Best Tool For Remembering Passwords? 1007
StonyCreekBare writes "Lately I've been rethinking my personal security practices. Should my laptop be stolen, having Firefox 'fill in' passwords automatically for me when I go to my bank's site seems sub-optimal. Keeping passwords for all the varied sites on the computer in a plain-text file seems unwise as well. Keeping them in my brain is a prescription for disaster, as my brain is increasingly leaky. A paper notepad likewise has its disadvantages. I have looked at a number of password managers, password 'vaults' and so on. The number of tools out there is a bit overwhelming. Magic Password Generator add-in for Firefox seems competent, but it's tied to Firefox, and I have other places and applications where I want passwords. And I might be accessing my sites from other computers that don't have it installed. The ideal tool in my mind should be something that is independent of any application, browser, or computer; something that is easily carried, but which if lost poses no risk of compromise. What does the Slashdot crowd like in password tools?"
Comment removed (Score:2, Funny)
Hmm (Score:1, Funny)
The ideal tool in my mind should be something that is independent of any application, browser, or computer; something that is easily carried, but which if lost poses no risk of compromise. What does the Slashdot crowd like in password tools?"
I've come up with an incredible solution to your problem!
Used condom wrapper: It fits in your wallet. It's easy to come by. Almost nobody will stop to pick up and investigate your used condom wrapper for secret passwords.
Pros:
- It's highly likely to be thrown away by a pissed-off janitor if it is found
- It could be infected with a disease, so people won't want to touch it
- It gives you "this geek may have had sex cred", and believe you-me... That comes in handy
Cons:
- If you keep it in your pocket and it gets washed, you might have some 'splaining to do to your committed girlfriend or wife
Other than that, it's pretty much a perfect idea.
I'll Paypal you an invoice for my time. TIA.
Post-It Note on the Monitor (Score:5, Funny)
Post-It notes have the distinct advantage that no computer virus or Trojan can steal it.
Do what everyone does (Score:1, Funny)
Do what every idiot in my office does - use their name.
Sure, I try to change the password policy on the server, but of course management gets mad because they can't use "bill" to login and "bill" for a password.
Just this morning someone was all in a huff that there was an open document on their computer. Well, change the password retard, and logout at the end of the day.
BTW, I'm the sysadmin.
Seriously though, if you really can't remember, try using paper and pen in a very cryptic method so as to not shout "I'm a password list" or use a "base" password and addon specifics regarding the login site, for example, for facebook "billbook," for google, "billgoogle," you know, like the retards in my office.
Re:Truecrypt (Score:5, Funny)
I used a Mandylion brand password dongle (Score:2, Funny)
for a long time... it was a little keychain dongle... you push a sequence on the buttons on front and it lets you see the passwords. There are not that many buttons, so if it's stolen don't expect it to last more than a few days, but it'll slow 'em down hopefully long enough to let you change your passwords.
but mine broke :(
Re:Post-It Note on the Monitor (Score:1, Funny)
Ah. The famous MoviePlot.Win32 virus.
Re:paper in your wallet (Score:5, Funny)
Websites could do more to protect their users too. For example if you accidentally write your password here on Slashdot comments, it comes up as masked. Like for example my password is ********.
Re:paper in your wallet (Score:5, Funny)
Really? That works? My password is hunter32. :P
Seems like i can see it still though.
Re:Simple (Score:2, Funny)
Re:How I remember passes (Score:5, Funny)
A guy I used to work with told me a story about a late-night support call with the operations center. He figured out that they needed to run a job that was under someone else's account. So they conference-called in this other guy at home in the middle of the night, and asked him for his password. He refused to give it over the phone, and the operations people were getting madder and madder because the night's jobs were being held up. Finally, he agreed to give them the password but only if they turned off the speaker phone.
The guy's password was BigBlackDonkeyDick.
Hilarity ensued. I'm pretty sure the whole shop knew the guy's password by the next morning (hell, I still remember it and I didn't even know the guy!)
Re:paper in your wallet (Score:5, Funny)
Really? I couldn't see it. this is what i saw
Really? That works? My password is ********.
Re:paper in your wallet (Score:5, Funny)
You only see it because it's your password. Everyone else sees it like this:
Really? That works? My password is ********.
Re:paper in your wallet (Score:1, Funny)
You only see it because it's your password. Everyone else sees it like this:
Really? That works? My password is ********.
is your password just 8 *'s ?
Re:paper in your wallet (Score:3, Funny)
Hey, wait...how did you know my password?
Re:paper in your wallet (Score:3, Funny)
Not me...my password is:
1...2...3....4............5
Re:paper in your wallet (Score:3, Funny)
I put on my robe and wizard hat...
Re:paper in your wallet (Score:3, Funny)
brilliant social engineering.
I almost tried it for a second...
It is not hard to guess (Score:4, Funny)
Re:Hashing Works (Score:2, Funny)
I have circumstantial evidence of someone trying to hack into an account of mine--they were unsuccessful.
Or they were very successful!
Re:paper in your wallet (Score:5, Funny)
He didn't know your password. He just typed "********" but you saw it as "hunter32" because that's your password.
Re:paper in your wallet (Score:3, Funny)
Re:paper in your wallet (Score:2, Funny)
I find the easiest thing is to create a unique password for each website that is tied to the website's name. This way, I can simply look in the browser's URL bar and easily generate the password.
The way I do this is to take the SHA-1 algorithm, change the values in the look up table to only values that I know. So each round of SHA-1 generates a different hash code than the standard SHA-1 algorithm would. It is easy from there, I simply run each URL through my variation SHA-1 and then use the 20 byte hash value as the password. For variation, I will enter the passwords in binary, hex, or octal depending on my mood.
It is all pretty simple. For real security, it is best to not have an application on your computer to calculate it since someone could find it and generate all your passwords or potential passwords. I just remember the lookup table and the SHA-1 algorithm and work it out with yellow pad and pencil.
The bonus to do it this way is that my stock in the companies that manufacture legal pads and pencils has gone up substantially.
Re:paper in your wallet (Score:5, Funny)
I have a similar setup, I have this on a piece of paper in my wallet
ABCDEFGHIJKLMNOPQRSTUVWXYZ
and I simply remember which letter my password starts with, and then what letter comes second etc.
For example, if my password was SLASHDOT, I would start by remembering the first letter, which is S, then remember the second letter, which is L, and I continue remembering until I have completed the password.
Re:paper in your wallet (Score:3, Funny)
Re:paper in your wallet (Score:3, Funny)
Then I revert to my backup backup, which I keep on a post-it note stuck to my work computer.