Author Topic: Password Storage  (Read 2358 times)

Getmeouttahere

  • 5 O'Clock Shadow
  • *
  • Posts: 29
Password Storage
« on: January 28, 2020, 10:40:27 AM »
How do ya’ll manage storing your passwords for bank accounts/investment accounts etc..?

Hard storage (notebook in a safe?) or more robust like an encrypted password manager app? Do your passwords all tend to be pretty similar or totally random. I am trying to get into 1pass but having a hard time with the random letters and numbers. Goes against everything I've ever done.

Thanks!

IsThisAGoodUsername

  • 5 O'Clock Shadow
  • *
  • Posts: 92
  • Location: USA
Re: Password Storage
« Reply #1 on: January 28, 2020, 10:51:32 AM »
https://www.LastPass.com for the win. I randomize everything. You can't fathom the relaxation you'll feel when you free up your mental energy trying to remember passwords. I don't even know 90% of my passwords anymore, because they're strings like Xwn3WzHtriWnTVxGw.

If anything ever happens to me, I have set up the emergency family access so a trusted family member will have access to my password vault to access my various financial accounts.

StashingAway

  • Pencil Stache
  • ****
  • Posts: 895
Re: Password Storage
« Reply #2 on: January 28, 2020, 10:53:58 AM »
I like KeyPass because it's end-to-end encrypted. The passwords are stored locally and not on a remote server like most of the other password programs, and it's open source.

I did have to work out some minor logistics for using the passwords on different devices, using my own cloud backup (dropbox). It has third party apps that allow you to use it with your iPhone or Anderoid device.

Here's the basics:

It's an encrypted file that you create a single password to log into. Anywhere you have this file, you have access to your passwords (even if offline, etc.) Then you can store usernames and passwords linked to each other in a fairly easy to use interface. Just double click on the username and it's saved to the clipboard. Then paste into browser. Same for password.

It has a password generator that is customizable, or you can make your own unique passwords. This allows you to have a completely random password for every single login that you have (which I do).

The best part is that each login combo can have notes attached. So for my Chase login, in my notes I have all of my credit card info that I can reference. You can also store answers to security quetions here.

I also created a link for just notes of important info like family member's SSN, tax information, etc.

All of this is accessed using that initial single password (that should be different from every other password and a fairly secure one). So I only use a single password and am much more secure than before

It's a great way to store encrypted information, but LastPass and 1Pass are slightly more user friendly on the browser password entry.

appleshampooid

  • Bristles
  • ***
  • Posts: 303
  • Relentless Snacker
Re: Password Storage
« Reply #3 on: January 28, 2020, 11:03:54 AM »
I like KeyPass because it's end-to-end encrypted. The passwords are stored locally and not on a remote server like most of the other password programs, and it's open source.

I did have to work out some minor logistics for using the passwords on different devices, using my own cloud backup (dropbox). It has third party apps that allow you to use it with your iPhone or Anderoid device.

Here's the basics:

It's an encrypted file that you create a single password to log into. Anywhere you have this file, you have access to your passwords (even if offline, etc.) Then you can store usernames and passwords linked to each other in a fairly easy to use interface. Just double click on the username and it's saved to the clipboard. Then paste into browser. Same for password.

It has a password generator that is customizable, or you can make your own unique passwords. This allows you to have a completely random password for every single login that you have (which I do).

The best part is that each login combo can have notes attached. So for my Chase login, in my notes I have all of my credit card info that I can reference. You can also store answers to security quetions here.

I also created a link for just notes of important info like family member's SSN, tax information, etc.

All of this is accessed using that initial single password (that should be different from every other password and a fairly secure one). So I only use a single password and am much more secure than before

It's a great way to store encrypted information, but LastPass and 1Pass are slightly more user friendly on the browser password entry.
+1 on this. I use the keepassx client and keep a few copies around, but not in the "cloud."

I have the password to my keepassx database in our family safe so if I were to perish, my wife would be able to access our accounts. We need to do a dry run on this, we have not.

This strategy is good for tech-savvy individuals. If you are less savvy, I would recommend LastPass or 1Password. It makes me uncomfortable that a 3rd party has a copy of my password database, but this risk is far, FAR lower than the risk of using weak and duplicated passwords across all your accounts.

terran

  • Magnum Stache
  • ******
  • Posts: 3796
Re: Password Storage
« Reply #4 on: January 28, 2020, 11:08:28 AM »
1Password here, but I expect I would be comfortable with any of the solutions above. I'd just look at the features and pricing and decide which seems like the best option right now. Definitely wouldn't go without some kind of password manager.

PDXTabs

  • Walrus Stache
  • *******
  • Posts: 5160
  • Age: 40
  • Location: Vancouver, WA, USA
Re: Password Storage
« Reply #5 on: January 28, 2020, 11:32:21 AM »
https://www.LastPass.com for the win.

I too use LastPass, although my mom has had some real problems with their pro level support and features. The free stuff seems fine.

SailingOnASmallSailboat

  • Pencil Stache
  • ****
  • Posts: 695
  • Location: Somewhere where the water is at least 5 feet deep.
Re: Password Storage
« Reply #6 on: January 28, 2020, 11:34:38 AM »
+1 on LastPass here.

StashingAway

  • Pencil Stache
  • ****
  • Posts: 895
Re: Password Storage
« Reply #7 on: January 28, 2020, 11:42:23 AM »

I have the password to my keepassx database in our family safe so if I were to perish, my wife would be able to access our accounts. We need to do a dry run on this, we have not.

My wife also uses a lot of passwords for her business, so she has her own keypass database. We store each other's passwords for this scenario.

This strategy is good for tech-savvy individuals

Yep, and that is mostly for the initial setup, which still isn't that hard outright, just relative to the other options. Once it is set up, it is very straight forward.
« Last Edit: January 28, 2020, 11:44:20 AM by StashingAway »

nereo

  • Senior Mustachian
  • ********
  • Posts: 17497
  • Location: Just south of Canada
    • Here's how you can support science today:
Re: Password Storage
« Reply #8 on: January 28, 2020, 11:46:48 AM »
I also use 1password, and I chose that one because my work has a site license so it is no cost to me.  End-to-end encryption like many ofthe others mentioned.  My passwords are basically uncrackable 16+ digit random alphanumeric codes, and my "Master Password" (used only for 1passowrd) is a nonsense string of five words that would be nearly impossible to guess but nis easy enough to remember.

My biggest frustration now isn't the passwords at all, but how every site has different requirements.  Some require 'special characters', some forbid them.  Some are case sensitive, others are not.  The worst are those that are older and limit you to 10 characters, which much contain one of a very few select special characters.  WTF website developers?? Why can't we just agree on one standard that is exponentially large, like case-sensitive alphanumeric WITHOUT special characters??  that's x^62 combinations (with x = number of characters).  Even a "short" 8 digit password would have >9.8 x 10^55 combinations...

\I don't even know 90% of my passwords anymore, because they're strings like Xwn3WzHtriWnTVxGw.


Xwn3WzHtriWnTVxGw!!  That's the code for my luggage!!

StashingAway

  • Pencil Stache
  • ****
  • Posts: 895
Re: Password Storage
« Reply #9 on: January 28, 2020, 11:55:35 AM »
My biggest frustration now isn't the passwords at all, but how every site has different requirements. 

The absolutely most frustrating thing is sites that don't allow you to "paste" into. These are becoming more rare as password managers are getting ubiquitous, but it's absolutely insane when I have to type a random string of 26 letters, numbers, and special characters into a site because they perceive that it's more secure. It creates significantly more problems than it solves! Or you have to go into the page code and start messing with the restrictions to remove the limitation, which I've done out of spite. And I know jack about programming.

Xwn3WzHtriWnTVxGw!!  That's the code for my luggage!!

And my axe!

bacchi

  • Walrus Stache
  • *******
  • Posts: 7056
Re: Password Storage
« Reply #10 on: January 28, 2020, 12:01:11 PM »
My biggest frustration now isn't the passwords at all, but how every site has different requirements. 

The absolutely most frustrating thing is sites that don't allow you to "paste" into. These are becoming more rare as password managers are getting ubiquitous, but it's absolutely insane when I have to type a random string of 26 letters, numbers, and special characters into a site because they perceive that it's more secure. It creates significantly more problems than it solves! Or you have to go into the page code and start messing with the restrictions to remove the limitation, which I've done out of spite. And I know jack about programming.

The Treasury Direct site has a UI keyboard, which means that you click around with a mouse to enter the random password. It does prevent keyloggers from working but it's a PITA.

I use Password Safe.

Wintergreen78

  • Pencil Stache
  • ****
  • Posts: 620
Re: Password Storage
« Reply #11 on: January 28, 2020, 12:07:33 PM »
I’m happy with 1Password. I use a nonsense pass phrase with some letter/number substitutions. Then I use their random generated passwords for everything. For unimportant web sites that want an account/password I use my apple phone’s built in password generator/storage.

Getmeouttahere

  • 5 O'Clock Shadow
  • *
  • Posts: 29
Re: Password Storage
« Reply #12 on: January 28, 2020, 01:31:24 PM »
Thanks for the great responses everyone. Since I already have over 100 passwords, I dont plan to do the random generation. Even being safer, this seems like a considerable undertaking. Is there value to storing these passwords in something like 1password even without using the auto generator or am I better suited using something as simple as a locked note on my iphone?

terran

  • Magnum Stache
  • ******
  • Posts: 3796
Re: Password Storage
« Reply #13 on: January 28, 2020, 01:34:16 PM »
Thanks for the great responses everyone. Since I already have over 100 passwords, I dont plan to do the random generation. Even being safer, this seems like a considerable undertaking. Is there value to storing these passwords in something like 1password even without using the auto generator or am I better suited using something as simple as a locked note on my iphone?

The advantage is that they can autofill the password, so you don't have to look it up, you can just tell it to fill the password.

nereo

  • Senior Mustachian
  • ********
  • Posts: 17497
  • Location: Just south of Canada
    • Here's how you can support science today:
Re: Password Storage
« Reply #14 on: January 28, 2020, 02:10:35 PM »
Thanks for the great responses everyone. Since I already have over 100 passwords, I dont plan to do the random generation. Even being safer, this seems like a considerable undertaking. Is there value to storing these passwords in something like 1password even without using the auto generator or am I better suited using something as simple as a locked note on my iphone?
Having 100+ passwords is exactly why you need to use a different one for each site.  Sites get hacked every day - if you are using the same password across multiple sites your risk goes up exponentially.
Password managers such as those mentioned here will not only generate and store random passwords but they will also check to make sure you are not using the same password across multiple sites.

The most risky thing you can do (besides making your password “passw0rd” is to use the same password multiple times.  You are basically begging to have your account hacked.
« Last Edit: January 28, 2020, 02:43:34 PM by nereo »

robartsd

  • Magnum Stache
  • ******
  • Posts: 3342
  • Location: Sacramento, CA
Re: Password Storage
« Reply #15 on: January 28, 2020, 02:28:59 PM »
I learned of Bit Warden somewhere else on these forums. It's a free and open source password manager. I've been meaning to try it out. As the entire system is open source, you can choose to use their cloud service or not according to your needs and technical level. The free level of the cloud service allows you to share items with one other person, so you wouldn't even need to share your master password with a spouse.

Rob_bob

  • Bristles
  • ***
  • Posts: 404
  • Location: Oregon
Re: Password Storage
« Reply #16 on: January 28, 2020, 04:07:03 PM »
Another Keepass user here.

appleshampooid

  • Bristles
  • ***
  • Posts: 303
  • Relentless Snacker
Re: Password Storage
« Reply #17 on: January 29, 2020, 06:52:35 AM »
Thanks for the great responses everyone. Since I already have over 100 passwords, I dont plan to do the random generation. Even being safer, this seems like a considerable undertaking. Is there value to storing these passwords in something like 1password even without using the auto generator or am I better suited using something as simple as a locked note on my iphone?
Before I began using a password manager, I had a spreadsheet with all my accounts listed on it. I didn't have the actual passwords stored in the sheet, but I used the same password almost everywhere (like a chump, I mean like almost everyone :P) so it was just a list of accounts and a hint to myself if the password was different than the standard due to that site's requirements.

IIRC, this spreadsheet had about 270 rows. I didn't try to change everything at once as that is obviously a fool's errand, but I started with the most important sites (banks, brokerages, credit cards) and worked my way down in priority. Hell, I'm still not done, my old sheet still has 106 rows of sites using my old, common password. But a lot of them are places I'll never visit again, and none of them will have any substantive negative consequences if hacked.

So my message to you is, I understand where you're at. I was there too. Start small, and eventually you'll get there! Just going through the effort of putting your *old* passwords into a password manager is going to be a pain in the ass, so you might as well take an extra 5 minutes per site and change your password to a more secure one.

Wintergreen78

  • Pencil Stache
  • ****
  • Posts: 620
Re: Password Storage
« Reply #18 on: January 29, 2020, 08:36:24 AM »
Thanks for the great responses everyone. Since I already have over 100 passwords, I dont plan to do the random generation. Even being safer, this seems like a considerable undertaking. Is there value to storing these passwords in something like 1password even without using the auto generator or am I better suited using something as simple as a locked note on my iphone?
Having 100+ passwords is exactly why you need to use a different one for each site.  Sites get hacked every day - if you are using the same password across multiple sites your risk goes up exponentially.
Password managers such as those mentioned here will not only generate and store random passwords but they will also check to make sure you are not using the same password across multiple sites.

The most risky thing you can do (besides making your password “passw0rd” is to use the same password multiple times.  You are basically begging to have your account hacked.

Yeah - what he said. Any time some random website gets hacked and people’s passwords get stolen, the first thing that happens is the thieves sell the passwords and then people start trying those passwords everywhere they can. So, if you used your bank account password to sign in at a campground once and that campground gets hacked, you’ve just had your bank account compromised. Even if you don’t want to deal with resetting all your passwords, at least reset all your passwords that have anything to do with money or sensitive information to different randomly generated passwords.

MoneyGoatee

  • Stubble
  • **
  • Posts: 127
Re: Password Storage
« Reply #19 on: January 29, 2020, 09:55:19 AM »
Thanks for the great responses everyone. Since I already have over 100 passwords, I dont plan to do the random generation. Even being safer, this seems like a considerable undertaking. Is there value to storing these passwords in something like 1password even without using the auto generator or am I better suited using something as simple as a locked note on my iphone?

Consider adding two-factor authentication for your more important accounts such as banking or purchasing.  Even if your password is easy to crack, two-factor authentication adds a much greater layer of security.  Some sites don't use passwords at all and rely only on authentication.

EDIT:  Just want to add that regarding authentication, a dedicated physical authentication device is more secure than a smartphone authenticator app, which is in turn more secure than authentication via a code texted to you, which is in turn more secure than having the code emailed to you, which is in turn more secure than having the code postal-mailed to you.
« Last Edit: January 29, 2020, 11:51:13 AM by MoneyGoatee »

StashingAway

  • Pencil Stache
  • ****
  • Posts: 895
Re: Password Storage
« Reply #20 on: January 29, 2020, 12:14:28 PM »
Thanks for the great responses everyone. Since I already have over 100 passwords, I dont plan to do the random generation. Even being safer, this seems like a considerable undertaking. Is there value to storing these passwords in something like 1password even without using the auto generator or am I better suited using something as simple as a locked note on my iphone?
Having 100+ passwords is exactly why you need to use a different one for each site.  Sites get hacked every day - if you are using the same password across multiple sites your risk goes up exponentially.
Password managers such as those mentioned here will not only generate and store random passwords but they will also check to make sure you are not using the same password across multiple sites.

The most risky thing you can do (besides making your password “passw0rd” is to use the same password multiple times.  You are basically begging to have your account hacked.

Yeah - what he said. Any time some random website gets hacked and people’s passwords get stolen, the first thing that happens is the thieves sell the passwords and then people start trying those passwords everywhere they can. So, if you used your bank account password to sign in at a campground once and that campground gets hacked, you’ve just had your bank account compromised. Even if you don’t want to deal with resetting all your passwords, at least reset all your passwords that have anything to do with money or sensitive information to different randomly generated passwords.

And OP, once you do get all of your major passwords in, it is smooth sailing... just update passwords to other sites and new sites as you log on. It is daunting at first (took my wife a year to give in and try it vs her old word doc storage method). But once you do it, you'll find it's a much better process all around and wish you would have switched sooner!

Joel

  • Pencil Stache
  • ****
  • Posts: 887
  • Location: California
Re: Password Storage
« Reply #21 on: January 29, 2020, 12:21:39 PM »
Another LastPass user here. My wife and I use this to manage all of our passwords and we couldn't operate without it.

Aggie1999

  • Bristles
  • ***
  • Posts: 385
Re: Password Storage
« Reply #22 on: January 29, 2020, 12:36:00 PM »
KeyPass on phone. Local only. No backup to cloud. I do backup the KeyPass DB file to my PC every few months.

MustacheAndaHalf

  • Walrus Stache
  • *******
  • Posts: 6629
Re: Password Storage
« Reply #23 on: January 29, 2020, 06:54:04 PM »
I originally used LastPass, then switched t KeePass.  LastPass has a nice feature where you can share passwords with another user, if you paid for premium.  But I was worried how LastPass might change after they were bought out (many years ago), so I went with another solution.

I currently have KeePass 2 storing all of my passwords.  Using chromeIPass extension let's me auto-fill on most websites.  For those that don't work, I right-click and select "fill in password".

Backups are important, but I don't want my passwords compromised.  So I add another layer of security, by saving my password database to an encrypted folder (using VeraCrypt).  Then I store that encrypted folder on USB drives, and on several cloud services (Google, Amazon, DropBox).

As a safeguard, I've manually memorized my email password.  But almost all of my passwords are random sequences of letters/digits/special - whatever the website will allow.  Allowing me to use unique, random passwords on every website is a key feature of a password manager.  It means if one website is hacked, the damage is isolated - they don't gain access to anywhere else.

Email is different - if someone gets your email, they could request password resets.  So I also pair my email with two factor authentication.  You can use your phone, which isn't great.  Using a physical device (like a USB key with a button to send credentials) is much better.  Since my email provider recognizes my browser (cookies?), I rarely have to use my two factor authentication.

Eckhart

  • 5 O'Clock Shadow
  • *
  • Posts: 31
  • Location: The Great White North
Re: Password Storage
« Reply #24 on: January 29, 2020, 07:12:27 PM »
Lastpass.  Also save an offline lastpass database to my pc about once a year.  This offline database can be opened with Lastpass pocket.

Enable two factor authentication when possible.  Here is my preferred order, depending on what the website offers.

1- Authy (google authenticator)
2 - SMS (text)
3 - Email

Like others, I do not know 99% of my passwords.  It's great.

A couple things to note.  Lastpass will autofill usernames and passwords, very convenient.

When using two factor, you can generally save a cookie in your browser, so you only need to do the two factor once per computer you use.  If you clear your cache, it usually makes you do it again, no biggie.

I also do the lastpass security challenge on a regular basis.  Shows weak passwords, sites you use that have had data breaches (so you should change password) and old passwords (password older than one year)


ApacheStache

  • Stubble
  • **
  • Posts: 119
  • Location: West By West West
Re: Password Storage
« Reply #25 on: January 29, 2020, 08:04:32 PM »
No offense OP, but as a Software Engineer, alarms start going off in my head when someone on the internet (especially a new forum user, regardless of if they were a long time lurker) asks users (who likely have a high net worth) to publicly disclose information regarding how they create and store their passwords -- especially for banking and investment related services.

Regardless of if this question is well-meaning, there are plenty of security focused sites and blog posts that offer this type of information.

Simpli-Fi

  • Bristles
  • ***
  • Posts: 328
Re: Password Storage
« Reply #26 on: January 29, 2020, 09:08:21 PM »
as a hacker, now I know which managers a small section of frugal people use

I really love Mr. Robot...got weird there for a moment, then REALLY weird!  All the 80's references are brilliant...shit, now you know my age.

MustacheAndaHalf

  • Walrus Stache
  • *******
  • Posts: 6629
Re: Password Storage
« Reply #27 on: January 30, 2020, 08:05:47 AM »
@ApacheStache - Yeah, when re-reading this part of OP's original post, I can see your point:

Do your passwords all tend to be pretty similar or totally random.