Home |
Search |
Today's Posts |
|
UK diy (uk.d-i-y) For the discussion of all topics related to diy (do-it-yourself) in the UK. All levels of experience and proficency are welcome to join in to ask questions or offer solutions. |
Reply |
|
LinkBack | Thread Tools | Display Modes |
#1
Posted to uk.d-i-y,uk.comp.homebuilt
|
|||
|
|||
Storing passwords and associated security questions - X-post
At the moment I keep a folder (well, more than one) with details like
online access passwords and security questions for various accounts. Passwords kept with all the other paper work for the account. Recently I unexpectedly needed some details whilst away from home, so the system failed! I am planning now to record the details on portable media for future proofing. This also allows random answers to obvious questions like mother's maiden name, first school etc. I know you can get password managers which can sync between devices but this places a lot of trust in a remote service, and LastPass has had some bad press recently. Assuming that I don't necessarily want automatic generation of long random passwords and then pasting of them into web browser fields is there any reason not to use a flat file (or simple spreadsheet) to record all the details then use a free encryption package to secure them? Probably stored on a USB stick. The main platform would be Windows 10 but Android support would be a bonus. The solution should work on the home desktops and the travelling laptops, so not tied to one PC. This would also assist in a long overdue upgrade in general security. Any recommendations most welcome. Cheers Dave R -- AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 7 Pro x64 --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus |
#2
Posted to uk.d-i-y,uk.comp.homebuilt
|
|||
|
|||
Storing passwords and associated security questions - X-post
On Mon, 24 Apr 2017 12:37:19 +0000, David wrote:
At the moment I keep a folder (well, more than one) with details like online access passwords and security questions for various accounts. Passwords kept with all the other paper work for the account. Recently I unexpectedly needed some details whilst away from home, so the system failed! I am planning now to record the details on portable media for future proofing. This also allows random answers to obvious questions like mother's maiden name, first school etc. I know you can get password managers which can sync between devices but this places a lot of trust in a remote service, and LastPass has had some bad press recently. Assuming that I don't necessarily want automatic generation of long random passwords and then pasting of them into web browser fields is there any reason not to use a flat file (or simple spreadsheet) to record all the details then use a free encryption package to secure them? Probably stored on a USB stick. The main platform would be Windows 10 but Android support would be a bonus. The solution should work on the home desktops and the travelling laptops, so not tied to one PC. This would also assist in a long overdue upgrade in general security. Any recommendations most welcome. Roboform https://www.roboform.com/ Works well for me. It can sync across multiple Windows PCs and there is a (limited but adequate) version that runs on Android mobile phones too. -- Tony '09 FJR1300, '07 Street Triple OMF#24 |
#3
Posted to uk.d-i-y,uk.comp.homebuilt
|
|||
|
|||
Storing passwords and associated security questions - X-post
Jethro_uk wrote:
How will you get your USB stick into an Android device ? memory sticks with microUSB OTG plugs instead of (or as well as) full size USB plugs have been available for some while, e.g. https://www.kingston.com/en/usb/otg |
#4
Posted to uk.d-i-y
|
|||
|
|||
Storing passwords and associated security questions - X-post
On 24 Apr 2017 12:37:19 GMT, David wrote:
At the moment I keep a folder (well, more than one) with details like online access passwords and security questions for various accounts. Passwords kept with all the other paper work for the account. Recently I unexpectedly needed some details whilst away from home, so the system failed! I am planning now to record the details on portable media for future proofing. This also allows random answers to obvious questions like mother's maiden name, first school etc. I know you can get password managers which can sync between devices but this places a lot of trust in a remote service, and LastPass has had some bad press recently. Assuming that I don't necessarily want automatic generation of long random passwords and then pasting of them into web browser fields is there any reason not to use a flat file (or simple spreadsheet) to record all the details then use a free encryption package to secure them? Probably stored on a USB stick. The main platform would be Windows 10 but Android support would be a bonus. The solution should work on the home desktops and the travelling laptops, so not tied to one PC. This would also assist in a long overdue upgrade in general security. Any recommendations most welcome. Cheers Dave R I've use Keypass for years, it has some complicated options, but you don't have to use them. Works off a USB stick as well, and there is a compatible app for Android that will open the encrypted data file(s). http://keepass.info/ |
#5
Posted to uk.d-i-y,uk.comp.homebuilt
|
|||
|
|||
Storing passwords and associated security questions - X-post
On Mon, 24 Apr 2017 14:27:22 +0100
Andy Burns wrote: Jethro_uk wrote: How will you get your USB stick into an Android device ? memory sticks with microUSB OTG plugs instead of (or as well as) full size USB plugs have been available for some while, e.g. https://www.kingston.com/en/usb/otg These are handy too: www.ebay.co.uk/itm/282337834517 |
#6
Posted to uk.d-i-y,uk.comp.homebuilt
|
|||
|
|||
Storing passwords and associated security questions - X-post
On 24 Apr 2017 12:37:19 GMT, David wrote:
I know you can get password managers which can sync between devices but this places a lot of trust in a remote service, and LastPass has had some bad press recently. There are many password managers that don't use a cloud service themselves, but will sync an encrypted keystore across devices using your own choice of cloud (Dropbox/Amazon Drive/Gdrive blah blah). Best of both worlds. I use 1password and keepass for different things, with their keystores held on different cloud services. 1password because it is clever and has much browser/phone integration, keepass because it's very dumb and just has a 2fa keystore. A folder of text files or even password-locked Excel sheet on a cloud drive or USB isn't quite the same thing, security wise... Cheers - Jaimie -- None of this will matter in 20 billion years. |
#7
Posted to uk.d-i-y,uk.comp.homebuilt
|
|||
|
|||
Storing passwords and associated security questions - X-post
On 24/04/2017 14:35, Rob Morley wrote:
On Mon, 24 Apr 2017 14:27:22 +0100 Andy Burns wrote: Jethro_uk wrote: How will you get your USB stick into an Android device ? memory sticks with microUSB OTG plugs instead of (or as well as) full size USB plugs have been available for some while, e.g. https://www.kingston.com/en/usb/otg These are handy too: www.ebay.co.uk/itm/282337834517 +1 "Don't leave home without it" -- Robin reply-to address is (intended to be) valid |
#8
Posted to uk.d-i-y,uk.comp.homebuilt
|
|||
|
|||
Storing passwords and associated security questions - X-post
In uk.d-i-y Jaimie Vandenbergh wrote:
A folder of text files or even password-locked Excel sheet on a cloud drive or USB isn't quite the same thing, security wise... Indeed. Keeping the passwords secure in memory is hard, and any homebrew solution is likely to do it wrong. Use something designed for the job by people who know what they're doing. The other extreme is a paper passwords sheet, as used by German banks (iTAN): print out a few sheets of random passwords with an index number next to them. On your phone store the index numbers for each account, like this: ebay: 456 amazon: 178 Then use the number to look up a password on your paper sheet. You might need to think of a scheme to mangle them into memorable shoe sizes or whatever your bank wants (don't write anything on the sheet). If someone steals your sheet, they have a few hundred passwords to try - they'll likely get locked out beforehand[1]. If someone hacks your phone they only get the indexes, not the passwords. If they steal both, well you did put a PIN lock and encryption on your phone, didn't you? Theo [1] Unless they have a botnet available |
#9
Posted to uk.d-i-y,uk.comp.homebuilt
|
|||
|
|||
Storing passwords and associated security questions - X-post
On 24/04/17 13:37, David wrote:
At the moment I keep a folder (well, more than one) with details like online access passwords and security questions for various accounts. Passwords kept with all the other paper work for the account. Lastpass if you trust them, for the convenience. KeepassX and 2 data copies, one on your phone and one on a USB stick if you don't trust anyone else. |
#10
Posted to uk.d-i-y
|
|||
|
|||
Storing passwords and associated security questions - X-post
On 24 Apr 2017 12:37:19 GMT, David wrote:
At the moment I keep a folder (well, more than one) with details like online access passwords and security questions for various accounts. Passwords kept with all the other paper work for the account. Recently I unexpectedly needed some details whilst away from home, so the system failed! I am planning now to record the details on portable media for future proofing. This also allows random answers to obvious questions like mother's maiden name, first school etc. I know you can get password managers which can sync between devices but this places a lot of trust in a remote service, and LastPass has had some bad press recently. Assuming that I don't necessarily want automatic generation of long random passwords and then pasting of them into web browser fields is there any reason not to use a flat file (or simple spreadsheet) to record all the details then use a free encryption package to secure them? Probably stored on a USB stick. The main platform would be Windows 10 but Android support would be a bonus. The solution should work on the home desktops and the travelling laptops, so not tied to one PC. This would also assist in a long overdue upgrade in general security. Any recommendations most welcome. This posting is coming to you courtesy of someone else's computer with all necessary passwords etc from my Kingston DataTraveller Locker + G3 which has hardware encrypted storage which can only be accessed by password. 10 unsuccessful attempts at breaking that password and the drive automatically wipes itself clean. Works for me. Nick |
#11
Posted to uk.d-i-y,uk.comp.homebuilt
|
|||
|
|||
Storing passwords and associated security questions - X-post
On 24/04/2017 13:37, David wrote:
Any recommendations most welcome. Consider an encrypted folder on a PC/USB stick etc. to store all of your other password I use the free version found at http://www.cypherix.com/ The encrypted folder needs a strong password to gain access but with this method this password is the only one you have to remember. I use a easily memorable (to me) longish sentence as a password. I also keep a paper copy of the folder contents in a very safe place as a backup -- mailto: news {at} admac {dot] myzen {dot} co {dot} uk |
#12
Posted to uk.d-i-y,uk.comp.homebuilt
|
|||
|
|||
Storing passwords and associated security questions - X-post
On 24/04/2017 14:15, Jethro_uk wrote:
On Mon, 24 Apr 2017 12:37:19 +0000, David wrote: snip I know you can get password managers which can sync between devices but this places a lot of trust in a remote service, and LastPass has had some bad press recently. I think - despite the issues recently documented - having a password manager is more secure than not Assuming that I don't necessarily want automatic generation of long random passwords and then pasting of them into web browser fields is there any reason not to use a flat file (or simple spreadsheet) to record all the details then use a free encryption package to secure them? Probably stored on a USB stick. The main platform would be Windows 10 but Android support would be a bonus. How will you get your USB stick into an Android device ? Something like https://www.amazon.co.uk/MAXINDA-Mic.../dp/B01MRZCPZD |
#13
Posted to uk.d-i-y,uk.comp.homebuilt
|
|||
|
|||
Storing passwords and associated security questions - X-post
On 24/04/2017 13:37, David wrote:
is there any reason not to use a flat file (or simple spreadsheet) Excel protected spreadsheets can be compromised, however one can make it more difficult to view the information. Just some suggestions. column A list account column B list password colums A reverse the list column B reverse the passwords. Space everything with a blank row in between In the blank row put false information Using conditional formatting linked to the `real` info have a cell that requires the correct code to hide/reveal the correct info. Hide the code cell behind an image And various other things can be done to frustrate an illegal intruder. |
#14
Posted to uk.d-i-y,uk.comp.homebuilt
|
|||
|
|||
Storing passwords and associated security questions - X-post
On 24/04/2017 13:37, David wrote:
At the moment I keep a folder (well, more than one) with details like online access passwords and security questions for various accounts. Passwords kept with all the other paper work for the account. Recently I unexpectedly needed some details whilst away from home, so the system failed! I am planning now to record the details on portable media for future proofing. This also allows random answers to obvious questions like mother's maiden name, first school etc. I know you can get password managers which can sync between devices but this places a lot of trust in a remote service, and LastPass has had some bad press recently. Assuming that I don't necessarily want automatic generation of long random passwords and then pasting of them into web browser fields is there any reason not to use a flat file (or simple spreadsheet) to record all the details then use a free encryption package to secure them? Probably stored on a USB stick. The main platform would be Windows 10 but Android support would be a bonus. The solution should work on the home desktops and the travelling laptops, so not tied to one PC. This would also assist in a long overdue upgrade in general security. Any recommendations most welcome. Cheers Dave R If you want to take the file out of your property, I would suggest encrypting it. You can store and decode encrypted files on a mobile phone, or us an SD card. For bank a/cs, I suggest using password reminders which no one but you would understand. I can establish a VPN connection to my NAS, so I can get retrieve data from anywhere that offers a reasonable internet connection. -- Michael Chare |
#15
Posted to uk.d-i-y,uk.comp.homebuilt
|
|||
|
|||
Storing passwords and associated security questions - X-post
David posted
At the moment I keep a folder (well, more than one) with details like online access passwords and security questions for various accounts. Passwords kept with all the other paper work for the account. Recently I unexpectedly needed some details whilst away from home, so the system failed! I am planning now to record the details on portable media for future proofing. This also allows random answers to obvious questions like mother's maiden name, first school etc. I know you can get password managers which can sync between devices but this places a lot of trust in a remote service, and LastPass has had some bad press recently. Assuming that I don't necessarily want automatic generation of long random passwords and then pasting of them into web browser fields is there any reason not to use a flat file (or simple spreadsheet) to record all the details then use a free encryption package to secure them? Probably stored on a USB stick. The main platform would be Windows 10 but Android support would be a bonus. The solution should work on the home desktops and the travelling laptops, so not tied to one PC. This would also assist in a long overdue upgrade in general security. Any recommendations most welcome. I use freeware software (http://www.aescrypt.com/download/) to encrypt a flat text file containing account details. Not GCHQ-proof, but probably good enough for most practical purposes. I also keep a paper print-out in a safe place. In principle, you could FTP the encrypted file to a hidden page on your website so you can download it from anywhere, without using a USB stick. (I don't because I rarely travel.) -- Jack |
#17
Posted to uk.d-i-y,uk.comp.homebuilt
|
|||
|
|||
Storing passwords and associated security questions - X-post
Michael Chare wrote:
On 24/04/2017 13:37, David wrote: At the moment I keep a folder (well, more than one) with details like online access passwords and security questions for various accounts. Passwords kept with all the other paper work for the account. Recently I unexpectedly needed some details whilst away from home, so the system failed! I am planning now to record the details on portable media for future proofing. This also allows random answers to obvious questions like mother's maiden name, first school etc. I know you can get password managers which can sync between devices but this places a lot of trust in a remote service, and LastPass has had some bad press recently. Assuming that I don't necessarily want automatic generation of long random passwords and then pasting of them into web browser fields is there any reason not to use a flat file (or simple spreadsheet) to record all the details then use a free encryption package to secure them? Probably stored on a USB stick. The main platform would be Windows 10 but Android support would be a bonus. The solution should work on the home desktops and the travelling laptops, so not tied to one PC. This would also assist in a long overdue upgrade in general security. Any recommendations most welcome. Cheers Dave R If you want to take the file out of your property, I would suggest encrypting it. You can store and decode encrypted files on a mobile phone, or us an SD card. For bank a/cs, I suggest using password reminders which no one but you would understand. I can establish a VPN connection to my NAS, so I can get retrieve data from anywhere that offers a reasonable internet connection. I have solved most of the password problems by not having them. Writing down a couple is easy and means nothing to anyone who reads a scrap of paper. |
#18
Posted to uk.d-i-y,uk.comp.homebuilt
|
|||
|
|||
Storing passwords and associated security questions - X-post
On 25/04/17 09:41, Capitol wrote:
I have solved most of the password problems by not having them You're kidding, aren't you? I have upwards of 150 in my password vault. OK, some of them are probably irrelevant (services I don't use any more, suppliers I don't deal with) but it's a long way from the "couple" that you write down. -- Henry Law n e w s @ l a w s h o u s e . o r g Manchester, England |
#19
Posted to uk.d-i-y
|
|||
|
|||
Storing passwords and associated security questions - X-post
Brian Gaff wrote
It would also need to take account of the ricently very annoying tendency for web sites and services to impose password changes on you after a certaintime. Yahoo seemed to want this. Mine hasn’t. My answer was to close Yahoo email and use something else. To be honest its only machine access and financial services that really need super security, the email suppliers are far more likely to compromise your data than anyone hacking it at your end if frequent history is anything to go by. This should all really be a thing of the past by now. we should find some biometric way to do it instead. We have already with fingerprints and iris scans. "David" wrote in message ... At the moment I keep a folder (well, more than one) with details like online access passwords and security questions for various accounts. Passwords kept with all the other paper work for the account. Recently I unexpectedly needed some details whilst away from home, so the system failed! I am planning now to record the details on portable media for future proofing. This also allows random answers to obvious questions like mother's maiden name, first school etc. I know you can get password managers which can sync between devices but this places a lot of trust in a remote service, and LastPass has had some bad press recently. Assuming that I don't necessarily want automatic generation of long random passwords and then pasting of them into web browser fields is there any reason not to use a flat file (or simple spreadsheet) to record all the details then use a free encryption package to secure them? Probably stored on a USB stick. The main platform would be Windows 10 but Android support would be a bonus. The solution should work on the home desktops and the travelling laptops, so not tied to one PC. This would also assist in a long overdue upgrade in general security. Any recommendations most welcome. Cheers Dave R -- AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 7 Pro x64 --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus |
#20
Posted to uk.d-i-y
|
|||
|
|||
Storing passwords and associated security questions - X-post
On Tuesday, April 25, 2017 at 8:47:05 AM UTC+1, Brian Gaff wrote:
It would also need to take account of the rice ntly very annoying tendency for web sites and services to impose password changes on you after a certaintime. Yahoo seemed to want this. My answer was to close Yahoo email and use something else. To be honest its only machine access and financial services that really need super security, the email suppliers are far more likely to compromise your data than anyone hacking it at your end if frequent history is anything to go by. This should all really be a thing of the past by now. we should find some biometric way to do it instead. Brian -- ----- - This newsgroup posting comes to you directly from... The Sofa of Brian Gaff... Blind user, so no pictures please! "David" wrote in message ... At the moment I keep a folder (well, more than one) with details like online access passwords and security questions for various accounts. Passwords kept with all the other paper work for the account. Recently I unexpectedly needed some details whilst away from home, so the system failed! I am planning now to record the details on portable media for future proofing. This also allows random answers to obvious questions like mother's maiden name, first school etc. I know you can get password managers which can sync between devices but this places a lot of trust in a remote service, and LastPass has had some bad press recently. Assuming that I don't necessarily want automatic generation of long random passwords and then pasting of them into web browser fields is there any reason not to use a flat file (or simple spreadsheet) to record all the details then use a free encryption package to secure them? Probably stored on a USB stick. The main platform would be Windows 10 but Android support would be a bonus. The solution should work on the home desktops and the travelling laptops, so not tied to one PC. This would also assist in a long overdue upgrade in general security. Any recommendations most welcome. Cheers Dave R -- AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 7 Pro x64 --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus I use Dashlane for computer access of passwords On my mobile I generally only want access to my banks accounts. These are numeric only. Based on tha fact that I can remembr car registration details with ease i keep a file on the phone with the bank ref and just the letters of that password. Easy to refresh my memory and the letters details are all I require. Incidentally I can remember car reg details going back over 60 years. (fathers and mothers car reg details from when I was a lad, in a different country) |
#21
Posted to uk.d-i-y
|
|||
|
|||
Storing passwords and associated security questions - X-post
On 25/04/17 10:53, fred wrote:
On Tuesday, April 25, 2017 at 8:47:05 AM UTC+1, Brian Gaff wrote: It would also need to take account of the rice ntly very annoying tendency for web sites and services to impose password changes on you after a certaintime. Yahoo seemed to want this. My answer was to close Yahoo email and use something else. To be honest its only machine access and financial services that really need super security, the email suppliers are far more likely to compromise your data than anyone hacking it at your end if frequent history is anything to go by. This should all really be a thing of the past by now. we should find some biometric way to do it instead. Brian -- ----- - This newsgroup posting comes to you directly from... The Sofa of Brian Gaff... Blind user, so no pictures please! "David" wrote in message ... At the moment I keep a folder (well, more than one) with details like online access passwords and security questions for various accounts. Passwords kept with all the other paper work for the account. Recently I unexpectedly needed some details whilst away from home, so the system failed! I am planning now to record the details on portable media for future proofing. This also allows random answers to obvious questions like mother's maiden name, first school etc. I know you can get password managers which can sync between devices but this places a lot of trust in a remote service, and LastPass has had some bad press recently. Assuming that I don't necessarily want automatic generation of long random passwords and then pasting of them into web browser fields is there any reason not to use a flat file (or simple spreadsheet) to record all the details then use a free encryption package to secure them? Probably stored on a USB stick. The main platform would be Windows 10 but Android support would be a bonus. The solution should work on the home desktops and the travelling laptops, so not tied to one PC. This would also assist in a long overdue upgrade in general security. Any recommendations most welcome. Cheers Dave R -- AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 7 Pro x64 --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus I use Dashlane for computer access of passwords On my mobile I generally only want access to my banks accounts. These are numeric only. Based on tha fact that I can remembr car registration details with ease i keep a file on the phone with the bank ref and just the letters of that password. Easy to refresh my memory and the letters details are all I require. Incidentally I can remember car reg details going back over 60 years. (fathers and mothers car reg details from when I was a lad, in a different country) So can I with a few gaps. -- Future generations will wonder in bemused amazement that the early twenty-first centurys developed world went into hysterical panic over a globally average temperature increase of a few tenths of a degree, and, on the basis of gross exaggerations of highly uncertain computer projections combined into implausible chains of inference, proceeded to contemplate a rollback of the industrial age. Richard Lindzen |
#22
Posted to uk.d-i-y
|
|||
|
|||
Storing passwords and associated security questions - X-post
On Tue, 25 Apr 2017 19:39:21 +1000, "Rod Speed"
wrote: Brian Gaff wrote This should all really be a thing of the past by now. we should find some biometric way to do it instead. We have already with fingerprints and iris scans. The problems with biometric access - apart from the willingness of some criminals to cut off a finger or gouge out an eye - are to do with crossing borders of unfriendly states. For unfriendly, you might even include your own, regardless of where you live. Most civilised nations require some sort of judicial process to demand a password but case law in the UK and elsewhere has determined that there is no such protection for your biometrics. They can slam your finger down on the screen and if the phone opens up, bingo! Most business travellers - those that aren't given "clean" electronic devices by their companies for their trips anyway - are advised to disable the biometric features of any device when using it abroad. Here's The Register's guide to taking electronic devices to the US https://www.theregister.co.uk/2017/0...n_entering_us/ be sure to read page 2. Nick |
#23
Posted to uk.d-i-y
|
|||
|
|||
Storing passwords and associated security questions - X-post
Nick Odell wrote
Rod Speed wrote Brian Gaff wrote This should all really be a thing of the past by now. we should find some biometric way to do it instead. We have already with fingerprints and iris scans. The problems with biometric access - apart from the willingness of some criminals to cut off a finger or gouge out an eye Its completely trivial for the sensor to work out the finger or eye is still alive. - are to do with crossing borders of unfriendly states. For unfriendly, you might even include your own, regardless of where you live. Most civilised nations require some sort of judicial process to demand a password but case law in the UK and elsewhere has determined that there is no such protection for your biometrics. They can slam your finger down on the screen and if the phone opens up, bingo! Not if the phone has been designed so you can turn that off before showing up at the border and need the full passcode before it can be turned on again. Most business travellers - those that aren't given "clean" electronic devices by their companies for their trips anyway are advised to disable the biometric features of any device when using it abroad. See above. Here's The Register's guide to taking electronic devices to the US https://www.theregister.co.uk/2017/0...n_entering_us/ be sure to read page 2. Sure, but as it says, trivial to avoid that being a problem. |
#24
Posted to uk.d-i-y
|
|||
|
|||
Storing passwords and associated security questions - X-post
On 2017-04-26, Jethro_uk wrote:
On Tue, 25 Apr 2017 08:46:59 +0100, Brian Gaff wrote: It would also need to take account of the rice ntly very annoying tendency for web sites and services to impose password changes on you after a certaintime. And/or to disable the ability to paste into a text field, requiring you to type the password in. Not so easy when it's 20 random characters ... E.g., using a password manager. In Firefox, you fix that by going to "about:config" & setting "dom.event.clipboardevents.enable" to "false". |
#25
Posted to uk.d-i-y
|
|||
|
|||
Storing passwords and associated security questions - X-post
Adam Funk posted
On 2017-04-26, Jethro_uk wrote: On Tue, 25 Apr 2017 08:46:59 +0100, Brian Gaff wrote: It would also need to take account of the rice ntly very annoying tendency for web sites and services to impose password changes on you after a certaintime. And/or to disable the ability to paste into a text field, requiring you to type the password in. Not so easy when it's 20 random characters ... E.g., using a password manager. In Firefox, you fix that by going to "about:config" & setting "dom.event.clipboardevents.enable" to "false". Many thanks for that. Is there also a method of forcing the characters to be displayed as themselves instead of asterisks? -- Jack |
#26
Posted to uk.d-i-y
|
|||
|
|||
Storing passwords and associated security questions - X-post
On Monday, 24 April 2017 17:57:35 UTC+1, Nick Odell wrote:
On 24 Apr 2017 12:37:19 GMT, David wrote: This posting is coming to you courtesy of someone else's computer with all necessary passwords etc from my Kingston DataTraveller Locker + G3 which has hardware encrypted storage which can only be accessed by password. 10 unsuccessful attempts at breaking that password and the drive automatically wipes itself clean. Works for me. What happens if this USB keys breaks physically I;/ve seen and heard this happen in the lab. ? So I know it's possible. |
#27
Posted to uk.d-i-y,uk.comp.homebuilt
|
|||
|
|||
Storing passwords and associated security questions - X-post
On Mon, 24 Apr 2017 14:27:22 +0100, Andy Burns
wrote: Jethro_uk wrote: How will you get your USB stick into an Android device ? memory sticks with microUSB OTG plugs instead of (or as well as) full size USB plugs have been available for some while, e.g. https://www.kingston.com/en/usb/otg My ageing Toshiba tablet has full size USB and SD card slots. -- AnthonyL |
#28
Posted to uk.d-i-y
|
|||
|
|||
Storing passwords and associated security questions - X-post
On 26/04/2017 11:28, Handsome Jack wrote:
Adam Funk posted On 2017-04-26, Jethro_uk wrote: [snip] And/or to disable the ability to paste into a text field, requiring you to type the password in. Not so easy when it's 20 random characters ... E.g., using a password manager. In Firefox, you fix that by going to "about:config" & setting "dom.event.clipboardevents.enable" to "false". Many thanks for that. Is there also a method of forcing the characters to be displayed as themselves instead of asterisks? The Web Developer extension does this - and lots more. http://chrispederick.com/work/web-developer/ -- Mike Clarke |
#29
Posted to uk.d-i-y
|
|||
|
|||
Storing passwords and associated security questions - X-post
On Monday, April 24, 2017 at 2:27:27 PM UTC+1, Andy Burns wrote:
Jethro_uk wrote: How will you get your USB stick into an Android device ? Verbatim Memdiasha A wireless USB stick equivalent. Accessible from PC or tablet. https://www.amazon.co.uk/Verbatim-49...share+wireless Plus it will store your music and films. The larger version is more expensive but less likely to lose itself in your baggage. |
#30
Posted to uk.d-i-y
|
|||
|
|||
Storing passwords and associated security questions - X-post
whisky-dave wrote
Nick Odell wrote David wrote This posting is coming to you courtesy of someone else's computer with all necessary passwords etc from my Kingston DataTraveller Locker + G3 which has hardware encrypted storage which can only be accessed by password. 10 unsuccessful attempts at breaking that password and the drive automatically wipes itself clean. Works for me. What happens if this USB keys breaks physically Nothing special, you just use the spare. I;/ve seen and heard this happen in the lab. ? So I know it's possible. Yeah, I still give what I torrent for the neighbours kids who I let use my internet using USB sticks for the speed and they do die occasionally. |
#31
Posted to uk.d-i-y
|
|||
|
|||
Storing passwords and associated security questions - X-post
On Wednesday, 26 April 2017 20:40:03 UTC+1, Rod Speed wrote:
whisky-dave wrote Nick Odell wrote David wrote This posting is coming to you courtesy of someone else's computer with all necessary passwords etc from my Kingston DataTraveller Locker + G3 which has hardware encrypted storage which can only be accessed by password. 10 unsuccessful attempts at breaking that password and the drive automatically wipes itself clean. Works for me. What happens if this USB keys breaks physically Nothing special, you just use the spare. fine if you carry a spare of everything do you carry a spare mobile, spare underwear etc... Most people should have a spare but NOT carried with them. I;/ve seen and heard this happen in the lab. ? So I know it's possible. Yeah, I still give what I torrent for the neighbours kids who I let use my internet using USB sticks for the speed and they do die occasionally. Unlike most HDs there's a good chance they'll get damaged manually long before they are electraclly, or of course lost we get one or two a week left in the lab but more come up to me asking have you been handed a USB stick ? |
#32
Posted to uk.d-i-y
|
|||
|
|||
Storing passwords and associated security questions - X-post
whisky-dave wrote
Rod Speed wrote whisky-dave wrote Nick Odell wrote David wrote This posting is coming to you courtesy of someone else's computer with all necessary passwords etc from my Kingston DataTraveller Locker + G3 which has hardware encrypted storage which can only be accessed by password. 10 unsuccessful attempts at breaking that password and the drive automatically wipes itself clean. Works for me. What happens if this USB keys breaks physically Nothing special, you just use the spare. fine if you carry a spare of everything Doesnt need to be everything, just the things that are easy to have a spare of that are a major hassle if they break. do you carry a spare mobile, spare underwear etc... Nope, because neither would be a major hassle if it broke. I would have a spare car if it was as portable as USB stick, but they arent. In the case of the USB stick, there is obviously a real market for one that has two of them in the one container and a simple switch to switch between the one that has just died and the spare. Most people should have a spare but NOT carried with them. No reason why they couldnt with that more fancy stick. I;/ve seen and heard this happen in the lab. ? So I know it's possible. Yeah, I still give what I torrent for the neighbours kids who I let use my internet using USB sticks for the speed and they do die occasionally. Unlike most HDs there's a good chance they'll get damaged manually long before they are electraclly, None of these have been, they have all died electrically. or of course lost I havent seen some of them for quite a while so they may indeed lose some. we get one or two a week left in the lab but more come up to me asking have you been handed a USB stick ? Sure, but its easy enough to ensure you dont lose one that has your passwords etc on it by just having it on your keyring etc. |
#33
Posted to uk.d-i-y,uk.comp.homebuilt
|
|||
|
|||
Storing passwords and associated security questions - X-post
On 24/04/2017 16:18, Theo wrote:
In uk.d-i-y Jaimie Vandenbergh wrote: A folder of text files or even password-locked Excel sheet on a cloud drive or USB isn't quite the same thing, security wise... Indeed. Keeping the passwords secure in memory is hard, and any homebrew solution is likely to do it wrong. Use something designed for the job by people who know what they're doing. If you are an unimportant single person I'm not convinced. For an unimportant person it is unlikely anyone will invest any time cracking your home brew solution, as long as it is in some way non standard. It doesn't have to be particularly good just quirky. On the other hand malicious third parties will invest considerable efforts trying to crack a standard widely used solution, even a well designed one is vulnerable. If one of these systems is cracked your account and details may be caught as one of millions exposed. |
#34
Posted to uk.d-i-y,uk.comp.homebuilt
|
|||
|
|||
Storing passwords and associated security questions - X-post
On Thu, 27 Apr 2017 23:40:04 +0100, Nick wrote:
On 24/04/2017 16:18, Theo wrote: In uk.d-i-y Jaimie Vandenbergh wrote: A folder of text files or even password-locked Excel sheet on a cloud drive or USB isn't quite the same thing, security wise... Indeed. Keeping the passwords secure in memory is hard, and any homebrew solution is likely to do it wrong. Use something designed for the job by people who know what they're doing. If you are an unimportant single person I'm not convinced. For an unimportant person it is unlikely anyone will invest any time cracking your home brew solution, as long as it is in some way non standard. It doesn't have to be particularly good just quirky. On the other hand malicious third parties will invest considerable efforts trying to crack a standard widely used solution, even a well designed one is vulnerable. If one of these systems is cracked your account and details may be caught as one of millions exposed. Yes, this is my main concern. Something like LastPass is found to have a vulnerability and exploits will be all over the place on the web. If you have an encrypted USB stick (with your own choice of encryption software) then you are mainly vulnerable to someone finding/stealing it and deciding to brute force it. Security by obscurity isn't the greatest approach but it does have some advantages. Cheers Dave R -- AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 7 Pro x64 --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus |
#35
Posted to uk.d-i-y,uk.comp.homebuilt
|
|||
|
|||
Storing passwords and associated security questions - X-post
In uk.comp.homebuilt David wrote:
Something like LastPass is found to have a vulnerability and exploits will be all over the place on the web. If you have an encrypted USB stick (with your own choice of encryption software) then you are mainly vulnerable to someone finding/stealing it and deciding to brute force it. Security by obscurity isn't the greatest approach but it does have some advantages. The thing is, it doesn't gain you very much. Suppose you put your passwords in a password-protected Excel sheet. Excel has to decrypt it to show it to you. That means all your passwords are now in memory, in the clear. All malware has to do is search through memory for strings like 'password' 'username' 'bank' 'NatWest' etc, and then exfiltrate any text nearby. It doesn't matter what format they're in, the malware doesn't care. If you think this is implausible, this is exactly how disc forensics work - they don't care that the disc claims to be NTFS or FAT or whatever, they just search the raw bits. Memory forensics is similar. Basically there is a high risk unless you keep up with the current threat models, and so it is better to pick an approach which has been carefully designed and scrutinised. Theo |
Reply |
Thread Tools | Search this Thread |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Forum | |||
Security post | UK diy | |||
Security Post. | UK diy | |||
Security Post. | UK diy | |||
Security Post. | UK diy | |||
Home Security Questions | Home Repair |