Computer Related > Password vault	Miscellaneous
Thread Author: Dog	Replies: 31

New Wed 19 Apr 17 08:59   Password vault - Dog

I have soooooo many passwords that I keep forgetting them, or where I've put the slip of paper I wrote them on so, can somebuddy recommend one of these 'ere password managers or whatever they're called por fav. Reply to this message | Report message

New Wed 19 Apr 17 09:45   Password vault - commerdriver

Not a password vault product but.. I keep mine in an encrypted, password protected, MS Excel spreadsheet which I keep backed up & synchronised in two different physical places and one cloud based place. It does rely on being able to remember the one password for the file but I reckon it is pretty safe. I await others on here telling me how easy it is to break :-) Reply to this message | Report message

New Wed 19 Apr 17 09:51   Password vault - Dog

Sounds complicated to me commer, I'm okay with plugs, points and tappets sure enuff, although I reckon even I could get my head around just the one password, knowlmean ;-) Reply to this message | Report message

New Wed 19 Apr 17 10:35   Password vault - smokie

Just work out some algorithm so that you can easily remember your password for each site, yet have a different password on every site. E.g number of letters in the website your month of birth second letter of website your childrens initials So car4play might be 811adr bbc might be 3b11bdr and so on You could add a ! to the end if the last letter of the website is between a & m, and a $ to the beginning if it is between n and z. All sorts of combos, let your imagination run riot! :-) With a few examples a determined someone would no doubt easily work it out but what's the likelihood of that? Reply to this message | Report message

New Wed 19 Apr 17 11:20   Password vault - Dog

Okey dokey smokie :) I might add that I don't do on-line banking, it's just for eBay/PayPal/Amazon/dog food sites etc. I use. I've also found (bin having a desk clearout!) two olde HJ passwords too; perro & umani, although I hardly ever used umani. Reply to this message | Report message

New Wed 19 Apr 17 12:32   Password vault - devonite

I use just two passwords, a fairly simple one for general browsing use for sites that are not important, and if hacked (never been yet!) can simply be deleted, and one complex one for Online Banking and other more important sites. I reckon the more you have, the better chance you have of getting hacked! and if the password is secure enough for your banking it's secure enough for similar places/accounts. Reply to this message | Report message

New Wed 19 Apr 17 12:46   Password vault - Manatee

The HJ passwords were hacked. Using the same password for multiple sites must surely be a bad idea - if it is hacked then all those sites are compromised. The two types of password that IMO must be unique, complex, and completely different in composition are your email password and those for bank or investment accounts. Somebody having your email password is well on the way to being able to access other sites using your identity. Your emails themselves will also give them clues as to where to look. Reply to this message | Report message

New Wed 19 Apr 17 15:25   Password vault - rtj70

>> The HJ passwords were hacked. That's because someone logged in as admin and looked at the accounts database. The passwords at the time were stored as plain, unencrypted text. What this site now does is only store the hashed password. When you login it it then applies the hashing algorithm to the password entered and compares the hash. The password as such is not stored. However, for a website that says enter certain characters from the password, the password has to be recoverable from an encrypted state to do the comparison. Reply to this message | Report message

New Thu 20 Apr 17 11:37   Password vault - No FM2R

All my passwords are different, none of them is under 25 characters, there are 83 accounts. All are stored in a password manager. The password to that manager is a sentence, I have dual verification turned on for everything that offers it. My phone is also protected. The password list is also held encrypted on my PC and in an online store. When worrying about risks one needs to take into account likelihood and severity. Its most unlikely that anybody would even try to get into any of my accounts, but it would be utterly disastrous if they managed it. >>That's because someone logged in as admin and looked at the accounts database. I didn't realise that. What a scumbag. I am assuming that it was someone who legitimately had the Admin password? Reply to this message | Report message

New Thu 20 Apr 17 11:58   Password vault - rtj70

Whether they logged into the admin side or hacked their way onto the server, the problem was passwords were stored as plain text. They aren't on here I should add. Who knows how they got on. Maybe snooping on an unprotected WiFi connection or something similar? Reply to this message | Report message

New Thu 20 Apr 17 12:16   Password vault - BrianByPass

>> Whether they logged into the admin side or hacked their way onto the server, You said it was the former. >> problem was passwords were stored as plain text. They aren't on here I should add. >> nor on HJ. Wasn't the HJ web site managed by khoosys at the time it was hacked? >> Who knows how they got on. >> And there I was thinking you knew it all! (You said - www.car4play.com/forum/post/index.htm?t=24181&m=532117&v=e "someone logged in as admin and looked at the accounts database" ) ;-) Reply to this message | Report message

New Thu 20 Apr 17 12:59   Password vault - smokie

Rob clearly DOES know a lot, certainly more than I remember being aware of, and more than I remember as being in the public domain, and I have been a moderator on both sites. Still we ought to let sleeping dogs lie. Nothing new to be seen on this one, and no current threat. Reply to this message | Report message

New Mon 24 Apr 17 00:22   Password vault - car4play

It's such a long time ago that it may well have been an admin login. However I do know that someone was able to run an SQL injection attack and reveal all the usernames and passwords. That's how most of these breaks are done. I learned a trick or two from such hackers as that's the only way to prevent things like this happening. Unless you know how a crook is going to get into your house you won't know how to protect it. This site may well have vulnerabilities but whether one is hacked just comes down to how useful the info on the site is or whether some hacker is just bored and wants the challenge. The latter don't tend to be malicious. Reply to this message | Report message

New Thu 20 Apr 17 12:18   Password vault - BrianByPass

>> All my passwords are different, none of them is under 25 characters, there are 83 >> accounts. >> Question is, how do you manage to get the household to follow similar security standards/rules? Reply to this message | Report message

New Thu 20 Apr 17 17:15   Password vault - No FM2R

>>Question is, how do you manage to get the household to follow similar security standards/rules? Fat chance. But they have their email, social media and their own interest sites. I have all the bank, credit card etc. sites. Reply to this message | Report message

New Thu 20 Apr 17 18:08   Password vault - CGNorwich

I withdrew some money this afternoon from an online Building Society account I have not used for a while. Duly completed the twelve digit password and three specified digits from my memorable information. Given a four digit code Told I would received an automatic phone call Duly receive the call and keyed in the code I had been given The got a message on screen to say that as a security precaution I needed to take down a fifteen digit reference number and call the Building society Rang building society and after 10 minutes hanging on was connected to a clerk who advised me that he would ask me some questions based on my credit record to verify my identity Duly answered these questions and was then told to rever to the screen to complete some further questions. By then I had been automaticlaly logged out so had to log in again. Completed some additional questions including two declarations that I really wanted to withdraw the sum I requested. Returned to the phone and was requested to listen to a long statement advising me of the perils of being scammed by nasty people on the internet. Money eventually paid by Fast Pay into my bank account. Last edited by: CGNorwich on Thu 20 Apr 17 at 18:13 Reply to this message | Report message

New Thu 20 Apr 17 18:15   Password vault - No FM2R

Ultimately I guess there is no 100% unbeatable approach that also involves human beings. All you can do is make it as difficult as possible. The trouble is that makes it difficult for the legitimate users also, who then seek to bypass it / write things down / etc. etc. Reply to this message | Report message

New Thu 20 Apr 17 18:23   Password vault - CGNorwich

Surely there is nobody who doesn't write down passwords Reply to this message | Report message

New Thu 20 Apr 17 18:37   Password vault - No FM2R

>>Surely there is nobody who doesn't write down passwords There is at least one; Me. Reply to this message | Report message

New Thu 20 Apr 17 18:23   Password vault - sooty123

I try to keep all of mine the same and/or written down. I'm forever forgetting them. I keep a little notebook with them in to access nearly all log ins, not lost the note book. Not yet anyway! Reply to this message | Report message

New Thu 20 Apr 17 20:36   Password vault - Dog

This is the sort of thing I was thinking of, but I don't really need something as sophisticated as that, so I'll go along with your little notebook sooty, and stuff it at the back of my desk. uk.pcmag.com/password-managers-products/4296/guide/the-best-password-managers-of-2017 Reply to this message | Report message

New Thu 20 Apr 17 20:43   Password vault - CGNorwich

At the end of the day Imthinkmit is more important for home users to have decent complex passwords even if it necessitates writing them down somewhere. The biggest danger is having your identity stolen online rather than a burglar stealing your notebook. Reply to this message | Report message

New Thu 20 Apr 17 21:54   Password vault - Dog

I doubt if any of my passwords are complex, they all consist of just 8 digits, something like xyz789TC, so at least they contain a mix of letters numbers and higher case letters. I can remember all of my often-used passwords, like eBay/PayPal, Amazon etc. but not the ones I don't use that often. Reply to this message | Report message

New Thu 20 Apr 17 23:14   Password vault - smokie

Do you let your browser remember passwords for you? I do, I assume it must be pretty safe... Reply to this message | Report message

New Fri 21 Apr 17 07:14   Password vault - Dog

>>Do you let your browser remember passwords for you Only for this site on Waterfox. I also use Chrome & IE every day. >> I assume it must be pretty safe... Dunno, that's why I don't use 'em for the likes of eBay/PayPal, Amazon etc. etc.. Reply to this message | Report message

New Fri 21 Apr 17 07:22   Password vault - Dog

www.pcworld.com/article/261259/can_you_trust_your_browser_with_your_passwords_.html Reply to this message | Report message

New Fri 21 Apr 17 10:27   Password vault - rtj70

>> Do you let your browser remember passwords for you? I do, I assume it must be pretty safe... As long as nobody else has access to your Windows PC and your account to use those saved passwords. I save them for unimportant websites but not any thing important. Reply to this message | Report message

New Sat 22 Apr 17 03:50   Password vault - No FM2R

>> The biggest danger is having your identity stolen online rather than a burglar stealing your notebook. A fair point, only subject to your living arrangements. Reply to this message | Report message

New Sun 23 Apr 17 22:05   Password vault - Roger.

I use Dashlane, which will also store bank card details if you wish. The big question is, of course, do you trust your password manages integrity? Reply to this message | Report message

New Mon 24 Apr 17 00:11   Password vault - car4play

I use 1Password to hold all bank details, credit cards, passport, serial numbers and website logins. It holds all this in an encrypted "vault" secured by one long password. It has extensions for Chrome, Firefox and safari on mac. And ab iOS app with fingerprint authentication. It does cost quite a bit but then given I use it all the time consider it good value. It means you can essentially create some random set of allowable keystrokes as a password on any site and let it do the remembering for you. As for our internet servers we simply turn off password authentication and only allow secure private/public key authentication. On mobile I attach a password to the key. It's the only way to really prevent unauthorised access. Reply to this message | Report message

New Mon 24 Apr 17 12:50   Password vault - VxFan

>> And ab iOS app with fingerprint authentication. Fingerprint authentication is ok until you have to use a device that doesn't have it, and then have to wrack your brain as to what your password is. Reply to this message | Report message

New Mon 24 Apr 17 20:01   Password vault - car4play

True true. However it also requires password after launching so it keeps the grey cells fresh. Reply to this message | Report message