Where to store passwords? - Internet - - Page 9 - City-Data Forum

smarino · 11-06-2016, 11:43 PM

Never, ever store your passwords on a computer or on someone else's server! Doing what you are doing w/ them on a piece of paper is the smartest way. I have a small address type book that I keep mine in. If you are worried about losing yours, buy two. I know of no website that won't allow you to get a new password and user name if you forget or lose yours anyway, so it's no big deal if that happens. What IS a big deal is if someone else gets hold of your information. Again, never ever store them on a computer or on anything internet associated.

thecoalman · 11-08-2016, 03:04 AM

Quote:

Originally Posted by smarino

Never, ever store your passwords on a computer or on someone else's server! Doing what you are doing w/ them on a piece of paper is the smartest way.

Password managers like Keepass use encryption that alphabet agencies would find extremely difficult if not impossible to penetrate. If they can break the encryption used by Keepass they certainly aren't going to be advertising it or using it to obtain your passwords. The issue with the piece of paper is if someone breaks into your house.

Quote:

I know of no website that won't allow you to get a new password and user name if you forget or lose yours anyway, so it's no big deal if that happens.

Your passwords are already being stored on internet server, yes? The reason this is safe is because they are encrypted on the sites server with the password itself being the key. One caveat here, if the server is compromised it could be obtained by third party. They would only need to alter the script and have it send submitted passwords. It could also be compromised without https if it's intercepted in transit since it's just plain text.

This is not an issue with something like Keepass because the file is encrypted locally. It can even be uploaded using non secure methods.

Peregrine · 11-08-2016, 07:29 AM

Well said Coalman. Allow me to expound on the last sentence. What he means by that is the file is so hard to crack into you can upload it to Dropbox over a public wifi without fear. Hell, I could upload my file on this website and no one would be able to crack it.

I work with a woman who has all her password in a notebook. Pages and pages. And while it's great she uses so many different passwords, she carries this around in her purse! Madness...

Tek_Freek · 11-08-2016, 11:42 AM

A bank where I consulted had an obnoxious PW policy. 30 days, all the UC LC two numbers, carats and dollar signs, etc requirements. And the system checked for similar new PWs so you couldn't (iirc) have more than 3 same characters over, I think, 4 passwords. Minimum 9 characters.

This is from 17 years ago so accuracy is questionable, but I'm close.

People were so frustrated that everything was written down. When we had to work on a computer it was almost certain that if we looked for oost its on the monitor, bottom of the keyboard and top desk drawers, we'd find it.

The saving grace was that our area was secure. The bad was that the computers where clients were helped had the same scenario.