Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Too many password. Aaargh

 
Maneesh Godbole
Saloon Keeper
Posts: 11090
13
Android Eclipse IDE Google Web Toolkit Java Mac Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Home laptop
Office laptop
Bank - 1 login + 1 transaction
Personal Email
Corporate email
Corporate intranet
Corporate HR + payroll (yeah three different ones. No domain password concept)
Skype
Phone

I thought I had mastered the situation when once I set the same password everywhere.....until I was told my bank password was about to expire and I needed to change it. How do you guys manage your passwords?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65105
89
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1Password

It's a really bad idea to use the same password everywhere. One security breach, and everything is compromised.
 
Paul Clapham
Sheriff
Posts: 21298
32
Eclipse IDE Firefox Browser MySQL Database
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For the things where I sign on once a month or less (e.g. seeing my electric bill online) I don't bother with passwords at all. Sure, they make me have one, but I don't bother remembering it. I just click on the "Forgot My Password" link and they send me another one which is good for signing on once.
 
Maneesh Godbole
Saloon Keeper
Posts: 11090
13
Android Eclipse IDE Google Web Toolkit Java Mac Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:1Password

This is reliable? I mean it won't transmit it to the company or anything in the background?

Bear Bibeault wrote:It's a really bad idea to use the same password everywhere. One security breach, and everything is compromised.

Yeah I know. I was real stupid that time.

I like your idea Paul. Must try it out.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65105
89
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Maneesh Godbole wrote:This is reliable? I mean it won't transmit it to the company or anything in the background?


1Password security FAQ
 
Jeff Verdegan
Bartender
Posts: 6109
6
Android IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I use RoboForm to remember my passwords on my personal computers for me.

At work it's a bit of a pain. I can never remember my email password, so if I ever have to enter it, I end up having to have IT reset it for me.

And logging into anything from my phone is a hassle, as I don't have a password vault there, and I'm so used to letting RoboForm remember everything for me that I usually can't log in from my phone.
 
Jeff Verdegan
Bartender
Posts: 6109
6
Android IntelliJ IDE Java
 
Matthew Brown
Bartender
Posts: 4568
9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I use KeePass - encrypted password database. I don't have access from everywhere, but if I keep a copy of the database at home and at work that covers the vast majority of what I need.
 
Jesper de Jong
Java Cowboy
Saloon Keeper
Pie
Posts: 15435
41
Android IntelliJ IDE Java Scala Spring
  • Likes 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Maneesh Godbole wrote:Home laptop
Office laptop
...

I thought I had mastered the situation when once I set the same password everywhere.....until I was told my bank password was about to expire and I needed to change it. How do you guys manage your passwords?

Your list contains only 9 things and you already think you have too many passwords?

I use a different password for every service, website, computer etc., and I generate passwords consisting of random letters, digits and other characters using a small program I wrote. I have a file containing the usernames and passwords of about 200 accounts that I've created in the past ten years. Ofcourse I have to be very careful where I keep that file. My password file is an Excel sheet which is itself protected by a password.
 
J. Kevin Robbins
Bartender
Pie
Posts: 1801
28
Chrome Firefox Browser jQuery Linux MySQL Database Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
PasswordSafe. A password keeper protected by a very long master password. I carry it on a flash drive and have it installed on my desktops. It has a slick sync feature so that passwords added at one computer can be migrated to the other databases and it will generate random passwords for you when you create a new entry. I don't even know most of my passwords; they are 16 character random strings that I copy and paste from this app.

 
Paul Anilprem
Enthuware Software Support
Ranch Hand
Posts: 3760
10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
These days many sites, specially the banks, have extreme rules for passwords - such as it must have at least one upper case, one lower case, one alphanumeric, one number, and must be at least 8 digits, must not use any part of your name, must not be same as any of the previous passwords. Then they make you change it every 90 days. It is not funny.
Is it even humanly possible to remember this kind of password after two days? I suspect the user would be tempted to write it somewhere thereby making it even less secure!
 
Matthew Brown
Bartender
Posts: 4568
9
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've got a part-time job somewhere that makes me change the password every 90 days. As a result I've got into the habit of making the passwords obscene. Which affects them not at all, but makes me feel slightly better .
 
fred rosenberger
lowercase baba
Bartender
Posts: 12180
34
Chrome Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Matthew Brown wrote:I've got a part-time job somewhere that makes me change the password every 90 days. As a result I've got into the habit of making the passwords obscene. Which affects them not at all, but makes me feel slightly better .

I went through that phase for a while. Then I ran out of obscenities (I guess I'd never be a good sailor).

my work now offers the option of a short, use upper/lower/symbols/whatever and change every 90 days

or

use a really long pass phrase with fewer rules that is good for a year.
 
Pat Farrell
Rancher
Posts: 4678
7
Linux Mac OS X VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Paul Anilprem wrote:These days many sites, specially the banks, have extreme rules for passwords


As the XKCD shows, rules are pointless. It is trivial to implement pass phrases, just make the text entry field long. You are going to hash the input anyway.

Its clear that the whole username + password authentication scheme has over lived its usefulness. First person to invent a solution that doesn't use passwords will
be richer than Mark Zuckerberg.
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Bear Bibeault wrote:
Maneesh Godbole wrote:This is reliable? I mean it won't transmit it to the company or anything in the background?


1Password security FAQ


I'll never never trust online services to store passwords, no matter how safe they may look like. Like Matthew, I'm using KeePass, so that I can access my password both from Linux and Windows.
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34837
369
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I used patterns. One of my password requires changing monthly and requires 26 unique ones before you can repeat. I can get away with just writing down just two characters of the password to remind myself. And if I tell you my password has N5 in it, does that help you? (And yes, I just made those two up at random)
 
Jeff Verdegan
Bartender
Posts: 6109
6
Android IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Jeanne Boyarsky wrote:And if I tell you my password has N5 in it, does that help you? (And yes, I just made those two up at random)


Aha! So know we know that some password of yours does not have N5 in it. All your login are belong to us!
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65105
89
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If this were a movie, it'd take about 3 guesses to crack in!
 
Jeff Verdegan
Bartender
Posts: 6109
6
Android IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Or there'd be a guy staring at a screen of zeros and ones saying, "This looks like one of the encryption schemes the Russians used back in the 80s. I might be able to crack the encryption if I reverse theIP address (type type type -- maybe 5 seconds) ... Got it!"

 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65105
89
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Or phase-shift the graviton beam using tachyon bursts. Oh wait ...
 
M.E. Metcalf
Greenhorn
Posts: 1
Java Mac OS X Objective C
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Lastpass is a great solution? https://lastpass.com/index.php
 
Adrian Henry
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
10 passwords. , which are very difficult to remember.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic