• Welcome to DOSBODS

     

    DOSBODS is free of any advertising.

    Ads are annoying, and - increasingly - advertising companies limit free speech online. DOSBODS Forums are completely free to use. Please create a free account to be able to access all the features of the DOSBODS community. It only takes 20 seconds!

     

Wight Flight

Password Management

Recommended Posts

Getting sick of trying to remember all my passwords - and chrome lost a load of them last week so it is a right PITA.

Time to invest in decent password management software - any recommendations?

 

 

Share this post


Link to post
Share on other sites

For a Windows machine:

https://keepass.info/

Also essential to make sure your backups of that machine are working.

Note this is a stand-alone piece of software and it's not integrated with anything. So you'd still be relying on the browser to remember passwords on your mobile, for instance.

I don't think I'd want a piece of kit on a mobile with a record of all my passwords.

 

Share this post


Link to post
Share on other sites

I think Lastpass was the leader when I looked, then that was compromised to some extent IIRC.

Conclusion I've come to is to have exclusive password for each site, picked by their system or some other generator and just go with the flow, allow saving of passwords and then if anything happens for that to be lost just do a rest via email. If you have multiple devices you have the whole issue of how your password software syncs over multiple devices for example. Don;t really like systems keeping the password either really, security risk if machine is physically compromised/lost/stolen. 

Share this post


Link to post
Share on other sites
Just now, onlyme said:

I think Lastpass was the leader when I looked, then that was compromised to some extent IIRC.

Conclusion I've come to is to have exclusive password for each site, picked by their system or some other generator and just go with the flow, allow saving of passwords and then if anything happens for that to be lost just do a rest via email. If you have multiple devices you have the whole issue of how your password software syncs over multiple devices for example. Don;t really like systems keeping the password either really, security risk if machine is physically compromised/lost/stolen. 

KeePass uses encryption to store the passwords, but it's not a "one way hash" which means, in English, it is the type of encryption that is more easily decrypted given enough time should someone steal the database file. But it's pretty good.

You can have it generate passwords for you. As you say, different password for every site, randomised and not based on anything personal (not: date of birth, daughter's name, car make, rock group..)

Any online password storage service is a magnet for attackers and your security is only as strong as theirs. KeePass is a Windows desktop app albeit there are versions for other operating systems but I haven't tried them.

Share this post


Link to post
Share on other sites

I think modern technology has finally got the better of me. An estate agent site asked for a password with 8 characters, at least one capital one digit and one special character. I suspect.I shall have to reregister whenever I want to use it.

Share this post


Link to post
Share on other sites
24 minutes ago, steppensheep said:

I think modern technology has finally got the better of me. An estate agent site asked for a password with 8 characters, at least one capital one digit and one special character. I suspect.I shall have to reregister whenever I want to use it.

Bol!ocks

B4stard$

Share this post


Link to post
Share on other sites
1 minute ago, Mirror Mirror said:

How about Apple’s Keychain which generates passwords, stores them and distributes then to your devices via the iCloud? Is that safe?

I don't know the answer to that, however bear in mind that in at least one version of iOS you could skip the lock screen altogether simply by asking Siri to show your photos. Once into that, you could access anything.

And on one version of their desktop OS you could log in as the Administrator by leaving the password blank.

Apple's buggy software caused by the lack of testing would concern me. But then Android is scrappy in many ways, too. There's such a rush for "updates" that testing is inadequate, I suppose the motto is "protect yourself".

Share this post


Link to post
Share on other sites
45 minutes ago, steppensheep said:

I think modern technology has finally got the better of me. An estate agent site asked for a password with 8 characters, at least one capital one digit and one special character. I suspect.I shall have to reregister whenever I want to use it.

Use a phrase, rather than a password. I got my son to use one from the days he loved Dr. Who. "I love dr. who", with some digits and caps thrown in, a great password and so simple even a 6 year old could remember it.

Share this post


Link to post
Share on other sites
1 hour ago, onlyme said:

I think Lastpass was the leader when I looked, then that was compromised to some extent IIRC.

Conclusion I've come to is to have exclusive password for each site, picked by their system or some other generator and just go with the flow, allow saving of passwords and then if anything happens for that to be lost just do a rest via email. If you have multiple devices you have the whole issue of how your password software syncs over multiple devices for example. Don;t really like systems keeping the password either really, security risk if machine is physically compromised/lost/stolen.  

We use Lastpass here, it's a work thing with loads of different passwords for servers etc. I've started to use it for low level personal stuff. Wouldn't use it for banking or anything important but it's been really good and means I can now realistically use different passwords for different things which I didn't really do previously (had various levels of security but for rank and file use the same couple).

Lastpass has 2 factor authentication but I found that a total pain and often wouldn't work and so no access to passwords I had no actual knowledge of.

But on the second part what I do, I've got a scheme and specific part, so for example.

scheme is - 73zxCoff$

Unique part based on website for example so...

DOS_73zxCoff$ - Dosbods

BBC_73zxCoff$ - BBC

and so on. Some times it requires a bit of guess work but I can normally work out what I did logically in the first place to come up with the required password.

 

Share this post


Link to post
Share on other sites

Thanks wight_flight and roger_mellie. Good suggestions.

 

It's not just the passwords actually. Trying to use my mail or YouTube seems to be a pain in the ass these days. They seem to have added a lot a features which haven't really improved functionality but just make doing the basics harder.

 

Apart from my age, part of the problem is I've gone a bit "off grid" the last few years, and just don't have the habit of organising my whole life through my phone. I used to like being able to do useful stuff online, but now it seems like dabbling is impossible, you are obliged to fully commit to the new paradigm.

Share this post


Link to post
Share on other sites
55 minutes ago, gilf said:

We use Lastpass here, it's a work thing with loads of different passwords for servers etc. I've started to use it for low level personal stuff. Wouldn't use it for banking or anything important but it's been really good and means I can now realistically use different passwords for different things which I didn't really do previously (had various levels of security but for rank and file use the same couple).

Lastpass has 2 factor authentication but I found that a total pain and often wouldn't work and so no access to passwords I had no actual knowledge of.

But on the second part what I do, I've got a scheme and specific part, so for example.

scheme is - 73zxCoff$

Unique part based on website for example so...

DOS_73zxCoff$ - Dosbods

BBC_73zxCoff$ - BBC

and so on. Some times it requires a bit of guess work but I can normally work out what I did logically in the first place to come up with the required password.

 

Had something similar that roughly followed scheme with 26 memorable words - first letter of website relates to first letter of password, then a smattering of easily remembered substitutions - % for P for example, another cap in fixed position for example. Would be reasonably secure, only problem is those few sites that insist on password changes on a regular basis and / or disallow use of a previously used one and also memorable words that have to increasingly get longer as sites become more strict with password length. Plus side - no software required, no caching, no written code book. 

Share this post


Link to post
Share on other sites
7 minutes ago, Happy Renting said:

My first rule of password generating and storage methods is don't tell anyone about my password generating and storage methods.

Which of course is absolutely correct. :D

 

Share this post


Link to post
Share on other sites

I just keep a file in the cloud with all my passwords listed but in a way that would be very difficult or impossible for anyone else to understand, eg things like 'Bank PIN number = Auntie Flo's old house number plus the year I graduated', 'My grandfather's dog's name plus the year he died' etc.

Share this post


Link to post
Share on other sites
58 minutes ago, Austin Allegro said:

I just keep a file in the cloud with all my passwords listed but in a way that would be very difficult or impossible for anyone else to understand, eg things like 'Bank PIN number = Auntie Flo's old house number plus the year I graduated', 'My grandfather's dog's name plus the year he died' etc.

The "half-way house" option might be: use KeePass on a Windows desktop - that's the master. It stores passwords in a file, all encrypted.

Name your password file bolognese (.kdbx) or similar. Something random, anyway.

In OneDrive, or whatever, create a sub-folder somewhere called 'recipes' (but not "passwords").

Have KeePass store the file in there.

And install the software on your other devices too - both OneDrive and KeePass.

Optional variants might be: use a separate OneDrive account (in case someone targets you specifically) for the KeePass file. Just as long as the password file isn't the only file.

Basically what you're doing except that the file is also encrypted.

By the way, since I'm in IT, I didn't actually say any of the above, if anyone asks.

Share this post


Link to post
Share on other sites

Used to be a big fan of 1Password, till they changed there business model. So have switched to Bitwarden; cross platform, app for phones, club integration etc

Share this post


Link to post
Share on other sites

The point of passwords is that the person can remember it , but it would be next to impossible to guess. If you can't remember your password,

this has eluded you. Don't tell him Pike!

Share this post


Link to post
Share on other sites
1 minute ago, MrPin said:

The point of passwords is that the person can remember it , but it would be next to impossible to guess. If you can't remember your password,

this has eluded you. Don't tell him Pike!

That's easy if you have one password.

I have upwards of 100. Impossible to remember which passwords belong to which sites.

I have been slowly changing all my logins though - so instead of wight@mycompany.com, I use for example tesco@mycompany.com

Theoretically, I can then use one password for all the low level sites that I need to use but with a unique email. Not brilliant but it does mean that if one is hacked, all the others should still remain secure.

It also tells me where the spam is coming from.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.