Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Password Security


  • Please log in to reply
16 replies to this topic

#1 Shalynne

Shalynne

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 01 March 2015 - 01:05 AM

I did a site-search on this topic, and didn't find anything.  (May have been a search term failure on my part.)

 

So.  I'm trying to make my Windows 7 PC more secure, but still usable.  (I don't use "123456" or anything close, but it's past time to take more control.)  Do experts on Bleeping Computers recommend any particular password management programs, or do you use other methods to keep passwords accessible but safe?

 

I need to mix up my passwords a lot more, but I already end up having to reset forgotten passwords on a near-daily basis.

 

I did Google up a few password managers, but many seem to require a smartphone or other mobile device, neither of which I have.



BC AdBot (Login to Remove)

 


#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,783 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:40 AM

Posted 01 March 2015 - 02:32 AM

LastPass.

 

Needs a little bit of input to set it up....but well worth it.


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:40 AM

Posted 01 March 2015 - 08:30 AM

Password ResourcesYou can use an online Password Generator to create a random password:-- Note: If you don't want to use a PW Manager, be careful where you store the passwords and do not write down or leave records of them anywhere that you would not leave the information that they are designed to protect. And if you create a document or spreadsheet on your computer...don't name it anything obvious which could indicate the file may be related to stored passwords.

Another option is to use a third party Password Manager which can generate random passwords:There are two version of KeePass: Classic and Professional...

KeePass Professional is the successor of KeePass 1.x, called the classic edition, which is still available as it does not have Microsoft .NET Framework or Mono 2.2 prerequisites.

KeePass Edition Comparison
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:40 AM

Posted 01 March 2015 - 12:14 PM

Personally I'm using LastPass and it works great. KeePass is also good, however you have to add your passwords manually in it unless you use the KeePass Chrome Plugin. As for LastPass, you simply have to disconnect from your account on any website, reconnect to it and then hit the "Save website" button in the LastPass frame that will appear once you login. It's really easy to use and it can be integrated in pretty much every web browser, from Internet Explorer to Opera. I've been using it for months now, in addition to using the Android app for it (optional), and it works flawlessly.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Kilroy

Kilroy

  • BC Advisor
  • 3,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:09:40 AM

Posted 01 March 2015 - 03:56 PM

For a Windows password it really doesn't matter unless you use full drive encryption along with it.

 

For web passwords I recommend LastPass.  You can read, or listen, to how it works in Security Now! - Episode 256 - LastPass.  Since you're only using it on a PC the free version is all you need.



#6 Shalynne

Shalynne
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 01 March 2015 - 06:59 PM

Last Pass looks good.  Thanks!  I guess it was multi-factor authentication that gave me pause, since I don't have a mobile device (yet), and I'm not set up well for facial or other physical recognition -- but now I see all of that is optional, which is fine for now.

 

I don't write passwords down or save them in Notepad, hence I use way too many similar passwords (which is likely worse), and I still click on "forgot password?" a lot.  A heckuva lot.

 

So.  On to some more changes.  Thanks again!



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:40 AM

Posted 01 March 2015 - 07:33 PM

LastPass will "warn" you if you have the same passwords on multiple websites, advising you to change them for unique passwords, which could be a good thing. Personally, I make LastPass generate a 20 characters long string for every passwords I have, this way even if one is compromised, it cannot be used against the others :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 6,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:03:40 PM

Posted 03 March 2015 - 07:43 PM

An alternative approach is the one I use.  As the Quietman suggests I am a firm believer in strong passwords particularly for important accounts. Some, the ones I use nearly every day, I can remember such as the one for BC, my e-mail accounts. I keep them all in a text file on a memory stick which lives on top of my desk. If I need one of the ones I use rarely - plug the stick in, open the file,copy / paste the password, remove the memory stick.

 

Chris Cosgrove



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:40 AM

Posted 03 March 2015 - 08:15 PM

I do that too Chris but keep mine in an obscurely named spreadsheet.

BTW...don't allow your browsers to remember passwords.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:40 AM

Posted 03 March 2015 - 08:25 PM

What quietman said is right, nothing's easier for a "stealer"-malware than to steal locally saved passwords of web browsers. If you did save passwords in your web browsers, I suggest you to delete them immediately to preserver their integrity.

http://www.bu.edu/tech/services/support/desktop/software/troubleshooting/removing-password-from-browsers-saved-password-list/

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:07:40 AM

Posted 03 March 2015 - 08:30 PM

<snip> KeePass is also good, however you have to add your passwords manually in it unless you use the KeePass Chrome Plugin. <snip>


I used KeePass 1.x for three years, till around mid November 2014, and never had to do that. I have been using KeePass 2.x since around the mid November timeframe when I upgraded from 1.x. And do not have to manually enter passwords in 2.x. Then again I always used the password generator built in to KeepPass. And I don't use Chrome as my default browser so I never used the plugin so I wouldn't know how that compares or works.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:40 AM

Posted 03 March 2015 - 08:32 PM

I had to manually enter my passwords when I was using KeePass. You mean that the program itself is connected to Google Chrome and when you create a new account on a website, it'll save it automatically to KeePass?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:07:40 AM

Posted 03 March 2015 - 10:07 PM

I have no idea how that works. I'm saying that I never had to add passwords manually. I used the ones that KeePass generated for me when I created new file entries. And when I built the database initially I changed every existing password at the same time the KeePass entry was built.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:40 AM

Posted 03 March 2015 - 10:09 PM

Okay so you were manually creating the entries, they weren't generated automatically like LastPass does. This is what I was asking. I also tried to import my Google Chrome passwords inside KeePass. Took a lot of tweaking in order for it to work since it uses a .CSV file.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,732 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:07:40 AM

Posted 03 March 2015 - 11:31 PM

I personally would never automagically generate a password database the very first time. Thats just me. I've seen too many people have corrupted entries and not be able to retrieve their information. Then have to go through the whole headache of resetting a password or having to contact a site.

When it comes to password databases I do not import/export anything. I make several copies and store those copies in multiple places. Then I have an automated reminder set to remind me to reconcile those various copies against the master.

With over 400 entries a corrupted database would be disastrous and unrecoverable for me. With this method I only have the potential of losing the newest entry or entries which is not a huge obstacle to overcome.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users