Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: What is 'best practice' for password management?

08 Oct 2013   #1
ship691

Windows 7 x64 Professional (SP1)
 
 
What is 'best practice' for password management?

Hi

What is the 'best practice' for managing one's passwords?

A) HOW SHOULD I STORE PASSWORDS?
Problems:
1. I need to manage a fairly large number (i.e. 50+). So there are too many to remember.

2. Obviously I don't want to keep them inside a simple unencrypted text file, in case my data gets hacked.

3. If I download dedicated password application how can I trust it?(!)

4. I don't trust 'The Cloud' nor any of the big data owners: google, apple, amazon, drop-box et al.

5. I don't want to be tied to anything that I cant migrate with me onto my next hardware, when I come to upgrade my PC(s).

Either way I dont really want to pay anything (certainly not more than a few dollars) for this security.

I was thinking of using something like TrueCrypt to create a virtual drive (that I encrypt robustly) and then storing my passwords in an ordinary text file.
That way I would have a single master password (for TrueCrypt) which would give access to all the other passwords.
[Aside: Obviously if I forget my master password I'm screwed!]


B) PASSWORD CONVENTIONS
As you know many sites require passwords that meet specific rules e.g.
- At least one upper AND one lower case letter
- At least one digit
- No tripplets (three characters the same next to each other) (iTunes!)
- No more than 16 characters

Double-click problems
Some sites allow extended ASCII characters (e.g. $%^&*) , which give VASTLY better security of course. BUT they are a mighty pain to use regularly because if you double-click using Windows (XP /7 /8), windows doesn't accept extended as being part of 'a word' and ignores the extended ASCII characters in your password. And if you TRIPLE-click, it then selects the entire line! This is a nightmare if you are in and out of passwords all day.

SUMMARY
a) I want passwords that are pretty much secure.
e.g. say 1 trillion years from my desktop to crack according to this site:
https://howsecureismypassword.net
(Not that I trust it not to harvest whatever I put in and use against me!)
This is extremely hard (perhaps impossible) to achieve within 16 characters unless one uses extended ASCII.

b) For day-to-day convenience, I want to absolutely minimize the number of clicks and keystrokes.

c) For low security sites that I dont give a damn about, I just want something easy to type in.


- Any suggestions?

With thanks

J


P.S. For reasons of security I also quite often clear out all cookies.


My System SpecsSystem Spec
.
08 Oct 2013   #2
bigmck

Windows 7 Home Premium 32-Bit - Build 7600 SP1
 
 

I have gone through the same thing. Most of mine I don't worry too much about, like this site. If anyone discovered my password here, what harm could come to me, except someone typing messages under my name, no big deal. The only ones I really worry about are my bank, paypal and ones like that where money is involved. I have a word document with Passwords that is buried in a file and is doubtful anyone could find it.
My System SpecsSystem Spec
08 Oct 2013   #3
indianacarnie

 

This post shames me to a certain extent and prods me in others. I'm one of those dummies that only use a limited number of passwords for all my sites. Been meaning to diversify and will very soon. I am the only person with access to my machine and the passwords I use are fairly secure so I'm comfortable with mine until the end of my season.

Now as to your query and comments ........ I think the TrueCrypt solution you mentioned would be the best. I've used it before in the way you describe and it worked perfectly. Thumb drive for me. Lastpass is a pretty good manager also and I'm sure you'll get other recommendations to it.
My System SpecsSystem Spec
.

08 Oct 2013   #4
ship691

Windows 7 x64 Professional (SP1)
 
 

Double-click selection
After extensive googling I cant find any solution to the double-click not selecting extended ASCII problem. Bl**dy Microsoft :^[

However my partial solution to this double-click selection problem is to store my passwords in an (Excel) spreadsheet, rather then in a text file. A single click on a cell selects it's entire contents, which can then be pasted in to a web page, weird characters and all !

Lastpass
A) it has had security breaches
B) the passwords are stored somewhere in the cloud where they with enough processing power get decrypted.
C) how sure can we be that they haven't coded a backdoor into their system, either deliberately or accidentally.
D) what happens in the event of a war and the state nationalises them?
E) what happens if a trojan/virus installs itself into my system and starts harvesting data e.g. keystrokes
Nice try, but again we cant completely trust it.

Nope - call me old-fashioned by I'd rather store my own passwords thank you.

PW Conventions
Fwiw, some people use a convention that uses the name of the site in question as part of their password. e.g. You might incorporate the first 3 letters of the site in question into the start or the end of your PW. Personally I find that cumbersome and would rather to a control/F to find the PW and copy and paste. Also I have more than one email address which adds to the complication of what needs to be stored...(!)
My System SpecsSystem Spec
08 Oct 2013   #5
Boozad

W7 Pro x64 SP1 | W10 Pro IP x64 | W8.1 Pro x64 VM | Linux Mint VM
 
 

I use a passworded Excel file that opens with the touch of Macro key. I just hope I never forget the password to that!
My System SpecsSystem Spec
08 Oct 2013   #6
ship691

Windows 7 x64 Professional (SP1)
 
 

Just a passworded Excel file, on it's own.... It's a start but, suppose you lost your data on a train would you be happy with that level of security? Really...?
My System SpecsSystem Spec
08 Oct 2013   #7
Fr0st777

Windows 7/8 Pro 64bit
 
 

I would also suggest you use a TruCrypt file for that. Store a Excel File in it and if you are the only user on your machine or nobody else uses your user account your can create a batch file for Autorun to mount your drive at your login.

However this batch file will be visible when executed and show your master password. To fix that there is a way by using a VBScript to hide the CMD window. Forgot where I read that.

This will make it quite comfortable to use. I think you can also have the batch file prompt you for the password in case you find it unsafe in autoruns.

About Password length I'd choose at least 16 characters of all kinds with numbers and digits and make shure to hit the spacebar 1-2 times in the password aswell. That is not very common but helpful and more secure.
My System SpecsSystem Spec
08 Oct 2013   #8
bigmck

Windows 7 Home Premium 32-Bit - Build 7600 SP1
 
 

Are you speaking of very important sites that you are protecting such as your bank or is this just everyday sites that you visit?
My System SpecsSystem Spec
08 Oct 2013   #9
Boozad

W7 Pro x64 SP1 | W10 Pro IP x64 | W8.1 Pro x64 VM | Linux Mint VM
 
 

Quote   Quote: Originally Posted by ship691 View Post
Just a passworded Excel file, on it's own.... It's a start but, suppose you lost your data on a train would you be happy with that level of security? Really...?
If I lost my data on a train I'd be wondering why I had a 30lb+ mid tower rig with me on a train.
My System SpecsSystem Spec
08 Oct 2013   #10
bigmck

Windows 7 Home Premium 32-Bit - Build 7600 SP1
 
 

Quote   Quote: Originally Posted by Boozad View Post
Quote   Quote: Originally Posted by ship691 View Post
Just a passworded Excel file, on it's own.... It's a start but, suppose you lost your data on a train would you be happy with that level of security? Really...?
If I lost my data on a train I'd be wondering why I had a 30lb+ mid tower rig with me on a train.
I once lost my laptop on a train, but there were some nice folks who helped me find it.


Attached Thumbnails
What is 'best practice' for password management?-3xzrffe.jpg  
My System SpecsSystem Spec
Reply

 What is 'best practice' for password management?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Is this a common practice?
Is Steam evil? | News | TechRadar The article is irrelevant, but notice this line: Seriously? It looks like the author was given a topic AND a conclusion, and was forced to write his article so it agrees with that conclusion. That's actually a frightening prospect. How widespread is...
Chillout Room
How to configure advance password management in XP mode?
I run XP mode on Windows 7 pro. The XP mode VM reports: Windows XP Professional Version 5.1 (Build 2600.xpsp_sp3_gdr.111025-1629 : Service Pack 3) Now the problem I have is that managing user accounts from the control panel is missing some standard XP functionality. The User Accounts...
Virtualization
Best Practice for SSD
I've just installed a new SSD to my system as my primary drive. All went well with help from members of this forum. My question is what are "Best Practices for SSD?" In other words: > do you shut it down at night, or put the system in a sleep state > are there new maintenance...
Hardware & Devices
Practice cyberethics
See the suggestions at Cyberethics | Microsoft Security
System Security
Win 7 - Imaging Best Practice
Hi, our company has decided to make the leap from Windows XP to Win 7, skipping Vista altogether. Has anyone come across any good documents for best practice when creating a Windows 7 image for deployment across an enterprise environment? Thanks.
Backup and Restore


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 21:30.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App