# How do you manage your passwords



## chevy (Apr 29, 2007)

I recently read in a newspaper several considerations about passwords.

The first one was a provocative remark: most company forbid users to write down their passwords... the result is that people select very simple passwords, and often only one single password for all their accounts. This significantly lowers the security of the system.

The article then gave hints on how to choose "good passwords": have a safe and difficult to guess root, and then add an account specific element.
Like (simplified): gT#3rO as root
and %gm for google mail, %mx for macosx.com, %ht for hotmail, ...
Example: gT#3rO%gm, gT#3rO%mx, gT#3rO%ht

It makes it easy to remember and difficult to guess.

Do you have something similar ? Any comments ?


----------



## Damrod (Apr 29, 2007)

At work we use a lot of pass phrases. Example:

The weather is good to work on Servers today!

would become

TwigtwoSt! or Twig2woSt!

As long as you can remember the phrase, you can reconstruct the password. Not all of our used passwords are save though, and we definately need to change them. A lot of them were hacked with Jack the Ripper (a password cracking tool) within minutes...

I personally look forward to the mobile app "MobileSitter". It's a password wallet for Cell Phones. The nifty thing about it is, that you do not get a failure message when entering the wrong wallet code. it generates random passwords and through this, someone going through my mobile to get passwords wont know if the results are the true or false ones. It's not out yet though...


----------



## fryke (Apr 29, 2007)

I just use one password for everything. It's "10010101". Works perfectly, and I never forget it.


----------



## Satcomer (Apr 29, 2007)

Users of OS X at home and are paranoid could use the shareware program 1Passwd.


----------



## rwilkerson (Apr 30, 2007)

I use 1Passwd and KeePassX.  Both quite good, while 1Passwd excels for online passwords.  A great click-saver when coupled with AllBookmarks.


----------



## artov (Apr 30, 2007)

I use a simple password for services that need some, but I do not care about
security. For others I have three passwords (the original was kind of based
on my watch, others are generated from it). I have Handy Safe on my 
Sony-Ericsson P990i where I keep all the other passwords (those that
some service has generated the password for me).


----------



## ScottW (Apr 30, 2007)

I use PCMacPassword... it works on Mac, Windows and Linux. Has a portable version for thumb drives and syncs with your primary system. Very cool app. As for Mac apps... it's a little windows like... but been using it over 2-3 years now and no issues what-so-ever.


----------



## Ferdinand (Apr 30, 2007)

Is that a freeware app, if not, what did you pay for it?


----------



## ScottW (Apr 30, 2007)

They changed the name, Password Vault.

http://www.lavasoftware.com/Passwor...Form Filler For Windows, MacOS and Linux.html

Has lite version and pay version, I think it was only like $15.


----------



## chevy (Apr 30, 2007)

I use a short series of passwords for some accounts, and I write complex passwords for more secure accounts.


----------



## Rhisiart (May 1, 2007)

I used to have web space with a company in Dublin. They sent an email to all customers advising them to ensure we use secure passwords for our accounts, as one customer had apparently used 'IRELAND' as his/her password.


----------



## chevy (May 1, 2007)

How do they define a secure password ?


----------



## bbloke (May 1, 2007)

rhisiart said:


> I used to have web space with a company in Dublin. They sent an email to all customers advising them to ensure we use secure passwords for our accounts, as one customer had apparently used 'IRELAND' as his/her password.


Actually, it bothers me a little that they would know people's passwords (I assumed they would use a root account to let themselves into people's accounts, without ever actually knowing the user's password) and that they would tell other users what one person's password was...


----------



## ScottW (May 1, 2007)

It is common practice for companies that have a dedicated security team, to run "dictionary attack" (inside job, so not really an attack) against their own user base, to find out who is using "password" and other common words, accounts that would be prone to a dictionary attack.

Educating is key and by letting people know that someone had such a simple password (which may have been changed already) it gives people an idea of what a silly password would be.


----------



## chemistry_geek (May 1, 2007)

I work in a corporate environment and am required to change my password ever 3 months, so I resort to using the names of characters from TV shows or books in combination with numbers.  On my Macintosh at home I have only one password that I've ever used, and on the web, I use a version of just one word.  So far everything I do with passwords has worked well.


----------



## bbloke (May 2, 2007)

ScottW said:


> It is common practice for companies that have a dedicated security team, to run "dictionary attack" (inside job, so not really an attack) against their own user base, to find out who is using "password" and other common words, accounts that would be prone to a dictionary attack.


Ah, yes.  Of course!  

I misinterpreted it as meaning they knew or could access everyone's passwords, which would make me rather wary.


----------



## loyaltubist (May 3, 2007)

My answer: Very stupidly.

I use two basic login names and three basic passwords.

I can't memorize any more than that!


----------



## karavite (May 29, 2007)

I use Password Plus by Dataviz. It is awesome because it works and syncs on a Palm, Mac and PC. So, I can have all my passwords wherever I need them (I have at least 100). It also generates passwords with defined complexity rules. As a result of having this, all my passwords are very complex.


----------



## pjeski (Jun 1, 2007)

I just use the password *****


----------



## pantosj (Jun 12, 2007)

I keep my passwords on Dashboard stickies....encoding them with hints so they remain secure...like this hint: suph (superhero) for the password ba+man. This way, I can have lots of unique passwords that are just a function key away.


----------



## pds (Jun 12, 2007)

I wonder if what I do is safe enough. I have very difficult random passwords and copy them to Word. I set the font color to white and then zoom the screen a little. Then I drag them to the desktop and they become picture clippings. I change the name to something innocuous but that tips me off to what they are. If I open them, I only see random dots.

I keep them in an encrypted disk image although the image password is in keychain, so it opens straight away. 

When I need them, I open the disk image and drag them to the correct field. I usually close the image immediately.

I don't have to worry about this in a corporate environment, it is my home and school solution.

I figure it works to avoid keyloggers or other types of snooping while on-line, but maybe my security is just based on stupidity.


----------



## serpicolugnut (Jun 13, 2007)

I use a combination of Wallet by Waterfall Software, and keyhchain. Wallet keeps all of my serial numbers, and other web login codes. Plus, Keychain stores the login/pass combo on just about every website I visit.


----------



## icemanjc (Jun 13, 2007)

Simple, my brain.


----------



## one1step1 (Jun 16, 2007)

ScottW said:


> I use PCMacPassword... it works on Mac, Windows and Linux. Has a portable version for thumb drives and syncs with your primary system. Very cool app. As for Mac apps... it's a little windows like... but been using it over 2-3 years now and no issues what-so-ever.



Can we get a link to this Scott?

I have been using 1Passwd, and it's good.. but still not as good as Roboform that I used for years on the Windows box.


----------



## CharlieJ (Jun 18, 2007)

I use my brain to manage my password.... Well I use keychain. (if thats what you mean)


pds said:


> I wonder if what I do is safe enough. I have very difficult random passwords and copy them to Word. I set the font color to white and then zoom the screen a little. Then I drag them to the desktop and they become picture clippings. I change the name to something innocuous but that tips me off to what they are. If I open them, I only see random dots.
> 
> I keep them in an encrypted disk image although the image password is in keychain, so it opens straight away.
> 
> ...


So you store your passwords as images in an encrypted disk image?
... no offense but that is pretty stupid 

Try making a very big word document with lots of text such as: Shakespeare and put loads of different .txt files in a folder called 'Shakespeare' and have one with passwords in white text somewere random in one of the storys. realy who is going to look in every file?


----------



## polltullach (Jun 19, 2007)

I just signed up with PV based on what I read on this thread.
Now the questions arise (and it may be naive); What guarantee do i have that PasswordVault does not have access to all my passwords? And how do I know who they are? Sorry!


----------



## g/re/p (Jun 20, 2007)

CJ MAC OSX IPOD said:


> So you store your passwords as images in an encrypted disk image?
> ... no offense but that is pretty stupid


actually, it's damned clever!



CJ MAC OSX IPOD said:


> Try making a very big word document with lots of text such as: Shakespeare and put loads of different .txt files in a folder called 'Shakespeare' and have one with passwords in white text somewere random in one of the storys. realy who is going to look in every file?



That is totally ridiculous (and stupid??) - and insecure as hell.


----------

