# password-password everwhere a password



## itsb (Jan 13, 2013)

whats up with all the passwords, I know its for security, but dang it seems that the putter day is a paper less world BUT I got note books full of passwords, went to the bathroom the other day and I had to have a password(well not realy:sing


----------



## mnn2501 (Apr 2, 2008)

Yeah, I agree, its getting to be way too much. I understand the need for security, however who cares if someone can get in my car insurance site, what are they going to do, pay my insurance?

Let me give you some idea's however, you could take a word out of everyday life (not a kids/pet/spouse name) and interspace it with a phone number (not your current one but one that you know/remember)add a symbol and you've got a nearly unbeatable password/

For example the word Donkey and the phone number 555-1212 would become D5o5n5k1e2y12$ all you have to remember is the word and the phone number which is already something you would remember and then add the $.

or another way would be to use the name of the site and perhaps your state (or something else you'll remember), thus Amazon and Texas (and spell Texas funny [email protected]$ but always spell it that way) would be [email protected]$zon and Yahoo and Texas would be [email protected]$hoo, Facebook would become [email protected]$book, etc

These ways you have a system you should be able to remember without writing it down and still make it nearly impossible to figure out.


----------



## akane (Jul 19, 2011)

I have 3 passwords I have used since 1995. The security level varies. I have a simple one for most websites, a modified version with numbers for sites that require a more secure or longer password, and then a very complicated password from another language that I use on anything that involves money and real world interaction like paypal and facebook. Every site gives you 3-5 tries to get it correct so unless I had to throw in some caps to satisfy the rules for an account on that site I can go through every password I use in 3 tries.


----------



## MoonShadows (Jan 11, 2014)

Like akane, I have a 3 password system, too. One simple one for sites I really don't care about or don't really warrant a password, one for all my home business sites, and one for anything financial. Each one increases in complication. I change them every once in a while. To come up with new ones, I just look around my office. I have so many electronic devices and gadgets. I usually use the brand name of one device for low-level sites...the brand name of that device and the model number of another device for my home business sites, and both those and a personal combination of words/numbers for my financial sites. Might sound complicated, but it works for me, and I never forget a password.


----------



## Librum (Dec 17, 2003)

From hard experience, do not 'share' passwords between sites, etc.

The way I do it is quite simple. I have a little html file on the root of my hard drive, and made it the 'home' page. On that I edit in links to the sites, with a notation of username/password. As they change, I edit the file, keeping it current.

each line is something like 
<a href="http://www.homesteadingtoday.com">Homesteading Today</a> username/password<br>

Sarah


----------



## arabian knight (Dec 19, 2005)

akane said:


> I have 3 passwords I have used since 1995. The security level varies. I have a simple one for most websites, a modified version with numbers for sites that require a more secure or longer password, and then a very complicated password from another language that I use on anything that involves money and real world interaction like paypal and facebook. Every site gives you 3-5 tries to get it correct so unless I had to throw in some caps to satisfy the rules for an account on that site I can go through every password I use in 3 tries.


 I have about that many also many of the most frequented boards etc. I have one only that I use all over the place and have pretty much had the same one for 15 years and have used it all over the net. The CC on line one is different and so is this site, although that is not be my doing but this site itself. So I have the e mail saved so when I delete all my cookies I can go back back and copy the password for this site. LOL


----------



## plowjockey (Aug 18, 2008)

I learn the hard way, to never use a username/password, on more than one account.

Managing passwords stinks

Now, to make thing even worse, banking accounts etc. ask security questions - "what was the name for your favorite pet?" "mother's middle name". etc etc etc. Was that the pet when I was a kid or now? Was that my mother or DWs mother? How am I supposed to remember all this?

I found the easy answer for the endless usernames / passwords in use.

Use a program like keypass. You only have to remember one password.

I use unique username for each account and a massive generated password, I could not possible even remember myself.

When I want to log on to an account, I just open the corresponding keypass entry, click on the link to open the web page for the account, then cut-and-paste the username first and then cut-and-paste the massive password next. works like a charm.

If the logon asked for the answers to the "security questions", I have them in the _notes_ sections of the keypass entry.

These types of username password storage programs have very strong encryption, so if they can be broken into, it won't be easy.

The are also suppose to be able to just click on the site and have it put the username and password in automatically, but I have never been able the get them to work properly. Web page designers may be doing this to foil automated hacker scripts.

A password managing program it the only way to go IMo. Just make sure to back up the database file in a safe place and don't forget the main password.

http://keepass.info/

http://keepass.info/help/base/security.html


----------



## mnn2501 (Apr 2, 2008)

I have not done it yet myself but to all those 'Security Questions' a co-worker of mine users the word 'answer'

Our company has paid hackers come in once a year to test our security. This last fall the first program they successfully hacked was our Password storage program (the supposedly safe/secure/encrypted place we can keep all of our passwords - once having broken that they could have done anything they wanted)


----------



## plowjockey (Aug 18, 2008)

mnn2501 said:


> Our company has paid hackers come in once a year to test our security. This last fall the first program they successfully hacked was our Password storage program (the supposedly safe/secure/encrypted place we can keep all of our passwords - once having broken that they could have done anything they wanted)


Do you know which program that was? Just curious.


----------



## mnn2501 (Apr 2, 2008)

plowjockey said:


> Do you know which program that was? Just curious.


Its called Secret Server -- made by Thycotic


----------



## Limon (Aug 25, 2010)

mnn2501 said:


> Yeah, I agree, its getting to be way too much. I understand the need for security, however who cares if someone can get in my car insurance site, what are they going to do, pay my insurance?


They'll have your full name, address, phone number, Social Security number and your bank information - everything they need to completely rob you blind.

A very simple yet effective password scheme is to pick two words that you can easily remember and stick a number between them. If you stick a special character or capital letter in there, it's even better ---> cows04milk, Honey11bee$, etc.


----------



## akane (Jul 19, 2011)

Putting all your passwords in one location is not any safer than using the same sn/pass for various sites like this. Security on forums I go to is not really an issue. So what if someone hacks my account... The worst they can do is post junk until I contact an admin to fix it and delete everything that was posted. Annoying but hardly a serious risk. There are a few sites I use a special sn that doesn't trace back to my usual one. For the most part though being identified on multiple forums is useful because a lot of people I talk to use the same group of forums or games. My facebook account info did get stolen once and I swiftly changed to my most complicated password.


----------



## okiemom (May 12, 2002)

dh has to change passwords every month. what a pain. Many say that passwords need to change every 6 mos.


----------



## mnn2501 (Apr 2, 2008)

Limon said:


> They'll have your full name, address, phone number, Social Security number and your bank information - everything they need to completely rob you blind.


Nope, no SS number and bank info is encrypted.


----------



## plowjockey (Aug 18, 2008)

okiemom said:


> dh has to change passwords every month. what a pain. Many say that passwords need to change every 6 mos.


Both are a waste of time and money. Just _old-school_ data mentality

If someone steals a password, they are going to try to use it right away.


----------



## plowjockey (Aug 18, 2008)

akane said:


> Putting all your passwords in one location is not any safer than using the same sn/pass for various sites like this.


Why not?

Using a password safe, like Keypass, if they are not impossible to crack, they are certainly not simple, provided the master password is secured.



> KeePass uses a custom password derivation process which includes multiple iterations of symmetric encryption with a random key (which then serves as salt), as explained there. The default number of iterations is 6000, so that's 12000 AES invocations for processing one password (encryption is done on a 256-bit value, AES uses 128-bit blocks, so there must be two AES invocations at least for each round). With a quad-core _recent_ PC (those with the spiffy AES instructions), you should be able to test about 32000 potential passwords per second.
> 
> 
> With ten random characters chosen uniformly among the hundred-of-so of characters which can be typed on a keyboard, there are 1020 potential passwords, and brute force will, on average, try half of them. You're in for 1020*0.5/32000 seconds, also known as 50 million years. But with _two_ PC that's only 25 million years.


http://security.stackexchange.com/questions/8476/how-difficult-to-crack-keepass-master-password


----------



## jefferson (Nov 11, 2004)

I find that if I keep my thought process to my self, I have few problems with other people guessing at my passwords. Hint, hint......... don't tell other people how you come up with a password. Sarcasm off.


----------

