Slashdot Mirror
Ask Slashdot: Changing Passwords For the New Year?
New submitter windcask asks "Every New Year's Day, I assemble and memorize a random collection of seven to ten mixed-case alphanumeric characters and proceed to change every password I have on the interwebs to these characters (plus a few extra characters unique to the site). The problem is I only change them on the sites I visit. Once in a while, I'll come across a site I haven't visited for a few years, and I may end up not being able to guess the password before the try-lockout takes effect. What are your password-changing rituals, and how do they deal with situations like mine? I do use Keepass for work, but it is sometimes impractical for times I'm at other computers."
I use a free implementation of the Stanfard PwdHash algorithm for the Mac called Locksmith (here on the app store). There are also websites that implement PwdHash, and even a Firefox add-on. By changing one master password, all the passwords I generate will automatically be changed when I regenerate them.
"Sufferin' succotash."
What a good way to harvest guessing algorithms... Not giving you mine!
but it's the new year time to change password12 to password1
https://lastpass.com/
I use a different password for each site/service I use. Otherwise, each one of the parties I trust with my data would have the credentials to ALL of my resources instead of just the data I entrusted them with.
Even assuming good faith from all these parties, one of them could get hacked, and my credentials stolen. I want the damage to be limited to that third party in this case.
http://xkcd.com/936/
Enough said.
Why not use a password manager and skip all that hassle? I use a portable version of KeePass, with both the app and my password database synced through Dropbox so I have them everywhere, including my phone. Random 20+ character passwords for every site and you can set expirations for every one so you don't have to remember when to change them, and all you have to remember is the master password. I don't understand why everyone in the world doesn't do this, it's just so convenient.
"Once in Hawaii I had sex with a 102 year old male turtle. It is difficult to argue that it was consensual." - Steve Ma
Keepass is available for Blackberry, ios, android. (even Windows 7 Mobile, if that's how you roll.) You can migrate database files between PC and handheld device. (Although you should be careful of having company passwords on a personal device -- there might be a policy against that.)
In your case, I'd spend an hour of quality time in keepass changing your passwords, sync it to work and home PC and whatever device you carry, then make all your websites conform.
As to websites you haven't visited in a long time and have forgotten about, I don't have an answer. I have essentially the same problem with forums that require you to register to participate. I may only visit the forum once, but my login is forever.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
There are versions of Keepass available for both the iPhone and Android (perhaps others as well). I use DropBox to keep my phone and main computers in sync. Works like a champ!
... KeePassDroid on my Android phone and used to have some self-written MIDlet for the same purpose on my old J2ME phone for having my passwords on the go.
I gave up caring a few years ago. I protect my online banking, amazon etc passwords (write them down at home, long and random) but everything else I couldn't care less. If my Slashdot/openid etc ones get guessed or whatever then I'll just create a new account. Don't kid yourself that anyone cares about your online persona - they don't. Friends will get an email from you about your new G+/facebook account. Everyone else will just not be interested in "RandomInternetGuy10248034034" now being known as "RandomInternetGuy23038908343". It's just not worth the mental effort remembering, nor the paper writing down 40 odd passwords. It's just some website.
I completely adopted the strategy described in this article: The Only Secure Password is the One You Can't Remember. Essentially, I have a different password for every single website, service, etc. and all of them are behind a strong master password in a software called 1Password. The encrypted file is saved to DropBox, so it's both online and on several computers (including my smartphone). For more detailed description and reasoning for why that's good, see the article.
The upsides: It's extremely unlikely that my passwords ever get into the wrong hands (I guess it would require someone finding out my master password and stealing the encrypted file. That would be a realistic threat if CIA was after my passwords but now for my needs that's essentially as safe as it gets). Even if one site I use is hacked, I don't use the same password anywhere else. 1Passwords costs a bit (something like 35 bucks, I think) but it's pretty good password vault: There is good dropbox integration, smartphone apps (which also work well with smartphone DropBox apps), browser extensions, automatic backups of the encrypted file, etc.
The downside: If I were to ever lose all instances of the encrypted file (I don't know how that could happen. I currently have it on three computers in two different locations, on my smartphone and in DropBox service) I would lose all my passwords, which would be very bad. I just assume that this risk is unlikely enough to be non-existent.
The ritual is to have a tiered set of passwords:
- very simple passwords for very stupid sites
- a password commited to memory for serious web sites
- Keepass for financial websites (banking, taxes, etc.). These passwords are impossible to memorize. (Eg: JvKE5qKjOb11HdIKWf1E)
Just write it on a sticky note and put it under your keyboard; this is a time honored practice of millions of users, and that many people CAN'T be wrong!
I use KeepassX on my Linux machines, and KeepassDroid on my phone. This combined with Dropbox keeps it all synced. I have a unique password for every site I use, It's the best way to ensure safety and you never have to worry about forgetting anything.
There are a handful of sites that I visit very infrequently, like my (now closed) student loan site, or my domain registrar.
When I want to log in, I use the "forgot/reset password feature" and wait for a link to show up in my inbox. I "click here" to change it to something random and needlessly complicated, log in and don't bother writing it down.
Nice job reading the summary. Try again with the part that says "plus a few unique characters per site". Now see if what you said makes any sense. Correct! It doesn't.
And since it's easy to find out what the make of my first car was, or what year I graduated, I have an alter ego with answers to those questions. I know what year "she" was born, "her" mother's maiden name, etc.
As an extra layer, I don't just answer "What year did you graduate high school" with: 1938.
I say: "year1938". And one more layer:
Since this is likely stored as plain text, I have a site-unique word mixed in:
"year1938banking"
Keepass database on the thumb drive in my pocket, and emailed to myself.
New Years Day is for hangover recovery, not random char memorization.
For sites I don't visit often, I just reset the password every time I go there. Sure it takes a couple of extra minutes, but these are sites that I visit a couple of times a year or less. For sites I visit a lot, remembering the password is not a big deal.
Think of it as poor man's federation with you email password.
I have sufficiently secure passwords that I see no benefit in changing just because.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
I create a spreadsheet with relevant info (not just passwords) uploaded to Google Docs or other cloud based site(s). At the most I remember 2 sets of usernames/passwords, one set to access the site and the other to unencrypt the cloud docs. Simple and accessible from most devices.
Don't be apathetic. Procrastinate!
write 'em all down, store them in a couple safe places. In general access to people's information, identity theft, and fraud isn't done via passwords, there are much easier ways.
If you have to try so much that you're going to get locked out (surely you suspect something after one or two failed attempts), doesn't the site offer some sort of password retrieval function? I know this doesn't really answer your question directly, but it seems like it would work for the few sites you seem to forget about each year.
R.Mo
The good thing about putting it all on dropbox is that if you forget your dropbox password you can still get in. The bad thing is so can anybody that you've previously given dropbox access even when you think you cut them off (earlier slashdot story) or at times in the past anybody at all (earlier slashdot story), and the dropbox admins can certainly read all your files (earlier slashdot story).
WTF are people suggesting putting anything that you would not want to see the next day in a newspaper on dropbox? Haven't you guys heard how many holes have been found so far and how they were caught out that the service is not as the advertising implies? Even plain FTP (for all it's many faults) is more secure than those losers, which indicates a depressing level of incompetance.
Most websites don't store your password, just a hash of it. When you enter the password, it hashes what you just entered then compares the hashes. Reverse engineering the password when you only have the hash isn't trivial.
Tequila: It's not just for breakfast anymore!
The annual meeting of paranoid geeks?
If you look at all the possible attack vectors and scenarios changing your passwords once a year change your statistical chances of being hacked or losing data very little. The ROI is low enough I wouldn't recommend changing your passwords on a regular schedule.
Picking good (as in hard to crack) passwords is more important. For random web properties using different passwords for each so when one is compromised and caught storing passwords in plain text only one account is compromised is key.
However, that's all not what I want to talk about. This entire question is the result of a huge failure of the industry. Every web site uses a password. Every one has a different idea of what a "good" password is, meaning if you come up with one (or use a generator) it won't always be allowed. Google has taken a step forward with their two factor options (via say, a cell text) but that's not really a practical option for many small web sites.
This is an excellent case for a PKI. Users should generate a public-private key pair, and provide the public key to the web site upon sign up. Extra authentication steps could be done at setup (web of trust a la PGP, known entities, a la X.509, callback texts, whatever). Users would sign a login blob with their private key to authenticate.
Using the same key for many web sites is much less dangerous. Compromising the web sites, and all the public keys, gets the attacker approximately nothing. They can be stored in plain (unencrypted) format on the web server. The only attack is to get the users private key, which can be encrypted on their machine behind passwords, biometrics, or whatever. Getting one user's private key gets you only one user, it's a low value attack.
What's needed is a standard format for this encrypted exchange, and then support by clients (from web browsers to ssh clients) and their corresponding server services. This is where the industry is letting us down.
If the big 15-20 web properties could get together with the big 4 browsers and make this happen it would be huge leap forward.
Far too many websites actually DO store the password (because they're idiots)
do you?
That's exactly what I was thinking. For any site that maters, the most they can do is reset it for you, not tell you what it was. Most sites just don't matter. Other than your Karma, how much damage can be done when they hack your Slashdot password?
But I gotta ask, Why bother changing every year?
Changing a secure password offers no additional security. Its not like they wear out.
If crooks haven't broken into the login during the course of the year, changing it may actually make it weaker.
Those hovering over your shoulder to catch one key today and the next key tomorrow should be pretty obvious after a year, don't you think?
The key loggers would have found you long before the year is up, and the timing routines can be outfoxed by simply typing with only one finger, a different
finger each day.
Most sites that force you to change do so more frequently than a year. And 99.44% of them end up having users simply adding ascending digits
to the key, which becomes pretty easy to guess.
Sig Battery depleted. Reverting to safe mode.
Changing a secure password offers no additional security. Its not like they wear out.
If crooks haven't broken into the login during the course of the year, changing it may actually make it weaker.
One measure of the security of a password is the amount of time it would take to compromise it as compared to its useful lifetime. Assuming the password database is stolen today, would someone be able to compromise your password before you changed it?
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
Based on my experiences working on websites, far too many companies store the password in plain text. Many, many more will hash it, but will hash it ineffectively by not salting it. Lots of the people working on these websites don't even understand the kinds of attacks salting and hashing are intended to block.
As an example, look at mailman, the mailing list manager. Not only did it store the plaintext password, it mails it to you monthly. Fortunately, the current developers aren't idiots and have removed this flaw (as of ~2007) but tons of sites out there are still using the old version since I keep getting the "reminders".
Trust me... Spend a bit of time in industry working on these websites, and you'll understand.
Website users aren't the same as OS users.
Most website developers don't even understand what a hash is. They are simply not capable of using hashes on their sites, even less to do some sane salting. Most of the top used development frameworks also don't help securing passwords, some even make them harder to secure.
That said, I don't care about people harvesting the passwords I use on most sites.
Rethinking email
I can tell you that RCN cable does. I was with RCN for many years, even using their email. Two years ago I moved, and transferred my service. During the transfer process on the phone, they asked me my 'PIN' number for my voicemail. I didn't know it, because I never set one as I never used RCN voicemail. After answering some other questions, they told me over the phone what my 'PIN' was. Lo and behold it was my RCN email password, that I would never have given them as a voicemail PIN!!! It was complicated and hard for the person on the phone to read, and I was thinking to myself "where the f**k did you get that?"...
No. Don't ever reuse passwords, even if you add a suffix like 'rcn' at the end...
Shouldn't you be doing something useful?
Think of the websites you've used. How many at some point or another have actually emailed your password to you rather than just let you reset it with an email link? I know I have several dozen accounts and a few do indeed email me my password when I pick one. That means they have it in their data somewhere at least at some point in time.
What's considered a strong password has changed over time.
Attention zealots and haters: 00100 00100
Congratulations, only a few characters have to be guessed for each site!
Not only that. You say 'hey this is insecure' you have to prove it with an exploit. They will fix the exploit missing the point...
Then you they look at you like you are weird trying to attack the site. Got yelled at once for 2 hours straight by a manager who worked on a different product for doing this. Even though my boss explicitly told me to do it. At that point I realized no one really cares until they are hacked and it is in the news.
So I use a pattern based password for web sites and when I buy things I use a 1 time used credit card number.
For example if you had said 2 years ago that sony would have in the wild their entire db for credit cards people would have laughed at you. Now not so much. Security is an afterthought many times.
I dont even bother mentioning it on my projects anymore. No one cares. Or it is 'something we will fix later'.
So I *know* I am not alone in this and this just a small sample. So I use passwords that match the site one to one. Do not reuse them anywhere. And one time credit card info.
Assuming they know this, which they wont unless they get his plain text password for multiple sites and compare...
Bergen University College in Bergen, Norway store plain-text passwords and will email them to you if you request a reset.
Using a commercial system they pay for as an alumni website... I've tried and tried again to point out how stupid it is for a technical college to have such a flaw but they ignore it.
Hopefully there are no other flaws in the site (hah!) :p
Just a real world example of arse security in what one would hope was a serious site.
XKCD on password security.
http://xkcd.com/936/
"Beware of he who would deny you access to information, for in his heart, he dreams himself your master."
Exactly! Maybe they're idiots, maybe they're phishing, maybe its a site built in a day that turned out to be useful. Point is your trusting someone you don't know. Use different passwords for sites that matter.
I use a separate random user/password for each online account. If I post comments to "angryITworkers.com" (example), and the uid/password gets compromised, there's little to worry about. It cannot be used to access my bank account or other resources. Invalidate the compromised account, and damage will be very limited.
I keep my Keepass database on dropbox, so I can access it on any computer on which I can run the Keepass program. I then remember 3 passwords: my dropbox password and my Keepass password, of course, and my primary email password in case I lose access to my Keepass database for some reason and need to regenerate all my passwords. Works for me.
Quidnam Latine loqui modo coepi?
Most websites don't store your password, just a hash of it. When you enter the password, it hashes what you just entered then compares the hashes. Reverse engineering the password when you only have the hash isn't trivial.
Yes, that would be smart. In reality, too many sites can mail you your current password on request. They're obviously storing it in plain text unless they brute force the hash for every request. Besides, it only takes one bad apple at one site to get your password. And if a malicious party get your email password with which they can request new ones from everywhere, you're screwed. So, at least use a unique and damn strong password for your online mail.
On a side note acquaintances often use one single password everywhere, which they cherish like it's their long lost son and never change. That's a recipe for disaster. When I point this out they usually thank me by calling me paranoid :)
Are you a grammar Nazi? I'm trying to improve my English; please correct my errors!
I have a slightly different reason, but the same question. I'm in the middle of breaking up with my husband (6.5 years) and he knows some of my passwords ... I've decided to go through and change all of them, just to be on the safe side. My current passwords are a huge conglomeration from game level passwords to words to random strings. Some of them I haven't changed since the 1990s :-(
I'm not a fan of password managers, having seen it fail many times (granted those were mostly older people using it). How do you all pick good passwords that you can remember, as well as which sites they are for?
I'm not a bird, I'm a super-advanced flying stealth dinosaur!
Add CrashPlan into that, and you have a way to recover your passwords even if all your machines are destroyed in a tornado. :) I use all of these together, and I never have trouble getting to a password - even my droid phone can get at them.
LastPass is a web-based service that syncs your passwords across your computers, Android devices, iPhone, and Blackberry. Supposedly, it uses client-side encryption so even if the stored data is compromised, it is useless without your password. Most importantly, it supports Google Authenticator so those with Android devices can use it to generate secure keys needed to log in.
A NYC lawyer blogs. http://www.chuangblog.com/
The main purpose of changing your password is to get back into a secure state. So if your password does get stolen, it isn't a lifetime pass. I can't count the number of people who only discover that they had a stalker ex reading through their email and facebook for years. It's not just corporate data I care about.. a lot of people will sign into their services on random phones/computers to send a quick message or kill some time. Sooner or later, they'll sit down on a machine that'll send their creds to a spam network. While google and such do as good a job as you can expect to detect and return accounts, from a good practices point of view, telling people to change their password from time to time is pretty good advice.
Some banks I know, Wells Fargo and Capital One do. Try a simple experiment, try logging in with your password in wrong caps, you would still be able to login. I would be really really surprised if they were using a case insensitive hash instead of storing the text and making a case insensitive comparison.
Hashing is not enough. Proper security is only obtained by salting the passwords before hashing. Without salting, password hashes are only slightly better than clear text, as they are vulnerable to rainbow table attacks. Rainbow tables for 11 character passwords already exist.
Drupal (a popular PHP CMS software) did not salt their password hashes until version 7 (http://stackoverflow.com/questions/5031662/what-is-drupals-default-password-encryption-method), and version 7 came out in 2011. This means most drupal users' passwords have never been secure from attack. And if a popular, widely used have gaping holes like this, all of the home grown websites are probably worse.
Basically, most people are clueless about password security, even if they are know they shouldn't store clear text passwords. Much better to not trust the websites and have different passwords for your "important" stuff.
In Soviet Russia, articles before post read *you*!
What's considered a strong password has changed over time.
Since last year at this time? Please.
Sig Battery depleted. Reverting to safe mode.
The determination might be that it's unnecessary to change it for a given year, but evaluating the need on an annual basis is not a bad idea.
Attention zealots and haters: 00100 00100
My method has slowly evolved over the years. I grew up on a crappy dial up connection out in the country. Our ISP gave us a generated strong password. Our connection would constantly drop and I would have to enter that password in several times a night. I kept that password and slowly morphed it over time. It kept getting stronger and stronger with every evolution. I did this with 2 passwords. One for secure stuff and one for everything else.
Then not too long ago, I discovered rainbow tables. Pre-generated LM password hashes. My passwords were not in the free tables, but they would be in one of the more detailed collections. Then I started doubling my short passwords by typing them twice. Instant 16 char passwords that were easy to remember and type. Sometimes I would mix it up and use 2 of my old 8 char passwords together. I would think password1 then password2 and type them just as fast.
More recently with smartphones and now tablets, my passwords were just a monster to enter in. One password was lnnLllnnlnnLllnn where l = lower, n = number, L = upper. A total pain when you also have to swap from numbers to letter on the key pad. My current passwords are much simpler, very fast and easy to enter, and even longer than before.
One of the passwords that I just cycled out contained 2 swype-able (dictionary) words and a full 10 digit phone number. My short one was 19 character, easy to remember, and super fast to type on my computer and moble device. Entering the password is much more natural. I can swype on my moble and bounce over to the number pad on my desktop. I work in IT constantly get comments of shock from users when they see me enter my long passwords on systems.
I do reuse passwords on sites more often then I would like to admit. I treat my email as the master password. With that, all other accounts can be reset. I have my financial password, my work password, my social password, and then everything else password. That everything else password is used on all accounts that I don't care about or don't impact me financially. The everything else password never gets changed. I will usually take 3 guesses at a password on a site. If its not my current one, previous one, or the everything password. I then request a password reset and set it to the everything password.
I never know what to put for a password hint on the sites that ask.
Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
Get this. A school I know of uses a five digit numeric password for all student accounts enabling them to access their grades, financial information, FAFSA info, class registration, and so on. On top of using a standard password that no one changes (the last four of their SSN!) for these accounts some smart smarty thought about security and set a three attempt lockout on passwords. Long story short, this permits a script kiddie attack to lock out every student from their account in a few minutes. This would result in total havoc and there would be no way to stop/recover without consuming every defensive measure in their arsenal for the network. In reality, I don't think their is any way to prevent it without dropping the system off the Internet. At a good university where you have talented students in computer science this system would have already been owned numerous times and subsequently fixed. But as it stands, it is an obscure system so it is not a high-profile target.
Another thing I should mention, according to the state attorney general's office (just a had an in-person training session): per the sunshine laws our school (any school) would have to cough up the email addresses for every student were anyone were to request a list. Most schools might deny it but he (Deputy Attorney General) suggested just complying with any such request to avoid a lawsuit.
I object to power without constructive purpose. --Spock
It doesn't always work, because sometimes somebody's given it a password other than "password" or "passw0rd" or "Passw0rd", and sometimes I want my actual name on an account, but for the most part the worst case is that somebody will start writing letters to the editor of the New York Times or Podunk Gazette with my name on them, or my Yahoo account will get spam advertising sales in zip codes other than 90210.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Hashing is not enough.
I'd be happy if people at least hashed.
I object to power without constructive purpose. --Spock
MUHAHAHAHAHA is not the best irony flag.
(For the clueless, cracking dictionaries tend to include foreign language words, for whatever matches "foreign" in your world.)
Any way you do it, you need more than one word, preferably at least three, and you have to be careful that the resulting phrase is not common.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
If they are storing your password in plain text it is a clear indication that the rest of their system is a swiss cheese nightmare. I would venture to say that it is probably possible to obtain a full user list with passwords from such a site. If anything, evidence of such behavior is an invitation to try.
I object to power without constructive purpose. --Spock
I've never changed my slashdot password. Maybe the next decade.
-- I have a private email server in my basement.
Or, they could be converting passwords to lowercase before hashing them.
Git + GPG + a GPG-VIM plugin.
I use "vim" to edit my password file as if it is plain-text; git pull/commit/push to make changes to it.
If I need to roll back, I check out an older copy of the file.
I keep my Keepass file in my dropbox. That way I can access from any computer.
The problem with changing passwords is they become harder to remember. This leads to people writing them down, thereby decreasing security. Diceware passwords can be VERY secure and easy to remember. Anything beyond 6 words is overkill for pretty much any service on the internet, since very few datacenters have security so good that it would be more expensive to break in than to bruteforce the password.
Not a sentence!
I can't think of a single site that does this. And I forget my passwords all the time. Every single site seems to generate a new 8 character random password, and email *that* to you, or a link where you can click and enter a new password.
Morphing Software
Of course they know this, he just advertised it on a the goddamned Slashdot frontpage!
Random Thoughts From A Diseased Mind (Not For Dummies)
My password theory: easy way to make strong passwords go to Wikipedia hit random article till you find something(preferably obscure) with dates eg.http://en.wikipedia.org/wiki/Priotrochus_obscurus make password from it use camel text to make it stronger and easy to remember SoWfI@1828BBd I have one password and one username for all websites that don't have 'real' personal details, as I have not changed this from when I started using the internet 15 years ago this allows me to re stumble upon websites that I don't remember visiting without creating a new account. As for my email, amazon, ebay, bank and paypall ect..... each have a separate password and as I use linux there is small chance that i have a key logger.
Keepass is available as a portable app, that runs from a thumb drive:
http://portableapps.com/apps/utilities/keepass_portable
I highly recommend you try out some portable apps, it's like having your whole computer on a thumb drive!
Changing a secure password offers no additional security. Its not like they wear out.
Yes, they do.
At least, they do if they're actively being attacked. If you assume that someone is trying to brute force your password, even a fairly long, complex password is only likely to stand up for a few months. This is one of the rationales for changing passwords periodically.
However, if you're really worried about that, you absolutely should not use the same password for multiple web sites. Because every site you use it with sees the plaintext password every time you log in, even if they store it properly salted and hashed. So it only takes one unscrupulous admin and your "strong" password becomes known. The OP says he adds some site-specific bits to his common password, but unless that's done very well, it adds nothing. And even when done well it doesn't add very much security, if the unscrupulous admin is clever enough to guess that's what's being done.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Your statement doesn't take several risk factors into account. Ultimately, risk is something you have to assess for yourself: what is the value of your passwords? Are you guarding multi-million dollar corporate secrets, or are you risking a $50 credit card fee? It makes a difference as to how much effort to put into the task.
Long, random character passwords that are written down using actual pen-on-paper are still very secure against network based attacks. I have yet to see the virus that can read the password off a sticky note.
Having them on a piece of paper stuck in to your monitor in your house is going to expose them only to the people you invite in. Now, if you're talking about passwords at work, then you have coworkers, cleaning people, maintenance people, and all sorts of random passers-by that can read the note. Yes, those are less secure. But again, what are you guarding?
Having them inside a locked desk drawer improves the situation by quite a bit. Only someone who is specifically targeting you is likely to go after them. And if someone's targeting you personally, they'll probably do it the easy way with a keyboard sniffer or virus, rather than trying to break in to your office, bribe your janitor, or pick your desk drawer lock.
That said, in all cases you're still better off with an encrypted storage tool like a yubikey. Keep them with you, keep them encrypted. Much harder to leak that way.
John
It's easy to remember.
No, you never would.
If you use a different password for every site, there's no reason to think that a password change will increase your security at all except in one very specific case: where an attacker has gained control of your account without your knowledge and not changed anything themselves. In this case (the peeping tom hacker?), your changing of a password will then deny them future access until the next hack.
Personally, for 99% of the random websites I visit, I dump a random password into the password field and don't even bother jotting it down; they all have password recovery by E-mail if and when I ever return.
- Michael T. Babcock (Yes, I blog)
I create a randomized password for every website, stored as a plain text file -- one per website -- in an encrypted directory. When I login to the website, I copy/paste the password from the file. The encrypted directory is not mounted unless I am actively using it. The problem I run into is that many websites only store an unknown few characters (maybe 8) and truncate the password without informing the user of the new password. This means that it will let you login the first time, but when you try to login later, you can't get in because the password isn't what they stored. This is very frustrating.
Pen and paper and a small notebook i keep in a locked drawer - the notebook has Password log written on the cover and contains all my passwords to every website/computer/device i own, i have never met a hacker who can hack my desk drawer over the interweb and i don't think i'll ever meet one. With this marvellously low-tech solution i never forget a password, can use passwords of near infinite complexity and can change my passwords as often as i like. The main argument against is that if anyone was to get physical access to my desk drawer they would get all my passwords, i guess that is a clear drawback but if they had such physical access they could just take the computer/hard-drive anyway and also if they did i have the advantage of knowing that my passwords had been compromised by virtue to a broken desk drawer, and a large part of the risk is not knowing your account is compromised isn't it?
I write all of my passwords and user names in a google document.
You got the year wrong. Password11 now becomes Password12.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Why would anyone want to intentionally make a password case insensitive? I have never seen anybody else use such a system intentionally.
Use the same 26 pseudo-words to generate passwords. Always pick the same letters from the website, say ST from slashdot:
- Sierra Tango (or mangle it to ierraango)
- Lyndon Truman, as there's no S president (reduced alphabet)
- Street of my friend T. (or day month year phone city app familyname)
For secure password, the hint is used as the generator in case I forget.
Even if I end up using the same 50 words in all my passwords, my list will be different from anyone else's. If you manage to connect me to many of my password, you could start guessing the others. Which is the only reason why the algorithm need to change over time.
ID: the nose did not occur naturally, how would we wear glasses otherwise? (apologies to Voltaire)
Think about it: Changing a password only helps in the small time window
during which the password has been compromised but not yet used.
Of course, if you are incompetent, passwords can also be brute-forced
because they are easy to guess. Select good passwords and changing them
becomes completely unnecessary.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
I keep my passwords safe by not bragging about my selection strategies on slashdot.
Or maybe two different bosses telling you conflicting things on what to do was a setup to get you nailed for insubordination.
Maybe it's to prevent locking out a user if SOMEHOW THEIR CAPS LOCK GETS TURNED ON. It's still pretty idiotic.
I use Password Safe it stores my passwords behind a single master password. It stores URLs and user names and it can generate nice strong passwords. It's fugly but functional. There's one password needed to break everything, but that's what the original poster defined as his requirement.
Sigs. We don't need no steenking sigs.
Changing passwords does not increase security as long as you use a unique password for each site! - It actually decreases security as you're more likely to write them down in order to remember them. It takes a while for your new passwords to settle in your memory and that's why you need help - at first at least.
Brute-forcing a password is often faster than the usual rotation so if anyone wants access they have plenty of time brute-forcing it anyway.
IMHO the best strategy is to create a really good base password. It should be long and filled with all the usual variations. Then 'mutate' it for each site. Add something in front or at the end, or in the middle if your base password affords it. Do not use something simple here like the initials of the site name, the IP or similar. Try to incorporate in into the base password if possible. Many will use the first letter of all the words in a sentence, 'lamerized' for additional symbols, and that's a good way to create something complex that's easy to remember. It's actually in part based on a old library cipher so it's decent in itself.
Here's an example based on the classic (and too short) sentence found in many password texts:
"In my opinion Carthage should be destroyed"
First letters:
ImoCsbd"
Lamerized:
!m0C$bd
Now, in order to adapt this to - say slashdot - add some words to the sentence and then do the same:
"In my opinion /. rules and Carthage should be destroyed"
End result:
!m0/.r&C$bd
Even if you know the base password you wont be able to guess the unique password for each site. You should of course use a less known sentence for the base password and never reveal it. That way predicting the unique password will become as impossible as simply brute force guessing.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
He said 30 days, or monthly, so 12 (December's password) becomes 1 (January's password).
Yes, online password managers might be the solution for those times the OP is "at other computers".
If my password was good so far, it is good in the future. I don't change passwords unless I have a reason to. And yes, I am a security professional with credits and all.
Most people go with security "wisdoms". The problem with those is that they are usually outdated, often backed by no or little evidence, based on hearsay and soundbites and - most importantly - not necessarily adequate to your threat model.
In order to have a good defense, you need to know what you defend against. What is are threats? Regular changes of passwords are basically (I simplify) good if:
a) an intrusion could remain undetected
b) continuous access is of value to the attacker
c) you share it with someone else on a regular basis
Where c), btw., is the secret reason that most companies have a policy of regular password changes. Because we security officers know that no matter how much we tell the average office worker not to, those passwords are getting shared.
For most private uses, neither of these is true. If someone is interested in your PayPal or /. account, chances are very high that whatever he intends to do with it, he will do it soon. Meaning that a) you will notice and b) the damage is done.
Changing passwords has one main effect: Over time, passwords get weaker. Because remembering meaningless digit-number combinations is already hard as it is, constantly re-remembering new ones is something a normal human simply can't cope with. So even if he was initially motivated to pick a good password, over time it will degrade.
For every other security aspect, changing your password does nothing. If I can crack the old one today, I can crack the new one tomorrow. If the website stores the old one unencrypted today, it will store the new one unencrypted tomorrow. If I fetch it from memory with a trojan today, I can do so again tomorrow. etc.
Assorted stuff I do sometimes: Lemuria.org
One measure of the security of a password is the amount of time it would take to compromise it as compared to its useful lifetime. Assuming the password database is stolen today, would someone be able to compromise your password before you changed it?
Yes, because the chances are about 99% that it is stored in either
a) plaintext
b) a cryptographic one-way hash
in case a) time to compromise is zero, in case b) time to compromise is so troublesome that nobody will bother, they'll just hack the next website until a == true.
Well, if they are really determined, and the hashes are not salted, they may throw up the most common 100 or so passwords using a rainbow table, but that's it.
Assorted stuff I do sometimes: Lemuria.org
That's not because the developers of mailman were idiots. It's because they assumed that the users were not idiots,
Uh, doesn't that make the developers of mailman idiots? How stupid would you have to be to make such an assumption about users?
... and then they built the supercollider.
Whatever happened to imagination? There are unlimited easily remembered algorithms no one is ever going to guess, mine are not necessarily easily remembered by you - but you get the idea...: 1) Add your birth weight in kilos to your age at the millennium in months, ignore the decimal points - insert the first 8 digits after the first 8 letters of the name of your hero... or dog, or spouse, or favorite spaghetti sauce... 2) Allocate the numbers 1-10 to the first 10 words of your favorite quotation. Take the sum of each group of 5 words, add your Gregorian birthday in day/month/year format, and add together to get single digits which themselves represent a word, insert the digits in the words they represent (1st 2nd or 3rd position etc...) for extra security translate the words into French/Hungarian etc.... 3) Take the telephone number of the apartment your first lover lived in - mix it with registration number of your first car, birthday of your second wife, and the number of tiles on your bathroom wall.... 4) Take the number of electrical outlets in your house/apartment - multiply by your age in leap years, take the first 4 digits of the resulting number to represent the first four paragraphs of your favorite book - then take the first (or 2nd 3rd etc) word as your pass phrase, but include the digits after every 1st or second letter... 5) Google some random trivia and bookmark it - use the use the fibonacci sequence to generate a pass phrase from the 2nd (3rd etc) para of the bookmark... I could go on like this all night - nobody needs a password keeper or generator - if you give a shit (and mostly I don't) use a a set of personal significant numbers and words in combination with some favorite easy algorithm (even rot13 is fine if the the foundations are inscrutable) And remember that your passwords are safe only insofar as you convince powerful folks they are not worth cracking...
Most website developers don't even understand what a hash is. They are simply not capable of using hashes on their sites, even less to do some sane salting. Most of the top used development frameworks also don't help securing passwords, some even make them harder to secure.
I'm not so sure it's a matter of developers not understanding hashing and salting, from what I've seen a lot of times there are also legacy and policy issues (in corporate environments).
Once you have one system in place it takes time (and thus money) to replace it and it doesn't matter if you have ten competent in-house devs who know there's a security problem, management isn't about to let them "waste" money fixing something that has yet to be exploited just because that contractor the company brought in six years ago was incompetent (not to mention the common corporate delusion that contractors are more competent than in-house developers because, uh, they cost more or something so clearly the in-house guys are just exaggerating or don't know what they're talking about when they say that storing plain text passwords is a bad idea).
Greylisting is to SMTP as NAT is to IPv4
I can't think of a single site that does this. And I forget my passwords all the time. Every single site seems to generate a new 8 character random password, and email *that* to you, or a link where you can click and enter a new password.
Oh, there are plenty of them out there. I recently even came across a domain registrar a client was using, which submitted your username and password in plaintext in the URL of the page request while logging in.
... and then they built the supercollider.
Every year near my birthday I have the same ritual as yourself, But i update a list from a save in my Mozilla cache with URL's and passwords and update it to a Flash Drive that i keep in one of these: http://www.thinkgeek.com/gadgets/security/855d/?srp=1 For 12 dollars over at least 5 years you too can share the same security that I do ;)
Unimportant shit gets a trivial password. Nobody should get help in guessing my important passwords.
Work Stuff is changed in the Interval set by the Rules of the Company i work for.
Websites i need to access get a unique password which i store using a password manager on my phone, which supports device level encryption in addition to the pwd manager encryption.
Root/user accounts on private machines and work machines maintained and used solely by me has a password which is pretty constant but not used on machines which i dont control. The password is not written down anywhere (after a small period in which i need to train it).
But they don't know who s/he is, aliases on other sites, email addresses, etc.
And knowing that part of the password is common to his other passwords still isn't helpful - we still don't know how many chars, how he intersperses the site-specific portion, etc.
You'd have to know his password for at least two websites before you could figure out his method, unless he's just adding a few chars of the website to the end and you can recognize that easily. And even then it would need to be a pretty targeted attack against this one individual - if someone compromises two different website and obtains access to a bunch of logins... they go for the low hanging fruit, and just try what they have elsewhere. It's unlikely that they would go through both datasets, see that an email address appears twice - assuming the same email address was used and that email addresses were also compromised in both cases, could be a username to log in as well - compare the two passwords, and spend time trying to see if the two are related.
tl;dr - it's not the best security practice to advertise how you select passwords, but s/he is still fairly safe until at least one password is compromised, and the whole point of the question is to come up with a better solution and change everything over to that, meaning whatever information is divulged in the question is probably going to become irrelevant soon enough.
I vote based on politicians' actions, unless contrary to my preconceptions. Often wrong, never uncertain. #iamthe99%
Nobody said anything about intentionally...
Here is an article, not-so-old, about Amazon truncating users' password to 8 characters, which were also case-insensitive.
I vote based on politicians' actions, unless contrary to my preconceptions. Often wrong, never uncertain. #iamthe99%
In some countries (Germany for example) law forbids to store the plain password.
On second thought, let's not go to Camelot. It is a silly place.
Tier 0: Primary Email Address(es)
Why? So the other tiers (bank/reputation services) don't have access to reset ALL the other passwords.
> At least, they do if they're actively being attacked. If you assume that someone is trying to brute force your password, even a fairly long, complex password is only likely to stand up for a few months.
A fairly long, complex password is likely to stand up for millennia against brute force.
A good example of a high profile site that stores your password in plain text is MSDNAA.
So they claim. But believing them requires trusting them, which gets us back to square one.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
Do the banks lose anything if their customer's account gets hacked? If not, then they have no incentive to not use such as system. Do they collect fees for cancelling transfers and whatever else can be done to sort out the mess? If yes, then they have plenty of incentive to employ less than good security.
Never attribute to stupidity what can be adequately explained by greed.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
Why in hell would you give people BETTER odds then ONE in infinity by repeatedly changing passwords.There's still only one password that is valid at any given time. However, I agree that you should never change your password if it is not compromised. If they have your password, they are not going to give you the courtesy of waiting 30 90 or 120 days before using it. They only thing prematurely changing your password does is make it more likely that you won't be able to remember your own password. The sooner that corporate security departments realize this, the safer our data will all be.
If you are not allowed to question your government then the government has answered your question.
Or they could just, you know, go around the whole thing. For an example I bet a lot of guys here have seen spam lately coming from the Yahoo accounts of old friends and are wondering WTF? I can answer that, the malware guys have figured out a way around the XSS protection in FF and whenever your friend looks at a porn "free videos!" site in FF it loads a hidden iFrame and then gets FF to autocomplete and loads the Yahoo email addresses and spams the shit out of them with driveby malware links. Don't ask me how they got out the sandbox as i'm not a browser security expert, fucked if i know, what I CAN tell you is that it works in FF but not Chrome based or IE, and it works in yahoo but not Gmail or Hotmail. Haven't tried it with FF 9 as I'm on vacation but it worked with FF 8. I'm sure there is enough guys off on the holidays I'll know if it still works if I start getting yahoo spam again.
And this is just one nasty and not counting hacking the website itself, which we have seen everything from governments to kernel.org get pwned this year so his little system probably wouldn't work too good if just two of the sites he goes to gets pwned so they can compare. Personally if he wants to go through all that work more power to 'em i say, everybody needs a hobby, but I'd just rather not have data worth giving a crap about on most sites and the few where i spend money at have a really solid password based on the serial along with make and model of one of my basses. i know my basses by heart so whipping that off is easy and the combo of letters numbers and symbols is nice and long and won't show up on a dictionary attack with me capitalizing all vowels. Easy for me to use, easy to remember, hard to hack.
ACs don't waste your time replying, your posts are never seen by me.
If it's a wire transfer, the only thing they lose is customers. Banks know if you're a profitable customer or not. Banks are very bureaucratic and often stupid. But they are interested, somewhat, in reducing transfer fraud if only because of the hassle it causes them, the large amounts involved, and fear of government investigations. The government doesn't care about you getting back your money, just whether it is going to trrrrists.Some banks do have software & statistical models to detect on-line transfer fraud, and perhaps even physical tokens.
Their IT departments are quite divorced from operational commercial bankers ---IT (often overseas/outsourced/not engaged) probably tells the internal people to suck it up and so they say the same thing to the customers with a slightly nicer tone.
If it is a credit card, then the bank takes the fraud loss in most areas. A debit card, possibly, depending on jurisdiction & policy. This means they have a more organized department for dealing with fraud.
That's not because the developers of mailman were idiots. It's because they assumed that the users were not idiots,
Uh, doesn't that make the developers of mailman idiots? How stupid would you have to be to make such an assumption about users?
Because it was a very reasonable assumption up until the eternal September.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
So, "A penny for your thoughts?" , with n=1, becomes "Ap4yt". Take n=2: "Ae4oh", The string is pretty much gibberish if you don't know its origin, yet it's still easy to reproduce, at the least, for n=1, it's almost trivial to memorize.
And, of course, feel free to add random numbers or extra details (like initials for the person being quoted) to the beginning or end.
Here's an idea/meme: Create a way to describe both the password rules and storage policy for a web site in a few characters.
Then encourage sites to put those characters next to the "Enter Password" box on their site. The intended effect is to make users
aware of the rules of the site, and ultimately to force them to improve their policy. Here's an example of what I mean:
0 means "we store your password in the clear"
1 means "we encrypt your password using standard techniques"
2 means "we one-way encrypt your password and store only the encrypted value"
3 means "we one-way encrypt your password with salt, and store only encrypted, salted value"
4 means "3 and also we have an effective means in place to prevent repeated guessing by an external agent"
(some sort of time-delay for bad guesses, getting progressively longer, or something similar..)
(Any more needed?)
and maybe use a letter for the password policy:
A means "password has a short maximum length" (8?) and silly constraints on what characters must be present" ....
C means "No restriction on password length, but some constraints on characters"
Z means "Password can be arbitrarily long and include any character you can type."
So 0A would be a disaster, and the goal would be to move sites toward 4Z. And you'd see what the site does
every time you log on (assuming, of course, that they're honest, but this would be easily auditable..) Even people
who didn't understand what the specifics mean could be educated to know that closer to 4Z is better. (This is just
an example... I'm sure a better encoding is possible...)
Besides complex passwords don't forget about usernames. I used to use just one username for all my online accounts but then I read some research paper outlining how much information an advertiser or attacker could gather from just comparing the same username across different websites. So now besides changing my passwords I also, where practical and possible, delete old accounts and create new ones with random usernames from a collection of username generators I've found.
Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
> At least, they do if they're actively being attacked. If you assume that someone is trying to brute force your password, even a fairly long, complex password is only likely to stand up for a few months.
A fairly long, complex password is likely to stand up for millennia against brute force.
Wishful thinking.
At least by most people's definition of "fairly long, complex" -- but still reasonable to type and to remember -- password cracking is eminently accessible, though not (yet) cheap.
A ten-character password, containing a completely random selection of alphabetic, numeric and symbolic characters has about 61 bits of entropy. That's already beyond what most people are prepared to deal with, so consider this calculation an upper bound and reduce it by two or three orders of magnitude (minimum!) for the average real-world password.
According to this article an Amazon EC2 instance with GPU-based cracking can test 3.488 billion passwords per second. At that rate, it would take just short of 300,000 hours to search the entire password space, about 34 years. That's not trivial, but it's hardly "millenia". And, of course, password cracking scales perfectly, so you can use 34 times the resources to do it in one year, or 408 times the resources to do it in one month, or 300,000 times the resources to do it in one hour.
At the rate mentioned in the article, $2.10 per hour, it would cost ~$313,000, on average, to crack a password. That's substantial, but assuming it declines per Moore's Law (which wasn't about $/cycles, but close enough), in 10 years it'll cost just over $3K, in 15 years it'll cost about $300, and in 20 years it'll cost about $30.
Of course, good systems can make the attack more expensive by iterating the hashing operation to increase the cost of each password tested. But, still, the point is that the most complex passwords that people can readily handle are within the reach of a serious attacker, and this situation is just going to get worse.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
It's "swordfish", isn't it?
We seem to have different definitions of 'fairly long' and complex. According to Wikipedia the Oxford English Dictionary contains descriptions of over 600000 words, randomly picking six of those words will 4.6e34 possible combinations, which would take quite a lot longer to crack than your 10 random characters, and would (for many people) be easier to remember. If you're feeling particularly paranoid you could include a few numbers and symbols in the passphrase, but that's probably overkill. Of course you may want to skip words of only 2 or 3 letters. While this will make the number of combinations slightly smaller, at least you'll be protected against someone who brute-forces all alphabetic characters...
KeePass for your PC (runs fine with Mono under Fedora/RedHat-ish distros) + KeePassDroid for your Android device(s) + Rsync 4 Android to sync it (or just manually pop the memory card in to transfer it).
I have a different KeePass Database file for Personal (high-security items) and Work. I wouldn't trust Dropbox to move the file around as some propose. If you absolutely insist on using an insecure transport like Dropbox, at least add the Key File method when you generate your databases and transport the Key File OOB (not via Dropbox).
I hear from a co-worker that KeeFox is a nice Firefox + KeePass integration. I may move all my low-security sites' passwords to another KeePass database if this works well so that I could also have all of them available on my phone.
For now, I use SyncPlaces (stored to a local file) + Dropbox to keep my low-security sites' passwords and bookmarks synced (as they change and are added to very often).
I've tried out a bunch of these suggestions but what I think I really want is a simple file encryptor so that I can just dump a word-doc or similar on dropbox and pack/unpack it easily. Why I want this: - I have 'stuff' that isn't passwords and/or is more freeform than a URL/password pair: including SSNs, bank account numbers, immigration info, phone-access PINs, some sites with public URL, private URL, raw IP address, contact details etc, sites where I have multiple testing accounts, etc.. - I find that a freeform document that I edit at will and use Ctrl-F for search is the simplest and most flexible. - I'd like to have an easily synced respository (eg dropbox) with strong encryption. - I like to get asked the passwork every time I open the respository, but then be able to party on it for a while if I'm making a bunch of updates or collating some info (unlike lastpass which I'm finding a bit too permissive or a bit too rigorous) - I'd like to access this encrypted, synced file from lots of devices if possible. but at a minimum from PC/Mac and then Linux/phones. Does anyone do this? The bit I'm missing is the simple cross-platform encryptor/decryptor piece. -mike.
salting is not interesting for you as a single user, only for the site admin. unsalted passwords lead to faster finding of weak passwords, once the password file is stolen. so the weakest password can be found very efficiently. But for you as user, its only important if YOUR password gots cracked, and if i want to brute-force your password, it can be salted and my bf is as efficient as it will be when its not salted.
no. you just need to change it to something, your attacker already tried. he does not know you changed the password, so he will not try it again. ;)
There are multiple problems with your proposal.
First, while people can easily remember a half-dozen common words, they're going to have a much harder time remembering a selection of words they've never heard of before. The xkcd suggestion of choosing from a restricted dictionary is more practical, but it drops the entropy from your suggested 115 bits to 66 bits (which is still slightly better than the 10-character password I suggested, but not hugely so).
Second, what you're talking about is passphrases that are 30-40 characters long. Half the web sites I use -- especially the financial ones -- won't accept more than 12 characters, and a good number won't take more than 8.
Third, even if people can remember the words, and how to spell them, and web sites will allow them, how many people can quickly and accurately type them, especially when they can't see what they're typing? I couldn't.
Selecting six words from an extremely large set would provide a great deal of entropy, but it's not very practical.
However, I certainly do concede that it is possible to choose passwords/passphrases that provide long-term resistance against brute force attacks. But few people will do it -- and many web sites won't even allow it. Given the other avenues of attack (shoulder surfing, mistakenly typing a password the wrong place, unsrupulous web admins), the most practical method, at present, is to use unique per-site passwords that are moderately long and complex, unique per site, and change them periodically.
I'm a big fan of OpenID for this reason. It allows me to have one fairly strong password that my fingers can type quickly (because I use it a lot), plus a second authentication factor (OTP generator on my phone), and to use that same login credential at a lot of web sites. But just try to convince your bank that they should trust Google, or Blizzard, to handle their client authentication for them -- in spite of the fact that they do a far better job. Even if Verisign or some similar "trusted" company were to offer strong OpenIDs with multi-factor authentication, it'd still be tough to get the banks and other important sites to trust them.
Something like that is where we've got to go, though. Password-only authentication isn't a viable long-term strategy, and it's not going to be practical to have a different second factor token for every site you use.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
I don't make friends or have contact with people who have active Yahoo accounts.
As an added precaution, I never take my luggage out of the house.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Probably he's asked for a password reset and recognised what was sent to him, rather than it being randomly generated nonesense. That's an educated guess, because I've seen the same thing.
Irrelevant, because an application user is so not an OS user. You seriously think that these Vbullshittin/PHBBB driven sites create a unix user account for every midget porn swapper that signs up? What possible function would that serve?
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Is in possible that on the first day of that fateful month slashdot had 862675 registered users?
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
We (I and mi esposa) share access to several sites, some of them quite important. She has a laptop and an iPad, and so do I. So in these cases, while a long and convoluted password may be justified, it must also be a matter of agreement. No password manager for us, I'm afraid. And we must agree to be together at the time of password change lest the other need access while away.
You don't have to create a unix user for every user in order to use PAM or the other utilities to hash a password, it only has to be PAM-aware. And I wasn't really looking porn sites, I was talking about sites like Slashdot, CNet, NYT, you know, real sites with arguably real programmers behind the scene. If you are dumb enough to get a user account on a porn website (like there isn't enough free porn on the web...) then that is your problem.
Tequila: It's not just for breakfast anymore!
Password Safe (pwsafe) + Dropbox. Store enough information to deduce your master key with your final instructions for your spouse or will executor. Don't have final instructions/Will/Life insurance? :( Everyone calls finally() eventually.