Slashdot Mirror

← Back to Stories (view on slashdot.org)

Best Tool For Remembering Passwords?

Posted by kdawson on from the encrypted-plain-text-file-on-a-stick dept.

StonyCreekBare writes "Lately I've been rethinking my personal security practices. Should my laptop be stolen, having Firefox 'fill in' passwords automatically for me when I go to my bank's site seems sub-optimal. Keeping passwords for all the varied sites on the computer in a plain-text file seems unwise as well. Keeping them in my brain is a prescription for disaster, as my brain is increasingly leaky. A paper notepad likewise has its disadvantages. I have looked at a number of password managers, password 'vaults' and so on. The number of tools out there is a bit overwhelming. Magic Password Generator add-in for Firefox seems competent, but it's tied to Firefox, and I have other places and applications where I want passwords. And I might be accessing my sites from other computers that don't have it installed. The ideal tool in my mind should be something that is independent of any application, browser, or computer; something that is easily carried, but which if lost poses no risk of compromise. What does the Slashdot crowd like in password tools?"

22 of 1,007 comments (clear)

  1. Simple by CrAlt · · Score: 2, Funny

    Just use the same password for everything. I use "1234".. its the same as my luggage combo

    --
    I have to return some videotapes...
    1. Re:Simple by TangoMargarine · · Score: 2, Funny

      I don't think he was trying to be funny.

      --
      Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
  2. Post-It Note on the Monitor by Prototerm · · Score: 4, Funny

    Post-It notes have the distinct advantage that no computer virus or Trojan can steal it.

    --
    "My country, right or wrong; if right, to be kept right; and if wrong, to be set right." --Senator Carl Schurz (1872)
  3. Re:Truecrypt by Yvan256 · · Score: 5, Funny

    Inside the plain text file, of course!

  4. I used a Mandylion brand password dongle by LukeCrawford · · Score: 2, Funny

    for a long time... it was a little keychain dongle... you push a sequence on the buttons on front and it lets you see the passwords. There are not that many buttons, so if it's stolen don't expect it to last more than a few days, but it'll slow 'em down hopefully long enough to let you change your passwords.

    but mine broke :(

  5. Re:paper in your wallet by sopssa · · Score: 5, Funny

    Websites could do more to protect their users too. For example if you accidentally write your password here on Slashdot comments, it comes up as masked. Like for example my password is ********.

  6. Re:paper in your wallet by Benaiah · · Score: 5, Funny

    Really? That works? My password is hunter32.
    Seems like i can see it still though. :P

  7. Re:How I remember passes by plover · · Score: 4, Funny

    A guy I used to work with told me a story about a late-night support call with the operations center. He figured out that they needed to run a job that was under someone else's account. So they conference-called in this other guy at home in the middle of the night, and asked him for his password. He refused to give it over the phone, and the operations people were getting madder and madder because the night's jobs were being held up. Finally, he agreed to give them the password but only if they turned off the speaker phone.

    The guy's password was BigBlackDonkeyDick.

    Hilarity ensued. I'm pretty sure the whole shop knew the guy's password by the next morning (hell, I still remember it and I didn't even know the guy!)

    --
    John
  8. Re:paper in your wallet by TheGreenNuke · · Score: 4, Funny

    Really? I couldn't see it. this is what i saw

    Really? That works? My password is ********.

  9. Re:paper in your wallet by fredklein · · Score: 4, Funny

    You only see it because it's your password. Everyone else sees it like this:

    Really? That works? My password is ********.

  10. Re:paper in your wallet by Zalbik · · Score: 2, Funny

    Hey, wait...how did you know my password?

  11. Re:paper in your wallet by cayenne8 · · Score: 2, Funny
    "That's so weird I have the exact same password! I'd better change it..."

    Not me...my password is:

    1...2...3....4............5

    --
    Light travels faster than sound. This is why some people appear bright until you hear them speak.........
  12. Re:paper in your wallet by DittoBox · · Score: 2, Funny

    I put on my robe and wizard hat...

    --
    Good. Cheap. Fast. Pick Two.
  13. Re:paper in your wallet by kninja · · Score: 2, Funny

    brilliant social engineering.

    I almost tried it for a second...

  14. It is not hard to guess by G3ckoG33k · · Score: 3, Funny

    Sorry, but is NOT hard to guess. I guess Ngbu9E. See, it is not that difficult after all.

  15. Re:Hashing Works by tomcrick · · Score: 2, Funny

    I have circumstantial evidence of someone trying to hack into an account of mine--they were unsuccessful.

    Or they were very successful!

  16. Re:paper in your wallet by Barefoot+Monkey · · Score: 5, Funny

    Hey, wait...how did you know my password?

    He didn't know your password. He just typed "********" but you saw it as "hunter32" because that's your password.

  17. Re:paper in your wallet by Drinking+Bleach · · Score: 2, Funny

    I have the same combination on my luggage!

  18. Re:paper in your wallet by Anonymous Coward · · Score: 2, Funny

    I find the easiest thing is to create a unique password for each website that is tied to the website's name. This way, I can simply look in the browser's URL bar and easily generate the password.

    The way I do this is to take the SHA-1 algorithm, change the values in the look up table to only values that I know. So each round of SHA-1 generates a different hash code than the standard SHA-1 algorithm would. It is easy from there, I simply run each URL through my variation SHA-1 and then use the 20 byte hash value as the password. For variation, I will enter the passwords in binary, hex, or octal depending on my mood.

    It is all pretty simple. For real security, it is best to not have an application on your computer to calculate it since someone could find it and generate all your passwords or potential passwords. I just remember the lookup table and the SHA-1 algorithm and work it out with yellow pad and pencil.

    The bonus to do it this way is that my stock in the companies that manufacture legal pads and pencils has gone up substantially.

  19. Re:paper in your wallet by RobDollar · · Score: 5, Funny

    I have a similar setup, I have this on a piece of paper in my wallet

    ABCDEFGHIJKLMNOPQRSTUVWXYZ

    and I simply remember which letter my password starts with, and then what letter comes second etc.

    For example, if my password was SLASHDOT, I would start by remembering the first letter, which is S, then remember the second letter, which is L, and I continue remembering until I have completed the password.

  20. Re:paper in your wallet by apdyck · · Score: 2, Funny

    You could keep them on a 5.25" floppy disk...not very many people would bother with that!

    --
    .sig
  21. Re:paper in your wallet by JohnFen · · Score: 2, Funny

    Then I revert to my backup backup, which I keep on a post-it note stuck to my work computer.