Password Manager

[JCO]

I'm playing with this now and it seems to work. Does it have a way to
automatically detect the website so that the auto-fill works better.
Example, my Norton Password Manager (that won't work on 64 bit Win7) runs in
the background. When you go to a website that requires an auto-fill (that
has been memorized), it will prompt me with a little window in the lower
right corner. I click a single button and it's done.
Thanks

Using Windows 7 Ultimate 64 bits

I use to use Norton's Password Manager when running Windows XP but it is
not
compatible for Windows 7. I was wondering if anybody know what I can
use.
My preference is to find a FREE one that I can download.

I strongly recommend KeePass (or KeepAss, as I like to pronounce it).
It stores user names, passwords, URLs, and any text you like. It can
automatically fill this stuff in when you hit a designated key
combination. It works out of the box with most sites, where username
[Tab] password [Enter], is the right thing, and you can customize the
sequence for the odd exception. Yes, it's 100% free.

http://keepass.info/

I learned about it through Lifehacker.com. I have a copy on my USB
stick, so that I can have my passwords for use on other computers.
(Yes, the database is encrypted, so even if I lose the USB stick
others can't access my bank accounts.)

 

[Bob Henson]

I would never print out passwords, that's just asking for trouble.

My password database is stored on DropBox, which means it on stored on 4
Macs as well as DropBox's cloud servers. It is also in my TimeMachine
backup. It's not going anywhere, and no chance of someone else accessing
it.

Are you entirely happy with your passwords being on the cloud? The only
place I wouldn't keep mine is on a server over which I have no control,
and cannot guarantee that it won't be down when I want them, or lost
along with many other people's.

 

[Bob Henson]

My major issue with Roboform is ... I always thought your passwords are
stored off-site as oppose to on your computer. I want it on my computer
only and I want a way to retrieve the password from the encrypted database
on my computer. If this is how Roboform works, then it might be a good
choice for me. I was wanting to find something that is FREE so I will keep
looking before making that decision.
Thanks

You don't have to use Roboform's online storage - I wouldn't leave mine
anywhere that I don't control. Their on-line service is new, I have
always kept mine the old way on my own computer only. Just like GnupG
secret keys, they should never leave you.

Regards,

Bob

 

[Lewis]

On Tue, 19 Oct 2010 02:19:13 +0000 (UTC), Lewis

Are you entirely happy with your passwords being on the cloud?

Yep. they are stored there in an encrypted format. Safe as houses.

The only
place I wouldn't keep mine is on a server over which I have no control,
and cannot guarantee that it won't be down when I want them, or lost
along with many other people's.

Since I keep so many copies on so many machines, the chances of losing
them ALL are so remote there's no point thinking about it. Multiple
accidentals nuclear explosions are about as likely.

 

[Bob Henson]

Yep. they are stored there in an encrypted format. Safe as houses.

Since I keep so many copies on so many machines, the chances of losing
them ALL are so remote there's no point thinking about it. Multiple
accidentals nuclear explosions are about as likely.

I was thinking more of theft than loss. He who encrypts can also
decrypt.

Regards,

Bob

 

[Jeff Layman]

Thanks Lewis,
I will add this to my list for review.

Another one to try - I've been using PINS for years.

Runs ok under XPx32 and Win7x64. Hasn't been updated for years, thus
proving "If it ain't broke don't fix it".
http://www.mirekw.com/winfreeware/pins.html

 

[Just Judy]

That would hardly be secure, unless you store the file in an encrypted
drive, such as with TrueCrypt.

I've used Password Corral since at least 2001; a printed copy
of the passwords rests in my bank's safety deposit box. I've prevented
anyone from committing the dastardly deed of hacking my bank account
and stealing my $17.42.

 

[Gene E. Bloch]

I was thinking more of theft than loss. He who encrypts can also
decrypt.

Not with modern encryption methods, as long as you create - and keep
secret - the password.

 

[Gene E. Bloch]

It doesn't have to be a hymnal. Any book such as a poetry or popular
song book, etc., that you can remember the items you've selected,
would work just as well. The reason I mentioned a hymnal was that most
people are familiar with some of those songs, and can easily
remember/associate a given song with a given password. And, it is easy
to remember which book on your shelf to look into if you forget the
password. But, an intruder would not have any leads as to what your
source of password setup was.

Gordon

Even given the book, and possibly even knowing your algorithm, the sheer
combinatorics of the hymnal contents would keep me from breaking into
your system.

If worse comes to worse, you can switch to James Joyces's "Ulysses"

 

[Gene E. Bloch]

Not sure what you mean here. It logs in to all sorts of sites for
me.

See
Message-ID: <[email protected]>
where I acknowledged my error - in a response to you, of all people

Note the use of the phrase "I don't *think* it will log in for me"
above. The ignorance was a penalty of never trying to do it, since I
don't care to log in automatically, and of course a failure to RTFM in
the heat of turbo posting (whatever that might mean!).

 

[Char Jackson]

Another one to try - I've been using PINS for years.

Runs ok under XPx32 and Win7x64. Hasn't been updated for years, thus
proving "If it ain't broke don't fix it".
http://www.mirekw.com/winfreeware/pins.html

When it comes to security, "hasn't been updated in years" doesn't
exactly lend credibility. I would stay far away.

 

[Char Jackson]

Even given the book, and possibly even knowing your algorithm, the sheer
combinatorics of the hymnal contents would keep me from breaking into
your system.

If worse comes to worse, you can switch to James Joyces's "Ulysses"

Other options might be "War and Peace" and "A Tale of Two Cities."

I think I'll stick with Roboform! Using a book, how are you supposed
to remember the page-paragraph-word info?

 

[Char Jackson]

Not with modern encryption methods, as long as you create - and keep
secret - the password.

One way algorithms... The analogy I've always seen is that you can run
some pork through a grinder and make sausage, but you can't turn
around and run the sausage through a second time and expect to get
pork. Or something like that.

 

[JCO]

I downloaded it too. Thanks.. I will give it a try.

 

[Jeff Layman]

When it comes to security, "hasn't been updated in years" doesn't
exactly lend credibility. I would stay far away.

And what would you suggest the latest password managers have that PINS
doesn't? 256 AES encryption vs 448 Blowfish, maybe. So you can crack
it in a billion years with a dozen Crays rather than 2 billion years?

 

[Lewis]

I was thinking more of theft than loss. He who encrypts can also
decrypt.

Uh. What? No one but me can decrypt because no one but me knows the
password.

 

[Char Jackson]

And what would you suggest the latest password managers have that PINS
doesn't? 256 AES encryption vs 448 Blowfish, maybe. So you can crack
it in a billion years with a dozen Crays rather than 2 billion years?

I'm not familiar with PINS. I was only responding to the part where
you say "hasn't been updated in years". That part would scare me away.

 

[Roy Smith]

Nothing is stored off-site! I don't know where that idea came from.


Roboform is only free if you have 10 or less logins for it to track.
They hook you that way. I remember thinking I could get by with the
free method but I quickly saw how convenient the whole thing was and
how much more secure my logins were since I didn't need to reuse the
same tired passwords all over the place and didn't need to write
anything down.

Roboform or not, good luck with your search. Others are mentioning
KeePass, so that might be something to check out.

I've been reading this thread with great interest with regards as to
what software people have been suggesting. Myself I use a Upek Eikon
USB fingerprint scanner along with the included Protector Suite 2009
software. The software will not only remember your passwords for you,
it can also generate passwords with any user defined level of
complexity. There are also a couple of browser plug ins for IE and
Firefox that allow you to log on to websites simply by swiping your
finger on the scanner.

The thing I really like is when my kids are on the PC and UAC asks for
an administrator password, I can simply swipe my finger on the scanner
and not worry about my kids watching me type in my password.


--

Roy Smith
Windows 7 Professional
Thunderbird 3.1.5
Tuesday, October 19, 2010 6:49:41 PM

 

[Gene E. Bloch]

One way algorithms... The analogy I've always seen is that you can run
some pork through a grinder and make sausage, but you can't turn
around and run the sausage through a second time and expect to get
pork. Or something like that.

No, no - you're thinking of entropy!

Actually, entropy is also a term of art in encryption. The higher the
entropy of the encrypted text, i.e., the more it looks like noise, the
harder it is to decrypt it by analysis.

Similar arguments exist in lossless compression: the higher the entropy,
the less further compression can be done.

Please don't ask me to explain the above any further. Although my BS is
in physics, the above areas are way out of my expertise. I just have a
Classic Comics sort of knowledge there.

 

[Gene E. Bloch]

Other options might be "War and Peace" and "A Tale of Two Cities."

I think I'll stick with Roboform! Using a book, how are you supposed
to remember the page-paragraph-word info?

You use KeePass for that.

Sorry - resistance was futile