astral Posted April 4, 2007 Share Posted April 4, 2007 I have 3 credit cards, 2 bank cards and numerous internet and mail accounts. It is becoming increasingly difficult to remember all the PINs and passwords. I hate to write them down. How do you manage this. PS Just in case someone asks, I will not be sending out the info so you can remember it for me!! Link to comment Share on other sites More sharing options...
Mid Posted April 4, 2007 Share Posted April 4, 2007 do you really have that many phone numbers stored ??????????? Link to comment Share on other sites More sharing options...
cdnvic Posted April 4, 2007 Share Posted April 4, 2007 Write the passwords down in one place, and a key to the password list in another. Usually it's less of a security issue to write down a password than to make it simple enough to remember. Link to comment Share on other sites More sharing options...
Tywais Posted April 4, 2007 Share Posted April 4, 2007 Use truecrypt and create a volume, put the data in a notebook .txt file and keep it in the volume. Now easy to access by mounting or dismounting the volume and encrypted. Of course you need to remember the password for the volume. Link to comment Share on other sites More sharing options...
cdnvic Posted April 4, 2007 Share Posted April 4, 2007 Forgot about that one. There's a Security Now! episode on it: Transcript http://www.grc.com/sn/SN-041.htm Podcast: http://media.grc.com/sn/SN-041-lq.mp3 Link to comment Share on other sites More sharing options...
monty Posted April 4, 2007 Share Posted April 4, 2007 I have them in my phone! They are hidden under names which only makes sense to me, and pin codes are just hidden in 9 digit phonenumbers. I only need to remember how to extract the PIN's, for example, every other digit starting from the third or something like that... I got over 300 numbers in my phone, so it would be close to impossible to extract the information by somebody else then me! Link to comment Share on other sites More sharing options...
h90 Posted April 4, 2007 Share Posted April 4, 2007 I had a phone book and add names and phone numbers which contained the informations. It was 100 % save as 1 month later I couldn't figure it out myself anymore. I know some people who write their pin code on the back of their atm card (excellent idea). Link to comment Share on other sites More sharing options...
nikster Posted April 4, 2007 Share Posted April 4, 2007 (edited) I have 3 credit cards,2 bank cards and numerous internet and mail accounts. It is becoming increasingly difficult to remember all the PINs and passwords. I hate to write them down. How do you manage this. PS Just in case someone asks, I will not be sending out the info so you can remember it for me!! I remember the PINs for bank cards - only torture can make me talk! For mail accounts, I use my "hard" password. (*) For bank accounts, I use an "impossibly hard" password. I have two, so two different ones I have to remember. And for the rest, I use the same easy to remember password for all of them. Same user name where possible too. It's totally unsafe. None of these have been hacked, and if they do get hacked, I don't really care. Forum accounts etc.. The thing I hate most is password policies which force one to change the password every x months. That's supposed to be "safe" but how on earth should a normal person manage that. It's difficult enough to memorize one hard password - making up new ones _and_ remembering them is unpractical. I have a trick for that too, though, a programmer colleague once taught me that one: Use the same password but append a new number. Surprisingly, this always works even with systems that are supposed to check for similarities in old and new passwords. So it will be (reallyHardPassword)_1, (reallyHardPassword)_2 and so on every time the system asks to upgrade the pass. This totally gets around the purpose of the password-change policy - but then again, I think the password-change policy is stupid. Back in Uni the admins would run a password cracker every night and out people with bad passwords - that was fun, humiliating, and everyone learned very quickly how to pick good passwords. (*) BTW - make sure your email client accesses your email using an encrypted protocol. If you use webmail, make sure the address starts with https:// instead of http://. The reason is that the mail protocol transfers the password in plain text. I have never heard of any real-world exploit of this but if you are say on an unencrypted Wireless network you are basically broadcasting your email password for all to hear. Might want to avoid that. Edited April 4, 2007 by nikster Link to comment Share on other sites More sharing options...
QualityTouristNumberOne Posted April 4, 2007 Share Posted April 4, 2007 Send your credit and ATM cards to me,along with your pins,and I will sort it out for you Link to comment Share on other sites More sharing options...
autonomous_unit Posted April 4, 2007 Share Posted April 4, 2007 I once tried to re-use the tiered "good" and "really good" passwords. But with the proliferation of web accounts I decided it was too difficult to protect these things from each other and make sure I never accidentally used a really good and important password at an unimportant and insecure site. So now I generate completely random passwords and use the encrypted notepad strategy to keep them all. This also means I can change them to a new random password more frequently, without fear of forgetting them. Most of the web ones I also let my browser store (encrypted) except bank/financial ones which I have to remember or dig out from the real encrypted file once a month when I do bookkeeping. I go to extreme effort to make sure my encrypted file is accessible to me even if someone steals my computer or my house burns down, etc. In other words, I am confident I can recover them but I am also pretty sure nobody can pilfer them without me knowing about it (since I trust the encryption and do not share the passphrase). By the way, I would NEVER try to access any authenticated web/internet resources except from my own computer where I have installed the OS from scratch and trust that the system is not running keyloggers etc. Therefore, I have no use for carrying around a big set of passwords when I don't have my laptop or a local machine I already trust as my own. Bank ATM card PINs are another story entirely. I avoid having too many cards, and I have a tendency to forget my own PIN and then remember it eventually a few months later. I just ask my wife for cash instead. Link to comment Share on other sites More sharing options...
nikster Posted April 4, 2007 Share Posted April 4, 2007 By the way, I would NEVER try to access any authenticated web/internet resources except from my own computer where I have installed the OS from scratch and trust that the system is not running keyloggers etc. Therefore, I have no use for carrying around a big set of passwords when I don't have my laptop or a local machine I already trust as my own. Good point, actually. I use my Windows machine for everything except internet banking which I do on my old Mac. Because... no known viruses/trojans/rootkits/keyloggers Before any kind of flame war starts: I didn't say it's impossible - I just said there are none out there. People tend to think I am paranoid, but the truth is that I read about the *potential* viruses out there and quite frankly - the current malware authors are nowhere near using this potential. Together with virus-kits the attacks are going to get ever more sophisticated. You can buy a zero day attack vector for a few hundred dollars, low thousands for a botnet, disabling AV software is standard with all virus kits etc... It's possible to protect your windows system with good security - I just find it easier to use the Mac. For those who do internet banking on internet cafe computers - good luck! You'll need it. Link to comment Share on other sites More sharing options...
Guest Reimar Posted April 4, 2007 Share Posted April 4, 2007 I have 3 credit cards,2 bank cards and numerous internet and mail accounts. It is becoming increasingly difficult to remember all the PINs and passwords. I hate to write them down. How do you manage this. PS Just in case someone asks, I will not be sending out the info so you can remember it for me!! I use an simple Casio PDA with just 4 MB of memory for to store all my "secret" information like Card number and Pins, Serial Number, MS-CD-Key's and so on. To "open" the PDA i need to keyin an special password, so even if I loose the PDA there is no way to retrive the Data. The Batteries last for month 's because I rarly use the PDA, except I need some info out of them! Link to comment Share on other sites More sharing options...
astral Posted April 5, 2007 Author Share Posted April 5, 2007 Thanks for all those useful suggestions. Link to comment Share on other sites More sharing options...
Crushdepth Posted April 6, 2007 Share Posted April 6, 2007 I like to use a small freeware program called Password Safe by Bruce Schneier, which is a simple but nicely paranoid tool for organizing and encrypting passwords. This lets me use long random industrial-strength passwords without straining the grey cells. For mobile use I keep an encrypted text file on my PDA. (Some of my colleagues who have lazily used lame-duck passwords to protect their websites etc have been brute forced or guessed - in one case the hacker left a message saying 'you really shouldn't put the password to your site in your forum signature...') Link to comment Share on other sites More sharing options...
Farma Posted April 6, 2007 Share Posted April 6, 2007 I've known people save their passes etc as names and numbers on their mobile phones in such a way anyone looking in the phones can't tell these entries are passwords. Link to comment Share on other sites More sharing options...
Veazer Posted April 6, 2007 Share Posted April 6, 2007 I used to use encrypted excel files for this but I've sinced changed to KeePass. It works great for me and it's portable. http://portableapps.com/apps/utilities/keepass_portable Link to comment Share on other sites More sharing options...
PMK Posted April 6, 2007 Share Posted April 6, 2007 (edited) Whisper (freeware) It also generates passwords. Peter Edited April 6, 2007 by PMK Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now