Password Managers

[slofox]

It has got to the stage that I have forty gazillion bits of paper stuck round the monitor with little mnemonics all over them to help me remember all the different passwords I have to use these days to access all those different websites.

It was mentioned to me recently that this person had downloaded some kind of password management program. I thought such a thing might be useful. But I have questions.

1. Are they secure enough to be trusted over one's own (albeit failing) memory?
2. If the answer to 1, above, is "yes", then which such program is a good one to use?

Ta.

[FJRider]

The program I use is the pocket notebook purchased from the red shed. Cheap and doesn't crash. (untill you lose the bloody thing)

[Scuba_Steve]

security, simple answer I'll say yes

I used to use KeePass, and to keep it secure you can choose a password, keyfile (which can be kept on USB stick or the likes) or combination of both

[Subike]

I have an old school telephone index note book which I keep passwords and other relevant data in. Do you remember the things? They had a

slide on the front with the letters , you slid the indicator to the letter, pushed the button, it would pop up and there's the info. When I'm not

around it just sits there looking like an old bit of 80's technology. Very handy as the pages can be replaced too.

[george formby]

I use the same password for all my low risk sites, even email. Anything that does not have financial or personal info. I have another for the Bank, credit card etc.
Admittedly it's getting harder, sites require bigger passwords & if somebody does access your email or facepoop you still have to come up with another password. I'm still at the bit of paper stage.

Browse Downloads.com & check the user ratings & reviews for password managers.

[Akzle]

i'm some kind of genius. i use random alpha-numerical passwords and remember them all. things like h94gfn or ffi5x172.

as far as "programs" for it... i would suggest a browser upgrade to opera or google or firefox. (google is the new umbrella corp ). all of which have built in "password managers"

opera tops my list, of those choices, cos it incorporates email and other useful things.
(newsreaders, script debugger, aquarium app, adressbook...)

[Usarka]

I'll manage you passwords for you. PM me your login and password details (especially internet banking).

Chur.

[bogan]

I use the same password for all my low risk sites, even email. Anything that does not have financial or personal info. I have another for the Bank, credit card etc.
Admittedly it's getting harder, sites require bigger passwords & if somebody does access your email or facepoop you still have to come up with another password. I'm still at the bit of paper stage.

Browse Downloads.com & check the user ratings & reviews for password managers.

I have my browser (Opera) remember the non-important ones, often don't bother changing them from the one they give me to begin with. And like you, the same password for the medium importance ones (also remembered by Opera in most cases, and then different ones for bank accounts etc.
But yeh, those fuckers which require 8 character with one capital, one numeric and one letter piss me off. Either write it in a password file, or get the browser to remember them. Now I'm no cryptographist, but surely a 6 digit alphanumeric stored only in ones head, is less likely to be broken than an uberhard to crack one, which is written down everywhere

[mashman]

I'm still at the bit of paper stage.

Still by far the best option, imho, as you don't have to remember the password to your password store... just need a safe spot in the hoose, and need to remember not to keep the paper in your trousers in case the missus does a surprise clothes wash.

[Akzle]

Now I'm no cryptographist, but surely a 6 digit alphanumeric stored only in ones head, is less likely to be broken than an uberhard to crack one,

not really.
nowadays people "hack" people.
having "wifesname21" or "dogsname,phonenumber" is incredibly common. so you chuck all the info you know about someone into a brute force program (or get it to scan their facebook) then let it loose at their password file.

the phrase "purple monkey dishwasher 1" is a more secure password than 27Qwx1P, simply for it's length, and the presence of spaces. and it's easy to remember, fucking horse shit, aunt tommys handbag etc etc.

things with fixed length passowrds (ICQ, WEP encryption etc) narrow down the odds, but basically you exponentially add ^36 for every other letter/number in your password.

any passwords stored on your PC are quite vulnerable to "hacking" any stored server-side are less so, because they're stored encrypted. (you can encrypt your HDD etc, but really. you're not that fucking important, and the FBI already know all your shit.)

[Gremlin]

Browsers like Firefox have built in management, but, anyone with access to your PC can show the passwords.

I tend to keep a password excel file for about 50 sites. I used to remember the lot, but I used a combination of usernames and passwords and it became a bit hard

[bogan]

not really.

[snip]

any passwords stored on your PC are quite vulnerable to "hacking" any stored server-side are less so, because they're stored encrypted. (you can encrypt your HDD etc, but really. you're not that fucking important, and the FBI already know all your shit.)

Reading comprehension not your strong suit then?

as you said people hack people, a 6 digit alphanumeric isn't going to get hacked, sure a 12 digit one is exponentially harder, but its irrelevant as nobody is going to brute force that shit so they can change my facebook sexual orientation or like nickleback for me.

[onearmedbandit]

or like nickleback for me.

Ahh that old chestnut, 'oh no of course I don't like them, whatever, someone must've hacked my FB account'.

[pete376403]

I use password safe - just one password to remember to open the safe.

About Password Safe
Password Safe and the Twofish encryption algorithm it uses were originally developed and released to the public by Bruce Schneier and Counterpane Labs.

Password Safe is now an open source project hosted at sourceforge.net. The latest program updates, documentation, and news can be located at http://pwsafe.org.

Password Safe is freely available and distributable under the restrictions set forth in the standard Open Source Initiative (OSI) "Artistic License 2.0." A copy of this license is included with the Password Safe installation package in the file named LICENSE.

Twofish is a fast, free alternative to the AES, DES and IDEA encryption algorithms. Details on the Twofish algorithm, including speed comparisons and an extensive list of products that use Twofish, are available at http://www.schneier.com/twofish.html.

[Winston001]

Firefox has a built-in password manager but I also use Securelogin and used to have XMarks but it became a pain.

Essentially I use one password for internet forums cos I really don't care if somebody steals that. A more complex one for email and same for internet banking.