We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
best place to store passwords?
Comments
-
Roboform is excellent, I've used it for about 5 years after the awful gator was found to be full of spyware. I've also been using online banking with this program without a problem, although I did rename it, so it wouldn't be obvious to anyone using my PC etc.0
-
Excel passwords are easy to crack .. we have had to do it a couple of times .. I can't remember the tool we used but we found it on the web and ran it .. a couple of hours later we were in the spreadsheet. Most of the tools seem to use 'brute force'.wisemonkeyuk wrote:The way I store my passwords is to create an excel spreadsheet, type in all sites, usernames, passwords etc then create a password for the spreadsheet so it can only be opened and modified with the password entered twice.
The only problem I have with doing it this way is that Im not sure if there's a way of somebody getting into the spreadsheet without my password (eg - hackers) I'd much rather have all passwords stored on my own PC as opposed to storing them in web-based password managers.
Does anyone know if this is a safe way of storing passwords? I suppose I could always keep the spreadsheet then zip it up with a password that's different from the one that opens excel? Then to be extra safe I could zip the winzip file in WinRar format and add a password to that too! :rotfl:
If you want a good encryption tool then try axcrypt. It installs on the right-click menu and is dead easy. I have seevral external drives that contain some very commercially sensitive information. This is generally encrypted using the applications own encryption (e.g. word, excel), zipped up and encrypted, has axcrypt run on it and the most sensitive stuff is stored in a hidden encrypted directory (I think it uses 'FolderLock').
Forget trying to store passwords .. work out a system like I described above ... at least you can still access all your sites even if you are at someone elses computer and don't have access to your password files.
IvanI don't care about your first world problems; I have enough of my own!0 -
This is very loosely related. I am always extra conscious of I Banking safety. What are peoples' views on EMM or as someone recommended AccountUnity? How safe are they?
Just be aware if you use an ‘aggregation service’ you might have trouble getting a refund on any ‘unauthorised transactions’
Clip from my credit card latest T&C’s
“If you do give your security details to an aggregation service provider you will be in breach of our Terms and Conditions. If you enter your security details into aggregation service software you may find yourself to be in breach of our Terms and Conditions. In both cases you will be exposing yourself to liability for any unauthorised transactions on your account.”I love my spell checker, it stops me making all sorts of stupid smelling mistakes. :doh:0 -
Am I missing something here......
Storing your passwords on your PC?
IS that not like keeping your house key under the front door mat?
Store them on your mobile or in your head or write them in your diary.
In my experience people use the same passwords for so many diff sites, keep them diff and use loads of numbers at the start and end....
ConfuciusTo be able under all circumstances to practice five things constitutes perfect virtue; these five things are gravity, generosity of soul, sincerity, earnestness and kindness.0 -
THE_MIDDLEMAN wrote:IS that not like keeping your house key under the front door mat?
Store them on your mobile or in your head or write them in your diary.
Those methods can be seen as insecure too, even more insecure than on a Pc in fact.
If you use KeyPass the files are stored in an encrypted file, which can be as strong as bank encryption if you wish. KeyPass is also a stand-alone application so you can move it about. I currently keep it on my portable usb-drive.
The only thing you need to do is come up with and remember a decent password to open KeyPass."Boonowa tweepi, ha, ha."0 -
I always listen to the the Security Now podcast.
Episode 4 and 5 are all about passwords. Someone asked a question about how safe it was to store your passwords using things like Firefox and Steve Gibson pointed out that if someone has that kind of access to your system then your done for anyway because of the stuff they can install.
btw look out for next weeks episode. A whole show devoted to truecrypt
0 -
Lots of valid comments here. OK so maybe it's like keeping your key under the doormat BUT I have used a small program called PasswordSafe for years. I got it on recommendation from folk much higher up the IT foodchain than me.
Apparently its encrypted with blowfish technology (whatever that is) so virtually uncrackable.
This will tell you all about it and give you the download source.........
http://www.help2go.com/Tutorials/Software_Applications/Store_Your_Passwords_Securely.html0 -
Just remember that the encryption will be very complex and almost impossible to break. But your data is only as safe as the password you use when encrypting. Hence the more characters the better.
With KeyPass you can pass it through up to three encryption algorithms, so it's virtually unbreakable. Try and set a strong password of around 20 characters, the more the better basically so it can't be broken via brute force.
Also with KeyPass you can generate a key file (RC4 or 5 I think), where in order to open the encrypted file you must have the key file present and know the password. Just an added form of security."Boonowa tweepi, ha, ha."0 -
FWIW, I use truecrypt to store IP stuff on my PC and use the USB key version to tout stuff around with me (which was fine until I went to a large corporate running NT without USB support
).
I have a (long) password solely used for storing my passwords in the Handy Safe applications which run both on my PC and my smartphone. I store credit card details, bank scurity info, car radio data, etc and I can synchronise all the data with my phone. It uses 448-bit Blowfish data encryption, which would take years to break.
But for general access to websites, I use Opera's Wand or Roboform in Maxthon/IE6.Jumbo
"You may have speed, but I have momentum"0 -
This is such a good thread. Tried Roboform and really quite like it. Have since read the last few posts.
1.Are any of the other recommendations more secure than roboform or shall I stick with that? Haven't a clue what blowfish offers.
2.My master password is very short ( 5 letters). Having read more posts am thinking mayble that's not secure enough. Is it possible to change the master password?0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.4K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.4K Spending & Discounts
- 245.5K Work, Benefits & Business
- 601.3K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards