How do you manage your passwords?

zangief · Aug 31, 2007

It is very easy to crack office passwords , and mdb file passwords , I did not expect them to be so easily cracked.Yesterday they brought a powerpoint file to be printed but it was read-only , my friend did not called the owner for the password instead he just cracked it with a program.

Imo offline methods would be better for passwords.

Johnn said:
I made one Excel file and forgot the password!

A D · Aug 31, 2007

dolansco said:
Roboform 2 Go ...

I also use Roboform.

It can generate and store random passwords for you.

It manages them beautifully.

Just back up the passcards onto a cd.

-=DCG=-

Tia Wood · Aug 31, 2007

Michael_Goldman said:
Where do you keep all your passwords and login details, what do you use for backup and how do you ensure your domains won't get stolen?

~MG

I use my PDA to keep track of all accounts and passwords which adheres to my belief if you ever want absolute security on the internet, you need to keep things offline. As far as my domain accounts, I pretty much have them all memorized.

DomainMagnate · Aug 31, 2007

thanks everyone

I also back up the passwords file on my pda/cellphone.
Going to move to Roboform now

hope I can transfer all my passwords there easily.. I got hundreds of them

~MG

Johnn · Aug 31, 2007

Whatever the method you use, do not save the information on your pc or laptop.
Invest in a couple thumb drives with password and: carry one with you, leave one somewhere safe just in case you get hit my the truck or lightning so your spouse or family member can retrieve the information.

Ubiquitous · Aug 31, 2007

Michael_Goldman said:
I use firefox's password manager and text file for backup. I've been thinking of moving to roboform for a while, guess now is a good time. Still I don't quite understand how is it more secure than having the passwords in firefox, looks like the same to me.

I wonder if noone else uses the comp except you, what can be the problem with a text file, can a trojan be smart enough to copy the passwords from that file?!

~MG

Basically every password, form, data, etc. ever entered on your computer through the standard unencrypted process is accessible even without having to know the admin password if the person knows how. Yes - it is a scary reality, although you are better safe than sorry if you at least try and take the right precautions before something could happen. Most people really have no idea how unsecure their data is, and unfortunately that is how people get royally screwed too. Let me put it this way ... no matter what measures you take to protect yourself keep in mind that nothing is foolproof and can be broken. Even when you use Roboform and have your passwords encrypted you still have to use common sense - changing pw's every so often, and not using the same one on every website you goto ... lol.

Here's a bit more about Roboform to answer your question on what the difference is.

If somebody steals your RoboForm Passcard files, can they get into your accounts?

If you password-protect all sensitive Passcards and Identities and then it will be very difficult. Specifically, all password-protected Passcards and Identities are stored in files that are encrypted by your Master Password using AES, BlowFish or 3DES. So a person who stole your computer or password files, will have to break these encryption algorithms in order to get your passwords from Passcards.

As long as you observe these rules, it should be very hard to use the stolen info:

* Password-protect all sensitive Passcards and Identities. Anyone can see and use Passcard or Identity that is not password-protected.
* Make your Master Password long enough and un-obvious enough, so that it cannot be defeated by a simple dictionary attack. Do not use any words or names from any widely used languages, make your Master Password at least 10 characters long.
* Use AES, BlowFish, or RC6 for encryption, they are harder to break than other algorithms.

~ Regards

dolansco · Aug 31, 2007

Kingpin said:
Basically every password, form, data, etc. ever entered on your computer through the standard unencrypted process is accessible even without having to know the admin password if the person knows how. Yes - it is a scary reality, although you are better safe than sorry if you at least try and take the right precautions before something could happen. Most people really have no idea how unsecure their data is, and unfortunately that is how people get royally screwed too. Let me put it this way ... no matter what measures you take to protect yourself keep in mind that nothing is foolproof and can be broken. Even when you use Roboform and have your passwords encrypted you still have to use common sense - changing pw's every so often, and not using the same one on every website you goto ... lol.

Here's a bit more about Roboform to answer your question on what the difference is.

If somebody steals your RoboForm Passcard files, can they get into your accounts?

If you password-protect all sensitive Passcards and Identities and then it will be very difficult. Specifically, all password-protected Passcards and Identities are stored in files that are encrypted by your Master Password using AES, BlowFish or 3DES. So a person who stole your computer or password files, will have to break these encryption algorithms in order to get your passwords from Passcards.

As long as you observe these rules, it should be very hard to use the stolen info:

* Password-protect all sensitive Passcards and Identities. Anyone can see and use Passcard or Identity that is not password-protected.
* Make your Master Password long enough and un-obvious enough, so that it cannot be defeated by a simple dictionary attack. Do not use any words or names from any widely used languages, make your Master Password at least 10 characters long.
* Use AES, BlowFish, or RC6 for encryption, they are harder to break than other algorithms.

~ Regards

Indeed ... ( regards roboform ) .. the benefit of Roboform2go is that it can be stored on a password protected USB key ...
thus ... plug in USB key ... enter first password .. then Roboform loads ... and then enter master password .... thus a second layer of protection .

i admit I also use roboform-pro at home , but keep Roboform2go synced with it regularly. Also , if & when I die , my loved ones have all my domain accounts and parking accounts readily available with just a usb-key and a small set of passwords ( both of which are easily accessable to them in my safe ) ... may not be perfect , but its very easy to do ( low maintenance ) and always up to date .

webd · Aug 31, 2007

VirtualT said:
...never keep registrar passwords stored in any cache. Browser vulnerabilities are being discovered all the time, a malicious website executes a bit of code via a buffer overflow and BAM your history, literally.

In Firefox, copying all your passwords involves copying just two text files. It's very fast and easy. There are easy ways to do it in IE also...

Creating a "master password" in Firefox helps prevent casual cracking, but the master password can be broken also.