Hello: I'd like to ask everyone - especially those with multiple online bank accounts and/or who have done AOR's - how you manage passwords. I've searched the FW forums but have not found anything on this topic. Right now my passwords are either stored in my head or on a sheet of paper. I'm wondering if there is a better way. I've been intrigued by roboform (www.roboform.com) and a quick google search reveals quite a few pw management programs that I've never heard of as well. Obviously, I have some issues with giving up my passwords to a program, but the convenience factor might win me over. Also, anyone have any old-fashioned (non high-tech) ways to remember a password?
Users like you can add images, links and other relevant information about this topic.
posted: Dec. 2, 2006 @ 3:35a
LustfortheMoment
Senior Member - 1K
posted: Dec. 2, 2006 @ 5:18a
I keep them all in a small telephone-address book. I'm not anxious to store them on a web-based program. I would guess that there must be free-standing programs which could be loaded on to your computer, but I'd be concerned about the risk of hackers.
Roboform-ing here all the way. I have dozens of passwords for all kinds of websites, so I can't remember everything, I feel confident enough with this software. I also have copies of all passwords in "Any Password"
P.S. Roboform is not web-based
leedsutd67
Senior Member
posted: Dec. 2, 2006 @ 6:29a
RushnRockt said: Roboform-ing here all the way. I have dozens of passwords for all kinds of websites, so I can't remember everything, I feel confident enough with this software. I also have copies of all passwords in "Any Password"
P.S. Roboform is not web-based[/Q
I second that suggestion.</blockquote>
EaglesFan
New Member
posted: Dec. 2, 2006 @ 7:20a
RoboForm....plus they have a version that saves to a USB Key instead of any one particular machine. I only use the desktop version however....never had a problem.
highmktgoods
Senior Member
posted: Dec. 2, 2006 @ 7:25a
I keep mine in an encrypted excel file. However, even if someone gained access to that, I have the actual passwords stored in a different location; the excel file only has a reference/code word for each password.
I tried Roboform but after 1 month or so, it would not save new passwords. I though it was a free version. Any input ?
leedsutd67
Senior Member
posted: Dec. 2, 2006 @ 8:29a
First 10 password are free, to store more costs $20 well worth it.
DoggieBert
Broke Member
posted: Dec. 2, 2006 @ 8:51a
I highly recommend Keypass Password Safe. I've used it to store all my passwords for a year or so now. It's open source, and free is better than not free.
sammy1224
Senior Member
posted: Dec. 2, 2006 @ 8:52a
I always post my passwords on Fatwallet... That way, I always know where to find them.
golf247
Addicted Member
posted: Dec. 2, 2006 @ 9:16a
Second KeePass. Doesn't have to be installed, thus can work well with work lappys where I don't have admin rights And can be on a thumb drive to allow for viewing on any computer without having to install, etc.
Only been using for about 3 months, but so far I think it is good, safe and accesible for spouse in the case that I die traveling (prior system was similar to Lust's, small notebook with pwd's but username was not written)
sammy1224 said: I always post my passwords on Fatwallet... That way, I always know where to find them. besidesw, if you forget, all others can remind you of the forgotten password.
I use roboform. It saves passwords, generates relatively strong passwords, and is also able to fill out many web based forms (when I create an account on a new website, I click on a roboform button and it tries to fill in my name, email, address, phone #, etc which saves a lot of time and reduces the possibility of typos).
Yodlee also has my passwords. At one point, I became worried and changed my Yodlee password to a very strong, random password. If someone had access to that account, they could do a lot of damage.
Slugabed
Member
posted: Dec. 2, 2006 @ 9:58a
I put my login and user info along with my bookmarks, but I enter them in a cryptic manner that only I could recognize.
slunk
New Member
posted: Dec. 2, 2006 @ 10:04a
golf247 said: Second KeePass. Doesn't have to be installed, thus can work well with work lappys where I don't have admin rights And can be on a thumb drive to allow for viewing on any computer without having to install, etc.
Only been using for about 3 months, but so far I think it is good, safe and accesible for spouse in the case that I die traveling (prior system was similar to Lust's, small notebook with pwd's but username was not written) Been using this for about two years. Excellent open-source software!
KGZotU
Broke Member
posted: Dec. 2, 2006 @ 12:52p
One thing you might find useful is a password scheme, so you can figure out any web password just from the name of the site you're on.
You might start with a secure random pass-phrase that has at least one each of a capital letter, lower case letter, and a number. Then take the first letter of the site and bump it up by two letters, then insert it into the third position in your passphrase. Then take the third letter of the site and bump it down by one and insert it into the fifth position of your passphrase.
For example, I'm signing on to FatWallet. My secure passphrase is u8lnBt. From 'FatWallet', f -> h and t -> s, so my password for FatWallet is u8hlsnBt.
Because it may be possible for a concerted effort to yield your forum passwords, and thus find the pattern, I would segment my passwords into three levels. The first and most common level I would use on forums, etc., where a security breach would be trivial. The second I'd use on financial sites where a breach could really suck. The third I'd use for my business matters where a breach could be devestating. Each level would have a different passphrase and an increasingly more complicated scheme.
--Joe
fallenangel99
Shopaholic Member
posted: Dec. 2, 2006 @ 4:19p
I use Any Password Link. There is a freeware version and it's really simple to use. You can also protect the password file such that when you want to look up a password, it will prompt you for the master password.
mespin
Ancient Member
posted: Dec. 2, 2006 @ 4:53p
It's not just passwords -- it's also usernames that need to be managed. I have so many usernames, account numbers, etc. on various sites.
I just use Yodlee to view/auto-login to my accounts. The MoneyCenter version also has a feature to reveal your password if you ever need your login info.
For the accounts that don't work with Yodlee, I have an encrypted Access file
most any encrypted or password protected software file is better than a sheet of paper or other hardcopy that can be lost or stolen. and there are other software programs out there that will try to 'guess' your password. brute force methods that try all combinations of keys are getting faster thanks to faster computers but still, the longer your password, the longer it takes.
zzzpcpzzz
Addicted Member
posted: Dec. 2, 2006 @ 6:11p
I have been using passwordsafe for a few months now and am very happy with it. I only wish it had a sidebar like interface but I haven't found any reasons to switch from it. If you have a fingerprint reader, like I do, then you don't even need to enter password for the master database. Just scan your finger and you are good to go.
leedsutd67 said: First 10 password are free, to store more costs $20 well worth it. Another vote for Roboform. Actually, it's $30, but if you use coupon code INP you get $10 off. You can also get $10 off by claiming to be a low income user, which you don't have to prove but they could ask.
Wow, for FW finance we sure have a lot of people spending cash on software to do what excel can do for free (there are freeware form fillers as well). Excel on a locked USB key is how I do it. It's funny all the ways people go about 'protecting' themselves - once you move into pws more complex than 'password' your biggest concern is people with physical access (cleaning/housekeeper/family) installing a sw or (more worrisome and less detectable) HW keylogger.
Vikings360
Happy Member
posted: Dec. 2, 2006 @ 8:41p
I use opera. So easy.
rasu
Ancient Member
posted: Dec. 2, 2006 @ 9:37p
I use Password Corral. All of my coworkers uses password corral as we have too many password that needs to be changed in timely basis as they expire and there is no way to remember all passwords.
I wouldn't use encrypted excel. The encryption on office files can be broken quite quickly (google excel password recovery). If you do, don't name it password or something obvious.
Truecrypt (http://www.truecrypt.org/) is an extremely powerful, free, encryption tool. Easy to use, and can encrypt usb keys, and chunks of your file system. Just make a small encrypted space (you can even create hidden encrypted spaces) and put files in there. As long as somebody doesn't have a keystroke logger to record the password to get in (use a strong password that is different from common ones) you can put lists of other passwords in there.
bterwilliger said: Wow, for FW finance we sure have a lot of people spending cash on software to do what excel can do for free (there are freeware form fillers as well). Excel on a locked USB key is how I do it. It's funny all the ways people go about 'protecting' themselves - once you move into pws more complex than 'password' your biggest concern is people with physical access (cleaning/housekeeper/family) installing a sw or (more worrisome and less detectable) HW keylogger.
As mentioned, Roboform also lets you easily fill-in forms and log on to all your accounts. And of course, it has its own password to be able to use it.
Wow, for FW finance we sure have a lot of people spending cash on software to do what excel can do for free (there are freeware form fillers as well). Excel on a locked USB key is how I do it. It's funny all the ways people go about 'protecting' themselves - once you move into pws more complex than 'password' your biggest concern is people with physical access (cleaning/housekeeper/family) installing a sw or (more worrisome and less detectable) HW keylogger. Gotta throw my hat in with the Roboform crowd. Its probably one of the best software packages I've ever purchased. There's also a PDA option for viewing passwords on the go.
d3vil
Member
posted: Dec. 3, 2006 @ 9:06a
I also vouch for Keepass.. Open source software that works as well or better than commercial software and it has a small memory footprint. http://keepass.sourceforge.net/
I've been using it for about a year now. Supports AES Rjindael encryption.
The only con i see is that it doesn't fill in passwords for you on websites automatically. However, it does have shortcuts to copy your login/password into the copy/paste buffer for you to paste it. (It automatically clears the buffer after x number of seconds, so other programs can't read your password from memory.)
Storing passwords in there is vastly superior than storing it on paper or passworded excel (easily crackable). It would be very difficult to crack the master password for Keepass if you have a good/mixed/long password. I've made my master password about 25 characters long, so it would take a long time to brute force it. Keepass also has a feature where you can store a key file on a usb flash drive, so that any time you want to open up Keepass you have to have the master password and the flash drive to get to your passwords. People who may have keystroke logged your password would need your flash drive in addition to your master password to get to your passwords.
NextLevel
Member
posted: Dec. 3, 2006 @ 10:34a
Roboform hands down. I have about 3/4 licenses, and 2 usb drives with the u3 version. (Me and my better half)
Best money I ever spent on anything online.
Could not live without it.
sunspotzsz
Senior Member
posted: Dec. 3, 2006 @ 11:28a
I use the same user name and password for all the online banking accounts. That way I never forget and never have to rely on any software. I am not comfortable with giving my password to anyone, including the software.
MilesHeighway
Broke Member
posted: Dec. 3, 2006 @ 12:41p
Invent your own password scheme. It's not that hard.
[edit : and don't post it on FW ]
blair222
Senior Member - 1K
posted: Dec. 3, 2006 @ 8:44p
I have a book I keep in a drawer! How archaic is that! I doubt someone could figure out my code for the accounts and I have about 4 passwords I use and I only write the first 3 letters down, since I know the passwords by heart. I have 5 years of passwords in there and it must be at least 100 different ones. ( Credit Card logins, banking, forums,shopping....) crazy! the only problem is if I die, no one in my family will be able to access all my stuff, so I need to set that up better in my will! ( yeah, about that will I need to get around too...)
d3vil said: I also vouch for Keepass.. Open source software that works as well or better than commercial software and it has a small memory footprint. http://keepass.sourceforge.net/
......
The only con i see is that it doesn't fill in passwords for you on websites automatically. However, it does have shortcuts to copy your login/password into the copy/paste buffer for you to paste it. (It automatically clears the buffer after x number of seconds, so other programs can't read your password from memory.)
...
It does enter passwords - simi-automatically. You have to set up a keyboard shortcut that you then hit. It will then detect the webpage and fill in the information. There are advance coding options for websites that do not use the standard "User Name" "Password" input box.
P.S - I also recommend KeePass. I am pushing 150+ entries and add to it all the time. I have already lost one Thumb drive with my database on it (I still think it is in my house somewhere). I am not worried though, i have changed all the passwords and the Thumb drive was also encrypted with Truecrypt.
RareWS6
Happy Member
posted: Dec. 3, 2006 @ 9:14p
RushnRockt said: Roboform-ing here all the way. I have dozens of passwords for all kinds of websites, so I can't remember everything, I feel confident enough with this software. I also have copies of all passwords in "Any Password"
P.S. Roboform is not web-based
roboform for me as well, great program. for backup, i use my palm. edit: and, as for many others, when i write down the passwords, i store them in cryptic form only I know
makeinu
Thrifty Member
posted: Dec. 3, 2006 @ 9:32p
all my passwords are related by a simple but obscure scheme which combines: 1. A handful of strong passwords that I've been using for years and have, thus, memorized. 2. A particular piece of information from the website I'm trying to access. 3. The primary role of the website in my life (for example, checking account, shopping site, AOR cards, etc).
Using these three pieces of information, my scheme then employs a simple but intuitive form of encryption (in fact, it's so intuitive that I don't even know what most of my passwords actually are...I just know how to enter them) to derive the actual password.
I would recommend this kind of system to everybody. For the most part I don't have to remember anything except what I'm doing (ie what site I am visiting and why I am visiting it) and a couple of pieces of ingrained information, yet I'm sure I end up generating passwords that look completely random. The only weakness is that I sometimes have to make exceptions for websites with restricted character sets.
I just use "password1234!@#$" on all sites... it is much easier!!!
JUST KIDDING!!!
andrewli
Senior Member
posted: Dec. 3, 2006 @ 10:16p
It does enter passwords - simi-automatically. You have to set up a keyboard shortcut that you then hit. It will then detect the webpage and fill in the information. There are advance coding options for websites that do not use the standard "User Name" "Password" input box.
I just installed KeePass the other day - and I don't see where this option is? Is this one of the plug-ins?
humangenomics
Thrifty Member
posted: Dec. 3, 2006 @ 10:44p
I use passwordmaker (http://passwordmaker.org), which is a firefox extension. Just remember a master password, and your site-specific password is calculated on the fly, and can be copied to the clipboard. Nothing to be stolen, and nothing can be key-logged. It also has some sort of fill-in capability. And an online version is also available.
Password Safe: http://passwordsafe.sourceforge.net/ available in multiple languages and a U3 version. Also see: http://www.schneier.com/passsafe.html
Roboform is very handy and easy to use as well.
As previously mentioned, TrueCrypt looks very attractive for overall system encryption (http://www.truecrypt.org/). I have not tried it yet, but it's on my list to evaluate.
All these tools depend upon the security of the software (do you trust the code) and the underlying computer (are all applications and the OS kept up to date and patched). If the computer/network is compromised, you are potentially vulnerable to local keylogging or hijacking. You are also vulnerable to breaches in the remote system - not something you have control over, but by changing your passwords periodically, and using different strong passwords for each of the sensitive sites you access (i.e., sites involving money), you can exercise some control over your risk exposure.
For general security discussions, check out http://www.counterpane.com/crypto-gram.html. Previous newsletters are available online.
Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.
Members of our community may attach files to a post in accordance with the User Agreement. FatWallet is not responsible for the content, accuracy, completeness or validity of any information contained in any attached file. Files have *not* been scanned for viruses. Be especially wary of Excel files which may contain malicious content.
