Glock Talk

Glock Talk (http://glocktalk.com/forums/index.php)
-   Tech Talk (http://glocktalk.com/forums/forumdisplay.php?f=86)
-   -   multiple account and multiple passwords (http://glocktalk.com/forums/showthread.php?t=1442867)

RWBlue 09-13-2012 18:01

multiple account and multiple passwords
 
Do you use the same password for multiple accounts inside the company and out side the company?

My guess is you are like most people and don't realize the security issues you have by doing such a thing. Or to put it a different way, If one account gets compromised all accounts are compromised.

But on the flip side you end up with 12 accounts and 12 password and you are always getting your password reset because you can not remember which password is for which account.

So here is my question for the group, how can you securely keep track of 12 or more accounts inside and outside your corporation when they all have unique passwords?

Bushflyr 09-13-2012 18:54

12? LOL try adding a zero to that.

I'm slowly transitioning to Keepass. Very slowly. It's painful. :crying:

fgutie35 09-13-2012 18:59

Easy, make a super secure password. You would never guess or hack mine, because is in an ancient language and it is hexadecimal in nature, so in digital language, it could be seen as raw data and not a specific incription.

UtahIrishman 09-13-2012 19:28

I memorize my key passwords. The rest are kept in a paper notebook stored in an unknown location.

You can make up memorable passwords that are secure by using mnemonic devices or simple substitution. For example: Password becomes P@$$W0rd.

If you want to memorize a series of passwords, use this approach and then create a mnemonic series based on the first letter of the passwords, such as Every Good Boy Does Fine where EGBDF stand for E@ch, G0od0ne, B0xer, D0gm@, F1e$ty, etc. You get the idea.



I've known some to use patterns on the keyboard. Just don't make it too simple a pattern or it will be compromised in no time.

sappy13 09-13-2012 19:45

My only suggestion would be to make very long and secure passwords, swapping out numbers for letters and symbols. Also dont use passwords that have any personal meaning to you. I have a ton of passwords, so i use keepass to keep up with them. Just get it, put the db in your dropbox, and you will always have access to them.

fx77 09-13-2012 19:57

Gee
I have 5 typed pages of single spaced 12 point font of passwords..
Just shoot me!

gwalchmai 09-14-2012 04:58

I use Password Safe.

FL Airedale 09-14-2012 06:32

I've got more than 100 passwords. I use EWallet. It installs on my phone and computer. Plug the phone into the computer and they synch. Of course if you forget the master password to EWallet, you are in big trouble!

www.iliumsoft.com/ewallet


RWBlue 09-14-2012 07:58

Quote:

Originally Posted by fgutie35 (Post 19416906)
Easy, make a super secure password. You would never guess or hack mine, because is in an ancient language and it is hexadecimal in nature, so in digital language, it could be seen as raw data and not a specific incription.

Understand I am in IT Security.

No password is unbreakable (It just takes time and desire).

Many computer systems store end user passwords in clear text.

Worst case senario if the password database is encrypted and I can get it I could use a rainbow table to break the hash and gain access. (This was part of the RSA attack.)

Having one password for everything is a VERY VERY BAD IDEA.

Chesafreak 09-14-2012 08:47

I have used keepass on an IronKey USB thumb drive for a few years now.

I have worked in information security and I came up with a way to make complex passwords by using patterns on the keyboard. If you were to ask me my master password, I couldn't tell it to you without sitting down at a keyboard to type it out. It's very complex, no words involved, and I only memorize the pattern not the characters so its easy to change my password when it expires without having to memorize another one. I simply move the pattern up/down/sideways when I change it. That also does make it difficult to enter when using a tablet or phone keypad while connecting with Citrix Receiver to work. I also use different passwords for each service. I keep those in keypass on my encrypted IronKey which will wipe itself after too many failed password attempts.

Pierre! 09-14-2012 12:02

LastPass *ROCKS*
 
I am a very happy LastPass user.

It's easy to let LastPass generate the *cryptic* passwords for you, but you have access to edit those passwords if you desire.

LastPass easily captures most changed passwords as well. Some membership sites are getting "clever" and adding odd login screens that are not part of the webpage, but it's easy to manually add passwords for tracking/reminder purposes.

LastPass is easy to use from their website and last time I checked it would not leave any password residue on Kiosks... which are still risky due to keystroke loggers... so use the mouse to activate the onscreen keyboard in these situations!

It's been a couple years now, and I don't see a reason to change.

Hope That Helps
Patrick

harrygunner 09-14-2012 12:42

Bruce Schneier's 'Password Safe' has been made open source. One can download a .exe or Linux binary files. Can also compile it from source. (I haven't used it yet. I made my own years ago.)

http://sourceforge.net/projects/passwordsafe/

Bruce Schneier is active in the security arena and has designed several algorithms that have been well received by the security community.

I use 'mkpasswd' on Linux to generate user IDs, passwords and answers to "forgot your password?" questions. All random and unrelated to all aspects of my life.

BTW, rainbow tables won't help with encrypted files. They provide some assistance with unsalted hashed passwords. And hashing a password does not encrypt the password.

RWBlue 09-14-2012 14:30

Quote:

Originally Posted by harrygunner (Post 19419254)
BTW, rainbow tables won't help with encrypted files. They provide some assistance with unsalted hashed passwords. And hashing a password does not encrypt the password.

There are several ways I could argue this point, but I have decided not to as it doesn't resolve my original query.:wavey:

RWBlue 09-14-2012 15:24

At this point, I am thinking I want to have an Android enabled app. It is the only thing that is consistent between home, work, other environments. The idea of having my passwords in the cloud just doesn't thrill me.

Chesafreak 09-14-2012 15:26

Quote:

Originally Posted by RWBlue (Post 19419799)
At this point, I am thinking I want to have an Android enabled app. It is the only thing that is consistent between home, work, other environments. The idea of having my passwords in the cloud just doesn't thrill me.

Good point about the cloud, however Android apps and platform aren't really all that secure are they?

RWBlue 09-14-2012 15:46

Quote:

Originally Posted by Chesafreak (Post 19419811)
Good point about the cloud, however Android apps and platform aren't really all that secure are they?

The problem I have with any Android app is you really don't know what it is doing unless you have access to the source code and even then there are always updates.

On the flip side, I could just have an excel file on the phone. It is protected by a swip code and then you would have to know what file to go after. As long as I didn't keep the file on the removable chip,....?

The problem is most of my passwords do not translate very well to the phone. They are not words. I am somewhat of a touch typist. On a regular keyboard I type my password and can retype my password, but typing it on a phone is hit or miss, I will actually have to memorize a password because letting the fingures type what they want will not work.

c6601a 09-15-2012 23:14

There is a very simple process.

Think of a person, a place or an event. Think of something you associate with that. For example, what you remember most about your ex Jen is: "Jen and I made out in the back of the car" The password become jaimoitbotc. You can embellish that by throwing in numbers and capitalization based on some formula. Maybe every 2nd, 4th, 8th and 16th letter is capitalized. Every vowel is replaced by a number, like a=1, e=2, i=3, o=4,u=5.

The password now becomes: j13M43tB4tc

The best part is that you can put a sticky on your monitor reminding you that the password is Jen and the password is still safe. :cool:

c6601a 09-15-2012 23:15

Quote:

Originally Posted by FL Airedale (Post 19418072)
Of course if you forget the master password to EWallet, you are in big trouble!

Of when someone manages to crack your master password, they get all your passwords.

RWBlue 09-16-2012 17:38

Quote:

Originally Posted by c6601a (Post 19424390)
There is a very simple process.

Think of a person, a place or an event. Think of something you associate with that. For example, what you remember most about your ex Jen is: "Jen and I made out in the back of the car" The password become jaimoitbotc. You can embellish that by throwing in numbers and capitalization based on some formula. Maybe every 2nd, 4th, 8th and 16th letter is capitalized. Every vowel is replaced by a number, like a=1, e=2, i=3, o=4,u=5.

The password now becomes: j13M43tB4tc

The best part is that you can put a sticky on your monitor reminding you that the password is Jen and the password is still safe. :cool:

Doesn't solve the problem of multiple passwords on multiple machines. Some will get changed ever 60 days other 90 days, others once a year.

RWBlue 09-16-2012 17:41

Quote:

Originally Posted by c6601a (Post 19424395)
Of when someone manages to crack your master password, they get all your passwords.

Make it good change it often.


All times are GMT -6. The time now is 02:02.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Copyright 2013, Glock Talk, All Rights Reserved.