I use http://keepass.info/
, which stores your passwords in an encrypted file on your computer. It's open source and very popular among nerds, so I supposed it's about as safe as you can get. There are plugins for browsers which fills in the password for you, and apps for Android and Apple. Basically you make a hard random password for each site, and a master password which gives access to them. The file can be very strongly encrypted, so you don't need an extremely hard master password. It shouldn't be a simple word, though.
Thanks, Scrubby. I checked out their website and that tutorial they have there. Sounds good, except for one thought : What about the integrity of that particular website? Might that itself not be a loophole?
I mean, there’s the question of how reliable these people are. And if we take their individual integrity as a given, even then, surely this site also can be hacked, the same as any other? And if some hacker got hold of your whole password database, as opposed to one single password, they’ll be able to do so much more damage then, isn’t it?
Since you yourself use this service, I’m sure there are safety features here that I do not know of or realize. Can you talk about them?
Also, in case this (hacking) loophole that I mentioned you consider a non-issue, then would you say using Keeppass is safer than my (new) system of using a plain old Word file (see below)? In what way? Would you recommend I change to Keeppass?
- - - - - - -
What I myself have already done, in this last week, is this. Changed every important password (banks, credit cards, email) and put in “hard” passwords. I made up these passwords myself, quite at random, like so : @7hotdog8$. (That is a hard password, and difficult to break and all that, right? All of my new passwords look something like that, with random characters, numbers and words.) And I entered all of these passwords in an MSWord document, again password protected, in my stand-alone computer.
So the only way anyone can get at my passwords is (1) Get to know my “master password”, which I used on the Word file ; (2) Somehow discover what my computer log-in password is ; and (3) Enter into my house and start my stand-alone computer, open the file, and get at the passwords. I don’t think there’s any chance anyone will for a minute contemplate doing that to get at my piddling little pile. I mean, the computer’s offline, so it’s safe, right? Unless I’m overlooking something, or am ignorant of some risk here.
Which reminds me : In case I ever re-connect this home computer of mine (an old desktop) to the Internet—probably won’t, we use the wife’s laptop—but still, suppose I do, then is there any way someone can get at what’s stored in the computer by some means? (I remember back at work, since we needed to work across multiple locations, and discuss fairly large and complex spreadsheets across these locations, we had some software using which I could actually take control of someone else’s computer, located in a different city or even in a different continent. We’d do this all the time during discussions, so that we could examine one another’s spreadsheets in full detail and also, when called for, I would make some changes in their spreadsheet. This, of course, was done with the knowledge of the user and only when they were actually present at their machine : but can a hacker do this somehow just by using my Internet connection? If there is a possibility of this, then I definitely WILL keep this machine offline.)
One related question : How safe are password-protected MSWord files? I’ve heard it said that no one (include Bill Gates and his minions) can open an MSWord or XLS file without knowing the password. That is, Word and Excel files cannot be forced open, not unless someone actually cracks the password. At least that is my impression. Would you guys have an opinion on this?
I see one flaw myself in my Word-file password database. What if my computer crashes? It is not subject to Internet use at this time, and that I understand minimizes the risk of a crash, but still. So I’ll have to keep some back-up someplace, only I haven’t yet decided how or where. Somehow a sheet of paper in my locker does not seem safe, and a sheet of paper in my bank locker is too elaborate and inconvenient. If password-protected Word files are indeed hacker-proof (except by cracking the password itself somehow), then one option may to keep a back-up of this Word file in my email.)
GandK wrote:Years ago I was working on a fantasy novel, and as part of that process I created a language (even wrote a font for it). The story got away from me and is resting on a shelf, waiting for eventual resurrection
That’s so cool, and so Tolkien-esque! Sounds like a book you'll enjoy writing, when you finally get to it again.
lilacorchid wrote:P.S. Devil's Advocate: I hope you thanked your HR/IT people!
Actually I didn’t! Oh, one mouthed the usual thank-yous and so-kind-of-yous, but one didn’t really mean it. I was generally much too busy to really give it any thought, and when I did think about it, it was a usually a cynical “they’re paid to do it”, followed by “the company does this so it can keep you slaving away all day”, and finally “this job and the crazy hours, it’s killing me!”. Just the opposite of gratitude, despite the thank-you mouthed.
You know how when you greet someone with a casual “How are you doing?”, and they sometimes come out with a litany of their latest diagnoses and treatments? If you wouldn’t very much mind my doing something similar with your question, let me say this :
It’s only now, after having “retired”, after having had my life slow down to its present level (as opposed to a constant inhuman frenzy of crises, deadlines and endless activity) that I’ve come to truly understand things like appreciation and gratitude. There is so MUCH to be grateful for! Not just in theory but really. Our loved ones, our very bodies, the very breath we take, the people we meet and talk with, my garden, … well, EVERYthing!
Your question just made me realize that I truly never did feel grateful to those people (as, indeed, to so many other people who had touched my life in so many ways). In this case, these people who’d take care of your personal appointments, even child care arrangements at times, dentist appointments, people who’d generally let you forget so many of the daily necessities of life, even at the personal level. I do keep in touch with some of my colleagues, and sometimes visit the old office during those events and get-togethers they sometimes host, and I will make it a point to talk about this particular interaction of ours, and go out and thank them!
- - - - - - -
Okay, it seems I’ve derailed this thread way off track, first with the posts on the Moderators and their access to personal information, and now this cyber-security theme. Perhaps I ought to have started separate threads. Anyway, to get back to the original topic, here then is another reason to look in on these ERE forums : The very practical and useful advice you sometimes end up getting, at times quite by chance. My password-change exercise for key passwords, which I did this past week basis what people have said here, may well have saved me a great deal of trouble going forward! Once again, thanks everyone!