Go Back   AnandTech Forums > Hardware and Technology > Computer Help

Forums
· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals with Free Stuff/Contests
· Black Friday 2014
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions
   

Reply
 
Thread Tools
Old 01-25-2013, 11:49 AM   #1
vulcanman
Senior Member
 
Join Date: Apr 2001
Posts: 607
Default So here is how I manage all my passwords (Opinion Wanted)

After spending years chasing the next best app for Password Management .. I have returned to the stone age technique ...

I created an excel spreadsheet 47 rows X 7 columns and populated it with absolutely random 12-character passwords. Each password has uppercase and digits.

So cell A17 would, say, contain the word 5Re4sGawerTy

I print two copies of this file (or how many ever) and then delete the original electronic version of the file.

Now lets say I want to open an account on Amazon.com ... I decide that the username will be A17 and password would be G40

I create a draft email in gmail with the subject line "Amazon U/P" and in the message box type in A17 (username) and G40 (password). By the way I use 2-factor authentication for all my Gmail accounts ... and it uses a password system that does not depend on this technique. LOL!

When I want to remember my username and password I do a quick Gmail lookup and then use the hard copy for the actual password.

If I want to change passwords ... I recreate a new random password list but can continue to use my gmail draft folder for the reference cell number.

I used to use LASTPASS ... but became worried about putting too much faith and trust in a company/group that exists on the other side of the wire.

This is the most boring technique of password management but I think its quite secure.

I am looking for someone to punch holes in my technique!
__________________
Monsanto is not evil ! We people are evil and Monsanto is just working hard to get us out of here. Watch The World According To Monsanto - you will me for it.
vulcanman is offline   Reply With Quote
Old 01-26-2013, 03:22 AM   #2
mechBgon
Super Moderator
Elite Member
 
mechBgon's Avatar
 
Join Date: Oct 1999
Posts: 30,699
Default

If you find this system workable, it's a lot better than most.

Nitpicks:

1. you need your hard copies on hand.

2. you have to type a random 12-character password correctly.

3. 12 characters may not hold up against hardware-accelerated brute-force cracking for very long if the website's encrypted hash database gets compromised and they don't notice for a while. It would depend on the encryption scheme; some are very fast for a GPU-accelerated crack rack to reverse. For my most critical sites, I use as long a password as the site permits (32 characters for my bank, for example).

4. some sites allow more variety of password characteristics than others. For example, if a site only allows alpha-numeric characters, then a password of a given length wouldn't be as strong as if you can also use common symbols. And if you can use high-ANSI characters like, say, or or , that further complicates a brute-force attack by expanding the character set they have to try. So you could check which sites will allow an expanded character set, and tweak your passwords to include additional stuff as permitted.


The downside is that I'm suggesting even more complication than you're already putting up with In my case, I use a fingerprint reader and software to automate the process. One swipe, monster 32-character password entered, no errors. Unfortunately the company that makes the software got bought out, and the buyer (Apple) won't sell it anymore!
mechBgon is offline   Reply With Quote
Old 01-26-2013, 06:52 AM   #3
corkyg
Moderator
Peripherals
 
corkyg's Avatar
 
Join Date: Mar 2000
Location: Tucson, Arizona
Posts: 24,111
Default

Interesting. But, I agree with Mechbegon's last para. I let Roboform handle that on all my systems, all sync'd.
__________________
CorkyG - Tucson, AZ

In my view you cannot claim to have seen something until you have photographed it.... Emile Zola
corkyg is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 06:58 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.