Page 2 of 4 FirstFirst 1234 LastLast

  1. Joined : Jun 2015
    changes
    Posts : 67
    W10 B10135
       14 Jun 2015 #11

    Yeah I basically do the same with my gold bars. Don't put em in the safe or the next burglar will know that there is good stuff and also where it is...
    I just put them into my wardrobe in my bedroom under some old clothes i never wear.

    ...uhhmm... wait ... what?!


    But in all seriousness I have advice for people who are undecided about their "personal password police"
    The way I do it... and it works out for me pretty solid and without having to use a 3rd party master key style solution...is just to
    setup my passwords in the following scheme (it's not 100% according to what I do but I can tell you it is a very similar system)

    FOR EXAMPLE

    password for mail -> N5=i3yBz2paperK0F-4noL!

    password for windows at home -> N5=i3yBz2workK0F-4noL!

    password for amazon -> N5=i3yBz2stuffK0F-4noL!

    password for bank account -> N5=i3yBz2emptyK0F-4noL!
    (this is of course not a 1-way auth in most of the cases anyway)

    so as you can see in this example case the passwords consist of 3 parts
    2 parts that are identical in each password but that are using special characters, big letters, small letters and numbers
    which are wrapped around one middle part that is easy to remember but is different for each password.
    this way your password is not the same for every service and you still have a overall very high complexity for each password.
    at the same time you can remember the identical parts easily because they are burnt into your head already...you just learn them and never forget them.
    and the variable parts can be for example words that you can personally link with the service u are using them for and so they are pretty easy to remember as well.
    of course you can use another logic, like use birthdates instead of words as the variable part. or soccer players. or something totally different. also there are much more ways of putting in different logic in these passwords ... you just have to be imaginative.

    so yeah, basically this is kind of a master password (not variable part) solution for the poor

    i only use different passwords when i expect the system i use it on to be prone to administrator abuse
    to avoid admins checking for certain patterns. also on "unimportant" stuff like forums or (non-google-account-centralized) entertainment services. then i just use simple words or their modification. in the style and rather simple complexity of for example: n1ghtl1f3
    but never the same password for more than 1 service.
    Last edited by Fragment; 14 Jun 2015 at 17:05.
      My System SpecsSystem Spec

  2.    15 Jun 2015 #12

    Fragment said: View Post
    Yeah I basically do the same with my gold bars. Don't put em in the safe or the next burglar will know that there is good stuff and also where it is...
    I just put them into my wardrobe in my bedroom under some old clothes i never wear.

    ...uhhmm... wait ... what?!


    But in all seriousness I have advice for people who are undecided about their "personal password police"
    The way I do it... and it works out for me pretty solid and without having to use a 3rd party master key style solution...is just to
    setup my passwords in the following scheme (it's not 100% according to what I do but I can tell you it is a very similar system)

    FOR EXAMPLE

    password for mail -> N5=i3yBz2paperK0F-4noL!

    password for windows at home -> N5=i3yBz2workK0F-4noL!

    password for amazon -> N5=i3yBz2stuffK0F-4noL!

    password for bank account -> N5=i3yBz2emptyK0F-4noL!
    (this is of course not a 1-way auth in most of the cases anyway)

    so as you can see in this example case the passwords consist of 3 parts
    2 parts that are identical in each password but that are using special characters, big letters, small letters and numbers
    which are wrapped around one middle part that is easy to remember but is different for each password.
    this way your password is not the same for every service and you still have a overall very high complexity for each password.
    at the same time you can remember the identical parts easily because they are burnt into your head already...you just learn them and never forget them.
    and the variable parts can be for example words that you can personally link with the service u are using them for and so they are pretty easy to remember as well.
    of course you can use another logic, like use birthdates instead of words as the variable part. or soccer players. or something totally different. also there are much more ways of putting in different logic in these passwords ... you just have to be imaginative.

    so yeah, basically this is kind of a master password (not variable part) solution for the poor

    i only use different passwords when i expect the system i use it on to be prone to administrator abuse
    to avoid admins checking for certain patterns. also on "unimportant" stuff like forums or (non-google-account-centralized) entertainment services. then i just use simple words or their modification. in the style and rather simple complexity of for example: n1ghtl1f3
    but never the same password for more than 1 service.
    Hi there

    The point of the post wasn't to devise a password strategy but simply to point out that whatever your passwords were keeping them stored on a remote server IMO is NOT a good idea for all sorts of reasons.

    However if you ARE considering password strategies a SIMPLE one which increases the Hacking complexity by a VERY considerable amount is always to insert a special character to the FRONT -- password cracking algorithms have to run for a lot longer to crack even SIMPLE passwords like PA55WORD if it's replaced by !PA55WORD. Unfortunately some logons won't allow special characters but when they do insert them in your password --but remember if you use a different keyboard --even a simple one like GB vs US the keys aren't then same for a lot of the special characters !!!! So accessing your site from say an airport terminal with their computers might cause a problem !!!

    Cheers
    jimbo
      My System SpecsSystem Spec


  3. Joined : Feb 2015
    Bamberg Germany
    Posts : 12,891
    Microsoft Windows 10 Pro 64-bit 14393 Multiprocessor Free
       15 Jun 2015 #13

    I do like Jimbo
    I'm of the old school-- a black notebook hidden away in a reasonably inaccessible place seems the best (and "Lowest tech") solution of all.
    Except my book is green. Another advantage of that is, I live alone in a foreign country, so if something happens to me the Polizei will find it(hopefully) and contact my Contacts, accounts and forums...etc and close everything, or give it to my next of kin in the States to do so.
      My System SpecsSystem Spec


  4. Joined : Jan 2014
    Oak Ridge TN, USA
    Posts : 23,932
    Windows 10 Pro x64
       15 Jun 2015 #14

    Cliff S said: View Post
    I do like Jimbo Except my book is green. Another advantage of that is, I live alone in a foreign country, so if something happens to me the Polizei will find it(hopefully) and contact my Contacts, accounts and forums...etc and close everything, or give it to my next of kin in the States to do so.
    I've used the same basic technique for many years. When I worked at The Travelers we had lots of various ways to protect files and they worked.
      My System SpecsSystem Spec


  5. Joined : Jun 2015
    changes
    Posts : 67
    W10 B10135
       15 Jun 2015 #15

    jimbo45 said: View Post
    Hi there

    The point of the post wasn't to devise a password strategy but simply to point out that whatever your passwords were keeping them stored on a remote server IMO is NOT a good idea for all sorts of reasons.

    However if you ARE considering password strategies a SIMPLE one which increases the Hacking complexity by a VERY considerable amount is always to insert a special character to the FRONT -- password cracking algorithms have to run for a lot longer to crack even SIMPLE passwords like PA55WORD if it's replaced by !PA55WORD. Unfortunately some logons won't allow special characters but when they do insert them in your password --but remember if you use a different keyboard --even a simple one like GB vs US the keys aren't then same for a lot of the special characters !!!! So accessing your site from say an airport terminal with their computers might cause a problem !!!

    Cheers
    jimbo
    Well, the reason people store passwords online or in a master key tool is that they dont want to remember like 10 passwords but only one.
    That's where my logic is aimed at. To have 10 different strong passwords that are not as hard to remember as those 10 for example: anHBC+gnvh-o
    UWtAaXn@li7J
    plKGHmdeud(O
    o8GE0+AfodIB
    wjÄBSSq9Op/k
    sY)u2;uhJf6S
    VXhlcodä91>6
    zU*wEVW;:nYX
    qOYvM]Nmp2)n
    Oc/pml0/opK5


    Your additional security hint of putting a special char at the beginning of a pw can of course be implemented in any password. Be it a master pw or w/e else...
      My System SpecsSystem Spec


  6. Joined : Jan 2014
    Posts : 951
    Windows 8.1, 10
       15 Jun 2015 #16

    Jimbo, had you seen this when you created this thread?

    https://blog.lastpass.com/2015/06/la...y-notice.html/

    We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

    We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.

    Nonetheless, we are taking additional measures to ensure that your data remains secure. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.

    An email is also being sent to all users regarding this security incident.

    If you have a weak master password or if you have reused your master password on any other website, please update it immediately. Then replace the passwords on those other websites.
      My System SpecsSystem Spec

  7.    16 Jun 2015 #17

    DavidY said: View Post
    Jimbo, had you seen this when you created this thread?

    https://blog.lastpass.com/2015/06/la...y-notice.html/
    Hi there

    When people say "Taking additional methods" - that means the ORIGINAL ones were simply not good enough.

    It's like any Govt announcement saying "No reason to Panic".... or "There's plenty for everyone so no need to go out buying more..." etc.

    Nobody believes those sorts of announcements in a million years -- even Gorilla's in a zoo would be suspicious.

    If a Server also goes down which DOES happen (anybody who has ever used any sort of ONLINE banking - even if it's only to get cash out of an ATM) will surely have experienced an outage --even the mighty GOOGLE has had an outage or two --also quite recently -- then any application requiring access to the server will fail.

    I still think the Black (or Green or colour of your choice) notebook is still the most secure.

    Cheers
    jimbo
      My System SpecsSystem Spec


  8. Joined : Jun 2015
    changes
    Posts : 67
    W10 B10135
       16 Jun 2015 #18

    jimbo45 said: View Post
    Hi there

    When people say "Taking additional methods" - that means the ORIGINAL ones were simply not good enough.

    It's like any Govt announcement saying "No reason to Panic".... or "There's plenty for everyone so no need to go out buying more..." etc.

    Nobody believes those sorts of announcements in a million years -- even Gorilla's in a zoo would be suspicious.

    If a Server also goes down which DOES happen (anybody who has ever used any sort of ONLINE banking - even if it's only to get cash out of an ATM) will surely have experienced an outage --even the mighty GOOGLE has had an outage or two --also quite recently -- then any application requiring access to the server will fail.

    I still think the Black (or Green or colour of your choice) notebook is still the most secure.

    Cheers
    jimbo
    Technically, the most secure is your head only.
    Of course. If you dont trust your own memorization capabilities...then you have a problem or if you are not able to estimate them...
      My System SpecsSystem Spec


  9. Joined : Jan 2014
    Oak Ridge TN, USA
    Posts : 23,932
    Windows 10 Pro x64
       16 Jun 2015 #19

    Fragment said: View Post
    Technically, the most secure is your head only.
    Of course. If you dont trust your own memorization capabilities...then you have a problem or if you are not able to estimate them...
    The best way is to change them monthly.. keep in your head or paper.. but change them is the only way to be safe.
      My System SpecsSystem Spec


  10. Joined : Jun 2015
    changes
    Posts : 67
    W10 B10135
       16 Jun 2015 #20

    BunnyJ said: View Post
    The best way is to change them monthly.. keep in your head or paper.. but change them is the only way to be safe.
    I was referring to the storing location because it was said earlier in the thread that keeping them on a seperate laptop in a secure location would be the safest, which is not true.

    Keeping them only in your head doesnt exclude/prevent the ability to change your password(s) monthly/daily/hourly etc...
      My System SpecsSystem Spec


 
Page 2 of 4 FirstFirst 1234 LastLast


Similar Threads
Thread Forum
Delete "Camera Roll" & "Saved Pictures" - Win 10
Is there any way to delete these system folders. I don't use them, and I never will. If I delete them though, they are simply re-created. Thanks
General Support
Does 10 have anything like "Windows Easy Transfer" yet?
I know there are numerous "good" reasons why the Easy Transfer tool was done away with by Microsoft, and I am not here to debate those reasons or re-hash discussions on these reasons. What I want to know is the following: Is the tool likely...
General Support
Not display the "Life at a glance" and "Play and explore" columns
Hi In Windows 10, how I do not display the "Life at a glance" and "Play and explore" columns of the Start menu? Thanks Bye
General Support
Desktop/Win32 apps missing from Start Menu "All Apps" and search
Hi, I'm having an issue and I'm wondering if anyone else has any ideas on what to do about it. Some desktop apps are missing from the "All apps" section of the Start menu. Most programs are there, but I'd say 10-15% are missing. Apps that are...
General Support
Logon Screen with "key/password" icons?? Also User corruption.
Just installed win10 (build 10130) last night onto my Asus laptop. I upgraded from Win 7 Home. There was only 1 user on Win7, me, system admin. On the first upgrade, after attaching my profile to my Windows account, after the first reboot, I could...
General Support
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 00:01.
Find Us
Twitter Facebook Google+



Windows 10 Forums