Passwords

turbobob

I use a program called Keepass - http://keepass.info/ which is available for most of the major operating systems. The program uses a master key which I keep on a flash drive which means that if someone else uses the PC or if it got stolen they would not be able to look into the file where the passwords are kept.

I also tend to use passwords generated by random generators like this - http://www.pctools.com/guides/password/ . Of course, these being random strings of characters means they are not memorable in any way..

[Deleted User]

I can guarantee with enough time and enough CPU power every program available can be cracked - hence I don't use any of them.

pfpf

Deleted_User wrote: »

I can guarantee with enough time and enough CPU power every program available can be cracked - hence I don't use any of them.

i would agree, but on the same basis that means every organisation could be "cracked/hacked". plenty of examples of that happening recently.

so no real need to even try and keep your details secret?

[Deleted User]

pfpf wrote: »

i would agree, but on the same basis that means every organisation could be "cracked/hacked". plenty of examples of that happening recently.

so no real need to even try and keep your details secret?

Not quite

Nothing is totally safe. My advice will just minimise your chances of your passwords / data being found out...

turbobob

Deleted_User wrote: »

I can guarantee with enough time and enough CPU power every program available can be cracked - hence I don't use any of them.

For cracking very strong encryption you would be looking at a lot of time or CPU power though. My understanding is that its not practical to carry out a brute force attack against AES encryption (128bit let alone 256bit) with current technology.

Oblivion

I use AccessManager2 encryped software. This allows you to keep an encryped record of all your User IDs, Passwords and Memorable data, and also gives you the facility to drag-and-drop this info when logging in to an account.

You can also keep a backup (useable) on a USB memory stick.

Dave.

p.s. Just won another £50 on the premium bonds this month ... every little helps.

[Deleted User]

turbobob wrote: »

For cracking very strong encryption you would be looking at a lot of time or CPU power though. My understanding is that its not practical to carry out a brute force attack against AES encryption (128bit let alone 256bit) with current technology.

To be honest the chances are very slim someone is going to go to the trouble of trying to crack a password, brute force or not so I wouldn't worry about it. I just choose not to use any software on my machine for remembering passwords.

bigbloke45

Another way is to use your current, or better, an old car registration number but add some letters on the end.

E.g. if you had a car reg say, X292ROJ you could add "ER" on the end to get X292ROJER. You can use this type of thing for your unimportant passwords, but select something different for banking and other sensitive passwords.

Just use a combination of things you can easily remember that include numbers and letters. You can always add symbols or use lower and upper case letters in the same password, if allowed.

x292ROJer for example.

I hope this helps.

moneymass

Deleted_User wrote: »

I can guarantee with enough time and enough CPU power every program available can be cracked - hence I don't use any of them.

And by the time GCHQ have brute forced your uber strong password either the Earth will have been burnt up by the Sun or you will have changed your password (hopefully).

It's all about feasibility. I agree but anyway...

As for the OP: If you can't remember a password like n3klw^e3$££4323fd@>~!!}£2[and on and on] then you have two choices,

use a password that could be cracked (using rainbow tables/dictionary attacks/etc) in a 'short' amount of time (added complexity increases computation time) and hope for the best

or write it down and put it in your wallet without a description of what it is or where it's for.

But Ideally you should keep writing it down until you remember it, old fashioned way

In before 'you shouldn't write down your passwords'
http://www.schneier.com/blog/archives/2005/06/write_down_your.html

And if you disagree with him..

RE: Banks not paying out - don't say you wrote it down or better just remember them. Unless you remember them in your head you introduce an amount of vulnerability - depending on your risk threshold the method is ultimately down to yourself.

[Deleted User]

moneymass wrote: »

a password like [EMAIL="n3klw^e3$££4323fd@>~!!}£2"]n3klw^e3$££4323fd@>~!!}£2[/email]

Oh great! You've posted my password :eek: !