where to store your passwords & logins

Remus

Antihero
Joined
October 19, 2006
Messages
1,028
Location
Malaysia
Don't you ever get annoyed for the need to remembering and managing all those logins and passwords or other sensitive data ?

1) write them down on a piece of paper and put them somewhere not easily discoverable or reachable? nope, i don't think so that's the safest way.

But it could be quite safe if you implemented a second line of defend in case someone found it. E.g you wrote down random numbers mixed with alphabet or symbol. And to get useful information or password contained in those random words and numbers only if you know the proper ways (the only one know how) to read them (e.g , look for password in the second last line but read it backward and ignore the number zero).

I use the technique for years and still occasional use them for certain types of passwords. the problem is what happen when you crammed multiples sensitive data into those random words, numbers or symbol. You would forget how to read them later. Even when you learnt a secret language just for the purpose, after some time especially when not often used, you ability will deteriorated as in case of the second or third languages you learned.

2) Put them into security software like Password Safe? Nah, what happens if your computer get hijacked, corrupted by virus or experiencing hardware failures? Your sensitive data may be lost forever.

3) Put them on internet or online, places like Microsoft Workspace, on an email and then save them as draft (but remember don't ever accidentally send them to everyone on your address book ), or free online storage places?. I don't think those storage servers are full proofed, but probably it's good compromise between convenient and security,Plus you could retrieve them from anywhere and anytime, no?
 
Joined
Oct 19, 2006
Messages
1,028
Location
Malaysia
I believe 1 is the best thing, so far. Everything else can be broken in, when it is connected to the net.
 
Joined
Nov 5, 2006
Messages
21,908
Location
Old Europe
I just keep them on a master text file, in a passworded zip file. If i really need one, i just enter my one master password and extract it.

Not really super-secure, but in a way I dont sweat it that much. The worst someone could do is like, post on a message board in my name or read my emails. I guess they could buy some stuff on amazon or whatever, but I'd get notification theoretically once someone bought something or entered a new shipping address.
 
Joined
Oct 18, 2006
Messages
5,228
Location
San Diego, Ca
Zak's got the right idea. Mnemonics work very well. Invent a way to create passwords, remember the way, and you'll never forget a password. And you can make them extremely strong.

For example:

(1) Invent a "root" for your password that only you remember, which contains at least one special character (like !, *, ', #, or whatever).

We'll pick !er -- pronounced "banger" (! is pronounced "bang;" phonetics for other punctuation works great too -- * is splat, ' is tick, # is hash, - is dash, and so on; if you want the whole set, see the famous nerd poem Waka waka bang splat.)

(2) Take the first three letters of whatever it is you're inventing a password for, and capitalize them (or, alternatively, capitalize the "root" you just invented). Say it's RPGWatch, it'll be "RPG." Tack this to either the beginning or the end of your root. We'll tack it in the beginning, which gives us !erRPG.

(3) Take your birthday, or someone else's birthday that you'll always remember, and tack it at the beginning and/or the end of the password or between the root and the suffix. Let's use my birthday and tack it at the beginning and the middle. This would give the password 28!er04RPG -- unique for RPGWatch and entirely uncrackable via the usual dictionary attacks, or even by knowing anything much about me.

And as long as you use the same system for all your passwords, you'll never forget them.
 
Joined
Oct 19, 2006
Messages
8,540
That's basically my system--though I have a little memo book where the most sensitive pw's are written down, or ones for sites that won't conform to my general rules(f'rinstance, one government site we have to use requires a password with only seven characters, only numeric--dumb)and that therefore i have trouble remembering.

The only thing I worry about is that I don't randomize individually as Prime J. described above--I use the same 2 or 3 pw's for all my sites. They are jumbled up, they are multicharacter, etc--I just don't originate a new one for every occasion. Hopefully that's not a big deal.
 
Joined
Oct 18, 2006
Messages
7,834
I use an addon for firefox called Sxipper easy to use and very handy.
But mostly I have 2 or 3 combinations which I use for almost everything.
 
Joined
Aug 17, 2008
Messages
1,718
Location
Dear Green Place
Great tips there PJ;

gonna change my passwords soon.

Question: I didn't even know special characters is usable for password and only some websites for user name. How widely are websites including financial institution website accepting the special characters in password?
 
Last edited:
Joined
Oct 19, 2006
Messages
1,028
Location
Malaysia
I haven't done a survey or anything, but most do accept special characters. Some require numeric-only, and a few alphanumeric-only. Adding the special characters gives an additional layer of protection, but it's not really essential or anything.

With numeric passwords and PIN codes, I use a mnemonic I learned when practicing card tricks back in the day: each digit corresponds to a consonant, and then you can fill in vowels to make words. That way you can memorize just about any sequence of numbers very easily, simply by remembering a word, a few words, or a phrase. Here's the key:

1 - L (looks like l)
2 - N (because N has two vertical bars, like II)
3 - m (rotate 3 counterclockwise and you get m)
4 - r ('cuz fouR ends in R)
5 - v or f (because it has both in it)
6 - b or p (because it looks like it)
7 - T (because it looks like it)
8 - ch or sh (because eight sounds like aitch)
9 - g or k (because it looks like it)
0 - z or s (starts with z)

Long consonants (ss, tt, etc.) only count for one digit; if you have a repeated digit, insert a vowel between them.

So, for example, 678160 could be "patchouli buzz," a nice hippie image that's easy to remember. (As usual, naughty phrases are even easier to remember.)
 
Joined
Oct 19, 2006
Messages
8,540
I looked into KeePass, an open source application of managing logon, your e-mail account, and password. The program is using strong AES encryption to protects its database. Anyone has experience and comment on using the program?

It also has password generation function base on parameters you specified. I picked couples of them and integrated into my new password. The longest password i created and used as the master key to protect the KeePass contains 31 digits - using combination of alphanumeric, Html code of smiley, keyboard special characters, both upper and lower cases. Yeah it sound crazy. The shortest one contain 9 digits. I would probably tweak them further.
 
Joined
Oct 19, 2006
Messages
1,028
Location
Malaysia
Back
Top Bottom