cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Keeping Passwords Safe

pigman1
Explorer
Explorer
Anyone out there have problems with passwords? I was getting more and more concerned that my passwords for various important sites were not as safe as they could be, especially when traveling. I did a count the other day and found I had 103 passwords for sites I visit. Some of these were innocuous such as common forums, but others were quite critical for such things as bank accounts and investment houses. Keeping these safe, suitably complex and changing them when necessary has become quite a chore. Iโ€™ve tried numerous password managers but most were awkward to use or downright unusable.

I recently found DASHLANE clickey on line. Itโ€™s free, relatively easy to use, private, and has received a number of good reviews. What I like is that it enters your password and username into your sign in page automatically. In addition, you can have it generate complex passwords or come up with them yourself. It will also store non-password items such as credit card numbers, safe combinations and secure notes you want to keep private. It doesnโ€™t work perfectly on all sites, but overall Iโ€™d give it a B+ to A-

Other than being a happy user, I have no interest in the company or any of itโ€™s products. Check it out if you have some of the similar concerns as I had.
Pigman & Piglady
2013 Tiffin Allegro Bus 43' QGP
2011 Chevy Silverado 1500
SMI Air Force One toad brake
Street Atlas USA Plus
30 REPLIES 30

fj12ryder
Explorer III
Explorer III
LOL "Bazinga" ๐Ÿ™‚
Howard and Peggy

"Don't Panic"

GoPackGo
Explorer
Explorer
I see we have a Big Bang Theory fan !

fj12ryder
Explorer III
Explorer III
That is waay too much remembering, having to remember each pass phrase for each login, and which numbers you've substituted for letters. How does one do this for over 200 log ins?

Password managers make life much easier. Of course if I forget the password to my password manager, I am royally "attached to another object by an inclined plane, wrapped helically around an axis". ๐Ÿ™‚
Howard and Peggy

"Don't Panic"

TenOC
Nomad
Nomad
For long secure passwords make up a sentence. Example For RV.Net = My grandmother is 89 years old! This gives me fRV=#211is89ye3! That way you do not need to remember a password. You can use any combination of letters and words, all you need to remember is your key. For example the first number after the = is # charters. The hint "Grandmother's Age in 2014".

My actual long secure passwords are much more complicate and i do not need to remember any except the variable in each sentence which are related to the web page.
Please give me enough troubles, uncertainty, problems, obstacles and STRESS so that I do not become arrogant, proud, and smug in my own abilities, and enough blessings and good times that I realize that someone else is in charge of my life.

Travel Photos

1492
Moderator
Moderator
I personally was a little surprised by the results. But added keylogger protection some time ago after reading how difficult most are to detect by popular security apps. In fact, my highly rated AV package could neither detect the keyloggers I have running in real-time, nor by a separate on-demand scan. It also didn't detect AntiLogger Free whose behavior is very similar to a keylogger itself. However, Malwarebytes Free did detect them all using an on-demand scan, and I had to make exceptions not to delete them.

BTW, if you do use an anti-keylogger app, its important to let it auto run at startup by default. Should you run it after a keylogger is already running, it can actually render its protection useless as the keylogger can take control of the clipboard. So not a perfect solution by any means.

GoPackGo
Explorer
Explorer
I am more worried about inputting an incorrect password and then being locked out, or not being able to access an online database of my passwords for some reason. I keep a written list, plus a backup - not permanently attached to my computer.

SCR
Explorer
Explorer
I'm sure that no matter what the precautions are there is a way to circumvent them short of unplugging the Internet.

There are numerous websites that can offer suggestions for safer computing as well as programs to assist in protecting your computer.

In the end it comes down to your actions that determines the level of threat you are exposed to.

1492
Moderator
Moderator
How Safe Are Your Passwords?

Actually, virtually no method mentioned can insure that stored passwords are completely protected if the computer you're using is compromised by hardware/software data capture, such as a keylogger Trojan. What makes the situation worse is that many anti-virus/anti-malware software packages are ineffective in detecting the presence of a keylogger in real-time. Though can be more effective in doing so when utilizing an on-demand scan. Yet, often requires the use of specialized security apps such as Malwarebytes.

I did some brief testing of password security methods using two popular keylogging utilities readily available on the NET. One of which could capture contents from the clipboard(copy/paste). In each case, I used the normal procedure for inputting the stored account user name/password for the application or method to log into RV.NET. Here are some observations for common password storage methods mentioned.


Method 1: Using Paper to Store Passwords.
Password Database Access - NO?
User Name/Password Revealed - YES

    The keylogger was easily able to record the website name, and the user name/password when utilizing the hardware keyboard.

    Inputting using a virtual keyboard, such as Windows On-Screen Keyboard, made no difference. The keylogger was still able to record the user name/password.

    This was by far, among the least secure methods.



Method 2: Using Firefox Browser's built-in Password Manager.
Password Database Access - YES if using Master Password.
User Name/Password Revealed - NO

    The keylogger was "not" able to record the user name/password using Firefox's built-in password manager. However, it was able to record the Master Password, if enable for access, which could be used to reveal passwords if one had local access to Firefox.

    Not using a Master Password leaves Firefox's passwords unsecured, unless the database is separately encrypted. Such as securing Firefox's profile folder in a encrypted virtual container.



Method 3: Password Manager Utility - KeePass
Password Database Access - NO if using Secured Desktop option for Master Password, or a Key File.
User Name/Password Revealed - YES

    Using KeePass, the keylogger could not record the Master Password to unlock the database file if Secure Desktop is enabled under options. Nor could it record the Key file if used. However, the second keylogger utility was able to capture both the User Name/Password from the clipboard if using copy/paste from within KeePass. So not a secure method to use on a compromised system.



Method 4: Cloud Password Manager - LastPass.
Password Database Access - YES
User Name/Password Revealed - NO

    Using LastPass in Firefox, the keylogger was able to record both the account email address/password from the Master Log-in form for account access. If "Remember Email" was enabled, the LastPass account password was still recorded though the associated account email address was not. No user names/passwords were revealed with auto log-in, but still the possibility exists to hijack the account itself containing the passwords online.



Though just a very limited test, it does demonstrate the dangers of keyloggers. A popular method used by cyber criminals to gain unauthorized access into personal/business accounts. Which was reportedly used to ultimately breach Target's database, by using captured credentials from a contractor through an infected email attachment. Resulting in the theft of 110 million customer accounts.

Notwithstanding, it was interesting that Firefox browser based password managers appear to offer the best protection, so long as the database can be adequately secured locally. None of the keyloggers were able to capture any data using auto login functions.

Another useful option would be to utilize a keystroke encryption app as part of a multilayered security approach, which could render keylogging Trojans ineffective in capturing data. However, they would not be effective against hardware based keyloggers.

There are a couple free anti-keylogging apps available. I personally use Zemana AntiLogger Free. In fact, with AntiLogger Free activated, the keyloggers tested could not effectively record useable data, nor capture any user names/passwords.

Zemana AntiLogger was also tested against 14 known keyloggers by another website, and passed in all instances.




UPDATED: To include results from a second keylogger to test clipboard data capture(copy/paste).

Y-Guy
Moderator
Moderator
1Password it's not for everyone but I love it. Syncs across my home and work computer, iPhone and iPad. Most of all I trust my data.

Two Wire Fox Terriers; Sarge & Sully

2007 Winnebago Sightseer 35J

2020 Jeep Gladiator Rubicon

fj12ryder
Explorer III
Explorer III
But you're still vulnerable to a keystroke logger, something that a program like Roboform is not.
Howard and Peggy

"Don't Panic"

Gonzo42
Explorer
Explorer
Periodicly I make a spreadsheet of all my passwords and organize them. I then store the file on a thumb drive which is very seldom actually attached to the computer(s). I print a hard copy of the list and keep it in my office.

Then I make sure I've cleaned my computer of any and all junk using Ccleaner to clean up any problems that have cropped up, then I defrag, then I wipe the drive so no fragments are left anywhere.

Call me paranoid, but I would not have my passwords on my computer even protected by some app that potentially could get hacked.
MOTHER SHIP Winnebago View 24H (2007 Dodge Sprinter 3500 Chassis, 2008 Body)3.0 L M-B Diesel V6 bought used with 24K miles. Toad: ROCKY the Flying Squirrel.

rr2254545
Explorer
Explorer
XXX I have used roboform for about 10 years maybe - excellent program
2012 Winnebago Journey 36M Cummins 360
2014 Jeep Cherokee
492 Campgrounds,107K miles driven in our Winnebago motor homes and 2360 nights camping since we retired in July 2009, 41 National Parks

SCR
Explorer
Explorer
I use LastPass for all my every day things like forums and email. I use my head for the important ones like financial sites. I do have hints stored on my computer, my memory has slipped some over the years.

The hints are stored in documents totally unrelated to any type of financial information. As an example recipes would be a good place hide some hints in.

WoodGlue
Explorer
Explorer
Annoyance passwords can be overcome using this site:

Bug Me Not

Why even use your own password when you don't need to?

WoodGlue
2002 Land Rover Discovery II
2014 Lance 1685 - Loaded - 4 Seasons - Solar - 2 AGM's
When Hell Freezes Over - I'll Camp There Too!
Lance Travel Trailer Info - Lance 1685 Travel Trailer - Lance 1575 Trailer