Firebird
Senior Associate
Joined: Dec 29, 2010 12:55:06 GMT -5
Posts: 12,448
|
Post by Firebird on Mar 16, 2011 18:31:24 GMT -5
Once upon a time, I used to keep them in my brain but that plan is... not foolproof, shall we say. Especially now that I work for a company that requires me to have a million different log-in IDs and passwords for various applications.
The current location of my passwords troubles me because it's not all that secure and I have some personal accounts on there as well as work-related ones. If anyone ever found it and decided to screw me, I'd be up a creek. You could steal my identity and most of my money in one fell swoop.
But I can't just lock it away in a safe because I refer to these accounts all the time.
So how do you wise YMers solve this dilemma?
|
|
busymom
Distinguished Associate
Why is the rum always gone? Oh...that's why.
Joined: Dec 25, 2010 21:09:36 GMT -5
Posts: 28,423
Mini-Profile Background: {"image":"https://cdn.nickpic.host/images/IPauJ5.jpg","color":""}
Mini-Profile Name Color: 0D317F
Mini-Profile Text Color: 0D317F
|
Post by busymom on Mar 16, 2011 18:36:51 GMT -5
Can you develop a pattern to your passwords? Like, 1Firebird, 2Firebird, 3Firebird, or do you work at one of those annoying places that makes you change your password every 3 months. Been there...
|
|
chiver78
Administrator
Current Events Admin
Joined: Dec 20, 2010 13:04:45 GMT -5
Posts: 38,608
|
Post by chiver78 on Mar 16, 2011 18:45:28 GMT -5
Can you develop a pattern to your passwords? Like, 1Firebird, 2Firebird, 3Firebird, or do you work at one of those annoying places that makes you change your password every 3 months. Been there... I work at one of those annoying places, and have an addition to the pattern - I've timed my password changes to the season. unfortunately where I run into trouble is we've got 2 applications that change at the 60-day mark. one of those, I don't use very often and sometimes will miss a cycle for the time-out.
|
|
SVT
Well-Known Member
Joined: Dec 20, 2010 15:39:33 GMT -5
Posts: 1,491
|
Post by SVT on Mar 16, 2011 18:58:28 GMT -5
I'm in network/computer security. Those things might be annoying, but it's for you and your company's good. Taking security precautions is always "annoying", but depending on the information being protected it's necessary.
|
|
Firebird
Senior Associate
Joined: Dec 29, 2010 12:55:06 GMT -5
Posts: 12,448
|
Post by Firebird on Mar 16, 2011 18:58:46 GMT -5
Not only do I work at one of those "annoying" places, I have three separate logins for a single site that makes me change my password every 60 days All three of the logins are necessary for my work AND I got them at different times so at least one of them is changing once a month and I'm constantly trying to remember which password goes with which login. I understand the necessity and I don't really mind, but it does feel like a Rubik's cube at times. I *do* use a naming convention, but that troubles me too - if someone ever cottoned on to it, figuring out 90% of my passwords would not be difficult. I'm thinking a password-protected Word document might be a step in the right direction. At least it would be better than what I've got going on right now...
|
|
kgb18
Senior Member
Joined: Dec 18, 2010 8:15:23 GMT -5
Posts: 4,904
|
Post by kgb18 on Mar 16, 2011 19:00:12 GMT -5
In my head, which isn't really the best storage system. I forget a lot of them.
|
|
RoadToRiches
Familiar Member
Formerly "indebt"
Joined: Jan 4, 2011 11:08:00 GMT -5
Posts: 965
|
Post by RoadToRiches on Mar 16, 2011 19:00:45 GMT -5
I keep pattern to different sites/purposes for different things. There is NO way anyone would figure out what my password is. lol
|
|
SVT
Well-Known Member
Joined: Dec 20, 2010 15:39:33 GMT -5
Posts: 1,491
|
Post by SVT on Mar 16, 2011 19:05:00 GMT -5
Not only do I work at one of those annoying places I have three separate logins for a single site that makes me change my password every 60 days AND I got the logins at different times so at least one of them is changing once a month and I'm constantly trying to remember which password goes with which login. I *do* use a naming convention, but that troubles me too - if someone ever cottoned on to it, figuring out 90% of my passwords would not be difficult. I'm thinking a password-protected Word document might be a step in the right direction. At least it would be better than what I've got going on right now... You must work at a place with very sensitive data that must only be accessed by the necessary people. I work in the Intelligence Community, a Top Secret environment. Even though everyone that works there has a Top Secret clearance, there are different compartments and accesses that data is stored in. Anyway, I have roughly 20 accounts for work alone. It's "annoying" but very necessary, possibly in ways you have not thought of. To answer your question, I think the best thing to do is to hold the passwords in a password protected Word or Excel document. Mine are in an Excel document.
|
|
SVT
Well-Known Member
Joined: Dec 20, 2010 15:39:33 GMT -5
Posts: 1,491
|
Post by SVT on Mar 16, 2011 19:13:14 GMT -5
You can also store the file in a folder and keep the folder "hidden". Not a lot of people know about hidden folders.
|
|
Anne_in_VA
Junior Associate
Joined: Dec 20, 2010 14:09:35 GMT -5
Posts: 5,509
|
Post by Anne_in_VA on Mar 16, 2011 19:27:23 GMT -5
SVT - how do you "hide" a folder? That's a good idea except what if I forget the password?
|
|
chiver78
Administrator
Current Events Admin
Joined: Dec 20, 2010 13:04:45 GMT -5
Posts: 38,608
|
Post by chiver78 on Mar 16, 2011 19:29:44 GMT -5
Not only do I work at one of those "annoying" places, I have three separate logins for a single site that makes me change my password every 60 days All three of the logins are necessary for my work AND I got them at different times so at least one of them is changing once a month and I'm constantly trying to remember which password goes with which login. ugh, what a PITA! can you reset them at your whim? if you can, I'd suggest resetting them all to the same timing. thankfully all of mine can be reset whenever I want. as soon as I reset my Windows login, I reset everything else that goes on a 90-day cycle.
|
|
Firebird
Senior Associate
Joined: Dec 29, 2010 12:55:06 GMT -5
Posts: 12,448
|
Post by Firebird on Mar 16, 2011 19:33:06 GMT -5
ugh, what a PITA! can you reset them at your whim? if you can, I'd suggest resetting them all to the same timing. thankfully all of mine can be reset whenever I want. as soon as I reset my Windows login, I reset everything else that goes on a 90-day cycle.
Probably, but even though it's annoying I usually log in under all the names often enough that I rarely forget a current password.
I just transferred the ones I had at my desk to a password-protected Word document and I'll get a few additional ones from home tonight to add into it as well. Then I should be fairly safe. Safer, anyway.
|
|
RoadToRiches
Familiar Member
Formerly "indebt"
Joined: Jan 4, 2011 11:08:00 GMT -5
Posts: 965
|
Post by RoadToRiches on Mar 16, 2011 19:34:33 GMT -5
Give me 2 minutes and that Excel password is cracked.
The only and probably best way to secure your passwords is by using encryption software to encrypt your excel spreadsheet if a person is that paranoid.
|
|
wodehouse
Familiar Member
Joined: Jan 10, 2011 16:35:08 GMT -5
Posts: 786
|
Post by wodehouse on Mar 16, 2011 19:35:55 GMT -5
I keep my personal passwords for everything in an Excel workbook. As Firebird suggests, this one file would allow someone access to much of my life (at least I purposely do not keep social security numbers in there). The link to the website log-in is right there, with username and password. I just click to open the page, copy and paste the user and password. Simple!
However, this workbook file is kept in a password protected encrypted drive. I use Truecrypt for the encryption and am quite fond of it. (www.truecrypt.org)
Now that I describe this I’m tempted to split these up somehow…username and passwords in separate files but accessible automatically by some sort of technique.
I use rather long passwords (even up to 32 characters). Recently I have been using a random phrase generator (on web) to generate usernames and passwords, since I use the copy/paste technique for most sites/applications there’s no need for me to worry about mnemonics and length.
This file is kept on an encrypted USB flash drive. If I travel I temporarily copy the encrypted files to my laptop drive (so I don't bring the flash drive along and risk its loss). The laptop itself has encrypted drive and I also use a BIOS password (based on research preparing for a trip to China 2 years ago).
edited to add: I guess I am that paranoid!
ETA: even encrypted drives can be compromised by "evil maid" type attacks. When I travel I keep my laptop in the hotel room safe (for whatever good that might be). Physical security of the data is the safest protection.
|
|
schildi
Well-Known Member
3718 and no text
Joined: Jan 14, 2011 1:38:58 GMT -5
Posts: 1,799
|
Post by schildi on Mar 16, 2011 19:45:54 GMT -5
I have a spreadsheet with all passwords on my computer, on an encrypted HDD. The passwords or not exactly written down there, they are decoded in a way that I invented, lol. What you read there basically only makes sense to me, kind of more like password hints. So even if somebody would steal the laptop and get through the encryption, and then find the file buried somewhere with a weird name, they could not use it.
|
|
Firebird
Senior Associate
Joined: Dec 29, 2010 12:55:06 GMT -5
Posts: 12,448
|
Post by Firebird on Mar 16, 2011 19:51:37 GMT -5
schildi and wodehouse, you guys are making my head hurt ;D Hopefully the password-protected file is good enough for now... it's only on my work computer and in my gmail account, don't intend to move it anywhere else.
Of course, I guess my gmail account isn't that secure either /facepalm
|
|
wodehouse
Familiar Member
Joined: Jan 10, 2011 16:35:08 GMT -5
Posts: 786
|
Post by wodehouse on Mar 16, 2011 19:59:34 GMT -5
Firebird, I wouldn't keep any personal or financial passwords in an unencrypted file that was on a "public" computer (even your employer's computer). Passwords for Office-type applications are pretty readily cracked. Encryption is much more secure. Or keep your passwords written down in a notebook and keep the notebook under lock and key...for your personal and financial information at least.
|
|
SVT
Well-Known Member
Joined: Dec 20, 2010 15:39:33 GMT -5
Posts: 1,491
|
Post by SVT on Mar 16, 2011 20:13:08 GMT -5
SVT - how do you "hide" a folder? That's a good idea except what if I forget the password? Right click the folder and click properties. Check the hidden box. Then go to folder options in My Documents or My Computer or whatever and select do not show hidden folders. ETA: Oh, and hidden folders are not password protected. It seems you are getting the two mixed up? I had suggested password protecting the FILE, then storing that file in a "hidden" FOLDER. Doing that would deter a lot of people from having access to it. To be safe, I would use a very complex password to the document holding all the passwords. As for the hidden folders, it's not going to work if you're keeping it from someone who knows computers.
|
|
SVT
Well-Known Member
Joined: Dec 20, 2010 15:39:33 GMT -5
Posts: 1,491
|
Post by SVT on Mar 16, 2011 20:19:04 GMT -5
Give me 2 minutes and that Excel password is cracked. The only and probably best way to secure your passwords is by using encryption software to encrypt your excel spreadsheet if a person is that paranoid. Not necessarily. It depends on the password. A lot of the passwords I use for financial stuff, I use passwords that would take months to crack with software. I use capital letters, lower case letters, numbers, and special characters and it's around 12 characters long. You can't crack that in 2 minutes. This is the reason that companies that have employees who have access to really confidential data force them to use complex passwords as well as change them every 60 - 90 days. It would take a few months for the password to be cracked, and the password is changed again before the few months is up. You can crack simple passwords in no time though. The need for password complexity depends on the data you are trying to protect, though. In some cases, you may not really need/want a complex password like the kind I described above.
|
|
lynnerself
Senior Member
Joined: Jan 3, 2011 11:42:29 GMT -5
Posts: 4,166
|
Post by lynnerself on Mar 16, 2011 20:20:38 GMT -5
The three main ones in my head. A bunch of others on a piece of paper in a file drawer. If someone really wants into my monthly quality control submissions they are welcome to it.
|
|
TheOtherMe
Distinguished Associate
Joined: Dec 24, 2010 14:40:52 GMT -5
Posts: 27,245
Mini-Profile Name Color: e619e6
|
Post by TheOtherMe on Mar 16, 2011 20:33:46 GMT -5
For things with financial data, I use a password generator and they are on an Excel spreadsheet. I should password protect that, but I haven't.
For things like forums, I use a pretty simple password. Anything I post on these places won't get you to anything important in my life.
I will have to look at Truecrypt and see what I think. Sounds like a good idea.
|
|
MN-Investor
Well-Known Member
Joined: Dec 20, 2010 22:22:44 GMT -5
Posts: 1,939
|
Post by MN-Investor on Mar 16, 2011 20:59:37 GMT -5
I use a software program called Any Password. The file I create is password protected and NOT named something like MyPasswords.whatever. I use Dropbox to keep the file synced between my desktop and my netbook.
|
|
|
Post by illinicheme on Mar 16, 2011 21:21:34 GMT -5
They're mostly all in my head. A couple are written down on a little notebook near my computer so that DH has them for reference if he needs them.
I'm not nearly as secure as I should be. Most of my individual passwords are reasonably secure (combo of characters, nothing anyone would ever guess, etc.), but I'm only have about five total that I use for pretty much everything. Someday I'll actually get around to the password-protected spreadsheet of all the super-hard-to-break passwords....
|
|
midjd
Administrator
Your Money Admin
Joined: Dec 18, 2010 14:09:23 GMT -5
Posts: 17,719
|
Post by midjd on Mar 16, 2011 21:22:56 GMT -5
Mine are in a password-protected Excel sheet with a really random title. I started it so that DH would have some direction on our finances if anything were to happen to me (he knows where we bank and that's about it) but it ended up being a good repository for passwords, too.
|
|
wvugurl26
Distinguished Associate
Joined: Dec 19, 2010 15:25:30 GMT -5
Posts: 21,721
|
Post by wvugurl26 on Mar 16, 2011 21:26:28 GMT -5
Work ones are written down and in a file. I lock the drawer at night. At least its not on a sticky under my keyboard. Seriously there is no way in hell I can remember all the different login names and passwords. I can remember my logon one but rarely the rest of them. My personal ones are a mess. They are written down but I'd bet there's at least 15 ones I need to add. Mostly an issue of me not using them often enough. I have a convention now that I try to stick to for personal ones but I have a bunch from before I got smart and did that.
|
|
cronewitch
Junior Associate
Joined: Dec 20, 2010 21:44:20 GMT -5
Posts: 5,974
|
Post by cronewitch on Mar 16, 2011 21:34:18 GMT -5
We have a huge safe at work with a list of all passwords. I am supposed to record when I change passwords but I go back and forth between the same ones so if something happened my boss could figure it out. I memorize all my passwords I use all the time and randomly write others on spreadsheets for when I want them. Like I have a excise tax spreadsheet and list the city and state website passwords on it, someone could break in and pay our taxes. I use a simple password for things I don't care about like message boards and an entirely different passwords for private things.
|
|
azphx1972
Familiar Member
Joined: Mar 2, 2011 22:08:36 GMT -5
Posts: 809
|
Post by azphx1972 on Mar 17, 2011 3:04:09 GMT -5
|
|
qofcc
Well-Known Member
Joined: Dec 20, 2010 13:30:58 GMT -5
Posts: 1,869
|
Post by qofcc on Mar 17, 2011 7:06:19 GMT -5
At work I have 10 different systems that need passwords and I use a naming convention, but we can't make all of the passwords the same because they have naming rules that conflict... GRRR. I write them down on a piece of paper and keep it in a not obvious but easy to access location.
If I don't have my password cheat sheet with me and forget it and lock myself out, I just call the help desk and have them reset it. If they didn't make this so ridiculously complicated, I wouldn't need to bother them, so I figure it's their fault and they can just drop what they're doing and deal with it when I need them to.
Personal passwords have a very different naming convention and I keep them on a different piece of paper stored somewhere else, but mask them so they look like something else (ie, a mailing address or e-mail address or SS#).
|
|
RoadToRiches
Familiar Member
Formerly "indebt"
Joined: Jan 4, 2011 11:08:00 GMT -5
Posts: 965
|
Post by RoadToRiches on Mar 17, 2011 8:00:50 GMT -5
Give me 2 minutes and that Excel password is cracked. The only and probably best way to secure your passwords is by using encryption software to encrypt your excel spreadsheet if a person is that paranoid. Not necessarily. It depends on the password. A lot of the passwords I use for financial stuff, I use passwords that would take months to crack with software. I use capital letters, lower case letters, numbers, and special characters and it's around 12 characters long. You can't crack that in 2 minutes. This is the reason that companies that have employees who have access to really confidential data force them to use complex passwords as well as change them every 60 - 90 days. It would take a few months for the password to be cracked, and the password is changed again before the few months is up. You can crack simple passwords in no time though. The need for password complexity depends on the data you are trying to protect, though. In some cases, you may not really need/want a complex password like the kind I described above. It's not how long your password is. It's what kind of encryption you are using. With old Office files, their encryption was very weak. They improved it now with new Office suite. So, if you used older version of office with your super complicated password - 2 minutes. ;D maybe not exactly 120 seconds...but it would be still pretty short. How do you know it would take "months" to crack your password? Did you actually have someone that works with encryption and network security do it? Or is this just something you think it would take that long?
|
|
Deleted
Joined: May 12, 2024 0:57:22 GMT -5
Posts: 0
|
Post by Deleted on Mar 17, 2011 8:20:42 GMT -5
I have a list taped to the inside of my cupboard door. If someone is going to access it they have to physically be in my office. Then they have to know how to find the different sites they are for. The 2 main passwords that would allow someone to cause some damage I have memorised.
|
|