason to think that my
    computer security has been violated.
     
    Edw. Peach, Dec 30, 2005
    #1
    1. Advertising

  2. Edw. Peach

    Guest

    Edw. Peach <> wrote:
    > Is there a relatively safe way to store a list of passwords and
    > sign-up info on a computer?


    > I'm not interested in buying a new program, and already have the
    > typical office programs like various word processing programs, Excel,
    > and Access.
    >
    > Maybe encrypting some files would do the trick? I've never done that.


    For stuff that isn't too sensitive, I have a file that I encrypted with
    GnuPG on my disk. It works just fine, as I tend to remember the
    passphrases for accounts I use often enough to get worried about the
    bother of GnuPG.

    Joachim
     
    , Dec 30, 2005
    #2
    1. Advertising

  3. Edw. Peach

    nemo_outis Guest

    Edw. Peach <> wrote in
    news::

    > Is there a relatively safe way to store a list of passwords and
    > sign-up info on a computer? I have no reason to think that anybody
    > would be interested in me or what I do, and from all the tests I've
    > run, at places like GRC.COM, my firewall is doing a swell job of
    > keeping me in stealth mode. Computers are great tools for organizing
    > and that's the temptation: I want to organize my scads of user names
    > and passwords to gain entry to various groups and email accounts.
    >
    > I'm not interested in buying a new program, and already have the
    > typical office programs like various word processing programs, Excel,
    > and Access.
    >
    > Maybe encrypting some files would do the trick? I've never done that.
    >
    > If you have some suggestions, please postum. As I said, my stuff
    > isn't important to anybody really (except someone who just wants to
    > mess with me because they can) and I have no reason to think that my
    > computer security has been violated.




    There's a large number of "password holder" programs out there which will
    store your other names & passwords under a single master password. They
    vary widely in extra features (e.g., whether you have to cut and paste or
    the program does it for you automatically).

    The grand-daddy of them all (although I don't know how it stacks up in the
    features department) is Password Safe, written "under the supervision of"
    Bruce Schneier (he's done a code review, I guess). It's free too!

    http://www.schneier.com/passsafe.html

    Regards,
     
    nemo_outis, Dec 30, 2005
    #3
  4. Edw. Peach

    TwistyCreek Guest

    Edw.Peach wrote:

    > Is there a relatively safe way to store a list of passwords and sign-up
    > info on a computer? I have no reason to think that anybody would be
    > interested in me or what I do, and from all the tests I've run, at places
    > like GRC.COM, my firewall is doing a swell job of keeping me in stealth


    First I have to deal with a bit of a pet peeve. Sorry.

    Dropping packets (stealth) might look appealing at first glance. What's
    not to like about being "invisible", right? The problem is you're not
    invisible at all, and in some cases you might be even MORE visible than
    someone who replies according to RFC standards. By dropping packets you
    can actually stick out.

    For example, an attacker might spray echo requests across a block of IP
    addresses and ignore "host unreachable" replies because they are the
    standard response to pinging IP addresses that simply don't exist. But any
    echo requests that seem to fall off the end of the Internet are a good
    sign someone is using "stealth". Bingo! Start hammering on ports at this
    "invisible" address and sooner or later something might give. :(

    There's other similar disadvantages to so called "stealth", but enough of
    that.

    > mode. Computers are great tools for organizing and that's the temptation:
    > I want to organize my scads of user names and passwords to gain entry to
    > various groups and email accounts.
    >
    > I'm not interested in buying a new program, and already have the typical
    > office programs like various word processing programs, Excel, and Access.
    >
    > Maybe encrypting some files would do the trick? I've never done that.


    The two current de facto standards for file encryption are PGP and GnuPG.
    They're very similar versions of the same basic principals. They even
    "talk to each other". Files and messages encrypted with one can generally
    be decrypted with the other and visa versa.

    PGP is probably your better bet for novice users on Windows platforms.
    It's notably less "geeky", and a wide user base means easy access to
    problem solving information. GnuPG undergoes more scrutiny from the open
    source community, and is arguably more trusted because of this "openness".

    PGP is also open source, but laying hands on that source code is a bit
    harder and most versions include a pretty GUI that bloats the code
    considerably. It also comes in both free and paid versions, which may or
    may not include features you want or don't want. GnuPG is command line
    only, but a number of good "front ends" exist that make it more than
    usable. It's also completely free in its full version. Here's a couple
    starting points...

    PGP http://www.pgpi.org/products/pgp/versions/freeware/

    GnuPG http://www.gnupg.org

    And another outstanding resource...

    http://www.mccune.cc/PGP.htm

    That should cover "standard" file encryption throughly enough, and to be
    honest either one will give you what you want and more, including the
    ability to send secured email, digitally sign files and messages, and
    verify signatures on others' messages.

    If you don't give a hoot about that stuff and you're a Windows user, you
    might want to consider a free "password manager" that keeps your account
    information stored in a password protected, encrypted file. Much like
    using the two suggestions above, but with a fancy, "dedicated" user
    interface.

    They can also offer some advantages like one-button copy to clipboard for
    login and passwords, clickable links to your accounts, and automagical
    clipboard clearing when the program is terminated or minimized. The only
    two I have any personal experience with are Password Safe, and PINs.

    Password Safe is the brainchild of none other than encryption guru Bruce
    Schneier. This carries lot of trust value with most people, including
    myself.

    http://www.schneier.com/passsafe.html

    PINs is also open source freeware, and a little more "pretty" if memory
    serves.

    http://www.mirekw.com/winfreeware/pins.html

    In my opinion either one of these it *probably* the quickest and easiest
    solution to your problem, but going with PGP or GnuPG, while a bit more of
    a broad and "complex" solution, would be more ideal in the sense that if
    you did decide you needed or wanted more or different types of security
    they're right there at your fingertips. The trade off is the learning
    curve. You'll have to deal with new concepts, while the two "password
    managers" are going to be relatively intuitive.

    Just my $.02.
     
    TwistyCreek, Dec 30, 2005
    #4
  5. Edw. Peach

    Edw. Peach Guest

    Thanks for the responses.

    Okay, I'm not safe online. Nobody is. I just don't do anything or
    have anything that someone would desire, other than use of my computer
    resources if used in a DOS attack or something along those lines.

    I'll have to investigate these options and see what might be best for
    me.

    The only bad thing I can see is if someone does compromise my security
    and finds encrypted files, they might think there's something
    worthwhile there. LOL.
     
    Edw. Peach, Dec 30, 2005
    #5
  6. Edw. Peach

    blackhat Guest

    Some of these programs hold both your password and the url it goes
    with. Combined with disc encryption, it's pretty secure and gives you
    the type of organization you want.

    Regards.
     
    blackhat, Dec 31, 2005
    #6
  7. blackhat wrote:

    > Some of these programs hold both your password and the url it goes with.


    Not some, all. A password manager without a way to record which account
    the login and password belong to would be absolutely useless.

    > Combined with disc encryption, it's pretty secure and gives you the type
    > of organization you want.


    All the password managers mentioned here use strong encryption, so they're
    "pretty safe" all by themselves.

    I know you get beat up a lot and you're just trying to fit in, so here's a
    little friendly advice. You should be the one asking the questions, not
    answering them. You'd be a lot more likable if you were trying to honestly
    attain some level of competence rather than trying to lay false claim to
    one.

    Hope this helps.
     
    George Orwell, Jan 1, 2006
    #7
  8. Edw. Peach

    Winged Guest

    Edw. Peach wrote:
    > Is there a relatively safe way to store a list of passwords and
    > sign-up info on a computer? I have no reason to think that anybody
    > would be interested in me or what I do, and from all the tests I've
    > run, at places like GRC.COM, my firewall is doing a swell job of
    > keeping me in stealth mode. Computers are great tools for organizing
    > and that's the temptation: I want to organize my scads of user names
    > and passwords to gain entry to various groups and email accounts.
    >
    > I'm not interested in buying a new program, and already have the
    > typical office programs like various word processing programs, Excel,
    > and Access.
    >
    > Maybe encrypting some files would do the trick? I've never done that.
    >
    > If you have some suggestions, please postum. As I said, my stuff
    > isn't important to anybody really (except someone who just wants to
    > mess with me because they can) and I have no reason to think that my
    > computer security has been violated.

    There is a open source package called password safe that uses MD5
    encryption for passwords, has a random password generator that can be
    set to various parameters. Double click stored sitename to paste
    password into memory, then paste in site. It does require the password
    safe password on access (only once till closed). I have used the older
    1.7 version and it has been stable. I have never upgraded since it met
    my meager requirements. Simple tool to use.

    http://passwordsafe.sourceforge.net/

    Winged
     
    Winged, Jan 5, 2006
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Neil
    Replies:
    174
    Views:
    3,417
    Briscobar
    Apr 17, 2006
  2. English Patient
    Replies:
    3
    Views:
    2,055
    Old Gringo
    Oct 4, 2004
  3. Soapy
    Replies:
    1
    Views:
    746
    The Magnificent Bastard
    Aug 16, 2004
  4. John John

    AMD Opteron: 1-way, 2-way, ... Up to 8-way.

    John John, Dec 24, 2005, in forum: Windows 64bit
    Replies:
    12
    Views:
    863
    Tony Sperling
    Dec 27, 2005
  5. Peter victor

    How to make your passwords safe

    Peter victor, Apr 26, 2010, in forum: Computer Security
    Replies:
    4
    Views:
    1,434
    Williams
    Jan 10, 2011
Loading...

Share This Page