Pydpiper
Flashlight Enthusiast
I have 100 accounts and 100 passwords... Is there an easy way to keep track of all this stuff?
keeping passwords?
- Thread starter Pydpiper
- Start date
Help Support Candle Power Flashlight Forum
jtice
Flashaholic
There are programs out there for that, but I dont know if I trust them.
If you just need a record of them,
I would use excel, and keep it on a floppy, or pen drive with you.
~John
If you just need a record of them,
I would use excel, and keep it on a floppy, or pen drive with you.
~John
zespectre
Flashlight Enthusiast
I use software called eWallet on my computer and also on my Pocket PC (so that I can always have a copy with me). Because I also have well over 100 internet logon/password combos as well as multiple lock combinations, bank account pin numbers and the list goes on and on.
http://www.iliumsoft.com/site/ew/ewx_win.htm
Good security and backup options too.
http://www.iliumsoft.com/site/ew/ewx_win.htm
Good security and backup options too.
Last edited:
powernoodle
Flashlight Enthusiast
I make a hard copy and keep it next to my machine. I have 3 single-spaced pages of the dang things, but at least it limits the ability of an evildoer to swipe them.
peace
peace
Frenchyled
Flashaholic*
I use mobipassword since 5 years and never have a problem with it !!
This product can run on windows, PocketPC and Palm OS...very usefull because windows share and synchronize your data with your pocket PC or Palm
And...compatible with IE and Firefox (plugin included) to reply automatically with your password and login on web page..
Mobipassword
This product can run on windows, PocketPC and Palm OS...very usefull because windows share and synchronize your data with your pocket PC or Palm
And...compatible with IE and Firefox (plugin included) to reply automatically with your password and login on web page..
Mobipassword
Joe Talmadge
Flashlight Enthusiast
I would definitely not keep my passwords in a flat file, you're just begging for trouble. Nor would I keep a hard copy. I keep them in a program with strong encryption, and choose a reasonably difficult password for it. I guess if someone can crack triple DES, they deserve all my financial information I use cryptinfo, which I picked only because it was convenient to run on my Palm PDA years ago. Don't know what I'd choose now. But it's nice to be able to sync the database between my work computer, home computer, and PDA, so I'd definitely choose a solution that does that. Cryptinfo uses 168-bit 3DES, not sure if I'd go with that now, but I haven't kept up.
I use cryptinfo, which I picked only because it was convenient to run on my Palm PDA years ago. Don't know what I'd choose now. But it's nice to be able to sync the database between my work computer, home computer, and PDA, so I'd definitely choose a solution that does that. Cryptinfo uses 168-bit 3DES, not sure if I'd go with that now, but I haven't kept up.
leukos
Flashlight Enthusiast
I solve the problem by altering between these two passwords:
and 
and 
gadget_lover
Flashaholic
There's nothing intrinsicly wrong with a flat file IF it's not obvious that it's full of passwords.
I would not really say what technique I use, but imagine....
In my wallet there is a list of words on a piece of paper. Well, two lists on two pieces. If you know how the lists intersect you can associate a login name with a password. That still does not help you find the right login name for a specific site, system or program.
Now this information can lead to a compromise but it requires several steps that are not obvious:
1 you have to access my wallet.
2 you have to recognize the lists for what they are
3 you have to associate the lists properly
4 you have to associate the decoded lists with the proper systems, sites or programs.
5 you have to have access to the systems.
The cost is Zero, the technology is OS independant and it's ultimately portable (as long as I have a pocket for my wallet).
In more than one case I have used clear flourescent ink (glows under UV) on such a list to hide the real passwords.
Now of course this technique falls to a brute force attack where one uses a bot to try every suspected password with every suspeced login on every suspected system. If you are concerned about that, use a simple "off by one" translation for a character in the password or login. Example? the first letter in incremnetd by one letter. The password chilli is written down as dilli.
As an IT support person I have seen hundereds of passwords written on and around monitors.
Daniel
( in reality, my wallet contains a set of one time passwords (single use) to get me onto my DMZ system in an emergency.
I would not really say what technique I use, but imagine....
In my wallet there is a list of words on a piece of paper. Well, two lists on two pieces. If you know how the lists intersect you can associate a login name with a password. That still does not help you find the right login name for a specific site, system or program.
Now this information can lead to a compromise but it requires several steps that are not obvious:
1 you have to access my wallet.
2 you have to recognize the lists for what they are
3 you have to associate the lists properly
4 you have to associate the decoded lists with the proper systems, sites or programs.
5 you have to have access to the systems.
The cost is Zero, the technology is OS independant and it's ultimately portable (as long as I have a pocket for my wallet).
In more than one case I have used clear flourescent ink (glows under UV) on such a list to hide the real passwords.
Now of course this technique falls to a brute force attack where one uses a bot to try every suspected password with every suspeced login on every suspected system. If you are concerned about that, use a simple "off by one" translation for a character in the password or login. Example? the first letter in incremnetd by one letter. The password chilli is written down as dilli.
As an IT support person I have seen hundereds of passwords written on and around monitors.
Daniel
( in reality, my wallet contains a set of one time passwords (single use) to get me onto my DMZ system in an emergency.
Gimpy00Wang
b0rk, b0rk, b0rk
- Joined
- Mar 12, 2003
- Messages
- 841
I, and the company I work for, use Password Safe. It's now a SourceForge project, but was originally developed by Bruce Schneier of Counterpane Labs. He's a known figure in the security/crypto world. Password Safe has never had a security flaw found and has served me well for 6+ years. I recommend it 100%.
http://passwordsafe.sourceforge.net/
http://www.schneier.com/passsafe.html
- Chris
http://passwordsafe.sourceforge.net/
http://www.schneier.com/passsafe.html
- Chris
APC Biopod Password Manager
I got one for christmas its terrific up to 20 users (fingerprints) & I dont need to remember any passwords anymore just scann my finger
APC password manager
APC Home Page
I got one for christmas its terrific up to 20 users (fingerprints) & I dont need to remember any passwords anymore just scann my finger
APC password manager
APC Home Page
carrot
Flashaholic
I just use a few different passwords, varying in crackable difficulty depending on the site, and a few different logins. If I forget which one, I just go through them all. It's not the safest, but Mozilla Firefox can store passwords for sites you visit if you like -- if you put on a master password then nobody can read the passwords without the master password, so make the master password good.
gadget_lover
Flashaholic
The biggest problem with PC based password managers is that if a keystroke logger gets installed (trojan, virus, etc) all your passwords could be subject to exposure.. remotely.
Daniel
Daniel
carrot
Flashaholic
gadget_lover said:
I assume they'd get exposed when you login anyway. I always figured the best keylogger-safe passwords are URLs. Like, if I used "http://www.candlepowerforums.com/vb/" as my password, that'd be a pretty secure password, and also fool someone using a keylogger.
shaman
Newly Enlightened
I personally like keepass (I have heard they even have a linux port) at sourceforge. I have tried passwordsafe (which is also good) but eventually went to keepass.
As far as keylogger concerns... for the truely security prone or paranoid there is always tinfoil hat linux. It has means to safeguard against keyloggers and TEMPEST.
Sincerely,
Shaman
As far as keylogger concerns... for the truely security prone or paranoid there is always tinfoil hat linux. It has means to safeguard against keyloggers and TEMPEST.
Sincerely,
Shaman
carrot
Flashaholic
Never heard of TinfoilHat Linux. Is that like RedHat? Or do you mean something like SELinux -- security enhanced Linux?shaman said:
What's TEMPEST? I remember hearing it, don't remember what it was.
shaman
Newly Enlightened
carrot said:
Well, to put it simply it was a minimalistic distro (single floppy) that (if memory serves me correctly) was encrypted but when booted it would decrypt the actual data and allow one to use GPG, as well as other programs that would bypass or safeguard against keyloggers and the like. For example it would allow you to type a password by using the arrow keys (kind of like old school video games would do when you got a high score). It also had software that would send garbage radiation out of the monitor (like flashing certain random images at a certain rate and limiting where the password would be entered) so that anyone using capture devices would have a much harder time sifting through to find a password.
It is an older distro but was quite innovative and definitely thought "out-of-the-box".
http://en.wikipedia.org/wiki/Tinfoil_Hat_Linux
Sincerely,
Shaman
carrot
Flashaholic
shaman said:
The wiki page is in danger of being deleted. If you did try it at one point, you should say something on the Talk page to verify it is not a joke project.
This is neat. I think I'll download it and give it a shot next time I'm bored.
asdalton
Flashlight Enthusiast
Gimpy00Wang said:
I use that, too.
