43 replies to this topic

[bjrn]

Well, I think it's mainly since I've been using the internet that I've gotten more and more passwords. In the beginning it was easy, and I could remember them all. But I was online more and I got more and more accounts and forgetting passwords or using the right password, but in the wrong place. So I started writing them down on a piece of paper. But then I realised that a paper wasn't very handy. So then I started using software to keep track of my passwords. I mainly started using software because I came across the website of the guy who made a free app to do it.

This was several years ago, the guy who made is was Bruce Schneier (a well known computer security and cryptology guy) and the app was Password Safe. Since then Bruce has stopped developing Password Safe and instead made it open source and given it to a development team who continue to work on it.


I still use Password Safe, but I would like to know how you keep track of your passwords. Do you keep it all in your head? Do you write it down on paper? Do you use software? Do you tell your mom and call her whenever you forget a password? Tell us your solution!

If you want to try out Password Safe you can get it from their project page.

[no9t9]

i use a program called passpack. It is a very simple program that is only like 15k. You can save all your stuff in there and you can search all the data. It doesn't offer a whole lot of "extra" features but it is supposed to be really secure because it uses a bunch of encryption techniques on the save file along with a 160bit key.

I'm not even gonna pretend I know anything about encryption, keys, ciphers, and all that crap. I just know that higher is better.

[dexter]

Your own head is most secure. I have a system for passwords depending on importance. If it is just something I don't care about, it has a very simple password, whereas if it's more important I have a more difficult password. And if it really needs to be secure, I have a single password for that place only.

It just keeps the number of passwords I need to remember down.

[alapidus]

i just use notepad. its not very hard! my system:

site (username if more than one): password

i don't need a special program to manage about 10-15 passwords... how many sites do you go on??? O_O

maybe i'm just used to using notepad for everything... i dunno. (my only problem with it is the lack of a good search tool, and no tabs like in firefox). its a pretty great program. simple, yet great! >_>

[bjrn]

alapidus, on Jan 23 2005, 04:14 AM, said:

i don't need a special program to manage about 10-15 passwords... how many sites do you go on??? O_O

Well, it's easy to get more than 10-15. Trap17 alone is two (cpanel & trap17 forums). And then I have my mail, and then other forums I use (forums often need registration to even read), several dev sites, like java.sun.com and so on and so on.


I forgot to mention that Password Safe also uses encryption to protect the passwords. It uses Blowfish, which is a free (and faster) alternative to DES.

[Becca]

I just use what comes with my compputer... It automatically saves all my passwords... for next start up.... fire fox saves your form information and passwords automatically I think. So that is pretty good.... I use to use some password thing but my cousin found out loads of my passwords and did very bad things.... lol

[no9t9]

my favorite is when people use internet browsers in public places and don't realize that there is a password save thing on. Half the computers at schools, library, etc. have people who just don't know or don't care that their password is saved.

the other thing that cracks me up is people who install MSN on public computers and have it save their password. I have fun telling off their friends..

[brandice]

I have always been a little scared of the programs that save your passwords. And I share my computer with four other people. So for most things, I just remember my passwords.

It's kind of hard when I have a million email addresses and I am signed up at three messages boards but I have a system. I only have about five passwords that I shift around from thing to thing. If I ever forget what goes where I only have to make a few tries.

[bjrn]

brandice, on Jan 23 2005, 05:34 PM, said:

I have always been a little scared of the programs that save your passwords. And I share my computer with four other people. So for most things, I just remember my passwords.

Well, that's a bit what you have a program for. Writing down on paper or in a plain text file are obviously both very insecure. But if you use a program (like Password Safe) you will have a password protected and encrypted file.

So unless you use a very simple password or passphrase for the program no one but you will get access to your passwords.

[Dazed]

bjrn, on Jan 22 2005, 06:01 PM, said:

Well, I think it's mainly since I've been using the internet that I've gotten more and more passwords. In the beginning it was easy, and I could remember them all. But I was online more and I got more and more accounts and forgetting passwords or using the right password, but in the wrong place. So I started writing them down on a piece of paper. But then I realised that a paper wasn't very handy. So then I started using software to keep track of my passwords. I mainly started using software because I came across the website of the guy who made a free app to do it.

This was several years ago, the guy who made is was Bruce Schneier (a well known computer security and cryptology guy) and the app was Password Safe. Since then Bruce has stopped developing Password Safe and instead made it open source and given it to a development team who continue to work on it.
I still use Password Safe, but I would like to know how you keep track of your passwords. Do you keep it all in your head? Do you write it down on paper? Do you use software? Do you tell your mom and call her whenever you forget a password? Tell us your solution!

If you want to try out Password Safe you can get it from their project page.

I onyl use two different passwords for everything i sign up for. So for me its pretty easy to remember the pws. I know its not too safe to have the same pw for eveything, but ehh it helps me remember.

[sirhenry]

I use randomly generated usually alpha-numeric passwords which I store on my Palm Pilot using KeyRing (which encrypts them with a master password).

My brother, who is much more into cryptography than I, has it create a new email password every time he logs in using a special process applied to the previous password. Then, he has his Palm Pilot do the same (so as to keep in sinc). That way, he can even log onto his email from public keyosks where they run keystroke loggers. (and believe me, they do.)

[UnheroicHero]

I either have Firefox remember my passwords or I save them to my computer. I don't keep the username in the file. It's either Unheroic Hero or UnheroicHero, depending on the board. Most of my paswords are random letter/numbers. I'm hoping to get rid of my insecure passwords soon. When I need a password, I use a password generator. I just tell it how long I want it and it generates a random assortment of letter/numbers.

[alapidus]

bjrn, on Jan 23 2005, 01:32 PM, said:

Well, that's a bit what you have a program for. Writing down on paper or in a plain text file are obviously both very insecure. But if you use a program (like Password Safe) you will have a password protected and encrypted file.

So unless you use a very simple password or passphrase for the program no one but you will get access to your passwords.

who says that people should be looking in your stuff? i just bury my text file hidden in my folder, give it a name with a warning or request or something (ex: passwords_PRIVATE), leave the sites' names and not the URLs and extra info so people can't go to the site without a little bit of research, and trust that nobody will look.

if you see that your little brother has tampered with your account... well, you decide what to do...

if you're really concerned about your password file's security... you should know what to do by now. PASSWORD PROTECT IT with an easy-to-remember, hard-to-guess phrase and remember it!

that should be enough protection.

one more thing, don't use universal passwords. if you don't know what that is, its when you use the same password for basically all of the site's you go to. if somebody figures out your password, consider yourself screwed!

good day!

[bjrn]

alapidus, on Jan 23 2005, 09:11 PM, said:

if you see that your little brother has tampered with your account... well, you decide what to do...

I'd be a little late by then, no? The other day I read about a guy who's ex-gf had got rid of all his cash and equipment on some online game he was on all the time. If something like that happens it's a bit late to say "well, now I can decide what to do".

And calling a plain text file you have anything containing the word "private" is just like marking a doomsday button with "do not press", you won't be able to count to ten before someone's pressed it.

And then you come to the conclusion that if you want to protect your passwords you can put a password on your passwordfile. Which is exactly like using a program like Password Safe or Passpack, except with a text file your file will be password protected, but not encrypted. And you won't have a password generator handy, or sorting options.

Basically, what I am saying is that I don't understand why you would use a textfile for storing passwords...

[Galahad]

Believe it or not, I actualy have about 4 passwords for all the things that require a password… I have a simple one for basic stuff, and they increase in complexity…

Ofcourse, combination of letters and numbers, number/letter substitution, just add complexness to the toughest one. Plus, noone knows all the elements in the complex one , so nobody can connect the stuff in the password with me ...

I guess it’s pretty safe system, and besides…. I can keep them all in my head, wich is the most secret place of all

[King-Squad]

why dont you use autofinish on your browser? I think browser use it but if yours dont i know avant browser does. I suggest downloading avant and using the autofinish feature and it is very secure. all of teh passwords that it uses are encrypted until you use them so its almost totally hackproof, but nothing is ever hack proof so its the most secure tha ti know of. good luck remembering them if you dont use this feature.

[alapidus]

King-Squad, on Jan 24 2005, 05:36 PM, said:

why dont you use autofinish on your browser?  I think browser use it but if yours dont i know avant browser does.  I suggest downloading avant and using the autofinish feature and it is very secure.  all of teh passwords that it uses are encrypted until you use them so its almost totally hackproof, but nothing is ever hack proof so its the most secure tha ti know of.  good luck remembering them if you dont use this feature. 

i think you're missing the point of this topic. if you don't want anyone to use your passwords and compromise your profile, then why are you saving them for use by anyone, anytime?

if you go to a website, and its in your browser's cache (my parents always look in the cookies folder), and you save that password onto your browser, who's stopping everyone else from going to that site and logging on and invading your privacy??? (nobody, that's right!)

another problem with saved passwords is that there exists special software that can de-hash those hashed passwords! if somebody is really dedicated, they'll find a way.

personal story: i haven't been acting really good in school lately. i usually don't do my homework. so my parents eventually took away the internet password (god, i HATE manual internet login)! yet being the geek i am, i found a way to get online without knowing the password. it only took me a few minutes!

now that was without knowing the password at all. now, who is going to stop someone from getting on when the password is given to him or her?

[alapidus]

bjrn, on Jan 24 2005, 07:14 AM, said:

I'd be a little late by then, no? The other day I read about a guy who's ex-gf had got rid of all his cash and equipment on some online game he was on all the time. If something like that happens it's a bit late to say "well, now I can decide what to do".

did he sue...??? did he do anything about it? obviously not.... so then he has no right to complain!

Quote

And calling a plain text file you have anything containing the word "private" is just like marking a doomsday button with "do not press", you won't be able to count to ten before someone's pressed it.

i didn't say to leave it on the desktop. plus, what's the problem if its password-protected???

you know what, actually, i take it back. i'm wrong. not because of internal security, but because password files are exactly the kind of thing that spyware looks for. nevermind, my bad. don't put password in the name...

Quote

And then you come to the conclusion that if you want to protect your passwords you can put a password on your passwordfile. Which is exactly like using a program like Password Safe or Passpack, except with a text file your file will be password protected, but not encrypted. And you won't have a password generator handy, or sorting options.

Basically, what I am saying is that I don't understand why you would use a textfile for storing passwords...

i don't see why you would have to wait for a password management program to load when you can have a half-a-kb simple text file load in a split-second...

[yomi]

This tools are all too complex to use.
Think about it: when you would input password , you must found it from another software.
I simply leveled my password, some unimportant site use the same password, and important use another one, very importane use the third.

It works fine.

[no9t9]

alapidus, on Jan 24 2005, 07:16 PM, said:

i don't see why you would have to wait for a password management program to load when you can have a half-a-kb simple text file load in a split-second...

The program I use is passpack as stated before. It is very simple and is only 15kb. It actually loads just as fast as notepad if not faster. I don't see why I would leave passwords lying around for people to find. Saving passwords in notepad is possibly the worst thing to do. Anyone who hacks your computer can then easily get access to everything. With an encrypted file, they can't do anything with it.

[dontmaimyourself]

I know that your told not to, but the way I find the easiest to remember all my password is to use the same one for everything , I know this is un-secure but i have a siv like memory, and i cant be bothered to remember so i take the easy option.

[Kaleigh xx]

I don't use that many passwords..I think I only have 2 that I really use ?

[finaldesign]

Becca, on Jan 23 2005, 01:44 PM, said:

I just use what comes with my compputer... It automatically saves all my passwords... for next start up.... fire fox saves your form information and passwords automatically I think. So that is pretty good.... I use to use some password thing but my cousin found out loads of my passwords and did very bad things.... lol

Becca that is not a happiest solution. If someone hack in your computer, or if you get a worm from somewhere, all your passwords will probably be captured and reported to someone, and That includes websites passwords, like: pwd from trap17, paypal, cpanel...etc... The best and the safest solution will be to keep it all in your head. Anywas some other solution will be to get yourself PGP (pretty good privacy) it's not hard to find it just little gooogleing... and encrypt your data files (*.txt) or any other document where you write your passwords, with it. It's a secure, and safe, oh another thing, if someone still get his hands on that encrypted file you are still in good position because cracking an pgp encrypted file should take (on average P4 comp) about 2-3 years. So, you got enough time to change passwords annualy.

[krap]

yeah i used to use a universal password for everything. now i only use a universal one for sites that i couldnt care less if somebody knew the password

[bjrn]

alapidus, on Jan 25 2005, 12:16 AM, said:

i don't see why you would have to wait for a password management program to load when you can have a half-a-kb simple text file load in a split-second...

Well, I can just click on a shortcut, enter my passphrase and have all my passwords, easily sortable and gettable. The program might load a fraction slower than notepad. With your solution I'd have to trawl through who knows how many nested directories in which the password textfile is "hidden". I wonder which method would get me my password the quickest.