Password Nightmares

[Bill N]

Basically I keep all mine  in an address book but I do let Chrome remember the ones that will cause no harm if hacked - like RV Forum.....lol
But one problem I don't see mentioned here for folks who use the thumb drives - many of my sites required frequent password changes - banks, government sites, medical sites, etc.  These always seem to be sites that I don't frequent too often and when I do I find it is password change time.  So you would be needing to change the thumb drive with every site change too.  Other than one or two sites I really don't have any that would endanger me if those passwords were compromised.  Like many others, my bank notifies me immediately if an unusual large transaction is made to my account.  I have now become accustomed to notifying them in advance. Today I buy a new portable oxygen concentrator so I will notify them before they get excited.  I do appreciate that service.

Bill

 

[John From Detroit]

Last Pass is the one I use...  Wrks with FF, Chrome. MSIE, and I think Edge, and likely more. WOrks on Win-10, Win-XP, Chromebook, Android and I don't know what else. Likely linux  Once I log into Last Pass I have my entire bokmarks file, in a searchable database, and I have all the passwords.. Highly encrypted.

 

[Bill N]

Last Pass is the one I use...  Wrks with FF, Chrome. MSIE, and I think Edge, and likely more. WOrks on Win-10, Win-XP, Chromebook, Android and I don't know what else. Likely linux  Once I log into Last Pass I have my entire bokmarks file, in a searchable database, and I have all the passwords.. Highly encrypted.

Crazy question John.  If you have to log into a web site to save your passwords, would not that web master have all your information and that of a lot of other folks?  In other words could his system be hacked like every big business seems to be getting hacked these days?

Bill

 

[Oldgator73]

Crazy question John.  If you have to log into a web site to save your passwords, would not that web master have all your information and that of a lot of other folks?  In other words could his system be hacked like every big business seems to be getting hacked these days?

Bill

When your vital information is stolen, is it being done by hacking passwords? Aren't bank accounts and SSAN's stolen by means other than obtaining PW's? Bill and others that were in the military might remember when we paid by check at the commissary and BX, PX and NEX, we had to have our name, full address, phone number and SSAN printed on the front of the check. Just sitting out there for everyone to see. I keep my PW's on a sheet of paper in the top drawer of a desk in the living room. I retired from the DoD in 2015. We had to have PW's for everything. The government went to CAC, access cards, that replaced the military ID. CAC's are used for everything; base access, computer access, etc. SSAN's used to be printed on military ID,s but no more. Neither AD CAC's nor retired ID's include the SSAN. I would like to have the same PW for everything but it seems the PW requirements vary between those that require PW's to access.

 

[Old_Crow]

I would like to have the same PW for everything but it seems the PW requirements vary between those that require PW's to access.

Find the site you use with the most robust password.  ie, number, symbol, uppercase letter, lowercase letter.  Make up a password that satisfies that and then change all your less robust passwords to match.  I'm in the middle of that right now.  It make take time, but it can be done.
I have one password for financial and business sites and a different one for recreational sites like forums and facebook.

 

[Back2PA]

Find the site you use with the most robust password.  ie, number, symbol, uppercase letter, lowercase letter.  Make up a password that satisfies that and then change all your less robust passwords to match.  I'm in the middle of that right now.  It make take time, but it can be done.
I have one password for financial and business sites and a different one for recreational sites like forums and facebook.

This is essentially what I did several years ago. I have a basic "core" section of a master password that satisfies the requirements of virtually every site. The "core" is made up of a couple of notable dates using letters and numbers, including a couple of capitals plus a symbol. I then add a letter or two to the end, unique to each site (e.g., the RV Forum might have "RVF" appended to the end). In this way I have a unique password for every single site, very strong, and yet easy to remember. I do have a Word document with a list, but that list is just a set of URLs with reminders that would be gibberish to anyone except me. I can then log in to almost every site without referring to my list, with the very occasional site that didn't, for example, allow the symbol I chose.

 

[FunSteak]

I've been using Passwords Plus from Dataviz for a number of years, and I really like it.  Encrypted cloud database with a single master password, syncs across devices (you must purchase it for each one) and has really made things easy.  I'm not a fan of using the same passwords for multiple things, and a tool like this makes it a snap to manage.  Plus, I always have my data, no matter if it's laptop, desktop or mobile device.

282 records and growing regularly.

 

[Krow]

I use aWallet Password Manger on my phone and tablet (syncs).  A master password gets me in (or on my phone I can choose to unlock it with my fingerprint).  I have hundreds of passwords as well as software licence numbers, etc. 

However, even though the data is encrypted, I DON'T ENTER THE ACTUAL PASSWORD.  Instead I use a word or phrase that will remind me of what the password actually is.  For example I might write "Oldest aunt wedding" which might be "Gertrude670101".  Or I might enter a date or place where the real password is what the date/place means to me.  That wouldn't be anything obvious like a birthday or wedding but might be the date or city where a memorable event occurred.  I.E. an entry like "Manchester" might mean the actual password is "EricClapton" (I wish!) where attending a concert there would be the only thing that the city of Manchester would bring to mind.  Lots of tricks.

I'm far from rich.  I try to use reasonable security measures but feel nobody is going to spend hours trying to get into my data when there are much more lucrative targets out there.

 

[Debra17]

Currently I keep an excel file that is password protected. The file is backed up to Spider Oak online storage. I am able to access it from my iPhone or iPad as well as laptop. Spider oak and is supposedly on of the most secure cloud services.

For years I had been used Firefox browser and yahoo email. Not long after the big yahoo email breach, Spider Oak sent an email advising to stop using yahoo. This was the first such email they had sent in the 2 years or so I have had their service. They also recommended no longer using Firefox. The reason given is that neither of these companies have the funds to keep up to date with security. They recommended changing to Chrome and google mail as google is the largest and invests the most in maintaining security. Their email stated they were making the recommendations inspite of the other privacy concerns with google. As much as I disliked the idea of using these google apps, I decided to make the change.

I have thought about using a password manager, but I?m also concerned about how secure they are and whether the data could be hacked.

 

[Seon]

Geez, I just changed password on one forum last month and wrote it down. Just this morning I tried logging on and it says it doesn't recognize my name.... ???

 

[8Muddypaws]

One of the reasons I don't use these apps:  http://www.zdnet.com/article/password-manager-maker-keeper-hit-by-another-security-snafu/

 

[BinaryBob]

I agree with PZ. While I understand Lastpass is quite popular, any password manager that resides in the bowels of your browser as an add-on, stored in the cloud, or is "free" are red flags to me.
I use RoboForm ToGo which is a USB only manager. The entire encrypted program is on a thumb drive.

 

[Irover]

Geez, I just changed password on one forum last month and wrote it down. Just this morning I tried logging on and it says it doesn't recognize my name.... ???

Try your old PW again!

 

[Bill N]

As previously stated, I only use a address book kept in pencil for almost all passwords.  I have allowed Chrome to remember a large number of those which would have no effect on my ID or banking if compromised (such as RV Forum).  My logic is that instead of some online Password Manager which is exposed to anybody with a computer, my well hidden book would require a single house burglar to find it and then decide what to do with it.  Banking passwords are kept in memory only.  JMHO.

Bill

 

[John From Detroit]

True story: Some years ago I used a system that is now history (No not Compuserve but another)
The main System operator. THE system administrator, was in Washington DC. and they had a node there since this was a government owned computer... An assistant was monitoring when he saw the Admin log in from one of the small city nodes on the east side of Detroit.  Since it is a multi step log in the assistant suspended the account in real time.

The Admin's password was written down somewhere....  I trust an encrypted file better than paper unless you do it like I do..

I have a file that is plain text. except the Text is stuff like "Jack's House".

Now. I guarantee you do not know the proper Jack. (no it's not jack who is married to Lotta)

But to me, it is a significant clue.. Kind of a book code, only the "Book" is my Brain.