Password Security

B

Beverly Whiteaker

Active member
With all the social media accounts we have plus the different applications we use, it's getting hard to remember all the log in details. Can you relate? lol. Though google offers to remember/save the password so you can automatically log in, in our opinion, it is not 100% secured. What if your pc was stolen? Got what I mean? Anyway, I'm trying to check for an alternative password storage that is also capable of sharing to other authorized users in a secured manner...meaning without revealing the password itself. As much as possible, we want a free downloadable app that is easy to use...sorry, we don't have available budget to purchase an advance software at the moment. But if you know something better, please feel free to suggest also and we might be able to consider it in the future. We'll try to include it in our 2017 budget. Thanks!
 
ubuysa

ubuysa

The BSOD Doctor
Give KeePass2 a try (http://keepass.info/) you'll find Android apps that are compatible with it's database on the play store (I use Keepass Droid from there on Android). The database is an encrypted file (encrypted by the master password you choose) and you simply copy it to each device and the app will open and use it. You can copy passwords to the clipboard to paste into login screen too so it's easy to use.
 
Oussebon

Oussebon

Multiverse Poster
What if your pc was stolen?
Click to expand...
Don't you have the whole drive encrypted anyway?

I'm not saying FDE's an excuse to be lax on other security features, but if the PC's stolen and there's client or sensitive business data anywhere on the PC including in temporary files, passwords Chrome has saved will be the least of your worries.

Windows 7 Ultimate / Windows 8 Pro / Win 10 Pro (or Enterprise versions but I assume you're not running that) have bitlocker included. Otherwise there are things like Veracrypt.
 
Last edited:
T

Tony1044

Prolific Poster
I second what the guys have said.

Encrypt your disk. If you don't have a TPM whcih can limit the functionality of Bitlocker (you have to carry a USB stick around) then get an alternative. When I had some really commercially sensitive stuff I had to carry around I used to use Truecrypt with hidden encrypted partitions but that was for the really paranoid.

Second also, KeepPass2 - it even supports keeping your master file on Dropbox if you fancied to ensure that it syncs between devices.
 
mishra

mishra

Rising Star
KeePass is simply the best application (IMO) out there. I use it privately and also in professional work. Once you organize your life through KeePass then it's very difficult to go back.

I would stay away from web based password managers (aka LastPass - this one got hacked not so long ago I think).

Ah, KeePass is completely free and according to authors it will ALWAYS remain that way. Also you can sync changes between many users if you want to use it that way.
 
S

Samantha Rogers

Active member
Beverly Whiteaker said:
With all the social media accounts we have plus the different applications we use, it's getting hard to remember all the log in details. Can you relate? lol. Though google offers to remember/save the password so you can automatically log in, in our opinion, it is not 100% secured. What if your pc was stolen? Got what I mean? Anyway, I'm trying to check for an alternative password storage that is also capable of sharing to other authorized users in a secured manner...meaning without revealing the password itself. As much as possible, we want a free downloadable app that is easy to use...sorry, we don't have available budget to purchase an advance software at the moment. But if you know something better, please feel free to suggest also and we might be able to consider it in the future. We'll try to include it in our 2017 budget. Thanks!
Click to expand...

You will need to encrypt all your login information and other data that you often hand over to a website. If I'm right with it, you need a password manager. Otherwise, a Power broker password safe can be a solution to a password security.
 
B

Beverly Whiteaker

Active member
Samantha Rogers said:
You will need to encrypt all your login information and other data that you often hand over to a website. If I'm right with it, you need a password manager. Otherwise, a Power broker password safe can be a solution to a password security.
Click to expand...


I've heard about some online company that offers [link removed by steaky360] password management software (beyondtrust.com)and I want to try it. Some people are already using it and I think it will help a lot in securing everyone's password esp. in this time where there are a lot of people trying to scam everybody.
 
Last edited by a moderator:
ubuysa

ubuysa

The BSOD Doctor
Beverly Whiteaker said:
I've heard about some online company that offers [link removed by steaky360] password management software (beyondtrust.com)and I want to try it. Some people are already using it and I think it will help a lot in securing everyone's password esp. in this time where there are a lot of people trying to scam everybody.
Click to expand...

Trust. That's the key word where security is concerned; whom do you trust? Unless you absolutely and completely trust beyondtrust.com I would be suggest you test them out with passwords to non-critical applications for a good while first. Personally, I would never trust an online password management system, but that's just me. :)
 
T

Tony1044

Prolific Poster
I wouldn't personally allow my passwords or phrases to be held on any servers of this nature.

I rarely store passwords on sites or in browsers except where there is no real usable information to be had (e.g. here on a PCS forum).

For regular sites, I use a standardised format so that I can easily remember how the passwords are constructed.

For secure sites, I prefer a passphrase where possible, but it's suprising how few sites adhere to this.

For the really secure stuff, I will even go as far as integrating Alt- characters (e.g. hold down the left Alt key and hit 4 digits on the number pad).

I do use a password vault, as I mentioned above, for some less-often accessed sites etc but not an online one, although I sync it with my own private drop-box type application which is also encrypted. And again, it's protected with a master pass phrase with some added complications.

And yeah, I know my use cases are often different to your average users, so here's a quick tip for you all - add a couple of ? into your online passwords.

The reason I say this is because more often than not, cracking software will return a ? for a character it cannot decrypt with any level of certainty, so people running the software often skip over them as they're not worth bothering trying to guess. Automated scripts that try them are often coded not to even bother if there are ? present. Not 100% safe or guaranteed but hey, anything to slow them down, no?

As the hacks on Yahoo have shown - developers often believe they are the best coders in the world but that is rarely the case. So you'd need to be asking things like what is the encryption algorithm in use? If you don't want to make it public, is it a public domain based one, or a home-brew one? How "big" is the cypher? Are the passwords hashed and salted? Is the encryption stored in a reversible format? Does it leave the boundaries of your company? Who else, and where has access? Where is this company based.....?

And suddenly you start to see just some of the trust problems.
 
Oussebon

Oussebon

Multiverse Poster
no real usable information to be had (e.g. here on a PCS forum).
Click to expand...
*snigger*

On a more serious note:
I would never trust an online password management system
Click to expand...
I wouldn't either, and even if I had total confidence that they weren't shady and that none of their staff might do something dodgy, there's still the scope for accidents and hacks.

I would also imagine if the online company was hacked and your clients' information compromised (e.g. the stolen passwords allowed thieves to access data about them) then you would be in an awkward position, especially if you hadn't done due diligence on them to assess the level of security they offer. I'm no lawyer though (for all I know you'd be screwed even if you had done due diligence).
 
Oussebon

Oussebon

Multiverse Poster
I know what you meant (your post was good and very clear), I was being facetious as it sounded potentially double edged :)
 
T

Tony1044

Prolific Poster
I know, ;)

On a serious note though, as I'm sure you've noticed, I take my data security and security in general very seriously but it hasn't stopped someone, somewhere, cloning my debit card at some point and trying to spend over two grand on it over the weekend.

Fortunately, the bank's anti-fraud system picked it up and blocked the transactions before they even left my account but I am faced with now having to go to a branch this Wednesday to get a new card. I can't wait for one to be posted as Wednesday afternoon I am going away on a xmas break.

Just goes to show it doesn't matter how careful you are, sometimes.

What really annoys me is I do the usual tricks - hide my PIN, hit extra keys to ensure there's no heat residue left behind that is usable yada, yada, yada.

I used to have a prepaid credit card for online and hotel transactions too but even that has pros and cons. Pro - they can't rip you off for more than it's topped up with. Con, turns out you have zero protections for these cards as it's your money, not a banks.
 
Oussebon

Oussebon

Multiverse Poster
On the flip side, the first PC I ordered here resulted in my debit card getting instantly blocked. That was hilarious. I was thrilled to bits.
 
You must log in or register to reply here.
Top