close

Privacy guaranteed - Your email is not shared with anyone.

Welcome to Glock Talk

Why should YOU join our Glock forum?

  • Converse with other Glock Enthusiasts
  • Learn about the latest hunting products
  • Becoming a member is FREE and EASY

If you consider yourself a beginner or an avid shooter, the Glock Talk community is your place to discuss self defense, concealed carry, reloading, target shooting, and all things Glock.

multiple account and multiple passwords

Discussion in 'Tech Talk' started by RWBlue, Sep 13, 2012.

  1. RWBlue

    RWBlue Mr. CISSP, CISA CLM

    23,521
    832
    Jan 24, 2004
    Do you use the same password for multiple accounts inside the company and out side the company?

    My guess is you are like most people and don't realize the security issues you have by doing such a thing. Or to put it a different way, If one account gets compromised all accounts are compromised.

    But on the flip side you end up with 12 accounts and 12 password and you are always getting your password reset because you can not remember which password is for which account.

    So here is my question for the group, how can you securely keep track of 12 or more accounts inside and outside your corporation when they all have unique passwords?
     
  2. Bushflyr

    Bushflyr ʇno uıƃuɐɥ ʇsnɾ Millennium Member

    3,524
    0
    Mar 17, 1999
    Western WA
    12? LOL try adding a zero to that.

    I'm slowly transitioning to Keepass. Very slowly. It's painful. :crying:
     


  3. Easy, make a super secure password. You would never guess or hack mine, because is in an ancient language and it is hexadecimal in nature, so in digital language, it could be seen as raw data and not a specific incription.
     
  4. UtahIrishman

    UtahIrishman BLR Silver Member

    6,667
    1,272
    Nov 11, 2001
    Utah
    I memorize my key passwords. The rest are kept in a paper notebook stored in an unknown location.

    You can make up memorable passwords that are secure by using mnemonic devices or simple substitution. For example: Password becomes P@$$W0rd.

    If you want to memorize a series of passwords, use this approach and then create a mnemonic series based on the first letter of the passwords, such as Every Good Boy Does Fine where EGBDF stand for E@ch, G0od0ne, B0xer, D0gm@, F1e$ty, etc. You get the idea.



    I've known some to use patterns on the keyboard. Just don't make it too simple a pattern or it will be compromised in no time.
     
  5. sappy13

    sappy13

    2,666
    1
    Sep 30, 2007
    Bremen, GA
    My only suggestion would be to make very long and secure passwords, swapping out numbers for letters and symbols. Also dont use passwords that have any personal meaning to you. I have a ton of passwords, so i use keepass to keep up with them. Just get it, put the db in your dropbox, and you will always have access to them.
     
  6. fx77

    fx77 CLM

    2,418
    236
    Nov 23, 2008
    Gee
    I have 5 typed pages of single spaced 12 point font of passwords..
    Just shoot me!
     
  7. FL Airedale

    FL Airedale Dog Breath

    2,142
    14
    May 21, 2011
    North-Central Florida
    I've got more than 100 passwords. I use EWallet. It installs on my phone and computer. Plug the phone into the computer and they synch. Of course if you forget the master password to EWallet, you are in big trouble!

    www.iliumsoft.com/ewallet

     
  8. RWBlue

    RWBlue Mr. CISSP, CISA CLM

    23,521
    832
    Jan 24, 2004
    Understand I am in IT Security.

    No password is unbreakable (It just takes time and desire).

    Many computer systems store end user passwords in clear text.

    Worst case senario if the password database is encrypted and I can get it I could use a rainbow table to break the hash and gain access. (This was part of the RSA attack.)

    Having one password for everything is a VERY VERY BAD IDEA.
     
  9. I have used keepass on an IronKey USB thumb drive for a few years now.

    I have worked in information security and I came up with a way to make complex passwords by using patterns on the keyboard. If you were to ask me my master password, I couldn't tell it to you without sitting down at a keyboard to type it out. It's very complex, no words involved, and I only memorize the pattern not the characters so its easy to change my password when it expires without having to memorize another one. I simply move the pattern up/down/sideways when I change it. That also does make it difficult to enter when using a tablet or phone keypad while connecting with Citrix Receiver to work. I also use different passwords for each service. I keep those in keypass on my encrypted IronKey which will wipe itself after too many failed password attempts.
     
    Last edited: Sep 14, 2012
  10. Pierre!

    Pierre! NRA Life Member

    3,965
    139
    Jun 20, 2003
    Lovin Sparks Nv!
    I am a very happy LastPass user.

    It's easy to let LastPass generate the *cryptic* passwords for you, but you have access to edit those passwords if you desire.

    LastPass easily captures most changed passwords as well. Some membership sites are getting "clever" and adding odd login screens that are not part of the webpage, but it's easy to manually add passwords for tracking/reminder purposes.

    LastPass is easy to use from their website and last time I checked it would not leave any password residue on Kiosks... which are still risky due to keystroke loggers... so use the mouse to activate the onscreen keyboard in these situations!

    It's been a couple years now, and I don't see a reason to change.

    Hope That Helps
    Patrick
     
  11. harrygunner

    harrygunner

    578
    28
    Sep 4, 2010
    Bruce Schneier's 'Password Safe' has been made open source. One can download a .exe or Linux binary files. Can also compile it from source. (I haven't used it yet. I made my own years ago.)

    http://sourceforge.net/projects/passwordsafe/

    Bruce Schneier is active in the security arena and has designed several algorithms that have been well received by the security community.

    I use 'mkpasswd' on Linux to generate user IDs, passwords and answers to "forgot your password?" questions. All random and unrelated to all aspects of my life.

    BTW, rainbow tables won't help with encrypted files. They provide some assistance with unsalted hashed passwords. And hashing a password does not encrypt the password.
     
  12. RWBlue

    RWBlue Mr. CISSP, CISA CLM

    23,521
    832
    Jan 24, 2004
    There are several ways I could argue this point, but I have decided not to as it doesn't resolve my original query.:wavey:
     
  13. RWBlue

    RWBlue Mr. CISSP, CISA CLM

    23,521
    832
    Jan 24, 2004
    At this point, I am thinking I want to have an Android enabled app. It is the only thing that is consistent between home, work, other environments. The idea of having my passwords in the cloud just doesn't thrill me.
     
  14. Good point about the cloud, however Android apps and platform aren't really all that secure are they?
     
  15. RWBlue

    RWBlue Mr. CISSP, CISA CLM

    23,521
    832
    Jan 24, 2004
    The problem I have with any Android app is you really don't know what it is doing unless you have access to the source code and even then there are always updates.

    On the flip side, I could just have an excel file on the phone. It is protected by a swip code and then you would have to know what file to go after. As long as I didn't keep the file on the removable chip,....?

    The problem is most of my passwords do not translate very well to the phone. They are not words. I am somewhat of a touch typist. On a regular keyboard I type my password and can retype my password, but typing it on a phone is hit or miss, I will actually have to memorize a password because letting the fingures type what they want will not work.
     
  16. There is a very simple process.

    Think of a person, a place or an event. Think of something you associate with that. For example, what you remember most about your ex Jen is: "Jen and I made out in the back of the car" The password become jaimoitbotc. You can embellish that by throwing in numbers and capitalization based on some formula. Maybe every 2nd, 4th, 8th and 16th letter is capitalized. Every vowel is replaced by a number, like a=1, e=2, i=3, o=4,u=5.

    The password now becomes: j13M43tB4tc

    The best part is that you can put a sticky on your monitor reminding you that the password is Jen and the password is still safe. :cool:
     
  17. Of when someone manages to crack your master password, they get all your passwords.
     
  18. RWBlue

    RWBlue Mr. CISSP, CISA CLM

    23,521
    832
    Jan 24, 2004
    Doesn't solve the problem of multiple passwords on multiple machines. Some will get changed ever 60 days other 90 days, others once a year.
     
  19. RWBlue

    RWBlue Mr. CISSP, CISA CLM

    23,521
    832
    Jan 24, 2004
    Make it good change it often.