Spread the Word about Basic Security

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 716369

    Comments posted to this topic are about the item Spread the Word about Basic Security

  • srowley2

    SSC Journeyman

    Points: 82

    Totally agree!

  • phegedusich

    Ten Centuries

    Points: 1343

    As a near-senior citizen, I’d like to know how one goes about protecting and remembering 30 or 40 different accounts/passwords. Password vaults are only as secure as the password used to gain access to them. How do I protect that one?

    ;^)

  • david.wright-948385

    SSCarpal Tunnel

    Points: 4028

    phegedusich wrote:

    As a near-senior citizen, I’d like to know how one goes about protecting and remembering 30 or 40 different accounts/passwords. Password vaults are only as secure as the password used to gain access to them. How do I protect that one? ;^)

    I'm there with you on that one :o)

    1. Make it a good one (i.e. less memorable);
    2. remember it;
    3. don't save it;
    4. don't disclose it;
    5. don't use it anywhere else;
    6. use a reputable vault.

    It's not perfect, but it's good.

     

     

  • Rod at work

    SSC-Dedicated

    Points: 33151

    I started using a password manager about two years ago. I won't go back. I love the fact that the password I use at my bank is nothing at all like the one I use with my credit union. So, even if someone hacks my password at one, they can't get to the other.

    Unfortunately, no matter how often I've talked to my wife about using a password manager, she refuses to do so.

    Kindest Regards, Rod Connect with me on LinkedIn.

  • Steve Jones - SSC Editor

    SSC Guru

    Points: 716369

    phegedusich wrote:

    As a near-senior citizen, I’d like to know how one goes about protecting and remembering 30 or 40 different accounts/passwords. Password vaults are only as secure as the password used to gain access to them. How do I protect that one? ;^)

    To me this goes under the "I'm too paranoid, so don't do anything" complaint. Pick one really good, strong password. Like "MyD0gBlu3AlwaysFindsTheCl%e!"

    Then you try and protect your database file of passwords. It's not perfect, as David mentioned, but it's better than crappy passwords, writing them down, or even losing a keylogger. Losing there means someone is targeting me, has to identify the password amognst other things I type and mistype. If you're worried, randomly bang around on the keyboard in Notepad sometimes.

    This is way beyond anything else we have, and it's easy to change one password if it is compromised.

    I use Password Safe, because it works across all devices (Windows, iOS, Android) and with Dropbox for the files. It has no browser integration, but I prefer to decide to enter passwords. https://www.pwsafe.org/ This is open source, written initially by  security expert, Bruce Schneier, and free/low cost.

    Some people love Keypass. My wife uses TrueKey, which is a concession to me for a manager, but provides easy integration with browsers on her laptop and Android device (https://www.truekey.com/)

    Pick something, add a layer of security to your life, and get used to using it.

  • JustMarie

    SSCertifiable

    Points: 7771

    I have a password safe app on my phone that doesn't integrate with anything. I find it highly useful to keep track of all the various sites where I have accounts along with the account numbers and passwords. By keeping it separate there's very little chance of having it hacked.

    And yes. Every site gets a different password so that one data breach has far less chance of getting into my other accounts. Just as I have different user names for important sites.

  • TomThomson

    SSC Guru

    Points: 104772

    phegedusich wrote:

    As a near-senior citizen, I’d like to know how one goes about protecting and remembering 30 or 40 different accounts/passwords. Password vaults are only as secure as the password used to gain access to them. How do I protect that one? ;^)

    I'm a senior citizen (75 years old later this year) and don't find it a problem.

    I use a password of about 220 characters for access to my password vault.  The (about) 220 characters come from poetry that I know and love that was originally in one of the languages I'm competent in, where I've translated bits of it into other languages (some of which I'm less competent in).   The starting language is naturally one of English, Gàidhlig na h-Alba (Scottish Gaelic), and French; and the bits translated out of the original might be either of the other two of those or Spanish, Gaeilge (Irish), Latin, German, or Italian.  All I have to do is remember the original poetry and which bits I translated to which language.  Not difficult.  But very secure.  Even though not all of the six languages I've mentioned are actually used in the key (it only uses 3 languages) I can safely tell people this because later on I will change the vault password to start from poetry of a different length (maybe about 180 characters, or maybe about 260, or maybe some other length) and perhaps using a different set of languages (and perhaps only 2 languages, or perhaps 4 or 5) so I don't think anyone could use the information I've given to get into my password vault even if they could somehow by magic extract it from the one of the discs I keep copies of the vault on.  (It would probably still be 100% safe if the passphrase was all in its original language anyway 180 characters is quite a lot, particularly if you don't know which of the five[?] alphabets to use).

    If you use a system that doesn't make your vault key's length available, you probably don't need to use more than one language (but using more that one helps) - as long as you have one bit of song lyrics or poetry or prose from a play or a novel or a text book that you like well enough to remember; the possible keys are so many that they will be secure as long as you avoid the obvious ones and keep it decently long(for example don't try "Whan that Aprille with its floores suite" or however Chaucer spelt it, it's too well known as well as too short; although a bit of misspelling might improve it; and don't try "Oh say can you see..." or  "Allons enfants..." or equivalents.

    Like Steve, I use Bruce Schneier's password safe (aka pwsafe)

    • This reply was modified 4 months, 2 weeks ago by  TomThomson.
    • This reply was modified 4 months, 2 weeks ago by  TomThomson.

    Tom

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic. Login to reply