Hi
What is the 'best practice' for managing one's passwords?
A) HOW SHOULD I STORE PASSWORDS?
Problems:
1. I need to manage a fairly large number (i.e. 50+). So there are too many to remember.
2. Obviously I don't want to keep them inside a simple unencrypted text file, in case my data gets hacked.
3. If I download dedicated password application how can I trust it?(!)
4. I don't trust 'The Cloud' nor any of the big data owners: google, apple, amazon, drop-box et al.
5. I don't want to be tied to anything that I cant migrate with me onto my next hardware, when I come to upgrade my PC(s).
Either way I dont really want to pay anything (certainly not more than a few dollars) for this security.
I was thinking of using something like TrueCrypt to create a virtual drive (that I encrypt robustly) and then storing my passwords in an ordinary text file.
That way I would have a single master password (for TrueCrypt) which would give access to all the other passwords.
[Aside: Obviously if I forget my master password I'm screwed!]
B) PASSWORD CONVENTIONS
As you know many sites require passwords that meet specific rules e.g.
- At least one upper AND one lower case letter
- At least one digit
- No tripplets (three characters the same next to each other) (iTunes!)
- No more than 16 characters
Double-click problems
Some sites allow extended ASCII characters (e.g. £$%^&*) , which give VASTLY better security of course. BUT they are a mighty pain to use regularly because if you double-click using Windows (XP /7 /8), windows doesn't accept extended as being part of 'a word' and ignores the extended ASCII characters in your password. And if you TRIPLE-click, it then selects the entire line! This is a nightmare if you are in and out of passwords all day.
SUMMARY
a) I want passwords that are pretty much secure.
e.g. say 1 trillion years from my desktop to crack according to this site:
https://howsecureismypassword.net
(Not that I trust it not to harvest whatever I put in and use against me!)
This is extremely hard (perhaps impossible) to achieve within 16 characters unless one uses extended ASCII.
b) For day-to-day convenience, I want to absolutely minimize the number of clicks and keystrokes.
c) For low security sites that I dont give a damn about, I just want something easy to type in.
- Any suggestions?
With thanks
J
P.S. Btw, for reasons of security I clear out cookies on a regular basis (for convenience using a utility - CCleaner)
What is the 'best practice' for managing one's passwords?
A) HOW SHOULD I STORE PASSWORDS?
Problems:
1. I need to manage a fairly large number (i.e. 50+). So there are too many to remember.
2. Obviously I don't want to keep them inside a simple unencrypted text file, in case my data gets hacked.
3. If I download dedicated password application how can I trust it?(!)
4. I don't trust 'The Cloud' nor any of the big data owners: google, apple, amazon, drop-box et al.
5. I don't want to be tied to anything that I cant migrate with me onto my next hardware, when I come to upgrade my PC(s).
Either way I dont really want to pay anything (certainly not more than a few dollars) for this security.
I was thinking of using something like TrueCrypt to create a virtual drive (that I encrypt robustly) and then storing my passwords in an ordinary text file.
That way I would have a single master password (for TrueCrypt) which would give access to all the other passwords.
[Aside: Obviously if I forget my master password I'm screwed!]
B) PASSWORD CONVENTIONS
As you know many sites require passwords that meet specific rules e.g.
- At least one upper AND one lower case letter
- At least one digit
- No tripplets (three characters the same next to each other) (iTunes!)
- No more than 16 characters
Double-click problems
Some sites allow extended ASCII characters (e.g. £$%^&*) , which give VASTLY better security of course. BUT they are a mighty pain to use regularly because if you double-click using Windows (XP /7 /8), windows doesn't accept extended as being part of 'a word' and ignores the extended ASCII characters in your password. And if you TRIPLE-click, it then selects the entire line! This is a nightmare if you are in and out of passwords all day.
SUMMARY
a) I want passwords that are pretty much secure.
e.g. say 1 trillion years from my desktop to crack according to this site:
https://howsecureismypassword.net
(Not that I trust it not to harvest whatever I put in and use against me!)
This is extremely hard (perhaps impossible) to achieve within 16 characters unless one uses extended ASCII.
b) For day-to-day convenience, I want to absolutely minimize the number of clicks and keystrokes.
c) For low security sites that I dont give a damn about, I just want something easy to type in.
- Any suggestions?
With thanks
J
P.S. Btw, for reasons of security I clear out cookies on a regular basis (for convenience using a utility - CCleaner)
My Computer
System One
-
- OS
- Windows 8.1 Pro (x64)
- Computer type
- Laptop
- System Manufacturer/Model
- Samsung NP740U3E-S04UK (Series 7 Ultra Notebook)
- CPU
- Intel Core i5 - 3337U
- Motherboard
- Intel HM76 (?)
- Memory
- 6GB DDR3 System Memory at 1600MHz
- Graphics Card(s)
- AMD Radeon™ HD 8570M graphics card with 1GB gDDR3 Graphic Memory (PowerExpress)
- Monitor(s) Displays
- 13.3" SuperBright+ 350nit FHD LED Display with Touch Screeen Panel
- Screen Resolution
- (1920 x 1080)
- Hard Drives
- 512GB mSATA Samsung (PM841 Series MZMTD512HAGL-00000 mSATA 512GB SATA III MLC Internal SSD)
- Keyboard
- Logitech MK700
- Mouse
- Logitech M705
- Internet Speed
- 4 to 15Mbps
- Browser
- Firefox, MSIE, Chrome, Opera etc
- Antivirus
- AVG Cloudcare