Go Back   British Expats / General / The Lab

Reply
 
Thread Tools
Old Aug 7th 2017, 2:51 am   #1
BE Forum Addict
 
johnwoo's Avatar
 
Joined: May 2016
Location: Northern California
Posts: 1,194
johnwoo has a reputation beyond reputejohnwoo has a reputation beyond reputejohnwoo has a reputation beyond reputejohnwoo has a reputation beyond reputejohnwoo has a reputation beyond reputejohnwoo has a reputation beyond reputejohnwoo has a reputation beyond reputejohnwoo has a reputation beyond reputejohnwoo has a reputation beyond reputejohnwoo has a reputation beyond reputejohnwoo has a reputation beyond repute
Default Passwords?

I'm trying to keep track of all my different passwords and on sites I don't use very often I forget them. With passwords becoming more complex, upper case, lower case, numbers and symbols, different for each site.
I have most of them written on a note pad, maybe not the best.
Any recommendations on the best way to keep track, password manager perhaps?
__________________
Giving every man a vote has no more made men wise and free than Christianity has made them good.
H. L. Mencken
johnwoo is offline   Reply With Quote
Old Aug 7th 2017, 9:59 am   #2
BE Enthusiast
 
calman014's Avatar
 
Joined: Jul 2014
Posts: 538
calman014 has a reputation beyond reputecalman014 has a reputation beyond reputecalman014 has a reputation beyond reputecalman014 has a reputation beyond reputecalman014 has a reputation beyond reputecalman014 has a reputation beyond reputecalman014 has a reputation beyond reputecalman014 has a reputation beyond reputecalman014 has a reputation beyond reputecalman014 has a reputation beyond reputecalman014 has a reputation beyond repute
Default Re: Passwords?

Just search for password managers online. The best ones have a small fee.There are also plenty of reviews.
calman014 is offline   Reply With Quote
Old Aug 7th 2017, 10:53 am   #3
I still dont believe it..
 
Joined: Oct 2013
Location: 12 degrees north
Posts: 1,354
uk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond repute
Default Re: Passwords?

The most important things are :

The application is available on every platform that you own for example mobile phone tablet desktop laptop etc. etc.

That the application has been in existence for a while and has a track record with customers in other words good recommendations.

I could bang on about the quality of different forms of encryption but frankly the ones used are normally adequate, there are several which have never been broken, and mathematically are pretty unlikely to be broken within x years, just Google the subject if you feel like it. Remember also that certain devices are entirely inherently encrypted, for example the entire device in the case of Apple iOS is protected to the extent that The Americans when it was really important to them have only managed to gain access to some areas when they actually have the ios passcode unlocked upfront [in other words if the screen was locked they could get nowhere.]

It is a vastly superior option to have storage of the information kept in a secure place online rather than in the device, in this way changes are seamless between devices and you don't need to worry about losing the device. As for is the cloud secure, the file itself will be strongly encrypted while at rest and while 'in motion' between your device and the cloud so actually the supplier has no knowledge of what you actually storing. Normally this arrangement leaves a copy of the file on the device in case you need to use it off-line but it will be synced in background, again you don't need to be concerned about anybody having access to the information, it's encrypted, what you do need to be concerned about is loss of the file itself meaning that you lose all of your information.

Apple have a highly secure password management system built into their operating systems, but it isn't as flexible as the applications you can buy.

My personal recommendation would be an application called mSecure but there are others of course.
__________________
Just over 64.3% of statistics are made up, the rest are lies.

Last edited by uk_grenada; Aug 7th 2017 at 11:01 am.
uk_grenada is offline   Reply With Quote
Old Aug 7th 2017, 1:13 pm   #4
What year is this?
Premium Member
 
BristolUK's Avatar
 
Joined: Jan 2008
Location: Moncton, NB, CANADA
Posts: 19,412
BristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond repute
Default Re: Passwords?

Quote:
Originally Posted by calman014 View Post
Just search for password managers online. The best ones have a small fee.There are also plenty of reviews.
I can't help but think all eggs in one basket.

When the subject comes up in the Guardian tech columns there are always references to password managers having been hacked.

I don't think keeping a written record is particularly risky so long as it's not with to your computer.

But you could even do your own password hints so if anyone does see them they won't mean anything to them, only you.

Let's say you have three main passwords - Sausage. Hamburger. BaconButtie.

To you they are S H or B. Or, where case sensitive BB, or Bb.

If a number is needed stick one at the end or swap it for a letter.
Hamburger1 - your hint H1. Or Sau5age - your hint S5.

If a symbol and number is needed...Hamburger#1 - your hint H#1 or H number one (# is hash but also number).
It depends how your mind works. Rather than H, you could write bun or bun#1, the word bun telling you that's hamburger. dog or dog#1 (as in hot dog) could be sausage.

baconbuttie4me could be another with your hint being my sarnie or something telling you it's for you. Some numbers work as words

Just with those three words you probably have a dozen variations all easily identifiable by you and nobody else even if they did see abbreviations or hints you'd noted somewhere.
Room for plurals too. Buns for Hamburgers.

What about phone numbers? Telephone numbers you used to call regularly or old STD codes. They may be stuck in your memory even though you don't use them anymore.

Random example. If you called Leeds a lot prior to 1995 it was 0532. Whenever you called there you did that without thinking and still may remember it even though it's changed since.
So leedsH is your hint for 0532Hamburger.

It really depends on how you can make different associations. Your local pub where you used to live. Old boozer is your hint.

To some this probably sounds a bit loopy but the principle works for me.
BristolUK is offline   Reply With Quote
Old Aug 7th 2017, 1:41 pm   #5
I still dont believe it..
 
Joined: Oct 2013
Location: 12 degrees north
Posts: 1,354
uk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond repute
Default Re: Passwords?

Bristoluk, your personal password creation methodology is fine, you should make sure they are min 8 chars long and include capitals [not the first char of the password] and a symbol isnt a bad thing. Acronyms bltbgyd :-). [dont let the b's grind you down] was used for years by sun microsystems as a default password.

Problem is when you need to have 30-40 of them, it just gets a bit taxing. Again, apple will generate and store really complex passwords, nothing wrong with their storage system, and it will store in icloud thus sharing between your devices, but not so good with non password info.

Re your claim that these systems are easily hacked - give me one example of a commercial password manager actually hacked - its never happened. What has happened is that users have allowed screen scraper, keyboard manager and similar virii to get into their [usually microsoft pc's] so the bad guy is sitting next to you writing down your details as you type them, this is why banks never ask you to enter the whole password, or even better make you press buttons to enter them - more difficult to visually hack. Its like the atm delusion - themselves - never hacked - same standards as b2 military systems, but if they can clone your card and see the pin - they are you...

If the password file is encrypted, and update packages are sent around encrypted, the only place it isnt - is when you ask to see it.

If its accessed by data reduction from your fingerprint - how does a hacker get that [yes - well ...]
__________________
Just over 64.3% of statistics are made up, the rest are lies.
uk_grenada is offline   Reply With Quote
Old Aug 7th 2017, 1:46 pm   #6
BE Forum Addict
 
Tweedpipe's Avatar
 
Joined: Oct 2007
Location: Halfway between Ricard & Absynthe
Posts: 2,863
Tweedpipe has a reputation beyond reputeTweedpipe has a reputation beyond reputeTweedpipe has a reputation beyond reputeTweedpipe has a reputation beyond reputeTweedpipe has a reputation beyond reputeTweedpipe has a reputation beyond reputeTweedpipe has a reputation beyond reputeTweedpipe has a reputation beyond reputeTweedpipe has a reputation beyond reputeTweedpipe has a reputation beyond reputeTweedpipe has a reputation beyond repute
Default Re: Passwords?

The above doesn't sound loopy to me, in fact I use a similar reminder for my passwords. Never had a problem. I also have the (slightly disguised) passwords in an old diary, kept in a safe, just in case I have a major memory block - hasn't happened yet fortunately.
__________________
.....Sent from my Sinclair ZX81.....
"I can certainly see that you know your wine. Most of the guests who stay here wouldn’t know the difference between Bordeaux and Claret." - Basil Fawlty, Fawlty Towers
Tweedpipe is offline   Reply With Quote
Old Aug 7th 2017, 1:46 pm   #7
I still dont believe it..
 
Joined: Oct 2013
Location: 12 degrees north
Posts: 1,354
uk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond repute
Default Re: Passwords?

Oh - breaking passwords by force - trying thousands of combinations - using 5 not s and 1 not i isnt secure - its very early on in attempts - of course if you can only try x times then the alarm makes the file self destruct its very secure - you can even re-encrypt and rename/hide the file or the whole machine with a secondary password you keep, in the same way that ransomeware does - except you own it...
__________________
Just over 64.3% of statistics are made up, the rest are lies.
uk_grenada is offline   Reply With Quote
Old Aug 7th 2017, 1:48 pm   #8
I still dont believe it..
 
Joined: Oct 2013
Location: 12 degrees north
Posts: 1,354
uk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond repute
Default Re: Passwords?

Consider - how will your old age and slight memory loss affect this scheme?
__________________
Just over 64.3% of statistics are made up, the rest are lies.
uk_grenada is offline   Reply With Quote
Old Aug 7th 2017, 2:03 pm   #9
Lt Col (Retd)
Premium Member
 
Pulaski's Avatar
 
Joined: Dec 2001
Location: Dixie, ex UK
Posts: 42,048
Pulaski has a reputation beyond reputePulaski has a reputation beyond reputePulaski has a reputation beyond reputePulaski has a reputation beyond reputePulaski has a reputation beyond reputePulaski has a reputation beyond reputePulaski has a reputation beyond reputePulaski has a reputation beyond reputePulaski has a reputation beyond reputePulaski has a reputation beyond reputePulaski has a reputation beyond repute
Default Re: Passwords?

Quote:
Originally Posted by BristolUK View Post
I can't help but think all eggs in one basket.

When the subject comes up in the Guardian tech columns there are always references to password managers having been hacked.

I don't think keeping a written record is particularly risky so long as it's not with to your computer.

But you could even do your own password hints so if anyone does see them they won't mean anything to them, only you.

Let's say you have three main passwords - Sausage. Hamburger. BaconButtie.

To you they are S H or B. Or, where case sensitive BB, or Bb.

If a number is needed stick one at the end or swap it for a letter.
Hamburger1 - your hint H1. Or Sau5age - your hint S5.

If a symbol and number is needed...Hamburger#1 - your hint H#1 or H number one (# is hash but also number).
It depends how your mind works. Rather than H, you could write bun or bun#1, the word bun telling you that's hamburger. dog or dog#1 (as in hot dog) could be sausage.

baconbuttie4me could be another with your hint being my sarnie or something telling you it's for you. Some numbers work as words

Just with those three words you probably have a dozen variations all easily identifiable by you and nobody else even if they did see abbreviations or hints you'd noted somewhere.
Room for plurals too. Buns for Hamburgers.

What about phone numbers? Telephone numbers you used to call regularly or old STD codes. They may be stuck in your memory even though you don't use them anymore.

Random example. If you called Leeds a lot prior to 1995 it was 0532. Whenever you called there you did that without thinking and still may remember it even though it's changed since.
So leedsH is your hint for 0532Hamburger.

It really depends on how you can make different associations. Your local pub where you used to live. Old boozer is your hint.

To some this probably sounds a bit loopy but the principle works for me.
That's pretty much what I do - I picked an obscure theme, even by UK standards, which is pretty much meaningless in the US, then switch letters for numbers or special characters.

When I get to define my own "hint" questions they relate to the addresses of offices of a former employer, .... which no longer exists! For example "What comes after Bracknell?" Unless you happen to know the order in which office locations were listed by that specific company there is no way for anyone to know that the answer is Norwich. Or the clue might be the internal reference code for the location, so the clue might be "14" and the answer "Worcester".
__________________
As quoted in the Grauniad.

Last edited by Pulaski; Aug 7th 2017 at 2:08 pm.
Pulaski is online now   Reply With Quote
Old Aug 7th 2017, 2:05 pm   #10
Lost in BE Cyberspace
 
mrken30's Avatar
 
Joined: Jul 2008
Location: Portlandia Metro
Posts: 6,322
mrken30 has a reputation beyond reputemrken30 has a reputation beyond reputemrken30 has a reputation beyond reputemrken30 has a reputation beyond reputemrken30 has a reputation beyond reputemrken30 has a reputation beyond reputemrken30 has a reputation beyond reputemrken30 has a reputation beyond reputemrken30 has a reputation beyond reputemrken30 has a reputation beyond reputemrken30 has a reputation beyond repute
Default Re: Passwords?

I use lastpass with 2FA and use 20+ character complex passwords or longer. Not sure if it is the best option, but it's easy to use and I feel more secure.
__________________
A still tongue is a wise tongue, pity anout the fingers
mrken30 is offline   Reply With Quote
Old Aug 7th 2017, 2:55 pm   #11
I still dont believe it..
 
Joined: Oct 2013
Location: 12 degrees north
Posts: 1,354
uk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond repute
Default Re: Passwords?

There is another very old but very secure system that you can use, an early secret coding system relied on a particular book, what you would do is to send your partner a code like 16, 23, 23 and in order to decipher that you would have to go to a particular book page 16 Row 23 character 23 and read that off, so keeping an open doc with a stream of numbers that mean letters is a safe way to store your password aide memoir in plain sight.
__________________
Just over 64.3% of statistics are made up, the rest are lies.
uk_grenada is offline   Reply With Quote
Old Aug 7th 2017, 2:58 pm   #12
I still dont believe it..
 
Joined: Oct 2013
Location: 12 degrees north
Posts: 1,354
uk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond reputeuk_grenada has a reputation beyond repute
Default Re: Passwords?

It is apparently an open secret that for some years spies of various countries have used encrypted information within 3-D barcodes to send information around, you just stick the sticker with the barcode on to some kids toy and post it Abroad, it contains lots of data.

In fact one of the factors used by my 2fa within my password keeper is a 3-D barcode, you don't have to type a 256 character key you just photograph the code.
__________________
Just over 64.3% of statistics are made up, the rest are lies.
uk_grenada is offline   Reply With Quote
Old Aug 7th 2017, 3:30 pm   #13
What year is this?
Premium Member
 
BristolUK's Avatar
 
Joined: Jan 2008
Location: Moncton, NB, CANADA
Posts: 19,412
BristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond repute
Default Re: Passwords?

Quote:
Originally Posted by uk_grenada View Post
Bristoluk, your personal password creation methodology is fine, you should make sure they are min 8 chars long and include capitals [not the first char of the password] and a symbol isnt a bad thing.
Yes, I was just trying to keep it simple-ish

Quote:
Problem is when you need to have 30-40 of them, it just gets a bit taxing.
How many people need that many though? 2 or 3 bank sites, couple of government sites, Amazon and a couple of other retails, news, the odd forum or other social media.

A base of four words could give over 20 the way I've mentioned.

Quote:
Re your claim that these systems are easily hacked
Well that's not what I said. I said that in the articles discussing it people always mention that it has happened.

Quote:
If its accessed by data reduction from your fingerprint - how does a hacker get that [yes - well ...]
Ouch.

Quote:
Originally Posted by uk_grenada View Post
Oh - breaking passwords by force - trying thousands of combinations - using 5 not s and 1 not i isnt secure - its very early on in attempts ...
Yes...but it's not less secure than not having a 5 instead of a 1.

Where it is more secure is where someone may guess, have an inkling or catch a brief glimpse but the disguise is enough for them to get it wrong.

So substituting a number for a letter is either the same or better than not doing it.

Quote:
Originally Posted by uk_grenada View Post
Consider - how will your old age and slight memory loss affect this scheme?
Probably no worse than remembering a bunch of passwords, or remembering where you wrote them, or what password manager you used...and when all that fails, use the forgot password option and reset.
BristolUK is offline   Reply With Quote
Old Aug 7th 2017, 3:47 pm   #14
What year is this?
Premium Member
 
BristolUK's Avatar
 
Joined: Jan 2008
Location: Moncton, NB, CANADA
Posts: 19,412
BristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond repute
Default Re: Passwords?

Quote:
Originally Posted by uk_grenada View Post
There is another very old but very secure system that you can use, an early secret coding system relied on a particular book, what you would do is to send your partner a code like 16, 23, 23 and in order to decipher that you would have to go to a particular book page 16 Row 23 character 23 and read that of...
Ah yes...I always wanted to be a spy.
When I was a kid I'd have killed for a Man from U.N.C.L.E. briefcase.
BristolUK is offline   Reply With Quote
Old Aug 7th 2017, 3:58 pm   #15
Lost in BE Cyberspace
 
mrken30's Avatar
 
Joined: Jul 2008
Location: Portlandia Metro
Posts: 6,322
mrken30 has a reputation beyond reputemrken30 has a reputation beyond reputemrken30 has a reputation beyond reputemrken30 has a reputation beyond reputemrken30 has a reputation beyond reputemrken30 has a reputation beyond reputemrken30 has a reputation beyond reputemrken30 has a reputation beyond reputemrken30 has a reputation beyond reputemrken30 has a reputation beyond reputemrken30 has a reputation beyond repute
Default Re: Passwords?

Quote:
Originally Posted by uk_grenada View Post
There is another very old but very secure system that you can use, an early secret coding system relied on a particular book, what you would do is to send your partner a code like 16, 23, 23 and in order to decipher that you would have to go to a particular book page 16 Row 23 character 23 and read that off, so keeping an open doc with a stream of numbers that mean letters is a safe way to store your password aide memoir in plain sight.
This does not work quite so well when complex passwords are required.

I am surprised that PIN numbers on ATMs are still only 4 digits

You could use a combination of friends names, addresses, postcodes and DOBs. Concatenating a few of these values would probably suffice.
__________________
A still tongue is a wise tongue, pity anout the fingers

Last edited by mrken30; Aug 7th 2017 at 4:01 pm.
mrken30 is offline   Reply With Quote
Reply

Go Back   British Expats / General / The Lab


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT. The time now is 10:56 am.


Powered by vBulletin: ©2000 - 2017, Jelsoft Enterprises Ltd.
© 1999-2010 BritishExpats.com