Windows 8 and 8.1 Forums

What is 'best practice' for password management?

  1. #11

    Posts : 467
    Windows 8 Pro

    Lastpass , I know there is a small point of weakness because the data is transmitted , but if you make sure you don't have any trojans , keyloggers etc , then it should be secure, The master key doesn't have to be stored , I type it in manually every time I need to log in and access the list.

    You have one single master password that decrypts all of them and it'll generate any length password for you using any combination of caps , special characters , letters / numbers etc without you needed to know them , but you can still look them up if needed.

    it's has to be a balance between how time consuming it is to store and then retrieve your data and how secure you want it to be and for my money , lastpass does a pretty good job of doing it.

      My System SpecsSystem Spec

  2. #12

    Posts : 453
    Windows 8.1 Pro with Media Center

    Quote Originally Posted by ship69 View Post
    Yikes, I am at the limits of my knowledge.
    Ok, so mounting if a disk is a software process that enables the operating system to read and write data to the disk, yes?
    So when you provide the password to TrueCrypt it can then "mount" the disk, and whilst you have it in that open state, any hacker of virus etc can also read your disk, yes?
    Well, of course. If it's accessible to you, it's accessible to anyone who can get into your computer.

    Hmm... OK the main thing I'm concerned about is getting my entire computer stolen and in that situation the disk could not be mounted by any unless they had the password. Which with a reasonable passwords would be effectively impossible.
    And TrueCrypt will guard against that provided you encrypt all your drives, particularly your system drive, which contains the pagefile and hibernation file. The TC web site goes into quite a bit of detail on the subject of data leakage, which I mentioned in my earlier post. I also mentioned configuring Keepass to lock itself whenever the workspace is locked, either with Win+L, sleep, shutdown, or whatever. I normally leave my system in sleep mode. If someone were to break in, unplug it, and steal it, they'd be out of luck due to my TrueCrypt usage which I described; they'd have to crack TrueCrypt, which no one has ever done as far as the world knows. However, if the crackhead thief sat down, resumed from sleep, and hacked my Windows login (yeah, right), he'd also have to crack my Keepass password to get to my 700 passwords. He'd have to do all this without ever powering down the computer, like George trying to preserve his Frogger high score. I'm not too worried about that, but if I were to be gone overnight, I'd power down completely, and then he'd have to crack TrueCrypt.
      My System SpecsSystem Spec

  3. #13

    Posts : 3
    Windows 8.1

    Ascendo Datavault, highly recommend, syncs with mobile devices also. Try it. DrJ.
      My System SpecsSystem Spec

  4. #14

    Posts : 21
    Windows 8 Pro 64bit

    As far as I know, the database is transfered to Last Pass in encrypted form and no masterkey is sent/stored, besides the encryption also uses e-mail address and several other hashing procedures, so Last Pass does not know anything (I am not technician, so excuse my bad wording). Entering the usernames and passwords using Last Pass (from local client) should be just as dangerous as typing them yourself, I suppose.

    Quote Originally Posted by Wullail View Post
    Lastpass , I know there is a small point of weakness because the data is transmitted , but if you make sure you don't have any trojans , keyloggers etc , then it should be secure, The master key doesn't have to be stored , I type it in manually every time I need to log in and access the list.
      My System SpecsSystem Spec

  5. #15

    Posts : 5
    Windows 8 Pro

    Hi all,
    I use a simple system to store passwords. I have a few words & numbers that I will always remember & use the first letter or number to represent a group thus;
    1 = 123
    7 = 789
    a = apple
    @ = @
    for example 7-=>..-B#-@a..:-@1 = 789Bap@apple@123

    Upper case means upper case for that character only and the other symbols are just there to confuse. The actual password is never shown anywhere in full only the tokenised version. I keep all passwords in .txt files + any other useful info - for example Amazon will be stored in amazon.txt. I have numerous backups and for regular use passwords I have them on hard copy & my phone.
      My System SpecsSystem Spec

  6. #16

    Posts : 446
    Win 8 64-bit

    As others have mentioned, it seems like Keepass is what you're looking for if you're looking for a locally stored password manager, and being open source the code is available for anyone to scrutinise.

    On the subject of passwords, I think it's also worth reading some of the ArsTechnica articles about what off-line password cracking actually entails, as it's quite an eye opener for most people. They're not short articles, so read them when you have a bit of spare time. If you don't have enough time to read them all, then maybe just read the second article down.

    Why passwords have never been weaker?and crackers have never been stronger | Ars Technica

    How I became a password cracker | Ars Technica

    Anatomy of a hack: How crackers ransack passwords like ?qeadzcwrsfxv1331? | Ars Technica

    The secret to online safety: Lies, random characters, and a password manager | Ars Technica

    It's also worth keeping in mind that your email account should be treated with the highest level of security as well, because if someone gains control of your email account, it's possible for them to request password resets from websites and intercept the password reset email. So if you're using an account, I'd strongly recommend turning on two-factor authentication.
      My System SpecsSystem Spec

  7. #17

    Password Protect folders in Windows without any Software
    Lock a Folder With Password Using Free Folder Protector

    Keep it simple, no need to download unnecessary software that is just bloatware.
      My System SpecsSystem Spec

  8. #18

    I am currently using Lastpass, after having used Keepass. I found Keepass to be very good, but tedious. Lastpass gives me web integration and the ability to securely stor none web related password in text based notes. I do not know if this is VERY secure, but I need to use something. There are settings in Lastpass that will detect duplicate passwords, telling you to change them, you can enhance the encryption used for the server communication, and it is a better alternative to local encryption and alike.

    I am a bit puzzled as to why none of you guys in the US did not link to That has been a very good readup regarding passwords and their protection for me during many years. In particular the stuff about character repetitiveness on his page .

    W!8.............................l is theoretically a safer password than ZLLzrkFR6r6lQOQzOeRoPhVpLqf7Ri

    You are still in the stone age, some of you....
      My System SpecsSystem Spec

  9. #19

    Posts : 1,925
    Windows 8.1 Pro

    While Steve Gibson has some good basic information on his site, he also has a lot of bad information.. so i'd be a bit careful about using his site. There was once an entire site devoted to how bad his information is, called Thankfully, it's been kept by the internet wayback machine.

    GRC Sucks dot com | Debunking Steve Gibson, Syncookies, Nanomites, Pathlock

    Regarding Mr. Gibson's claims on password strength, one must understand how passwords are cracked. Gibson is *ONLY* talking about brute force password only, something nobody does. Most password cracking is done using something called Rainbow tables, and dictionary lookups. These cracking techniques rely on the fact that people tend to use easy to remember patterns, and as such can greatly reduce the amount of time to crack a password. so using his example of D0g............................... D0g would be a very common pattern and likely exist in the tables, and thus much easier to crack. In fact, there are probably password cracking tools that specifically use combinations of common patterns with repetitions just like this, because it's a known password technique.

    My guess is that someone could brute force any "haystack" password in under a couple of days, unless that haystack password also included some randomness to it.

    And of course, I just found this article which basically says what I just said after a 5 second perusal of his "article" GRC's Password Haystack
      My System SpecsSystem Spec

  10. #20

    Sloe Deth, Californicatia
    Posts : 3,884
    Windows 8 Pro with Media Center/Windows 7

    Well, a lot of the services I use always block the account if logged in from any location other than the ones I use on my system, especially Facepyuke. I get "Password Reset" emails because someone had done this, or, when I try to log in, it makes me go through my security questions.

    (Edit) I have a harder time remembering my security questions.
      My System SpecsSystem Spec

Page 2 of 3 FirstFirst 123 LastLast
What is 'best practice' for password management?

Similar Threads
Thread Forum
Windows 8.1 What are Best-Practice security tweaks?
For example, back in the day with XP I was told it was wise to to go into your network adapters (both Ethernet & Wireless) and disable the NetBIOS and all IPv6 functions. It was also wise to go in and disable certain services you would never use like Remote Desktop. Does anyone have a link...
System Security
Password Reset Disk - Reset User Account Password in Windows 8
How to Reset Your Local User Account Password with Password Reset Disk in Windows 8 and 8.1 If you have previously created a password reset disk on a USB flash drive for your local user account in Windows 8, then this will show you how to use it to reset your password with a new password to be...
Seperate Windows Account, Email Password From PC Password
I found that once I upgraded to Windows 8.1 I had to use my Email account to Log In to my PC. The User has to have a Windows Account (Mine is originally Hotmail - Live - Outlook). I can not stand having the same Password and account info from my Email account the same as my PC. I had to...
User Accounts and Family Safety
Windows 8 App (Modern Interface) updates: best practice
Hi, this is somethig i do not get, and relly do not like how it seems to work: what i would like to achieve is 1) in first instance: to update *all the system* at a time, so far what it seems to me now it's like i have to manage two operating systems one on the desktop side and one on...
General Support
Must email password be same as desktop password?
I am a newbie with Windows 8, so I am trying to teach myself how to use Windows 8.1 via a virtual machine on Windows 7. I set up the user account using my Microsoft email account. I would like to use a different password on my desktop vs the email password. My email password since it is...
User Accounts and Family Safety
How hackable is your password? McAfee offers password tips
Read more at source: How hackable is your password? McAfee offers password tips | Security & Privacy - CNET News
Windows 8 News

Eight Forums Android App Eight Forums IOS App Follow us on Facebook