At the moment I keep a folder (well, more than one) with details like
online access passwords and security questions for various accounts.
Passwords kept with all the other paper work for the account.

Recently I unexpectedly needed some details whilst away from home, so the
system failed!

I am planning now to record the details on portable media for future
proofing. This also allows random answers to obvious questions like
mother's maiden name, first school etc.

I know you can get password managers which can sync between devices but
this places a lot of trust in a remote service, and LastPass has had some
bad press recently.

Assuming that I don't necessarily want automatic generation of long random
passwords and then pasting of them into web browser fields is there any
reason not to use a flat file (or simple spreadsheet) to record all the
details then use a free encryption package to secure them?

Probably stored on a USB stick.

The main platform would be Windows 10 but Android support would be a
bonus.

The solution should work on the home desktops and the travelling laptops,
so not tied to one PC.

This would also assist in a long overdue upgrade in general security.

Any recommendations most welcome.

Cheers


Dave R


--
AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 7 Pro x64

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

On Mon, 24 Apr 2017 12:37:19 +0000, David wrote:

At the moment I keep a folder (well, more than one) with details like
online access passwords and security questions for various accounts.
Passwords kept with all the other paper work for the account.

Recently I unexpectedly needed some details whilst away from home, so
the system failed!

I am planning now to record the details on portable media for future
proofing. This also allows random answers to obvious questions like
mother's maiden name, first school etc.

I know you can get password managers which can sync between devices but
this places a lot of trust in a remote service, and LastPass has had
some bad press recently.

Assuming that I don't necessarily want automatic generation of long
random passwords and then pasting of them into web browser fields is
there any reason not to use a flat file (or simple spreadsheet) to
record all the details then use a free encryption package to secure
them?

Probably stored on a USB stick.

The main platform would be Windows 10 but Android support would be a
bonus.

The solution should work on the home desktops and the travelling
laptops, so not tied to one PC.

This would also assist in a long overdue upgrade in general security.

Any recommendations most welcome.

Roboform
https://www.roboform.com/

Works well for me. It can sync across multiple Windows PCs and there is a
(limited but adequate) version that runs on Android mobile phones too.

--
Tony
'09 FJR1300, '07 Street Triple OMF#24

Jethro_uk wrote:

How will you get your USB stick into an Android device ?

memory sticks with microUSB OTG plugs instead of (or as well as) full
size USB plugs have been available for some while, e.g.

https://www.kingston.com/en/usb/otg

On 24 Apr 2017 12:37:19 GMT, David wrote:

At the moment I keep a folder (well, more than one) with details like
online access passwords and security questions for various accounts.
Passwords kept with all the other paper work for the account.

Recently I unexpectedly needed some details whilst away from home, so the
system failed!

I am planning now to record the details on portable media for future
proofing. This also allows random answers to obvious questions like
mother's maiden name, first school etc.

I know you can get password managers which can sync between devices but
this places a lot of trust in a remote service, and LastPass has had some
bad press recently.

Assuming that I don't necessarily want automatic generation of long random
passwords and then pasting of them into web browser fields is there any
reason not to use a flat file (or simple spreadsheet) to record all the
details then use a free encryption package to secure them?

Probably stored on a USB stick.

The main platform would be Windows 10 but Android support would be a
bonus.

The solution should work on the home desktops and the travelling laptops,
so not tied to one PC.

This would also assist in a long overdue upgrade in general security.

Any recommendations most welcome.

Cheers


Dave R
I've use Keypass for years, it has some complicated options, but you
don't have to use them. Works off a USB stick as well, and there is a
compatible app for Android that will open the encrypted data file(s).
http://keepass.info/

On Mon, 24 Apr 2017 14:27:22 +0100
Andy Burns wrote:

Jethro_uk wrote:

How will you get your USB stick into an Android device ?

memory sticks with microUSB OTG plugs instead of (or as well as) full
size USB plugs have been available for some while, e.g.

https://www.kingston.com/en/usb/otg

These are handy too: www.ebay.co.uk/itm/282337834517

On 24 Apr 2017 12:37:19 GMT, David wrote:

I know you can get password managers which can sync between devices but
this places a lot of trust in a remote service, and LastPass has had some
bad press recently.

There are many password managers that don't use a cloud service
themselves, but will sync an encrypted keystore across devices using
your own choice of cloud (Dropbox/Amazon Drive/Gdrive blah blah). Best
of both worlds.

I use 1password and keepass for different things, with their keystores
held on different cloud services. 1password because it is clever and has
much browser/phone integration, keepass because it's very dumb and just
has a 2fa keystore.

A folder of text files or even password-locked Excel sheet on a cloud
drive or USB isn't quite the same thing, security wise...

Cheers - Jaimie
--
None of this will matter in 20 billion years.

On 24/04/2017 14:35, Rob Morley wrote:
On Mon, 24 Apr 2017 14:27:22 +0100
Andy Burns wrote:

Jethro_uk wrote:

How will you get your USB stick into an Android device ?

memory sticks with microUSB OTG plugs instead of (or as well as) full
size USB plugs have been available for some while, e.g.

https://www.kingston.com/en/usb/otg

These are handy too: www.ebay.co.uk/itm/282337834517


+1

"Don't leave home without it"

--
Robin
reply-to address is (intended to be) valid

In uk.d-i-y Jaimie Vandenbergh wrote:
A folder of text files or even password-locked Excel sheet on a cloud
drive or USB isn't quite the same thing, security wise...

Indeed. Keeping the passwords secure in memory is hard, and any homebrew
solution is likely to do it wrong. Use something designed for the job by
people who know what they're doing.

The other extreme is a paper passwords sheet, as used by German banks
(iTAN): print out a few sheets of random passwords with an index number next
to them. On your phone store the index numbers for each account, like this:
ebay: 456
amazon: 178

Then use the number to look up a password on your paper sheet. You might
need to think of a scheme to mangle them into memorable shoe sizes or
whatever your bank wants (don't write anything on the sheet).

If someone steals your sheet, they have a few hundred passwords to try -
they'll likely get locked out beforehand[1]. If someone hacks your phone they
only get the indexes, not the passwords. If they steal both, well you did
put a PIN lock and encryption on your phone, didn't you?

Theo

[1] Unless they have a botnet available

On 24/04/17 13:37, David wrote:
At the moment I keep a folder (well, more than one) with details like
online access passwords and security questions for various accounts.
Passwords kept with all the other paper work for the account.


Lastpass if you trust them, for the convenience.

KeepassX and 2 data copies, one on your phone and one on a USB stick if
you don't trust anyone else.

On 24 Apr 2017 12:37:19 GMT, David wrote:

At the moment I keep a folder (well, more than one) with details like
online access passwords and security questions for various accounts.
Passwords kept with all the other paper work for the account.

Recently I unexpectedly needed some details whilst away from home, so the
system failed!

I am planning now to record the details on portable media for future
proofing. This also allows random answers to obvious questions like
mother's maiden name, first school etc.

I know you can get password managers which can sync between devices but
this places a lot of trust in a remote service, and LastPass has had some
bad press recently.

Assuming that I don't necessarily want automatic generation of long random
passwords and then pasting of them into web browser fields is there any
reason not to use a flat file (or simple spreadsheet) to record all the
details then use a free encryption package to secure them?

Probably stored on a USB stick.

The main platform would be Windows 10 but Android support would be a
bonus.

The solution should work on the home desktops and the travelling laptops,
so not tied to one PC.

This would also assist in a long overdue upgrade in general security.

Any recommendations most welcome.

This posting is coming to you courtesy of someone else's computer with
all necessary passwords etc from my Kingston DataTraveller Locker + G3
which has hardware encrypted storage which can only be accessed by
password. 10 unsuccessful attempts at breaking that password and the
drive automatically wipes itself clean.

Works for me.

Nick

On 24/04/2017 13:37, David wrote:

Any recommendations most welcome.





Consider an encrypted folder on a PC/USB stick etc. to store all of
your other password

I use the free version found at
http://www.cypherix.com/

The encrypted folder needs a strong password to gain access but with
this method this password is the only one you have to remember. I use a
easily memorable (to me) longish sentence as a password.

I also keep a paper copy of the folder contents in a very safe place as
a backup

--
mailto: news {at} admac {dot] myzen {dot} co {dot} uk

On 24/04/2017 14:15, Jethro_uk wrote:
On Mon, 24 Apr 2017 12:37:19 +0000, David wrote:

snip

I know you can get password managers which can sync between devices but
this places a lot of trust in a remote service, and LastPass has had
some bad press recently.


I think - despite the issues recently documented - having a password
manager is more secure than not


Assuming that I don't necessarily want automatic generation of long
random passwords and then pasting of them into web browser fields is
there any reason not to use a flat file (or simple spreadsheet) to
record all the details then use a free encryption package to secure
them?

Probably stored on a USB stick.

The main platform would be Windows 10 but Android support would be a
bonus.

How will you get your USB stick into an Android device ?

Something like

https://www.amazon.co.uk/MAXINDA-Mic.../dp/B01MRZCPZD

On 24/04/2017 13:37, David wrote:
is there any
reason not to use a flat file (or simple spreadsheet)

Excel protected spreadsheets can be compromised, however one can make it
more difficult to view the information. Just some suggestions.

column A list account
column B list password
colums A reverse the list
column B reverse the passwords.
Space everything with a blank row in between
In the blank row put false information
Using conditional formatting linked to the `real` info have a cell that
requires the correct code to hide/reveal the correct info.
Hide the code cell behind an image

And various other things can be done to frustrate an illegal intruder.

On 24/04/2017 13:37, David wrote:
At the moment I keep a folder (well, more than one) with details like
online access passwords and security questions for various accounts.
Passwords kept with all the other paper work for the account.

Recently I unexpectedly needed some details whilst away from home, so the
system failed!

I am planning now to record the details on portable media for future
proofing. This also allows random answers to obvious questions like
mother's maiden name, first school etc.

I know you can get password managers which can sync between devices but
this places a lot of trust in a remote service, and LastPass has had some
bad press recently.

Assuming that I don't necessarily want automatic generation of long random
passwords and then pasting of them into web browser fields is there any
reason not to use a flat file (or simple spreadsheet) to record all the
details then use a free encryption package to secure them?

Probably stored on a USB stick.

The main platform would be Windows 10 but Android support would be a
bonus.

The solution should work on the home desktops and the travelling laptops,
so not tied to one PC.

This would also assist in a long overdue upgrade in general security.

Any recommendations most welcome.

Cheers


Dave R



If you want to take the file out of your property, I would suggest
encrypting it.

You can store and decode encrypted files on a mobile phone, or us an SD
card.

For bank a/cs, I suggest using password reminders which no one but you
would understand.

I can establish a VPN connection to my NAS, so I can get retrieve data
from anywhere that offers a reasonable internet connection.


--
Michael Chare

David posted
At the moment I keep a folder (well, more than one) with details like
online access passwords and security questions for various accounts.
Passwords kept with all the other paper work for the account.

Recently I unexpectedly needed some details whilst away from home, so the
system failed!

I am planning now to record the details on portable media for future
proofing. This also allows random answers to obvious questions like
mother's maiden name, first school etc.

I know you can get password managers which can sync between devices but
this places a lot of trust in a remote service, and LastPass has had some
bad press recently.

Assuming that I don't necessarily want automatic generation of long random
passwords and then pasting of them into web browser fields is there any
reason not to use a flat file (or simple spreadsheet) to record all the
details then use a free encryption package to secure them?

Probably stored on a USB stick.

The main platform would be Windows 10 but Android support would be a
bonus.

The solution should work on the home desktops and the travelling laptops,
so not tied to one PC.

This would also assist in a long overdue upgrade in general security.

Any recommendations most welcome.

I use freeware software (http://www.aescrypt.com/download/) to encrypt a
flat text file containing account details. Not GCHQ-proof, but probably
good enough for most practical purposes. I also keep a paper print-out
in a safe place.

In principle, you could FTP the encrypted file to a hidden page on your
website so you can download it from anywhere, without using a USB stick.
(I don't because I rarely travel.)

--
Jack

It would also need to take account of the rice ntly very annoying
tendency
for web sites and services to impose password changes on you after a
certaintime. Yahoo seemed to want this. My answer was to close Yahoo email
and use something else.
To be honest its only machine access and financial services that really
need super security, the email suppliers are far more likely to compromise
your data than anyone hacking it at your end if frequent history is anything
to go by.
This should all really be a thing of the past by now. we should find some
biometric way to do it instead.
Brian

--
----- -
This newsgroup posting comes to you directly from...
The Sofa of Brian Gaff...

Blind user, so no pictures please!
"David" wrote in message
...
At the moment I keep a folder (well, more than one) with details like
online access passwords and security questions for various accounts.
Passwords kept with all the other paper work for the account.

Recently I unexpectedly needed some details whilst away from home, so the
system failed!

I am planning now to record the details on portable media for future
proofing. This also allows random answers to obvious questions like
mother's maiden name, first school etc.

I know you can get password managers which can sync between devices but
this places a lot of trust in a remote service, and LastPass has had some
bad press recently.

Assuming that I don't necessarily want automatic generation of long random
passwords and then pasting of them into web browser fields is there any
reason not to use a flat file (or simple spreadsheet) to record all the
details then use a free encryption package to secure them?

Probably stored on a USB stick.

The main platform would be Windows 10 but Android support would be a
bonus.

The solution should work on the home desktops and the travelling laptops,
so not tied to one PC.

This would also assist in a long overdue upgrade in general security.

Any recommendations most welcome.

Cheers


Dave R


--
AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 7 Pro x64

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Michael Chare wrote:
On 24/04/2017 13:37, David wrote:
At the moment I keep a folder (well, more than one) with details like
online access passwords and security questions for various accounts.
Passwords kept with all the other paper work for the account.

Recently I unexpectedly needed some details whilst away from home, so the
system failed!

I am planning now to record the details on portable media for future
proofing. This also allows random answers to obvious questions like
mother's maiden name, first school etc.

I know you can get password managers which can sync between devices but
this places a lot of trust in a remote service, and LastPass has had some
bad press recently.

Assuming that I don't necessarily want automatic generation of long
random
passwords and then pasting of them into web browser fields is there any
reason not to use a flat file (or simple spreadsheet) to record all the
details then use a free encryption package to secure them?

Probably stored on a USB stick.

The main platform would be Windows 10 but Android support would be a
bonus.

The solution should work on the home desktops and the travelling laptops,
so not tied to one PC.

This would also assist in a long overdue upgrade in general security.

Any recommendations most welcome.

Cheers


Dave R



If you want to take the file out of your property, I would suggest
encrypting it.

You can store and decode encrypted files on a mobile phone, or us an SD
card.

For bank a/cs, I suggest using password reminders which no one but you
would understand.

I can establish a VPN connection to my NAS, so I can get retrieve data
from anywhere that offers a reasonable internet connection.



I have solved most of the password problems by not having them. Writing
down a couple is easy and means nothing to anyone who reads a scrap of
paper.

On 25/04/17 09:41, Capitol wrote:
I have solved most of the password problems by not having them

You're kidding, aren't you? I have upwards of 150 in my password vault.
OK, some of them are probably irrelevant (services I don't use any
more, suppliers I don't deal with) but it's a long way from the "couple"
that you write down.

--
Henry Law n e w s @ l a w s h o u s e . o r g
Manchester, England

Brian Gaff wrote

It would also need to take account of the ricently very annoying tendency
for web sites and services to impose password changes on you after a
certaintime. Yahoo seemed to want this.

Mine hasn’t.

My answer was to close Yahoo email and use something else.
To be honest its only machine access and financial services that really
need super security, the email suppliers are far more likely to compromise
your data than anyone hacking it at your end if frequent history is
anything to go by.

This should all really be a thing of the past by now. we should find some
biometric way to do it instead.

We have already with fingerprints and iris scans.

"David" wrote in message
...
At the moment I keep a folder (well, more than one) with details like
online access passwords and security questions for various accounts.
Passwords kept with all the other paper work for the account.

Recently I unexpectedly needed some details whilst away from home, so the
system failed!

I am planning now to record the details on portable media for future
proofing. This also allows random answers to obvious questions like
mother's maiden name, first school etc.

I know you can get password managers which can sync between devices but
this places a lot of trust in a remote service, and LastPass has had some
bad press recently.

Assuming that I don't necessarily want automatic generation of long
random
passwords and then pasting of them into web browser fields is there any
reason not to use a flat file (or simple spreadsheet) to record all the
details then use a free encryption package to secure them?

Probably stored on a USB stick.

The main platform would be Windows 10 but Android support would be a
bonus.

The solution should work on the home desktops and the travelling laptops,
so not tied to one PC.

This would also assist in a long overdue upgrade in general security.

Any recommendations most welcome.

Cheers


Dave R


--
AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 7 Pro x64

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

On Tuesday, April 25, 2017 at 8:47:05 AM UTC+1, Brian Gaff wrote:
It would also need to take account of the rice ntly very annoying
tendency
for web sites and services to impose password changes on you after a
certaintime. Yahoo seemed to want this. My answer was to close Yahoo email
and use something else.
To be honest its only machine access and financial services that really
need super security, the email suppliers are far more likely to compromise
your data than anyone hacking it at your end if frequent history is anything
to go by.
This should all really be a thing of the past by now. we should find some
biometric way to do it instead.
Brian

--
----- -
This newsgroup posting comes to you directly from...
The Sofa of Brian Gaff...

Blind user, so no pictures please!
"David" wrote in message
...
At the moment I keep a folder (well, more than one) with details like
online access passwords and security questions for various accounts.
Passwords kept with all the other paper work for the account.

Recently I unexpectedly needed some details whilst away from home, so the
system failed!

I am planning now to record the details on portable media for future
proofing. This also allows random answers to obvious questions like
mother's maiden name, first school etc.

I know you can get password managers which can sync between devices but
this places a lot of trust in a remote service, and LastPass has had some
bad press recently.

Assuming that I don't necessarily want automatic generation of long random
passwords and then pasting of them into web browser fields is there any
reason not to use a flat file (or simple spreadsheet) to record all the
details then use a free encryption package to secure them?

Probably stored on a USB stick.

The main platform would be Windows 10 but Android support would be a
bonus.

The solution should work on the home desktops and the travelling laptops,
so not tied to one PC.

This would also assist in a long overdue upgrade in general security.

Any recommendations most welcome.

Cheers


Dave R


--
AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 7 Pro x64

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


I use Dashlane for computer access of passwords
On my mobile I generally only want access to my banks accounts. These are numeric only. Based on tha fact that I can remembr car registration details with ease i keep a file on the phone with the bank ref and just the letters of that password. Easy to refresh my memory and the letters details are all I require.
Incidentally I can remember car reg details going back over 60 years. (fathers and mothers car reg details from when I was a lad, in a different country)

On 25/04/17 10:53, fred wrote:
On Tuesday, April 25, 2017 at 8:47:05 AM UTC+1, Brian Gaff wrote:
It would also need to take account of the rice ntly very annoying
tendency
for web sites and services to impose password changes on you after a
certaintime. Yahoo seemed to want this. My answer was to close Yahoo email
and use something else.
To be honest its only machine access and financial services that really
need super security, the email suppliers are far more likely to compromise
your data than anyone hacking it at your end if frequent history is anything
to go by.
This should all really be a thing of the past by now. we should find some
biometric way to do it instead.
Brian

--
----- -
This newsgroup posting comes to you directly from...
The Sofa of Brian Gaff...

Blind user, so no pictures please!
"David" wrote in message
...
At the moment I keep a folder (well, more than one) with details like
online access passwords and security questions for various accounts.
Passwords kept with all the other paper work for the account.

Recently I unexpectedly needed some details whilst away from home, so the
system failed!

I am planning now to record the details on portable media for future
proofing. This also allows random answers to obvious questions like
mother's maiden name, first school etc.

I know you can get password managers which can sync between devices but
this places a lot of trust in a remote service, and LastPass has had some
bad press recently.

Assuming that I don't necessarily want automatic generation of long random
passwords and then pasting of them into web browser fields is there any
reason not to use a flat file (or simple spreadsheet) to record all the
details then use a free encryption package to secure them?

Probably stored on a USB stick.

The main platform would be Windows 10 but Android support would be a
bonus.

The solution should work on the home desktops and the travelling laptops,
so not tied to one PC.

This would also assist in a long overdue upgrade in general security.

Any recommendations most welcome.

Cheers


Dave R


--
AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 7 Pro x64

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


I use Dashlane for computer access of passwords
On my mobile I generally only want access to my banks accounts. These are numeric only. Based on tha fact that I can remembr car registration details with ease i keep a file on the phone with the bank ref and just the letters of that password. Easy to refresh my memory and the letters details are all I require.
Incidentally I can remember car reg details going back over 60 years. (fathers and mothers car reg details from when I was a lad, in a different country)

So can I with a few gaps.


--
Future generations will wonder in bemused amazement that the early
twenty-first centurys developed world went into hysterical panic over a
globally average temperature increase of a few tenths of a degree, and,
on the basis of gross exaggerations of highly uncertain computer
projections combined into implausible chains of inference, proceeded to
contemplate a rollback of the industrial age.

Richard Lindzen

On Tue, 25 Apr 2017 19:39:21 +1000, "Rod Speed"
wrote:

Brian Gaff wrote
This should all really be a thing of the past by now. we should find some
biometric way to do it instead.

We have already with fingerprints and iris scans.

The problems with biometric access - apart from the willingness of
some criminals to cut off a finger or gouge out an eye - are to do
with crossing borders of unfriendly states. For unfriendly, you might
even include your own, regardless of where you live. Most civilised
nations require some sort of judicial process to demand a password but
case law in the UK and elsewhere has determined that there is no such
protection for your biometrics. They can slam your finger down on the
screen and if the phone opens up, bingo! Most business travellers -
those that aren't given "clean" electronic devices by their companies
for their trips anyway - are advised to disable the biometric features
of any device when using it abroad.

Here's The Register's guide to taking electronic devices to the US
https://www.theregister.co.uk/2017/0...n_entering_us/
be sure to read page 2.


Nick

Nick Odell wrote
Rod Speed wrote
Brian Gaff wrote
This should all really be a thing of the past by now.
we should find some biometric way to do it instead.

We have already with fingerprints and iris scans.

The problems with biometric access - apart from the willingness
of some criminals to cut off a finger or gouge out an eye

Its completely trivial for the sensor to work out the finger or eye is still
alive.

- are to do with crossing borders of unfriendly states. For unfriendly,
you might even include your own, regardless of where you live. Most
civilised nations require some sort of judicial process to demand
a password but case law in the UK and elsewhere has determined
that there is no such protection for your biometrics. They can slam
your finger down on the screen and if the phone opens up, bingo!

Not if the phone has been designed so you can turn
that off before showing up at the border and need
the full passcode before it can be turned on again.

Most business travellers - those that aren't given
"clean" electronic devices by their companies for
their trips anyway are advised to disable the biometric
features of any device when using it abroad.

See above.

Here's The Register's guide to taking electronic devices to the US
https://www.theregister.co.uk/2017/0...n_entering_us/
be sure to read page 2.

Sure, but as it says, trivial to avoid that being a problem.

On 2017-04-26, Jethro_uk wrote:

On Tue, 25 Apr 2017 08:46:59 +0100, Brian Gaff wrote:

It would also need to take account of the rice ntly very
annoying
tendency for web sites and services to impose password changes on you
after a certaintime.

And/or to disable the ability to paste into a text field, requiring you
to type the password in. Not so easy when it's 20 random characters ...

E.g., using a password manager.

In Firefox, you fix that by going to "about:config" & setting
"dom.event.clipboardevents.enable" to "false".

Adam Funk posted
On 2017-04-26, Jethro_uk wrote:

On Tue, 25 Apr 2017 08:46:59 +0100, Brian Gaff wrote:

It would also need to take account of the rice ntly very
annoying
tendency for web sites and services to impose password changes on you
after a certaintime.

And/or to disable the ability to paste into a text field, requiring you
to type the password in. Not so easy when it's 20 random characters ...

E.g., using a password manager.

In Firefox, you fix that by going to "about:config" & setting
"dom.event.clipboardevents.enable" to "false".

Many thanks for that. Is there also a method of forcing the characters
to be displayed as themselves instead of asterisks?

--
Jack

On Monday, 24 April 2017 17:57:35 UTC+1, Nick Odell wrote:
On 24 Apr 2017 12:37:19 GMT, David wrote:


This posting is coming to you courtesy of someone else's computer with
all necessary passwords etc from my Kingston DataTraveller Locker + G3
which has hardware encrypted storage which can only be accessed by
password. 10 unsuccessful attempts at breaking that password and the
drive automatically wipes itself clean.

Works for me.

What happens if this USB keys breaks physically I;/ve seen and heard this happen in the lab. ? So I know it's possible.

On Mon, 24 Apr 2017 14:27:22 +0100, Andy Burns
wrote:

Jethro_uk wrote:

How will you get your USB stick into an Android device ?

memory sticks with microUSB OTG plugs instead of (or as well as) full
size USB plugs have been available for some while, e.g.

https://www.kingston.com/en/usb/otg


My ageing Toshiba tablet has full size USB and SD card slots.

--
AnthonyL

On 26/04/2017 11:28, Handsome Jack wrote:
Adam Funk posted
On 2017-04-26, Jethro_uk wrote:

[snip]

And/or to disable the ability to paste into a text field, requiring you
to type the password in. Not so easy when it's 20 random characters ...

E.g., using a password manager.

In Firefox, you fix that by going to "about:config" & setting
"dom.event.clipboardevents.enable" to "false".

Many thanks for that. Is there also a method of forcing the characters
to be displayed as themselves instead of asterisks?

The Web Developer extension does this - and lots more.
http://chrispederick.com/work/web-developer/

--
Mike Clarke

On Monday, April 24, 2017 at 2:27:27 PM UTC+1, Andy Burns wrote:
Jethro_uk wrote:

How will you get your USB stick into an Android device ?


Verbatim Memdiasha A wireless USB stick equivalent. Accessible from PC or tablet.
https://www.amazon.co.uk/Verbatim-49...share+wireless

Plus it will store your music and films. The larger version is more expensive but less likely to lose itself in your baggage.

whisky-dave wrote
Nick Odell wrote
David wrote

This posting is coming to you courtesy of someone else's computer
with all necessary passwords etc from my Kingston DataTraveller
Locker + G3 which has hardware encrypted storage which can only
be accessed by password. 10 unsuccessful attempts at breaking
that password and the drive automatically wipes itself clean.

Works for me.

What happens if this USB keys breaks physically

Nothing special, you just use the spare.

I;/ve seen and heard this happen in the lab. ? So I know it's possible.

Yeah, I still give what I torrent for the neighbours kids who I let use
my internet using USB sticks for the speed and they do die occasionally.

On Wednesday, 26 April 2017 20:40:03 UTC+1, Rod Speed wrote:
whisky-dave wrote
Nick Odell wrote
David wrote

This posting is coming to you courtesy of someone else's computer
with all necessary passwords etc from my Kingston DataTraveller
Locker + G3 which has hardware encrypted storage which can only
be accessed by password. 10 unsuccessful attempts at breaking
that password and the drive automatically wipes itself clean.

Works for me.

What happens if this USB keys breaks physically

Nothing special, you just use the spare.

fine if you carry a spare of everything do you carry a spare mobile, spare underwear etc...
Most people should have a spare but NOT carried with them.



I;/ve seen and heard this happen in the lab. ? So I know it's possible.

Yeah, I still give what I torrent for the neighbours kids who I let use
my internet using USB sticks for the speed and they do die occasionally.

Unlike most HDs there's a good chance they'll get damaged manually long before they are electraclly, or of course lost we get one or two a week left in the lab but more come up to me asking have you been handed a USB stick ?

whisky-dave wrote
Rod Speed wrote
whisky-dave wrote
Nick Odell wrote
David wrote

This posting is coming to you courtesy of someone else's computer
with all necessary passwords etc from my Kingston DataTraveller
Locker + G3 which has hardware encrypted storage which can only
be accessed by password. 10 unsuccessful attempts at breaking
that password and the drive automatically wipes itself clean.

Works for me.

What happens if this USB keys breaks physically

Nothing special, you just use the spare.

fine if you carry a spare of everything

Doesnt need to be everything, just the things that are easy
to have a spare of that are a major hassle if they break.

do you carry a spare mobile, spare underwear etc...

Nope, because neither would be a major hassle if it broke.

I would have a spare car if it was as portable as USB stick, but they arent.

In the case of the USB stick, there is obviously a real market
for one that has two of them in the one container and a simple
switch to switch between the one that has just died and the spare.

Most people should have a spare but NOT carried with them.

No reason why they couldnt with that more fancy stick.

I;/ve seen and heard this happen in the lab. ? So I know it's possible.

Yeah, I still give what I torrent for the neighbours kids who I let use
my
internet using USB sticks for the speed and they do die occasionally.

Unlike most HDs there's a good chance they'll get
damaged manually long before they are electraclly,

None of these have been, they have all died electrically.

or of course lost

I havent seen some of them for quite a
while so they may indeed lose some.

we get one or two a week left in the lab but more come
up to me asking have you been handed a USB stick ?

Sure, but its easy enough to ensure you dont lose one that has
your passwords etc on it by just having it on your keyring etc.

On 24/04/2017 16:18, Theo wrote:
In uk.d-i-y Jaimie Vandenbergh wrote:
A folder of text files or even password-locked Excel sheet on a cloud
drive or USB isn't quite the same thing, security wise...

Indeed. Keeping the passwords secure in memory is hard, and any homebrew
solution is likely to do it wrong. Use something designed for the job by
people who know what they're doing.


If you are an unimportant single person I'm not convinced.

For an unimportant person it is unlikely anyone will invest any time
cracking your home brew solution, as long as it is in some way non
standard. It doesn't have to be particularly good just quirky.

On the other hand malicious third parties will invest considerable
efforts trying to crack a standard widely used solution, even a well
designed one is vulnerable. If one of these systems is cracked your
account and details may be caught as one of millions exposed.

On Thu, 27 Apr 2017 23:40:04 +0100, Nick wrote:

On 24/04/2017 16:18, Theo wrote:
In uk.d-i-y Jaimie Vandenbergh wrote:
A folder of text files or even password-locked Excel sheet on a cloud
drive or USB isn't quite the same thing, security wise...

Indeed. Keeping the passwords secure in memory is hard, and any
homebrew solution is likely to do it wrong. Use something designed for
the job by people who know what they're doing.


If you are an unimportant single person I'm not convinced.

For an unimportant person it is unlikely anyone will invest any time
cracking your home brew solution, as long as it is in some way non
standard. It doesn't have to be particularly good just quirky.

On the other hand malicious third parties will invest considerable
efforts trying to crack a standard widely used solution, even a well
designed one is vulnerable. If one of these systems is cracked your
account and details may be caught as one of millions exposed.

Yes, this is my main concern.

Something like LastPass is found to have a vulnerability and exploits will
be all over the place on the web.

If you have an encrypted USB stick (with your own choice of encryption
software) then you are mainly vulnerable to someone finding/stealing it
and deciding to brute force it.

Security by obscurity isn't the greatest approach but it does have some
advantages.

Cheers


Dave R

--
AMD FX-6300 in GA-990X-Gaming SLI-CF running Windows 7 Pro x64

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

In uk.comp.homebuilt David wrote:
Something like LastPass is found to have a vulnerability and exploits will
be all over the place on the web.

If you have an encrypted USB stick (with your own choice of encryption
software) then you are mainly vulnerable to someone finding/stealing it
and deciding to brute force it.

Security by obscurity isn't the greatest approach but it does have some
advantages.

The thing is, it doesn't gain you very much.

Suppose you put your passwords in a password-protected Excel sheet.
Excel has to decrypt it to show it to you.
That means all your passwords are now in memory, in the clear.

All malware has to do is search through memory for strings like 'password'
'username' 'bank' 'NatWest' etc, and then exfiltrate any text nearby.
It doesn't matter what format they're in, the malware doesn't care.

If you think this is implausible, this is exactly how disc forensics work -
they don't care that the disc claims to be NTFS or FAT or whatever, they
just search the raw bits. Memory forensics is similar.

Basically there is a high risk unless you keep up with the current threat
models, and so it is better to pick an approach which has been carefully
designed and scrutinised.

Theo