Recommend
1 
 Thumb up
 Hide
23 Posts

BoardGameGeek» Forums » Gaming Related » PBEM » The Village Square

Subject: Passwords: creating and managing strong passwords rss

Your Tags: Add tags
Popular Tags: [View All]
Goo
United States
Yorba Linda
California
flag msg tools
badge
Try to be nice to people, avoid eating fat, read a good book every now and then, get some walking in, and try and live together in peace and harmony with people of all creeds and nations.
Avatar
mbmbmbmbmb
I have to get my passwords organized. I have all kinds of passwords floating around of various strengths. I have a semi-complete list of my passwords on a piece of paper stashed away but it seems it is always at my other computer.

It's all kind of a hassle.

I am looking for two things: strategies in creating multiple strong passwords and how to maintain them (remember or store them).

I used Last Pass for a while but they got hacked and I no longer felt so secure. It was great while it lasted.

Ideas? I need a whole new paradigm.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Ryan Gatti
United States
Portland
Oregon
flag msg tools
badge
Avatar
mbmbmbmbmb
7 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Ryan Gatti
United States
Portland
Oregon
flag msg tools
badge
Avatar
mbmbmbmbmb
Oh, and for the other side of the argument...
3 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
a valiant, pungent reindeer king
United States
Buffalo
New York
flag msg tools
Garfield
badge
Never trust a smiling Garfield!
Avatar
mbmbmbmbmb
I use 1Password, but it doesn't work on Linux which is a bit of a pain in the ass. It syncs through Dropbox and I can use it on my Macbook, PCs and iOS devices, which is nice. It's probably too expensive for me now, so I doubt I'd buy it again, but I'm happy with it.
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Oh Captain! My Captain!
Denmark
flag msg tools
Avatar
mbmbmb
I like the mmemonic ones. And then you can somewhat safely write down the acronym somewhere.

Or, use some band names.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Goo
United States
Yorba Linda
California
flag msg tools
badge
Try to be nice to people, avoid eating fat, read a good book every now and then, get some walking in, and try and live together in peace and harmony with people of all creeds and nations.
Avatar
mbmbmbmbmb
http://www.pcmag.com/article2/0,2817,2368484,00.asp

Also I am tempted to use Last Pass again. Like I said, it was pretty awesome. And I just read up on the security breach they had a long time ago and it looks like it was just a scare.

I have not had any compromises or hacks or anything. It is just one of those things that I have always known I need to get serious about it and tighten it up.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Sean Tompkins
United States
San Antonio
Texas
flag msg tools
Never go in against a Sicilian when DEATH is on the line!
badge
You know what would be funny...
Avatar
mbmbmbmbmb
Snaak wrote:
Btw, on a related topic, I've changed the pin-code for the simcard in my cellphone to mirror the pin-code of my bank card. Can anyone think of a reason for why this would not be smart? I can't but i've always been unsure.


The only thing I can think of is that if someone got ahold of both they could take the time to slowly work through the sim card unlock, waiting for the timeout to pass before trying again (this assumes that there's not just a 3-strikes-and-out type mechanism on the sim card lock), where guessing wrong a few times with bank card would lock it out and notify the bank immediately.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Sean Tompkins
United States
San Antonio
Texas
flag msg tools
Never go in against a Sicilian when DEATH is on the line!
badge
You know what would be funny...
Avatar
mbmbmbmbmb
I've got a pretty good system, but I can't share it. whistle
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Dennis
United States
New Jersey
flag msg tools
badge
Avatar
mbmbmbmbmb
I've been using LastPass for about half a year. I think I like it, though it does give me a slight sense of uneasiness.
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Sean Tompkins
United States
San Antonio
Texas
flag msg tools
Never go in against a Sicilian when DEATH is on the line!
badge
You know what would be funny...
Avatar
mbmbmbmbmb
Snaak wrote:
seanp wrote:
Snaak wrote:
Btw, on a related topic, I've changed the pin-code for the simcard in my cellphone to mirror the pin-code of my bank card. Can anyone think of a reason for why this would not be smart? I can't but i've always been unsure.


The only thing I can think of is that if someone got ahold of both they could take the time to slowly work through the sim card unlock, waiting for the timeout to pass before trying again (this assumes that there's not just a 3-strikes-and-out type mechanism on the sim card lock), where guessing wrong a few times with bank card would lock it out and notify the bank immediately.


I believe there is a 3-strikes and out thing on my simcard, actually.

Would someone do that though even if there were not? It seems that the phone itself would be the price. Discard the simcard and sell it, right?


In reality, I think it's very unlikely - thieves are usually after quick profit, not "take time to work out details for slightly higher profit". If they liked the latter, more than likely they'd just get jobs laugh . I'm a big proponent of "mitigate risk and live life" rather than "eliminate all risk" - consider the consequences, and decide what you cna live with.
3 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
How tall is justice?
Canada
Georgetown
Ontario
flag msg tools
Who IS this masked man? And WHY has he never been photographed together with 6 year old millionaire playboy Calvin?
badge
I see a world that's tired and scared of living on the edge too long.
Avatar
mbmbmbmbmb
I'm in the same boat as Goo. I've got a list of passwords that I cycle through, but they get reused, and there aren't that many on the list.

I think my approach will be an algorithm that will create a unique password based on the site name/url/username that I can work out on the fly if need be.

I just need to come up with a clever algorithm first.
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
    Conserve energy:     Play Board Games!
United States
California
flag msg tools
designer
Some say the world will end in fire, Some say in ice. From what I’ve tasted of desire I hold with those who favor fire. But if it had to perish twice, I think I know enough of hate To say that for destruction ice Is also great And would suffice.
badge
Shake your business up and pour it. I don't have all day.
Avatar
mbmbmbmbmb
For password creation, I use Random.org.

My company-provided Lenovo laptop came with "ThinkVantage Password Manager," a password vault tied to my fingerprint and unlocked using the fingerprint reader. Since 95%+ of my internet access is performed from this computer, this is my primary solution.

However, there are times when I need to access my passwords from elsewhere. My first solution was to create a text file containing all of my passwords, and then use GnuPG to encrypt it. The resultant file was then stored on Google Docs; who cares if it was ever compromised? Unless the attacker had my private key, the file did him no good.

GnuPG isn't exactly the most user-friendly program out there especially if you aren't a Linux user (I am not). Also, you still have the burden of maintaining a private encryption key somewhere. I chose to use a flash drive that I carried around in my computer bag, figuring that I could access it if I needed to get to the file. That worked fine -- or rather, I never needed to use it -- until I lost the flash drive during a visit to Seattle. I had to scrap the file, since the key might have been compromised. Plus, there was the fact that I couldn't open it without the key. It was so secure that it was safe from myself!

My current procedure is to create the text file, then copy all of the text into a client-side AES encryption app and create a hash. I paste the hash back into the file, and then store that file on Google Docs. This approach is theoretically easier to hack, but I am confident that the password I use for this purpose is sufficiently strong to resist such an attempt. This procedure is also easier for me to recover without having to install GnuPG. I just need to have an AES encryption application handy, which I do thanks to Cassie!
3 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
The Original Thumb #50
United States
flag msg tools
badge
Avatar
mbmbmbmbmb
I just use "password" whistle
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
a valiant, pungent reindeer king
United States
Buffalo
New York
flag msg tools
Garfield
badge
Never trust a smiling Garfield!
Avatar
mbmbmbmbmb
Did you know that if you type your password into BGG it shows up as asterisks?

*******

See?
2 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Mr. Stabs
Canada
Ottawa
Ontario
flag msg tools
badge
Avatar
mbmbmbmbmb
Sigafoos wrote:
Did you know that if you type your password into BGG it shows up as asterisks?

*******

See?


OH MAN, LET ME TRY!

thatlemurfromMadagascarwhosenameIcantremember

THIS IS GOING TO BE AWESOME!
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Mr. Stabs
Canada
Ottawa
Ontario
flag msg tools
badge
Avatar
mbmbmbmbmb
Ziilch wrote:
Sigafoos wrote:
Did you know that if you type your password into BGG it shows up as asterisks?

*******

See?


OH MAN, LET ME TRY!

thatlemurfromMadagascarwhosenameIcantremember

THIS IS GOING TO BE AWESOME!


. . . HEY! Wait a second.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Oh Captain! My Captain!
Denmark
flag msg tools
Avatar
mbmbmb
Snaak wrote:
Btw, on a related topic, I've changed the pin-code for the simcard in my cellphone to mirror the pin-code of my bank card. Can anyone think of a reason for why this would not be smart? I can't but i've always been unsure.

My pincode for my phone is 13371337 D
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
United States
Millersville
Maryland
flag msg tools
badge
Avatar
mbmbmbmbmb
I have a system where I can write down a few keys that mean something to me but wouldn't mean anything to anybody else. Like my password would be 256 and that means something to me... but doubt you could figure out what it means. Then I have a google doc listing the site, username and that code. I have my google account set up with the 2-factor authentication so I'm a little more confident for posting it there. But since even if you did hack that file you still wouldn't know what the code means I don't feel too worried. It can be a hassle to have to constantly look up my password for any given site, but I always have access to them.
 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Dan Corrin
Canada
Kitchener
Ontario
flag msg tools
Traveller Werewolf - more games planned
badge
Still have werewolf games in sign-up.
Avatar
mbmbmbmbmb

I have a tiered system, based on how important the site is.

I have a password app on my blackberry that stores all the financial sites (banks, paypal, ebay, etc.) which are strings of difficult numbers/letters. This is typed manually every time, and changed frequently.

Then I use a few standard passwords for social sites (such as here, facebook, etc) which are easy to remember but have some special characters, I sometimes have my browser remember these passwords, but I can usually remember them. These are changed seldom.

Then for one-off sites that want an account set up I use the same password and a completely separate e-mail address to reduce spam. I never change the password.
1 
 Thumb up
 tip
 Hide
  • [+] Dice rolls
Front Page | Welcome | Contact | Privacy Policy | Terms of Service | Advertise | Support BGG | Feeds RSS
Geekdo, BoardGameGeek, the Geekdo logo, and the BoardGameGeek logo are trademarks of BoardGameGeek, LLC.