Jump to content

Ask Ars: Where should I store my passwords?

ShyWriter

By ShyWriter
in General Chat

 Share

Recommended Posts

ShyWriter

ShyWriter

Posted
Posted

irLyD.jpg

Ask Ars: Where should I store my passwords?

By Casey Johnston | Last updated about 24 hours ago

password_ars-thumb-640xauto-20126.jpg

Ask Ars was one of the first features of the newly born Ars Technica back in 1998. And now, as then, it's all about your questions and our community's answers. Each week, we'll dig into our bag of questions, answer a few based on our own know-how, and then we'll turn to the community for your take. To submit your own question, see our helpful tips page.

Question: What are the best practices when using a password-keeping service, and what are the merits and disadvantages of local vs. cloud-based password storage?

With every website requiring users to register a password-protected account to see its content, password management systems have become very popular. We probably don't need to tell you that one of the most popular strategies for managing passwords

Link to post
Share on other sites
ThexDarksider

ThexDarksider

Posted
Posted

The only password storage system that's secure enough is your brain, except it's possibly prone to data corruption. But if you use a password every day (or every few days), chances are very low that you'll forget it. Some of my passwords are over 35 characters long (A-Z, a-z, 0-9 and symbols) and I remember them all, just because I use them very often.

Link to post
Share on other sites
ShyWriter

ShyWriter

Posted
  • Author
Posted

The only password storage system that's secure enough is your brain, except it's possibly prone to data corruption. But if you use a password every day (or every few days), chances are very low that you'll forget it. Some of my passwords are over 35 characters long (A-Z, a-z, 0-9 and symbols) and I remember them all, just because I use them very often.

Youth has its advantages when it comes to memory. I'm 67 and sometimes forget between getting out of my chair, in my home office, and arriving in the next room I was headed for, I have no idea of what I was going to do. :) Most times, walking back and starting over again, "jogs" my memory.. My wife and I go through a 4-pak of post-it notes every few weeks as we write reminders about so many things. :)

If I could have a third wish, after one and two being wealth and health, it'd be for a "photographic" memory. :)

~Shy

Link to post
Share on other sites
ThexDarksider

ThexDarksider

Posted
Posted
Youth has its advantages when it comes to memory. I'm 67 and sometimes forget between getting out of my chair, in my home office, and arriving in the next room I was headed for, I have no idea of what I was going to do.

Oh I know what you mean. My grandparents often call me by my uncle's name and take a while to realize it. lol

If I could have a third wish, after one and two being wealth and health, it'd be for a "photographic" memory. :P

I don't have photographic memory either. I just have a thing for numbers. :)

Link to post
Share on other sites
ShyWriter

ShyWriter

Posted
  • Author
Posted

I use the Secure Login extension for Firefox in conjunction with KeyScrambler personal which works well for sites that don't allow one to store passwords; I use Paste Email Plus, another Firefox extension to store user-names and passwords for those sites which I can then just "paste" into the text input boxes. Since my bank uses Trusteer Rapport, I use the home user companion (along with Online Armor's "banking mode") for business there.

I'll have to take a look at the one you use Ron, http://keepass.info/ . Sounds interesting..

Forget that - you have to be a friggin' IT professional to use the darn thing. I'll stay with what I have..

Steve

Link to post
Share on other sites
ShyWriter

ShyWriter

Posted
  • Author
Posted

Oh I know what you mean. My grandparents often call me by my uncle's name and take a while to realize it. lol

I don't have photographic memory either. I just have a thing for numbers. :)

Me too.. the more numbers after the $$ the better - if it's coming my way, that is.. If it's going out, that's different. :)

Link to post
Share on other sites
Guest Code Hunter

Guest Code Hunter

Posted
Posted

Youth has its advantages when it comes to memory. I'm 67 and sometimes forget between getting out of my chair, in my home office, and arriving in the next room I was headed for, I have no idea of what I was going to do. :) Most times, walking back and starting over again, "jogs" my memory.. My wife and I go through a 4-pak of post-it notes every few weeks as we write reminders about so many things. :)

If I could have a third wish, after one and two being wealth and health, it'd be for a "photographic" memory. :)

~Shy

Don't believe all this nonsense from Shy.

He stays logged on to everything because he can't remember his passwords,

rofl.gif Got to pick @ ya Shy!!!

Link to post
Share on other sites
ThexDarksider

ThexDarksider

Posted
Posted

Me too.. the more numbers after the $$ the better - if it's coming my way, that is.. If it's going out, that's different. :)

lol, I see what you mean. Yeah, it's probably a good thing. I personally don't like having lots of money, enough to cover the basic expenses... although what I see as basic some see as insane. haha

About the passwords, well, I have to say that I do use the browser's password saving feature on my phone for some sites, but that's because they're very complex (all kinds of symbols) and take forever to enter on the phone so it's actually more secure to keep them stored. I log in manually on my home PC every time on those same sites.

Link to post
Share on other sites
Relics

Relics

Posted
Posted

Realistically, 2-factor (something you have/something you know) are about the most secure methods possible. These extend beyond biometrics as access methods primarily becuase most biometrics are simply single-factor (something you have; iris, finger, voice, etc). The problem is that regardless of how you access a password storage program the program itself is likely problematic in general. Look to PCI rules about not storing CC numbers in a single database, breaking/chunking data, and having a program that hashs multiple routines over a password and the resulting hashes to make rainbow table attacks pointless (or require the yet-realized quantum computer). Bottom line, nothing like that exists so the decision will come down to what you value most about securing the password and the programs that offer similar features. None really exist that I'd be willing to use - so passwords are left trapped in the mind only.

Link to post
Share on other sites
ShyWriter

ShyWriter

Posted
  • Author
Posted

Realistically, 2-factor (something you have/something you know) are about the most secure methods possible. These extend beyond biometrics as access methods primarily becuase most biometrics are simply single-factor (something you have; iris, finger, voice, etc). The problem is that regardless of how you access a password storage program the program itself is likely problematic in general. Look to PCI rules about not storing CC numbers in a single database, breaking/chunking data, and having a program that hashs multiple routines over a password and the resulting hashes to make rainbow table attacks pointless (or require the yet-realized quantum computer). Bottom line, nothing like that exists so the decision will come down to what you value most about securing the password and the programs that offer similar features. None really exist that I'd be willing to use - so passwords are left trapped in the mind only.

Say what? :unsure:

Link to post
Share on other sites
Relics

Relics

Posted
Posted

Well...ummm...

Not sure where I went wrong on that reply... I started off by talking about the credentials needed to access the passwords you've stored. Anything less than 2-factor is probably something attackable by brute-force. So, I won't assume anything here...

http://en.wikipedia.org/wiki/Two-factor_authentication

Most common implementation is RSA SecureID cards. You need a PIN, plus a auto-rotating time-based code (something you have, the card, something you know, the PIN).

I guess the biggest concern I would have as a security-person is that the passwords are still stored in a single place by all the software I've ever seen. PCI compliance (credit card industry requirements) have something going for them by requiring key data be split on completely different systems. Compromising any 1 piece doesn't reveal enough to provide any good data...but I'm sort of out on the extreme maybe on this stuff.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Yes I think you're a bit on the too complex for most readers here.

If you need to be that secure then nothing on the computer is really secure enough. However the reality of even reading the mind is probably not too far off either so even that secure safe will be in danger before not too long.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.