New
#1
What is 'best practice' for password management?
Hi
What is the 'best practice' for managing one's passwords?
A) HOW SHOULD I STORE PASSWORDS?
Problems:
1. I need to manage a fairly large number (i.e. 50+). So there are too many to remember.
2. Obviously I don't want to keep them inside a simple unencrypted text file, in case my data gets hacked.
3. If I download dedicated password application how can I trust it?(!)
4. I don't trust 'The Cloud' nor any of the big data owners: google, apple, amazon, drop-box et al.
5. I don't want to be tied to anything that I cant migrate with me onto my next hardware, when I come to upgrade my PC(s).
Either way I dont really want to pay anything (certainly not more than a few dollars) for this security.
I was thinking of using something like TrueCrypt to create a virtual drive (that I encrypt robustly) and then storing my passwords in an ordinary text file.
That way I would have a single master password (for TrueCrypt) which would give access to all the other passwords.
[Aside: Obviously if I forget my master password I'm screwed!]
B) PASSWORD CONVENTIONS
As you know many sites require passwords that meet specific rules e.g.
- At least one upper AND one lower case letter
- At least one digit
- No tripplets (three characters the same next to each other) (iTunes!)
- No more than 16 characters
Double-click problems
Some sites allow extended ASCII characters (e.g. £$%^&*) , which give VASTLY better security of course. BUT they are a mighty pain to use regularly because if you double-click using Windows (XP /7 /8), windows doesn't accept extended as being part of 'a word' and ignores the extended ASCII characters in your password. And if you TRIPLE-click, it then selects the entire line! This is a nightmare if you are in and out of passwords all day.
SUMMARY
a) I want passwords that are pretty much secure.
e.g. say 1 trillion years from my desktop to crack according to this site:
https://howsecureismypassword.net
(Not that I trust it not to harvest whatever I put in and use against me!)
This is extremely hard (perhaps impossible) to achieve within 16 characters unless one uses extended ASCII.
b) For day-to-day convenience, I want to absolutely minimize the number of clicks and keystrokes.
c) For low security sites that I dont give a damn about, I just want something easy to type in.
- Any suggestions?
With thanks
J
P.S. For reasons of security I also quite often clear out all cookies.