Anyone out there have problems with passwords? I was getting more and more concerned that my passwords for various important sites were not as safe as they could be, especially when traveling. I did a count the other day and found I had 103 passwords for sites I visit. Some of these were innocuous such as common forums, but others were quite critical for such things as bank accounts and investment houses. Keeping these safe, suitably complex and changing them when necessary has become quite a chore. I’ve tried numerous password managers but most were awkward to use or downright unusable. I recently found DASHLANE clickey on line. It’s free, relatively easy to use, private, and has received a number of good reviews. What I like is that it enters your password and username into your sign in page automatically. In addition, you can have it generate complex passwords or come up with them yourself. It will also store non-password items such as credit card numbers, safe combinations and secure notes you want to keep private. It doesn’t work perfectly on all sites, but overall I’d give it a B+ to A-Other than being a happy user, I have no interest in the company or any of it’s products. Check it out if you have some of the similar concerns as I had.

I use Roboform for the same thing. It isn't free, unless you have only a few passwords. I've got a couple hundred, or more, passwords and can't imagine trying to remember them.Like you said, it is nice not to have to enter CC numbers, addresses, ID's and passwords. Just one less thing to worry about.

Safe In Cloud,Syncs User Name, PW across all our laptops, tablets and smartphones.DW gets any additions or changes I make.Works great!

RV Volunteers CONUS wrote:Safe In Cloud,Syncs User Name, PW across all our laptops, tablets and smartphones.DW gets any additions or changes I make.Works great!Yes, but there are those of us who are not too excited about anything in the cloud. You can get multiple machines using this program by transferring your info on a chip or thumb drive without ever putting it out over the net. Just a personal preference of a suspicious person.

lol what happens when the cloud site gets hacked?use roboform, in local mode

Roboform is about the best thing going.RoboformThey do offer discounted prices for handicapped people. Or try the coupon code REGOG at checkout or HOL14WoodGlue

Keeping Passwords Safe | Good Sam Community

fj12ryder
Explorer III
Feb 27, 2014
LOL "Bazinga" :)
GoPackGo
Explorer
Feb 27, 2014
I see we have a Big Bang Theory fan !
fj12ryder
Explorer III
Feb 27, 2014
That is waay too much remembering, having to remember each pass phrase for each login, and which numbers you've substituted for letters. How does one do this for over 200 log ins?

Password managers make life much easier. Of course if I forget the password to my password manager, I am royally "attached to another object by an inclined plane, wrapped helically around an axis". :)
TenOC
Nomad
Feb 27, 2014
For long secure passwords make up a sentence. Example For RV.Net = My grandmother is 89 years old! This gives me fRV=#211is89ye3! That way you do not need to remember a password. You can use any combination of letters and words, all you need to remember is your key. For example the first number after the = is # charters. The hint "Grandmother's Age in 2014".

My actual long secure passwords are much more complicate and i do not need to remember any except the variable in each sentence which are related to the web page.
1492
Moderator
Feb 27, 2014
I personally was a little surprised by the results. But added keylogger protection some time ago after reading how difficult most are to detect by popular security apps. In fact, my highly rated AV package could neither detect the keyloggers I have running in real-time, nor by a separate on-demand scan. It also didn't detect AntiLogger Free whose behavior is very similar to a keylogger itself. However, Malwarebytes Free did detect them all using an on-demand scan, and I had to make exceptions not to delete them.

BTW, if you do use an anti-keylogger app, its important to let it auto run at startup by default. Should you run it after a keylogger is already running, it can actually render its protection useless as the keylogger can take control of the clipboard. So not a perfect solution by any means.
GoPackGo
Explorer
Feb 27, 2014
I am more worried about inputting an incorrect password and then being locked out, or not being able to access an online database of my passwords for some reason. I keep a written list, plus a backup - not permanently attached to my computer.
SCR
Explorer
Feb 27, 2014
I'm sure that no matter what the precautions are there is a way to circumvent them short of unplugging the Internet.

There are numerous websites that can offer suggestions for safer computing as well as programs to assist in protecting your computer.

In the end it comes down to your actions that determines the level of threat you are exposed to.
1492
Moderator
Feb 27, 2014
How Safe Are Your Passwords?

Actually, virtually no method mentioned can insure that stored passwords are completely protected if the computer you're using is compromised by hardware/software data capture, such as a keylogger Trojan. What makes the situation worse is that many anti-virus/anti-malware software packages are ineffective in detecting the presence of a keylogger in real-time. Though can be more effective in doing so when utilizing an on-demand scan. Yet, often requires the use of specialized security apps such as Malwarebytes.

I did some brief testing of password security methods using two popular keylogging utilities readily available on the NET. One of which could capture contents from the clipboard(copy/paste). In each case, I used the normal procedure for inputting the stored account user name/password for the application or method to log into RV.NET. Here are some observations for common password storage methods mentioned.

Method 1: Using Paper to Store Passwords.
Password Database Access - NO?
User Name/Password Revealed - YES

The keylogger was easily able to record the website name, and the user name/password when utilizing the hardware keyboard.

Inputting using a virtual keyboard, such as Windows On-Screen Keyboard, made no difference. The keylogger was still able to record the user name/password.

This was by far, among the least secure methods.

Method 2: Using Firefox Browser's built-in Password Manager.
Password Database Access - YES if using Master Password.
User Name/Password Revealed - NO

The keylogger was "not" able to record the user name/password using Firefox's built-in password manager. However, it was able to record the Master Password, if enable for access, which could be used to reveal passwords if one had local access to Firefox.

Not using a Master Password leaves Firefox's passwords unsecured, unless the database is separately encrypted. Such as securing Firefox's profile folder in a encrypted virtual container.

Method 3: Password Manager Utility - KeePass
Password Database Access - NO if using Secured Desktop option for Master Password, or a Key File.
User Name/Password Revealed - YES

Using KeePass, the keylogger could not record the Master Password to unlock the database file if Secure Desktop is enabled under options. Nor could it record the Key file if used. However, the second keylogger utility was able to capture both the User Name/Password from the clipboard if using copy/paste from within KeePass. So not a secure method to use on a compromised system.

Method 4: Cloud Password Manager - LastPass.
Password Database Access - YES
User Name/Password Revealed - NO

Using LastPass in Firefox, the keylogger was able to record both the account email address/password from the Master Log-in form for account access. If "Remember Email" was enabled, the LastPass account password was still recorded though the associated account email address was not. No user names/passwords were revealed with auto log-in, but still the possibility exists to hijack the account itself containing the passwords online.

Though just a very limited test, it does demonstrate the dangers of keyloggers. A popular method used by cyber criminals to gain unauthorized access into personal/business accounts. Which was reportedly used to ultimately breach Target's database, by using captured credentials from a contractor through an infected email attachment. Resulting in the theft of 110 million customer accounts.

Notwithstanding, it was interesting that Firefox browser based password managers appear to offer the best protection, so long as the database can be adequately secured locally. None of the keyloggers were able to capture any data using auto login functions.

Another useful option would be to utilize a keystroke encryption app as part of a multilayered security approach, which could render keylogging Trojans ineffective in capturing data. However, they would not be effective against hardware based keyloggers.

There are a couple free anti-keylogging apps available. I personally use Zemana AntiLogger Free. In fact, with AntiLogger Free activated, the keyloggers tested could not effectively record useable data, nor capture any user names/passwords.

Zemana AntiLogger was also tested against 14 known keyloggers by another website, and passed in all instances.

UPDATED: To include results from a second keylogger to test clipboard data capture(copy/paste).
Y-Guy
Moderator
Feb 27, 2014
1Password it's not for everyone but I love it. Syncs across my home and work computer, iPhone and iPad. Most of all I trust my data.
fj12ryder
Explorer III
Feb 27, 2014
But you're still vulnerable to a keystroke logger, something that a program like Roboform is not.

Forum Discussion

Keeping Passwords Safe

About RV Must Haves

Related Content

Keep that trailer safe

REMINDER TO ALL: Keep a safe distance when towing

flexvision tv password

Safes

Keeping warm