Go Back   Tech Support Forum > Security Center > General Computer Security

User Tag List

Where do you keep all your passwords?

This is a discussion on Where do you keep all your passwords? within the General Computer Security forums, part of the Tech Support Forum category. Hi I don't know where to post this, moderator please move if needed and thanks. I have tons of paper


Like Tree2Likes
Closed Thread
 
Thread Tools Search this Thread
Old 01-19-2020, 07:15 AM   #1
Registered Member
 
Join Date: Jun 2009
Location: Atlanta-GA
Posts: 209
OS: 7



Hi

I don't know where to post this, moderator please move if needed and thanks.
I have tons of paper with my passwords written on them.
I wouldn't dare type them on my laptop or phone.
I have started using the same password for all sites, using one that is long and complicated. I have memorized it.
But with over a hundred sites used, it's would take me a lifetime to change them all, but I do little by little when I have the time.

Just wondering where you guys store them.

Thanks

Pat
vaindioux is offline  
Sponsored Links
Advertisement
 
Old 01-19-2020, 07:47 AM   #2
Team Manager
Microsoft Support
 
Corday's Avatar
 
Join Date: Mar 2010
Location: Midlands of South Carolina
Posts: 26,044
OS: Windows10. In the past CP/M, DOS, Windows 95, 2000, 98SE, ME, Vista & Windows 7

My System


Password Manager. None are written down. They're backed up. Moving from Windows 10.
__________________

The stability of an OS is in direct proportion to the stability of the user.
Corday is offline  
Old 01-19-2020, 08:48 AM   #3
Windows Tech Team
 
Join Date: Dec 2019
Location: Staunton, VA
Posts: 664
OS: Windows 10 Pro, 64-bit, Version 1909

My System


I, too, use a password manager.

It is a very, very bad idea to use the same password for multiple sites, no matter how secure the password itself might be. All it takes is one instance of compromise and the person that has that password has the keys to your kingdom.

I have long espoused what I call The Portmanteau Method of creating passwords that are memorable to you, the end user, are specific to the sites you use, but are well-nigh impossible for a random stranger to guess. Even though I do keep my passwords in the Password Safe password manager "just in case" I almost never need to refer to it for sites I use frequently. I have my own portmanteau formula memorized and can roll the password I need trippingly off my fingertips when needed.

----------------------------------------------------------------------------------
The Portmanteau Method of Creating Passwords
There seems to be a belief that creating passwords that are relatively short, say 8 characters, that are a mis-mash of digits, upper and lowercase characters, and special characters is the best way to ensure security. It isn’t, since most password cracking is done via computer brute force. It’s also not helpful to you if you cannot recall a password for love nor money.
Password length is a far better way of increasing security than anything else. I have often discussed what I dub "The Portmanteau Method" of coming up with very secure passwords that, if you choose your elements carefully, and apply them consistently, will be simple for you to remember, become simple for you to type, and be nearly unbreakable.

Let’s say the following information is accurate for you (some random you):

Your childhood address was: 1653 Rockport Ln
Your first (or favorite) pet was named Admiral
Your preferred special character is an exclamation point

If you create a password (pass phrase, really, but I never use embedded spaces) on a site by site basis, using something about the site, be it part of the URL or something else memorable to you about it and only it, you can create some really secure passwords. Some examples:

For the Discover Card website: Discover1653Admiral! or 1653DiscoverAdmiral! or !1653DiscoverAdmiral

For First Bank & Trust: FirstBank1653Admiral! or 1653FirstBankAdmiral! or !1653FirstBankAdmiral

Using a site such as https://howsecureismypassword.net/ if you enter any one of the above passwords you'll see that by brute force cracking it would take approximately 3 sextillion years to break any one of them.

Provided you keep whatever "fixed elements" you choose in a fixed position, like address house number first, site specific info (which changes) second, pet name third, and single character 4th, you can generate a password that would be virtually impossible to crack unless you were to give someone else all of those details about your life and they know which things you've chosen. You could easily have chosen "Rockport" instead of "1653" but the result would be equally unbreakable because it's not a dictionary word and it's long.

My own portmanteau is not quite that long. Most of the results of it would take approximately 200 years of brute force computing to crack, yet I instantly know when I land on a website or similar what the fixed elements of mine are, and where they're located, and the password rolls quickly off my fingers.

Presuming a portmanteau, and not a string of dictionary words, via brute force 8 character passwords take 2 Hours to crack, 9 character passwords take 4 days to crack, 10 character passwords take 8 months to crack. So, as you can see just increasing a password length by a few characters makes a huge difference in how long it would take to crack them via brute force.

If you use a 3-digit house number, a 5-character pet name, and a single special character you've already got 9 characters. Add in the site-specific component and, well . . .
__________________
Brian
It is better to be hated for what you are than to be loved for what you are not.
~ André Gide
britechguy is offline  
Sponsored Links
Advertisement
 
Old 01-19-2020, 01:58 PM   #4
Registered Member
 
Join Date: Jun 2009
Location: Atlanta-GA
Posts: 209
OS: 7



Thxs a lot for the answers, that's very helpful

Pat
vaindioux is offline  
Old 01-20-2020, 02:17 AM   #5
Moderator
Windows Tech Team
Hardware Tech Team
 
Join Date: Aug 2008
Location: INDIA
Posts: 2,976
OS: Windows 10 | CentOS | Manjaro



I agree with britechguy, however the challenge I've run into are with websites which require a password change every x number of days, which will force you to run so many combinations that you eventually forget it :S

A lot of people have recommended password managers to me, but I'm too paranoid to use them.....
__________________


tristar is offline  
Old 01-20-2020, 03:18 AM   #6
Moderator TSF
Hardware Team Moderator
 
Stancestans's Avatar
 
Join Date: Apr 2009
Posts: 5,150
OS: Windows 10



I too use a password manager. Have been using it since PasswordBox, 2012, before it was acquired by Intel and evolved to Truekey, which I never bothered with. Migrated to Logmeonce after PasswordBox kicked the bucket, for at least a year, until LastPass was offered for free, which is what I've been using for more than a year now. I have it on my android phone and on the browsers I use (Chromium based and Firefox), so I always have access to my vault when needed. I haven't had to memorise any password or formula for almost a decade now.
Stancestans is offline  
Old 01-20-2020, 06:09 AM   #7
Windows Tech Team
 
Join Date: Dec 2019
Location: Staunton, VA
Posts: 664
OS: Windows 10 Pro, 64-bit, Version 1909

My System


Quote:
Originally Posted by Stancestans View Post
I haven't had to memorise any password or formula for almost a decade now.
My problem (if one can call it that) is that I do not want my passwords to be "unrememberable, even to me."

I have had the rare occasion where I don't have access to my password manager but want to hop on the computer at a friend's house to check something. I'm never going to remember any password a password manager generates, but I can remember my personal portmanteau.

For myself, and a certain subset of computer users, it's important to us that we are actually able to recall what our passwords are, or be able to make an intelligent guess that would be utterly impossible for some random stranger to make.

But, if that's not you, then doing what @Stancestans does and using password manager generated passwords for everything makes the most sense.
__________________
Brian
It is better to be hated for what you are than to be loved for what you are not.
~ André Gide
britechguy is offline  
Old 01-20-2020, 04:58 PM   #8
Registered Member
 
Join Date: Jul 2007
Posts: 360
OS: Windows 10



I put all of my passwords on a notepad on my desktop. I like my password hard to remember.
wii_zil is offline  
Old 01-21-2020, 05:52 AM   #9
Team Manager
Microsoft Support
 
Corday's Avatar
 
Join Date: Mar 2010
Location: Midlands of South Carolina
Posts: 26,044
OS: Windows10. In the past CP/M, DOS, Windows 95, 2000, 98SE, ME, Vista & Windows 7

My System


Quote:
Originally Posted by wii_zil View Post
I put all of my passwords on a notepad on my desktop. I like my password hard to remember.
There are dangers in doing this as you can well imagine.
__________________

The stability of an OS is in direct proportion to the stability of the user.
Corday is offline  
Old 01-21-2020, 07:13 AM   #10
Windows Tech Team
 
Join Date: Dec 2019
Location: Staunton, VA
Posts: 664
OS: Windows 10 Pro, 64-bit, Version 1909

My System


Quote:
Originally Posted by Corday View Post
There are dangers in doing this as you can well imagine.
I haven't decided whether this literally means on a "pen and paper" notepad on the top of his desk, or in a plain text file, edited by Notepad, on his desktop.

There are dangers in doing both, that's for certain (though nothing is completely without risk), but the latter being far more dangerous than the former if one maintains physical access control.

I find it interesting how often the cardinal rule of security: control who has physical access to any given piece of equipment - is ignored. If you don't have that, then all else is built on quicksand.
__________________
Brian
It is better to be hated for what you are than to be loved for what you are not.
~ André Gide
britechguy is offline  
Old 01-21-2020, 04:24 PM   #11
Registered Member
 
Join Date: Nov 2011
Location: Florida usa
Posts: 14
OS: windows 10 pro



Last Pass comes highly recommended. I use it and it is very good.
cliffmid is offline  
Old 01-21-2020, 05:07 PM   #12
Registered Member
 
Join Date: Jun 2009
Location: Atlanta-GA
Posts: 209
OS: 7



Is last pass free? Their website seems to say so, but I haven't looked hard.
How safe is it for browsers to remember your passwords? They always ask me. I bet it's a no no since nobody mentioned it.

Pat
vaindioux is offline  
Old 01-21-2020, 05:39 PM   #13
Registered Member
 
Join Date: Sep 2019
Posts: 6
OS:



I support Britechguy.....I use Keepass for my pw manager....and I keep it on a flash drive attached to my belt....therefor the database is never on an computer or cloud service...

And I also use several words...numbers...characters and mix them up....I use these on non-financial sites...

For all my finiancial accounts...credit card etc....most of my pw's are about 40 characters long...a messy mix of upper...lower...numbers...charecters that are impossible to remember and those go on my Keepass....

Just another method to solve an old and vexing problem...
Mutch is offline  
Old 01-21-2020, 07:45 PM   #14
Registered Member
 
Join Date: Mar 2010
Location: Richfield, MN
Posts: 27
OS: macOS



vaindioux LastPass is free, but if you pay $2/month to be a "premium member", you will get a faster response to your questions. I like it. I've been using it for years. I like using gobbledegook passwords that they will generate for you, along with a bunch of other services that I won't take the time to tell you. I have them generate 16-character gobbledegook passwords for me, while I have to remember just one: My "Master Password" which I need to open and get inside. EVERYTHING inside is encrypted, and I store all my secrets there, including my Social Security Number, although I've remembered it now for about 75 years. By the way, they do not know your Master Password, so if you forget it, you have your hands full, but even then they will attempt to help you recall it. There is also a place for a hint that you can use to jog your memory, but even that should be a crypticism (?) that means something only to you.
BudVitoff is offline  
Old 01-21-2020, 08:11 PM   #15
Moderator, Editor, Articles Team
 
Deejay100six's Avatar
 
Join Date: Nov 2007
Location: Doncaster, Great Britain
Posts: 11,810
OS: Windows 7 Professional SP1

My System


BudVitoff,

Quote:
ASSISTANCE VIA PM

This practice is prohibited in TSF. The very reason that there are Support Forums is to assist ALL members with a variety of problems. Displayed posts are very useful and can save a staff members having to repeat solutions that have been dealt with previously. i.e. members are able to help themselves. Looking for help via PM not only prevents this but it is also annoying and harasses staff.

Rules
__________________
Regards, Dave.


Submit New Articles Here

Help us to help you by posting your System Specs
Deejay100six is offline  
Old 01-21-2020, 08:12 PM   #16
Windows Tech Team
 
Join Date: Dec 2019
Location: Staunton, VA
Posts: 664
OS: Windows 10 Pro, 64-bit, Version 1909

My System


For those who want a free, open-source, and well-respected password manager that's been around for a long while now take a look at Password Safe.

It has Android and iOS ports, and supports storing your encrypted password safe in the cloud if you so choose, which I do. The probability of anyone being able to break the encryption on the safe itself were they even able to obtain it is so small as to make any concern about it being in the cloud negligible, in my opinion. I worry about the somewhat probable when doing risk assessment, not the remotely possible (but highly improbable, too).

I've been using it for some years now and it does everything I need it for, and has many bells and whistles that I don't use.
__________________
Brian
It is better to be hated for what you are than to be loved for what you are not.
~ André Gide
britechguy is offline  
Old 01-22-2020, 04:31 AM   #17
Registered Member
 
Join Date: Sep 2010
Posts: 29
OS: W10 Home x64



I use ROBOFORM. I can also sync between different devices, PC, phone, table. Can also use it for programs/apps, like Quicken. Can also p/w protect it so that you'd have to provide a p/w before it would fill something in (I do not use that function as I'm the only user of my PC).
ispalten is offline  
Old 01-22-2020, 12:15 PM   #18
Registered Member
 
Join Date: Jan 2009
Posts: 2
OS: XT



I have been using a password manager called "RoboForm" for over 5 years. It is password protected, can save YOUR passwords or generate random passwords for any site you go on. It's an inexpensive yearly license with many free updates throughout the year. There are several of these out there. Your browser can also be set to remember your passwords should you so desire. Good luck.
jmmdmd is offline  
Old 01-23-2020, 02:12 PM   #19
Registered Member
 
Join Date: Nov 2007
Posts: 29
OS: WinVista



For britechguy, would you comment please. I understand what you are saying about brute force password cracking. But for me, I wonder why anyone would target me personally and waste time trying to crack one of my passwords. I don't have lots of money, I don't hold government secrets, I don't have vital information about someone that people would like to know. I could be a target of identity theft I suppose.

Anyway, I like your Portmanteau Method, have used something similar in the past but for too many repetitions so I'll start re-applying using your method. I don't like being so dependent on a password manager (KeePass - 8 character combinations).
dangnad is offline  
Old 01-24-2020, 06:12 AM   #20
Registered Member
 
Join Date: Nov 2011
Location: Florida usa
Posts: 14
OS: windows 10 pro



Yes, LastPass is free. As do so many, there is a "premium" version, but I have found the free version completely satisfactory.
cliffmid is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:48 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts