re-saving passwords

joe134

Hi, In the unlikely event of losing all ones passwords which in my case,are several, is it safer to keep a copy of them on paper in the safe, or on USB key in the safe.The reason for doubting the USB is the fact that all of the passwords have first to be written to a file, then downloaded to the key, then the file deleted, in case my Comp got stolen.Even though I can delete the said file, can someone more clever than me restore them? Also, how would banks and Insurance companies view the situation should someone take my Comp and book of passwords together? or even the fact that I commited them to a file on my Comp, then deleted them? All the Makinnons are not looking for Ufo,s

[Deleted User]

joe134 wrote: »

Hi, In the unlikely event of losing all ones passwords which in my case,are several, is it safer to keep a copy of them on paper in the safe, or on USB key in the safe.

It's not safe writing passwords either on paper or USB, including when utilising encryption.

joe134 wrote: »

can someone more clever than me restore them?

Yes.

joe134 wrote: »

Also, how would banks and Insurance companies view the situation should someone take my Comp and book of passwords together? or even the fact that I commited them to a file on my Comp, then deleted them?

I've no idea but as they're coming round to saying you need adequte protection with anti-virus software when using online banking I can't imagine they'd happily ignore this...

If you need to write them down could you not write down a reminder word, maybe in a sentence?

timmmers

Take it for granted that anyone who is clever enough and steals you puter can get anything you have or recently had on it...including PWs. Fact is though, junkies are more likely to steal this kind of thing and they won't care to do that.

Your biggest threat is from the internet...and people you know who can access the machine. An encrypted data file on a stick is safer than on the machine, but datasticks fail so other backup is needed too. I use a DVD RAM personally for this type of thing.

You can only do your best, and like homes...when a thief finds something hard to steal there are other easier options they can move on to. You need to be the option they can't be bothered with really.

t

fwor

Your best bet would be to use one of several Open Source "password safe" programs.

I use KeePass, but there are several others.

As it's Open Source you can be fairly confident that the code itself has no holes in it, and it uses a well-known encryption algorithm (AES).

It allows you to have both a passphrase and a separate keyfile - both are needed to decrypt the password database.

If you put the password database on a USB pendrive and store the keyfile somewhere else, it is a very secure way to store passwords. In realistic terms the database should be unbreakable unless the person doing the attempted break-in has (impracticably) massive computing power available to them.

cyberbob

fwor wrote: »

Your best bet would be to use one of several Open Source "password safe" programs.

I use KeePass, but there are several others.

Anything stored on any password program on your PC can be hacked by someone. As with online stores they can also be hacked. The safest way is to keep your passwords off the PC you will be using them on.

To be very 20th century a piece of paper with them on coded in a way you understand and hidden is safer than pC or online resources. You are more likely to be hacked than burgled.

cyberbob

fwor wrote: »

If you put the password database on a USB pendrive and store the keyfile somewhere else, it is a very secure way to store passwords. In realistic terms the database should be unbreakable unless the person doing the attempted break-in has (impracticably) massive computing power available to them.

Your !!!!!!ed when the USB drive fails though and they do.

joe134

fwor wrote: »

Your best bet would be to use one of several Open Source "password safe" programs.

I use KeePass, but there are several others.

As it's Open Source you can be fairly confident that the code itself has no holes in it, and it uses a well-known encryption algorithm (AES).

It allows you to have both a passphrase and a separate keyfile - both are needed to decrypt the password database.

If you put the password database on a USB pendrive and store the keyfile somewhere else, it is a very secure way to store passwords. In realistic terms the database should be unbreakable unless the person doing the attempted break-in has (impracticably) massive computing power available to them.

Thanks I will check it out. How handy is it for dipping in and out of frequently, as I am always daily dipping in and out of my A/cs of which I have approx 30. sounds a lot , but these days yuo have to spread your money around, and having 1 password is not advisable, and remembering 30+. no way, so I have a little black book, which I would like to eliminate.

joe134

cyberbob wrote: »

Anything stored on any password program on your PC can be hacked by someone. As with online stores they can also be hacked. The safest way is to keep your passwords off the PC you will be using them on.

To be very 20th century a piece of paper with them on coded in a way you understand and hidden is safer than pC or online resources. You are more likely to be hacked than burgled.

Hi, this seems the most logical, it,s what I am doing now, with my "black book." Keyloggers to me are the most problematic to me as I am contiuously accessing my A/cs for various reasons.I can at least sleep at night with my "little black book" under the pillow, not wondering if I forget the password to my online "black book".Caio. Thankyou all;

fwor

cyberbob wrote: »

You are more likely to be hacked than burgled.

Do you actually have any real data to back that statement up? Am I unusual in having had my house burgled twice, but never had a hacker break into my PC and hack my AES-encrypted password safe?

cyberbob wrote: »

Your !!!!!!ed when the USB drive fails though and they do.

Well you would be if you didn't keep a backup copy somewhere safe - but isn't that true of all of your data?

I keep a copy of the database on a second pendrive hidden somewhere in the house where nobody is likely to find it and a copy of the keyfile on an unmarked CD-ROM at a relative's house (the keyfile doesn't change as you add passwords, so it only needs to be backed up once).

Accounts and passwords are very easy to add, and although you can't make yourself immune from the possibility of a keystroke logger, KeyPass actually helps, because you can copy and paste passwords without having to type them (they don't appear on the screen either, so you're not vulnerable to remote screen reading either).

joe134

fwor wrote: »

Do you actually have any real data to back that statement up? Am I unusual in having had my house burgled twice, but never had a hacker break into my PC and hack my AES-encrypted password safe?



Well you would be if you didn't keep a backup copy somewhere safe - but isn't that true of all of your data?

I keep a copy of the database on a second pendrive hidden somewhere in the house where nobody is likely to find it and a copy of the keyfile on an unmarked CD-ROM at a relative's house (the keyfile doesn't change as you add passwords, so it only needs to be backed up once).

Accounts and passwords are very easy to add, and although you can't make yourself immune from the possibility of a keystroke logger, KeyPass actually helps, because you can copy and paste passwords without having to type them (they don't appear on the screen either, so you're not vulnerable to remote screen reading either).

Hi, Thanks again, this is nowconfusing me a bit.You keep a copy of data base and a copy of key file.Which is which? Having not used the keyfile the copy and paste interests me.I am not as bright as you guys so bear with me.Can you simlify it a bit by stages please? I have never heard of remote screen watching either, you learn something all the time on this forum.Am I right in assuming once you put all your passwords on the secure site, you then have only one password to access this site to be able to obtain your submitted passwords, which you can then copy and paste from there to wherever you want to.Is that about right?

fwor

There are several ways to use this type of password safe, but here's one way:

The password database is a small file on your PCs hard disk. It's encrypted using AES, which government agencies use to encrypt military secret correspondence, among other things.

Keypass can only decrypt the password database if you provide it with two things - the passphrase, which is a long password that you must remember, and the keyfile, which is essentially just a small file with a very, very large number in it. The keyfile is kept on a USB pendrive which you must remember to remove when you are not using your PC.

If either the USB pendrive or PC are stolen, neither file is any use to anyone - it's just a file (which you can call anything you like) with random-looking data in it.

If both pendrive and PC are stolen together and the thief somehow figures out which files to access, he doesn't know your passphrase and so can't access your passwords.

Of course it's important to choose a good passphrase that's easy for you to remember but hard to guess - I use a phrase like My-cat's-name-is-Tiddles, because it has a mix of upper and lower case and non-alphanumeric characters.

One of the features of KeyPassX (I use the Linux version, hence the slightly different name) is that you can click an icon to copy a password into the clipboard, go the login page where you need the data, right-click the password field and paste the password. Keypass is designed to scrub the password from the clipboard after (I think) 30 seconds, so you don't need to worry about someone else being able to use it again later.