Conquer Club

Envision a 6-drawer dresser from Kohl's.

Each drawer represents some category of all your many accounts (e.g. the emails is the top-left drawer, the ones with your credit card info is the bottom right drawer--you know, where you store your favorite purple dildo, etc.).

Within each drawer, you're going place a unique password. For each password of your emails (suppose: 10), you'll need to slightly change the unique password for each account. So, each one is different, but if you have a mechanism in mind for changing it around, then it's simple to figure out.

For examples, you could even tie-in two characters from the account name which represent the password, or you can recall that the account name reminds you of some time you've had in Canada with the Mounties. Another way is to reinvent stories behind each account, and tie-in the relevance of each story to a unique password (it's like memorizing Chinese characters, duh!). That helps with memorization.

I don't use the above. I use one password for everything: asdf

saxitoxin wrote:

Woodruff wrote: My recommendation would be to keep the password complexity but reduce the extremely high number of original passwords.

OK, this seems like a good idea. I just checked my first 22 accounts and, of those, 10 have no ability to conduct financial transactions, whereas 12 do (i.e. Amazon, iTunes, etc.). So maybe I'll start by uniforming those 10 passwords.

Getting did of all of your ConquerClub multis would probably help too.

notyou2 wrote:I recommend cloning yourself. It won't help much in the immediate future but should pay massive dividends in 15 to 20 years.

As I learned from watching the documentary on cloning called "Multiplicity", this is not necessarily true.

notyou2 wrote:I use the keyboard to formulate a nonsensical word with numbers and upper and lower case letters.

Does anyone else use the keyboard?

What's a keyboard?

saxitoxin wrote:How strong is your password?

https://www-ssl.intel.com/content/www/u ... rdwin.html

My email password, according to this, says it would take 68 million years to crack, but that doesn't sound right.

That seems unlikely, given the tools available today. Is your password 267 characters long?

Woodruff wrote:

saxitoxin wrote:How strong is your password?

https://www-ssl.intel.com/content/www/u ... rdwin.html

My email password, according to this, says it would take 68 million years to crack, but that doesn't sound right.

That seems unlikely, given the tools available today. Is your password 267 characters long?

15

Metsfanmax wrote:LastPass

just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume

Woodruff wrote:

notyou2 wrote:I use the keyboard to formulate a nonsensical word with numbers and upper and lower case letters.

Does anyone else use the keyboard?

What's a keyboard?

*keebored

BigBallinStalin wrote:Envision a 6-drawer dresser from Kohl's.

Each drawer represents some category of all your many accounts (e.g. the emails is the top-left drawer, the ones with your credit card info is the bottom right drawer--you know, where you store your favorite purple dildo, etc.).

Within each drawer, you're going place a unique password. For each password of your emails (suppose: 10), you'll need to slightly change the unique password for each account. So, each one is different, but if you have a mechanism in mind for changing it around, then it's simple to figure out.

For examples, you could even tie-in two characters from the account name which represent the password, or you can recall that the account name reminds you of some time you've had in Canada with the Mounties. Another way is to reinvent stories behind each account, and tie-in the relevance of each story to a unique password (it's like memorizing Chinese characters, duh!). That helps with memorization.

I don't use the above. I use one password for everything: asdf

I'm not going to do this, but I do think I'm going to get a pre-paid gift card and use it as the only form of payment on iTunes, Amazon, PayPal, etc. That way those places won't have access to my bank account.

saxitoxin wrote:

Metsfanmax wrote:LastPass

just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume

Well, I kind of expected you'd value your comfort over your security, so no big deal.

Metsfanmax wrote:

saxitoxin wrote:

Metsfanmax wrote:LastPass

just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume

Well, I kind of expected you'd value your comfort over your security, so no big deal.

What if there is a fire where I live and my computer burns up? Then I am locked out of every site in existence forever. That doesn't seem very secure.

What I really need is a password diary that I can store on an encrypted USB drive that can only be accessed through a two-factor authentication process. Then I would make 4 USB drives. I would keep one on my keychain, I would keep one in my dresser drawer, I would put one in a safe deposit box and I would keep a fourth at my emergency relocation site. There should be an easy way to plug all four of these into a single computer and sync them all when I update the login credentials for a site.

Does anyone know of something like this?

saxitoxin wrote:

Metsfanmax wrote:

saxitoxin wrote:

Metsfanmax wrote:LastPass

just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume

Well, I kind of expected you'd value your comfort over your security, so no big deal.

What if there is a fire where I live and my computer burns up? Then I am locked out of every site in existence forever. That doesn't seem very secure.

You wouldn't be locked out as long as you committed your master password to memory.

What I really need is a password diary that I can store on an encrypted USB drive that can only be accessed through a two-factor authentication process. Then I would make 4 USB drives. I would keep one on my keychain, I would keep one in my dresser drawer, I would put one in a safe deposit box and I would keep a fourth at my emergency relocation site. There should be an easy way to plug all four of these into a single computer and sync them all when I update the login credentials for a site.

Does anyone know of something like this?

What you really need is another person to remember all of your passwords for you.

Metsfanmax wrote:

That's one key short.

saxitoxin wrote:

Metsfanmax wrote:

saxitoxin wrote:

Metsfanmax wrote:LastPass

just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume

Well, I kind of expected you'd value your comfort over your security, so no big deal.

What if there is a fire where I live and my computer burns up? Then I am locked out of every site in existence forever. That doesn't seem very secure.

What I really need is a password diary that I can store on an encrypted USB drive that can only be accessed through a two-factor authentication process. Then I would make 4 USB drives. I would keep one on my keychain, I would keep one in my dresser drawer, I would put one in a safe deposit box and I would keep a fourth at my emergency relocation site. There should be an easy way to plug all four of these into a single computer and sync them all when I update the login credentials for a site.

Does anyone know of something like this?

Sure you pull up a Word doc. Put your passwords on it then encrypt and Password it (unsure of security from Word docs with such things). Choose a passphrase thats easy to remember hit save as and save it on your four flash drives and Voila.

AndyDufresne wrote:

No system is foolproof. But Dashlane notes that it doesn’t ever see your passwords or your credit card information. They’re all stored on your own computer, encoded by the AES-256 encryption method, an open-source standard approved by the National Security Agency.

--Andy

I have a problem with a program approved by the NSA. It just means the NSA can easily gain access your private info, just like they gained access to your phone records.

Metsfanmax wrote:

saxitoxin wrote:

Metsfanmax wrote:

saxitoxin wrote:

Metsfanmax wrote:LastPass

just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume

Well, I kind of expected you'd value your comfort over your security, so no big deal.

What if there is a fire where I live and my computer burns up? Then I am locked out of every site in existence forever. That doesn't seem very secure.

You wouldn't be locked out as long as you committed your master password to memory.

How would you not be locked out? I thought LastPass stored your passwords locally?

rishaed wrote:Sure you pull up a Word doc. Put your passwords on it then encrypt and Password it (unsure of security from Word docs with such things). Choose a passphrase thats easy to remember hit save as and save it on your four flash drives and Voila.

That seems like the best idea yet. Would this work? Woodruff?

I use Keepass and have the file on dropbox. I'm not sure if there are apps for android but i've seen one for iphone, tho i didn't buy it.

Im sure there are options that have apps in both android and iphone.

my Keepass and Dropbox password is all i have to remember, or even only the Keepass password if i make the file public on dropbox

nietzsche wrote:I use Keepass and have the file on dropbox. I'm not sure if there are apps for android but i've seen one for iphone, tho i didn't buy it.

Im sure there are options that have apps in both android and iphone.

my Keepass and Dropbox password is all i have to remember, or even only the Keepass password if i make the file public on dropbox

Does this mean you have to download the file from Dropbox everytime you want to login? Could I use Keepass plus a USB? Also is there two factor authentication with Keepass? I've had complex passwords broken so many times I don't sneeze without two factor authentication these days.

saxitoxin wrote:

nietzsche wrote:I use Keepass and have the file on dropbox. I'm not sure if there are apps for android but i've seen one for iphone, tho i didn't buy it.

Im sure there are options that have apps in both android and iphone.

my Keepass and Dropbox password is all i have to remember, or even only the Keepass password if i make the file public on dropbox

Does this mean you have to download the file from Dropbox everytime you want to login? Could I use Keepass plus a USB? Also is there two factor authentication with Keepass? I've had complex passwords broken so many times I don't sneeze without two factor authentication these days.

I'd be concerned about letting it float over Dropbox. Seems like you're risking greater chances of having your files being intercepted---relative to simply keeping things on local USBs + word doc.

saxitoxin wrote:

Metsfanmax wrote:

saxitoxin wrote:

Metsfanmax wrote:

saxitoxin wrote:

Metsfanmax wrote:LastPass

just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume

Well, I kind of expected you'd value your comfort over your security, so no big deal.

What if there is a fire where I live and my computer burns up? Then I am locked out of every site in existence forever. That doesn't seem very secure.

You wouldn't be locked out as long as you committed your master password to memory.

How would you not be locked out? I thought LastPass stored your passwords locally?

No, that would be too insecure. LastPass doesn't store your password anywhere. What happens is that your master password basically acts as a hashing function, and the only thing stored on their server is the hash. Your master password acts as a key that allows them to decrypt that into a real password, but basically the only way for anyone to get the real passwords is to use your computer when you're logged in.

saxitoxin wrote:just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume

I'm pretty sure that's a setting in your web browser causing that request to remember the password. I don't recall the specifics, but I think it happens when you have a setting that allows cookies (perhaps...I could be misremembering, as Unix is my strength, not Windows).

isaiah40 wrote:

AndyDufresne wrote:

No system is foolproof. But Dashlane notes that it doesn’t ever see your passwords or your credit card information. They’re all stored on your own computer, encoded by the AES-256 encryption method, an open-source standard approved by the National Security Agency.

I have a problem with a program approved by the NSA. It just means the NSA can easily gain access your private info, just like they gained access to your phone records.

Yeah, that certainly won't happen unless the program is approved by the NSA. Definitely not. Ever.

saxitoxin wrote:

rishaed wrote:Sure you pull up a Word doc. Put your passwords on it then encrypt and Password it (unsure of security from Word docs with such things). Choose a passphrase thats easy to remember hit save as and save it on your four flash drives and Voila.

That seems like the best idea yet. Would this work? Woodruff?

I have no idea what Word's security capabilities are, but my guess is that Word wouldn't be a particularly strong method of storing them. Would it work? If it has those capabilities...sure. Would it be strong security? I would suspect not, though I don't know.

BigBallinStalin wrote:

saxitoxin wrote:

nietzsche wrote:I use Keepass and have the file on dropbox. I'm not sure if there are apps for android but i've seen one for iphone, tho i didn't buy it.

Im sure there are options that have apps in both android and iphone.

my Keepass and Dropbox password is all i have to remember, or even only the Keepass password if i make the file public on dropbox

Does this mean you have to download the file from Dropbox everytime you want to login? Could I use Keepass plus a USB? Also is there two factor authentication with Keepass? I've had complex passwords broken so many times I don't sneeze without two factor authentication these days.

I'd be concerned about letting it float over Dropbox. Seems like you're risking greater chances of having your files being intercepted---relative to simply keeping things on local USBs + word doc.

Agreed.

Metsfanmax wrote:No, that would be too insecure. LastPass doesn't store your password anywhere. What happens is that your master password basically acts as a hashing function, and the only thing stored on their server is the hash. Your master password acts as a key that allows them to decrypt that into a real password, but basically the only way for anyone to get the real passwords is to use your computer when you're logged in.

Interesting idea with using the LastPass password as the hash itself.

Given what Saxi uses his email for, I'm shocked anyone would care what his passwords were. I suppose there are some "Shipping Wars" fanatics out there who would like nothing more than to stick it to someone who is badgering their idols.