Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Password safety questions.


  • Please log in to reply
14 replies to this topic

#1 dino2014

dino2014

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 29 October 2015 - 11:46 AM

Hi,

 

Forgive the basic question, but have never used a password manager, so if  I used one and then  opened  my Desktop  PC  or cloud based  password vault , what is there to stop any keylogger / malware or online hacker  simply reading out all my passwords  from the open vault ?

 

Assume my own USB stick based vault would be safer than online ?

 

 

Also, if managing my own passwords, is there anything better than say  Nortons free password generator ?  and for protection against normal hackers ( rather than american security services ) what is the minimum number of characters for a safe password ?

 

Thanks



BC AdBot (Login to Remove)

 


#2 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:04:28 PM

Posted 29 October 2015 - 12:00 PM

Minimum number of characters for safe[r] passwords?  I'm using longer and longer passwords now.  Some are 17 characters in length.  If I heard and read some security scuttlebutt correctly:  the longer the password, the geometrically longer it takes to crack it.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:10:28 PM

Posted 29 October 2015 - 12:07 PM

I have only used LastPass, but from how I understand it then keyloggers won't be able to grab your password from just opening the vault, at least with password managers that do not show your passwords in clear text (so the keylogger cannot use screen captures to grab it). They can grab your master key when you type it in and then read your passwords from the vault, though.

LastPass has a browser extension that inputs the passwords directly into their corresponding websites, so it will also bypass keyloggers since you don't have to type anything.

#4 dannyboy950

dannyboy950

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:03:28 PM

Posted 29 October 2015 - 03:20 PM

I never use a password manager, talk about a hacker heaven.  One place if you were able to hack it gave you the keys to the whole city.

 

Even that at times I think is not enough.  If a key logger is installed when you first type in your password, there it is.

You type it in as plain text. No need to break encryption.  Windows some where has to keep your passwords otherwise how would it compare to know if what you entered was a valid password or not. Whether it be windows, the site your logging in to or your browser doesn't really make a difference.  Somewhere the password has to be known and stored to compare against for authentication to take place.

 

the longer and more complex a password used the harder it is to guess with a password cracker.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#5 dino2014

dino2014
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:28 PM

Posted 29 October 2015 - 03:48 PM

Thanks all,

 

 

plus  -

 

I never use a password manager, talk about a hacker heaven.  One place if you were able to hack it gave you the keys to the whole city.

 

Even that at times I think is not enough.  If a key logger is installed when you first type in your password, there it is.

You type it in as plain text. No need to break encryption.  Windows some where has to keep your passwords otherwise how would it compare to know if what you entered was a valid password or not. Whether it be windows, the site your logging in to or your browser doesn't really make a difference.  Somewhere the password has to be known and stored to compare against for authentication to take place.

 

the longer and more complex a password used the harder it is to guess with a password cracker.

 

 

Points taken, but then do you have any suggestions as to how to log on and  use  passwords safely ..?

 

( I know many say use a linux based system, but I checked with my main bank , and their answer was ' its not a system they have tested' etc  so clearly it could be a problem if I was hacked using that system and not using Windows/Trusteer as they recommend, nor will Trusteer work alongside many of the AV/Internet Suites own 'safe banking' routines )



#6 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:04:28 PM

Posted 29 October 2015 - 03:54 PM

I have a list of what url, username, & password, line by line stored...nobody is gonna know where/unless ya live here.


Edited by RolandJS, 29 October 2015 - 06:43 PM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#7 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:10:28 PM

Posted 29 October 2015 - 03:57 PM

I would recommend the use of a live Linux CD that cannot be written to, this way malware won't be able to infect your system.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:28 PM

Posted 29 October 2015 - 06:01 PM

Password ResourcesBTW...these are links to two recent lengthy discussion topics we had in in regards to passwords and security.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 rp88

rp88

  • Members
  • 3,060 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:28 PM

Posted 29 October 2015 - 08:28 PM

IF you ever have to store passwords anywhere other than your head then the safest place is, to be quite honest, written with pen on paper in a notebook which you keep in a locked safe or tin. Such a storage mechanism is extremely safe from hackers, to be extra secure you could disguise the passwords in the little notebook and make them look like part of something else, make the notebook look like the first few pages of a draft novel or something and have the first three words of each sentence be a password, and memorise a little rule to always squeeze a number or punctuation mark into perhaps the 5th character of the password. You could store a list of the sites the passwords are for and the usenmaes in a separate place, perhaps written in directly reversed order, see my example below.

Lets say you have:
a password of rand4omwords and a username of user99 for example1.com
a password of notan4otherone and a username of peter for example2.com
and a password of yetan4otherword and a username of pete for example3.com

The in your first notebook, the one in your safe you write something like:
"Random words filled my ears as I entered the room, I wasn't even sure if I knew the language they were in, was it one I even faintly recognised, oh please. Not another one! Yet another word entered my ears, but this time it was clearer, I understood what the man in the striped jacket was saying."

Then on a piece of paper, which should be somewhere safe but need not be private, maybe laminate it so it lasts better you write simply:
"Remember your password rule, there is a number 4 inserted in fifth character place. Also remmber to ignore capital letters in source text, turn them lower case before useing in the password."

Then you have another notebook, this one you work from the back in. It need not be as private as the passwords "novel" but depending on whether you want any random person who sees it to know what names you use online you might want to hide it, don't hide it in the same place as the "novel". This would read, if you only have those three sites to remember, as:
"example3.com-->pete, example2.com-->peter, example1.com-->user99"

Obviously don't copy my propsed system there exactly, pick you own, make the number go in 3rd character place, put another number into second from last character place, choose a random and very strange word to add onto the end, put some chosen punctuation mark in 4th 8th character place, disguise your password "novel" as a poem not a novel, or as a formal report, or as a book of jokes(good idea this last one, jokes are easily memorable)... but do something like that.

Edited by rp88, 29 October 2015 - 08:34 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#10 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:04:28 PM

Posted 30 October 2015 - 05:55 AM

I would recommend the use of a live Linux CD that cannot be written to, this way malware won't be able to infect your system.

Tell me more, I want to know how to actually use this day to day!  :)


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#11 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:04:28 PM

Posted 30 October 2015 - 05:58 AM

rp88, I think your notebook ideas are good!  I'm wondering if the average user will just simply write down place, username, password -- and simply lock the small notebook up in a small safe or hide it in a nonImportant looking drawer.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:28 PM

Posted 30 October 2015 - 06:08 AM

Writing passwords down on a piece of paper was one of the things most users did years ago when first introduced to computing. As such IT staff and security experts began to implement policies telling folks not to do that. We seem to have come full circle with this.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 RolandJS

RolandJS

  • Members
  • 4,533 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:04:28 PM

Posted 30 October 2015 - 06:12 AM

Writing passwords down on a piece of paper was one of the things most users did years ago when first introduced to computing. As such IT staff and security experts began to implement policies telling folks not to do that. We seem to have come full circle with this.

The reasons for writing passwords are numerous, including:  too many to remember, too long to remember, too often forced to change - have to remember which ones are no longer allowed, and the list goes on.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:28 PM

Posted 30 October 2015 - 06:22 AM


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 dannyboy950

dannyboy950

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:03:28 PM

Posted 30 October 2015 - 07:03 AM

I have to admit my practice comes from the old days. In offices we began getting away from that because people started writing their passwords down in sharpie around the edge of the monitor screens or on sticky notes plastered all over the screen or computer tower.

However I do still keep 2 different notebooks in 2 different places. One I use as reference daily and another as a secure back up.

At least it requires physical access to the computer and the notebooks. Just a little more secure in my mind.

 

Even with my level of paronoia I have not discuised them as  songs or poems.  I have several note books on my desk and in my desk kinda hard to determin which one is the passwords. A number of them could be but only one is.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users