Slashdot Mirror
Best Tool For Remembering Passwords?
StonyCreekBare writes "Lately I've been rethinking my personal security practices. Should my laptop be stolen, having Firefox 'fill in' passwords automatically for me when I go to my bank's site seems sub-optimal. Keeping passwords for all the varied sites on the computer in a plain-text file seems unwise as well. Keeping them in my brain is a prescription for disaster, as my brain is increasingly leaky. A paper notepad likewise has its disadvantages. I have looked at a number of password managers, password 'vaults' and so on. The number of tools out there is a bit overwhelming. Magic Password Generator add-in for Firefox seems competent, but it's tied to Firefox, and I have other places and applications where I want passwords. And I might be accessing my sites from other computers that don't have it installed. The ideal tool in my mind should be something that is independent of any application, browser, or computer; something that is easily carried, but which if lost poses no risk of compromise. What does the Slashdot crowd like in password tools?"
Just use the same password for everything. I use "1234".. its the same as my luggage combo
I have to return some videotapes...
The ideal tool in my mind should be something that is independent of any application, browser, or computer; something that is easily carried, but which if lost poses no risk of compromise. What does the Slashdot crowd like in password tools?"
I've come up with an incredible solution to your problem!
Used condom wrapper: It fits in your wallet. It's easy to come by. Almost nobody will stop to pick up and investigate your used condom wrapper for secret passwords.
Pros:
- It's highly likely to be thrown away by a pissed-off janitor if it is found
- It could be infected with a disease, so people won't want to touch it
- It gives you "this geek may have had sex cred", and believe you-me... That comes in handy
Cons:
- If you keep it in your pocket and it gets washed, you might have some 'splaining to do to your committed girlfriend or wife
Other than that, it's pretty much a perfect idea.
I'll Paypal you an invoice for my time. TIA.
Post-It notes have the distinct advantage that no computer virus or Trojan can steal it.
"My country, right or wrong; if right, to be kept right; and if wrong, to be set right." --Senator Carl Schurz (1872)
Do what every idiot in my office does - use their name.
Sure, I try to change the password policy on the server, but of course management gets mad because they can't use "bill" to login and "bill" for a password.
Just this morning someone was all in a huff that there was an open document on their computer. Well, change the password retard, and logout at the end of the day.
BTW, I'm the sysadmin.
Seriously though, if you really can't remember, try using paper and pen in a very cryptic method so as to not shout "I'm a password list" or use a "base" password and addon specifics regarding the login site, for example, for facebook "billbook," for google, "billgoogle," you know, like the retards in my office.
Inside the plain text file, of course!
for a long time... it was a little keychain dongle... you push a sequence on the buttons on front and it lets you see the passwords. There are not that many buttons, so if it's stolen don't expect it to last more than a few days, but it'll slow 'em down hopefully long enough to let you change your passwords.
but mine broke :(
Websites could do more to protect their users too. For example if you accidentally write your password here on Slashdot comments, it comes up as masked. Like for example my password is ********.
Really? That works? My password is hunter32. :P
Seems like i can see it still though.
A guy I used to work with told me a story about a late-night support call with the operations center. He figured out that they needed to run a job that was under someone else's account. So they conference-called in this other guy at home in the middle of the night, and asked him for his password. He refused to give it over the phone, and the operations people were getting madder and madder because the night's jobs were being held up. Finally, he agreed to give them the password but only if they turned off the speaker phone.
The guy's password was BigBlackDonkeyDick.
Hilarity ensued. I'm pretty sure the whole shop knew the guy's password by the next morning (hell, I still remember it and I didn't even know the guy!)
John
Really? I couldn't see it. this is what i saw
Really? That works? My password is ********.
You only see it because it's your password. Everyone else sees it like this:
Really? That works? My password is ********.
You only see it because it's your password. Everyone else sees it like this:
Really? That works? My password is ********.
is your password just 8 *'s ?
Hey, wait...how did you know my password?
Not me...my password is:
1...2...3....4............5
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
I put on my robe and wizard hat...
Good. Cheap. Fast. Pick Two.
brilliant social engineering.
I almost tried it for a second...
Sorry, but is NOT hard to guess. I guess Ngbu9E. See, it is not that difficult after all.
I have circumstantial evidence of someone trying to hack into an account of mine--they were unsuccessful.
Or they were very successful!
He didn't know your password. He just typed "********" but you saw it as "hunter32" because that's your password.
I have the same combination on my luggage!
I find the easiest thing is to create a unique password for each website that is tied to the website's name. This way, I can simply look in the browser's URL bar and easily generate the password.
The way I do this is to take the SHA-1 algorithm, change the values in the look up table to only values that I know. So each round of SHA-1 generates a different hash code than the standard SHA-1 algorithm would. It is easy from there, I simply run each URL through my variation SHA-1 and then use the 20 byte hash value as the password. For variation, I will enter the passwords in binary, hex, or octal depending on my mood.
It is all pretty simple. For real security, it is best to not have an application on your computer to calculate it since someone could find it and generate all your passwords or potential passwords. I just remember the lookup table and the SHA-1 algorithm and work it out with yellow pad and pencil.
The bonus to do it this way is that my stock in the companies that manufacture legal pads and pencils has gone up substantially.
I have a similar setup, I have this on a piece of paper in my wallet
ABCDEFGHIJKLMNOPQRSTUVWXYZ
and I simply remember which letter my password starts with, and then what letter comes second etc.
For example, if my password was SLASHDOT, I would start by remembering the first letter, which is S, then remember the second letter, which is L, and I continue remembering until I have completed the password.
You could keep them on a 5.25" floppy disk...not very many people would bother with that!
.sig
Then I revert to my backup backup, which I keep on a post-it note stuck to my work computer.