L
Lewis
And my encrypted keychain is about 10 billion times more secure thanIn message said:
your hymnal.
your hymnal.
L
Lewis
Yep. Sure could. If they had a really super duper computer it would onlyIn message said:
take them a couple hundred years, assuming 256bit encryption.
B
Bob Henson
And the human brain is not (c.f. the aforementioned rubber hose
decryption)?
But no, you are quite correct, the best place is in the brain but, as I
was implying, the trade off is between what you can memorise and the
safety of a key. AES 256 has not yet been, nor is ever likely to be,
broken, but the key can be prised out of you. In the UK we have yet
another factor - our outrageous Laws mean that you can be compelled to
hand over any password to the Police anyway - someone who refused was
recently jailed for four months.
I have 160 log-ins memorised in Roboform. At the height of my mental
powers (some considerable number of years ago) I could not have
remembered 160 log-ins and passwords, especially as they are sometimes
not used for a long time.
We also need to remember what we are trying to protect, and from whom.
1) There is zero chance of any normal (i.e. not with Bill Gates' money)
individual being the subject of burglary with the specific intent of
obtaining their passwords - it wouldn't be worth it.
2) The burglar has to have access to more computing power than the world
has in toto to crack AES - if so he has a lot more money than his victim
and, again, why would he bother.
3) If you realised you had been burgled, you would immediately change
all your passwords - so the burgled ones would be no use to him anyway.
No, what we are trying to protect against is the casual, chance,
observation of someone who has access to the same computer being able to
read your passwords - or perhaps the illicit interception of your data
whilst you are using them. Again, as you say, if Jimbo writes down his
password somewhere he's asking for it. If Ed carries it in his head, he
can be overseen typing it into his computer, or it can be picked up by a
keylogger. It all boils down to common sense care - not leading edge
cryptography. As such, Roboform is not only secure, it is overkill.
J
JCO
My major issue with Roboform is ... I always thought your passwords are
stored off-site as oppose to on your computer. I want it on my computer
only and I want a way to retrieve the password from the encrypted database
on my computer. If this is how Roboform works, then it might be a good
choice for me. I was wanting to find something that is FREE so I will keep
looking before making that decision.
Thanks
stored off-site as oppose to on your computer. I want it on my computer
only and I want a way to retrieve the password from the encrypted database
on my computer. If this is how Roboform works, then it might be a good
choice for me. I was wanting to find something that is FREE so I will keep
looking before making that decision.
Thanks
J
JCO
The password manager is not the only place to store your passwords. They
should all be keep in a word document or excel spreadsheet that gets printed
out or saved in multiple locations to prevent loss from a computer crash.
The password manager is simply used for everyday form filling. Always back
it up on paper and/or multiple locations (ie; flash drive).
should all be keep in a word document or excel spreadsheet that gets printed
out or saved in multiple locations to prevent loss from a computer crash.
The password manager is simply used for everyday form filling. Always back
it up on paper and/or multiple locations (ie; flash drive).
J
JCO
Thanks Lewis,
I will add this to my list for review.
I will add this to my list for review.
J
JCO
I'm downloading now and will give it a try.
Thanks
Thanks
Stan Brown said:
C
Char Jackson
Nothing is stored off-site! I don't know where that idea came from.
Roboform is only free if you have 10 or less logins for it to track.
They hook you that way. I remember thinking I could get by with the
free method but I quickly saw how convenient the whole thing was and
how much more secure my logins were since I didn't need to reuse the
same tired passwords all over the place and didn't need to write
anything down.
Roboform or not, good luck with your search. Others are mentioning
KeePass, so that might be something to check out.
G
Gene E. Bloch
Yours and a number of posts in this thread are informative and
common-sensical.
Maybe I will rethink my policy of wring my master password on a Post-It
that I keep on the computer. but since I wrote the PW backwards, I'm
know that I'm safe.
Back to seriousness: I use KeePass Password Safe (free and open source
at http://keepass.info/).
I don't think it will log in for me, but I never try do that, so I might
just be uninformed. However, it has been ported to a few platforms,
including Android, so I can see my passwords anywhere. There's also a
portable version for Windows.
G
Gene E. Bloch
That would hardly be secure, unless you store the file in an encrypted
drive, such as with TrueCrypt.
G
Gene E. Bloch
Before I read your post, I had already implicitly seconded your
suggestion for KeepAss, though I'm not sure if I'll adopt that
pronunciation
Thanks for pointing out that it does auto-logins; I was wrong about that
upthread...
Since the question came up somewhere, let me mention that it does let
you save credit card information and other non-login stuff. I do that a
lot.
Naturally, I save (i.e., back up) my KeePass data in several places.
None of them are clear text on paper
J
JCO
I just wasn't sure. I thought the earlier versions of Roboform stored stuff
off site. I just didn't know.
Thanks
off site. I just didn't know.
Thanks
S
Stan Brown
Not sure what you mean here. It logs in to all sorts of sites for
me.
S
Stan Brown
Or....
Use a password manager that is happy on a USB stick, like KeePass
that I mentioned yesterday. I have the program on my computer and
the stick, and a copy of the database on each. I just have to
remember to resync the database when I add or change a password, but
I have a batch file that does that when it synchronizes all sorts of
other stuff.
S
Stan Brown
Yes, me too. I even save the license strings for various pieces of
software. (In the past, when I validated a piece of software, I
didn't save the license string. Now, with the new computer, I have to
give up using some programs because I no longer have the license
strings. That won't happen again, since now they're all in KeePass.)
Yup! Computer, USB stick, and daily backups. (Monthly backups alsoNaturally, I save (i.e., back up) my KeePass data in several places.
None of them are clear text on paper
get burned to DVD.)
A
Antares 531
JCO, if you're tryin' to be witty, I think you made it to about the
half way point.
A
Antares 531
It doesn't have to be a hymnal. Any book such as a poetry or popular
song book, etc., that you can remember the items you've selected,
would work just as well. The reason I mentioned a hymnal was that most
people are familiar with some of those songs, and can easily
remember/associate a given song with a given password. And, it is easy
to remember which book on your shelf to look into if you forget the
password. But, an intruder would not have any leads as to what your
source of password setup was.
Gordon
L
Lewis
I would never print out passwords, that's just asking for trouble.In message said:
My password database is stored on DropBox, which means it on stored on 4
Macs as well as DropBox's cloud servers. It is also in my TimeMachine
backup. It's not going anywhere, and no chance of someone else accessing
it.
V
Valorie *~
Go to alt.comp.freeware and ask there. You'll find more good freewareJCO said:
recommended there than you can imagine ever existed. I haven't bought
software in years.
J
JCO
Why don't you use the Briefcase to keep it in sync?