Do you have any recommendations of particular programs or solutions for storing passwords?
Any reasons to steer clear these types of programs?
How do you keep your passwords secure and memorable?
Discussion on:
View:
Show:
As security breaches have become very common, it becomes essential to control access to the privileged passwords in enterprises. Password Management Solutions help in controlling access to administrative passwords, besides helping in storing them in a centralized vault.
Administrators get access only to the required passwords. As passwords resides in safe custody, security breaches could be minimized to a great extent.
So, I feel Password Managers are a absolute must.
ManageEngine Password Manager Pro is one such secure vault for storing and managing shared sensitive information such as passwords, documents and digital identities of enterprises.
Visit http://www.manageengine.com/products/passwordmanagerpro/index.html for details
Administrators get access only to the required passwords. As passwords resides in safe custody, security breaches could be minimized to a great extent.
So, I feel Password Managers are a absolute must.
ManageEngine Password Manager Pro is one such secure vault for storing and managing shared sensitive information such as passwords, documents and digital identities of enterprises.
Visit http://www.manageengine.com/products/passwordmanagerpro/index.html for details
Hi williamjones
RoboForm is actually quite useful as a password manager and I believe it is secure too.
RoboForm is actually quite useful as a password manager and I believe it is secure too.
I use roboform pro and really like it. It's pretty secure, and gives me good passwords. I tend to use a generic password for blogs and forums, but a generated password for any website that accesses financial or other confidential information.
It doesn't work with Chrome though, which is the only reason I haven't installed Chrome.
It doesn't work with Chrome though, which is the only reason I haven't installed Chrome.
It integrates a very easy to use encryption form filler, and used with a pass generator, can remember the individual URLs like RoboForm does.
I don't have to remember the extravagantly long passwords, and they can be made exremely complicated. In fact I don't really know what they are myself, as the manager remembers them for me; when I change them, it automatically appends the new change.
A check of my hard drive with ID finder confirms that other personal information is not written to the hard drive without encryption.
I do not work for any man or company I just hate spyware/malware to pieces!
I don't have to remember the extravagantly long passwords, and they can be made exremely complicated. In fact I don't really know what they are myself, as the manager remembers them for me; when I change them, it automatically appends the new change.
A check of my hard drive with ID finder confirms that other personal information is not written to the hard drive without encryption.
I do not work for any man or company I just hate spyware/malware to pieces!
I also use Roboform. It works very well and is very secure. And it has a portable (USB) version and an online version which makes it easy to use almost anywhere. A great product IMHO.
Ive been fairly lazy with same passwords being used across multiple sites important and some not and its fairly risky doing it.
Lately ive been using lastpass which integrates with firefox and IE and only need to login into it in the browser and you can access it all anywhere. Has an autofill option to so you dont need to remember them and it can generate secure passes too.
Bit daunting to have all the passwords stored online though but you can export them if your worried.
Lately ive been using lastpass which integrates with firefox and IE and only need to login into it in the browser and you can access it all anywhere. Has an autofill option to so you dont need to remember them and it can generate secure passes too.
Bit daunting to have all the passwords stored online though but you can export them if your worried.
Roboform does work with FireFox ... use it everyday. Don't know about Chrome, though.
Firefox now has an add-on for RoboForm. Go to Add-ons for FireFox, search on RoboForm, download the tool, and you now have Robo on FireFox.
Cheers.
Cheers.
I was checking out the Roboform site and I see they have an Alpha program available for Chrome.
Pro.
1 uses a master password to encode all the others.
2 has a random character generator, 1-511 characters with 'A-Z' and/or 'a-z' and/or '0-9' and/or whatever special characters you want; you can also exclude the same characters and/or set hexadecimal characters A-Z, 0-9.
3 you can neither have it installed on your PC,or on a USB flash drive, portable on any PC that has a USB port.
con.
RoboForm runs on Microsoft Windows 2000, XP, Server 2003, and Vista (all 32-bit versions).
1 uses a master password to encode all the others.
2 has a random character generator, 1-511 characters with 'A-Z' and/or 'a-z' and/or '0-9' and/or whatever special characters you want; you can also exclude the same characters and/or set hexadecimal characters A-Z, 0-9.
3 you can neither have it installed on your PC,or on a USB flash drive, portable on any PC that has a USB port.
con.
RoboForm runs on Microsoft Windows 2000, XP, Server 2003, and Vista (all 32-bit versions).
I also use goodsync to syn between pc's on network, pendrives, and roboforms website store so I can access from any pc
Sticky Password has all of these features and what is the best on it - it is not delivered through some poor toolbar, but it is integrated right into the browser or any application like Skype, QiP etc.
And for more, it can be unlocked by password and even by phone or USB.
I can only recommend it to all Roboform users, because it is far more better and more simple.
And for more, it can be unlocked by password and even by phone or USB.
I can only recommend it to all Roboform users, because it is far more better and more simple.
I've always used several sets of passwords - one set based off one word for financial, another for places that don't matter much, another for passwords I have to share (email on another person's domain) - and varied them. But it quickly became impossible to remember which variation I'd used on _this_ site. So I had an Excel spreadsheet because I was uncomfortable with letting the browser remember my passwords and very uncomfortable with putting them up in the cloud.
Finally I decided it was time to get a better solution - did some investigation and came up with KeePass. I like the same things you do - open-source and cross-platform, able to install to USB. Also encrypted database, auto-type (though that took a bit of work to set up), and the ability to generate highly secure passwords (I've just started using that).
I have a very secure password for the database itself, which resides on my hard drive and gets regularly transferred to a flash drive for use elsewhere. I'm gradually transforming my standard passwords into more complex ones, which KeePass can do quite easily. The Auto-type is a pain until you figure out that the title of the entry needs to match the title of the window you're going to be using the username and password in for auto-type to work (or there's a way of creating an auto-type for a specific target window, if the title of the window isn't useful to identify what the password is for). You can also use that to do a different sequence than the standard "username-tab-password-return".
It's a good program, with features I'm still figuring out as I go. It's the only one I've used regularly - I had my passwords in my browser for a bit but aside from not working on other computers (Xmarks would fix that) it just made me nervous. KeePass feels a lot safer.
Finally I decided it was time to get a better solution - did some investigation and came up with KeePass. I like the same things you do - open-source and cross-platform, able to install to USB. Also encrypted database, auto-type (though that took a bit of work to set up), and the ability to generate highly secure passwords (I've just started using that).
I have a very secure password for the database itself, which resides on my hard drive and gets regularly transferred to a flash drive for use elsewhere. I'm gradually transforming my standard passwords into more complex ones, which KeePass can do quite easily. The Auto-type is a pain until you figure out that the title of the entry needs to match the title of the window you're going to be using the username and password in for auto-type to work (or there's a way of creating an auto-type for a specific target window, if the title of the window isn't useful to identify what the password is for). You can also use that to do a different sequence than the standard "username-tab-password-return".
It's a good program, with features I'm still figuring out as I go. It's the only one I've used regularly - I had my passwords in my browser for a bit but aside from not working on other computers (Xmarks would fix that) it just made me nervous. KeePass feels a lot safer.
I have used LastPass for a year now as a Home User. I periodically change the password for it but it works fine. Of course any site requiring a higher level of security (e.g, Banks) should never be accessed through Password Management Software.
Sensitive passwords always must be kept separate from "everyday" passwords. And it really needs no software, juist some imagination. I'd give you an example, but then someone might gain access somewhere if it's used.
Security is key, pardon the pun.
Security is key, pardon the pun.
Personally, I enjoy KeePass, though the auto complete is buggy on some sites.
Can anyone recommend a good, locally hosted, client-server solution for managing passwords? We have several users that access the same websites and must use shared credentials. It would be nice to have a central password repository that can be accessed and updated by any authenticated user (and can be backed up). Thanks!
Can anyone recommend a good, locally hosted, client-server solution for managing passwords? We have several users that access the same websites and must use shared credentials. It would be nice to have a central password repository that can be accessed and updated by any authenticated user (and can be backed up). Thanks!
Mine is Passordvault from Lava Software.
This app is very reliable and the customer service is friendly.
It also include a to go version so that you could cary your password safely on trips.
Better still it has a sync feature to sync the passwords on all of your computers.
I run it for years from the beginning without any problems.
This app is very reliable and the customer service is friendly.
It also include a to go version so that you could cary your password safely on trips.
Better still it has a sync feature to sync the passwords on all of your computers.
I run it for years from the beginning without any problems.
You have to group passwords according to risk.
I am on multiple blog and other sites, which have little or no personal information and to be honest I don't really care if they get hacked. They all get the same Id and password if possible.
As you move up the risk profile the passwords get harder and different.
I am on multiple blog and other sites, which have little or no personal information and to be honest I don't really care if they get hacked. They all get the same Id and password if possible.
As you move up the risk profile the passwords get harder and different.
The one I use is free and is called Password Corral by Cygnus Productions.
Can be found here:
http://www.cygnusproductions.com/freeware/pc.asp
Hope this helps someone.
Ttyl, Gary
Can be found here:
http://www.cygnusproductions.com/freeware/pc.asp
Hope this helps someone.
Ttyl, Gary
William,
I use Accesmanager 2 to store my passwords. Has very high encryption and you can run it on a USB memory stick without storing any data on your hard drive. You can then lock the USB memorystick away safely. I have tried various ones but have settled on this one
Regards
Gerry
I use Accesmanager 2 to store my passwords. Has very high encryption and you can run it on a USB memory stick without storing any data on your hard drive. You can then lock the USB memorystick away safely. I have tried various ones but have settled on this one
Regards
Gerry
I found it is very good. The main reason I use it is because you can install the program and passwords onto a USB memory stick so you can carry it around with you.
That way, you have no details, passwords etc on your PC at all. All I have on the PC is a shortcut to the file on the memory stick, which I lock away when not using it at home.
It is fully encrypted anyway in case you lose it.
Hope this helps
Regards
Gerry
That way, you have no details, passwords etc on your PC at all. All I have on the PC is a shortcut to the file on the memory stick, which I lock away when not using it at home.
It is fully encrypted anyway in case you lose it.
Hope this helps
Regards
Gerry
The LastPass is my password manager for a couple of simple reasons:
- centralized;
- free;
- good browser integration.
But I try to avoid placing critical passwords online.
- centralized;
- free;
- good browser integration.
But I try to avoid placing critical passwords online.
Absolutely! In fact, anyone who does not should get offline and quick 
Being in the industry for so long, you learn just how easy and vulnerable an unprotected machine is. I've worked with keyloggers for test purposes of course; and you can see just how easy it is to sniff peoples information. Including machines with the latest virus software installed!
I use a product called 1password by Agile. This is by far the best product I have used. It's only available on a Mac, and again, this is the only machine I would use to connect to anything online such as banking etc.
So you can take the password database with you, it syncs with a partner app on the iPhone, this is two part encrypted.
Take a look at 1Password, and think about getting a Mac or getting away from Windows. This is not a fanboi btw. honest.
My forte has been security for at least the past 14 years and experience has taught me never to trust a Windows system.
Although it can be locked down and secured etc (see ISA firewall appliances) it rarely is, therefore I can't help but have little confidence as I do in a Nix* system.
Being in the industry for so long, you learn just how easy and vulnerable an unprotected machine is. I've worked with keyloggers for test purposes of course; and you can see just how easy it is to sniff peoples information. Including machines with the latest virus software installed!
I use a product called 1password by Agile. This is by far the best product I have used. It's only available on a Mac, and again, this is the only machine I would use to connect to anything online such as banking etc.
So you can take the password database with you, it syncs with a partner app on the iPhone, this is two part encrypted.
Take a look at 1Password, and think about getting a Mac or getting away from Windows. This is not a fanboi btw. honest.
My forte has been security for at least the past 14 years and experience has taught me never to trust a Windows system.
Although it can be locked down and secured etc (see ISA firewall appliances) it rarely is, therefore I can't help but have little confidence as I do in a Nix* system.
since you been in security so long you probably know OSX days are numbered. It is just a matter of time, until someone cracks the kernel.
Remember NIX has had a vulnerability in it for 8 years, and no one caught it. OSX has been out of the open source loop for a while; how long before a zero day fault in that armor is found?
Remember NIX has had a vulnerability in it for 8 years, and no one caught it. OSX has been out of the open source loop for a while; how long before a zero day fault in that armor is found?
My JCitizen, first of all I do appologise for such a late reply, I have only just caught up with TR, been very busy.
Yes, of course. Like anything, it's only time before something changes. This does apply to everthing though. Just that when you say that in relation to a Microsoft product, it's just not that much time is it?
Hey, dont get me wrong, what they do is very good. They make a useable product, works on all hardware of sorts, it has the major market etc. Just make sure the underpinnings of a windows infrastructure (and the world over it usually is) is not Windows.
Yes, Windows 7 on desktops in your organisation, but lets face it. The big guys buzzing in the server rooms keeping everyone safe is usually Solaris/Nix etc.
I digress, yes, write your password down, lock it in your draw, use a credible proven tried tested password manager. All better practice than trying to make something up thats hard to guess and inserting 1's for I's yawn.
Thanks JCitizen, again sorry for late reply.
Yes, of course. Like anything, it's only time before something changes. This does apply to everthing though. Just that when you say that in relation to a Microsoft product, it's just not that much time is it?
Hey, dont get me wrong, what they do is very good. They make a useable product, works on all hardware of sorts, it has the major market etc. Just make sure the underpinnings of a windows infrastructure (and the world over it usually is) is not Windows.
Yes, Windows 7 on desktops in your organisation, but lets face it. The big guys buzzing in the server rooms keeping everyone safe is usually Solaris/Nix etc.
I digress, yes, write your password down, lock it in your draw, use a credible proven tried tested password manager. All better practice than trying to make something up thats hard to guess and inserting 1's for I's yawn.
Thanks JCitizen, again sorry for late reply.
I run a honeypot lab, and malware are my thing actually. I like fighting the problems. I'm sure you'd agree, I'd be bored using a Mac! HA!
However, even I would like to go to SnowLeopard x64 with MythTV integrated to hopefully run cable DVR work, and hopefully run the DRM gauntlet successfully.
I'd hate to think what a rig like that would cost with 8Gbs of RAM, but maybe ebay can result in a hardware gain.
Wish me luck if you ever find the time to pass this way again.
However, even I would like to go to SnowLeopard x64 with MythTV integrated to hopefully run cable DVR work, and hopefully run the DRM gauntlet successfully.
I'd hate to think what a rig like that would cost with 8Gbs of RAM, but maybe ebay can result in a hardware gain.
Wish me luck if you ever find the time to pass this way again.
Keepass inside a TrueCrypt container on a flash drive.
Right so when your computer gets hacked and all your passwords go along with it, you can thank the password management program for it. Because the average user thinks phishing is only done by the lake with a can of beer... Stop being lazy!
Are you advocating that password managers aren't safe? The database isn't just hanging wide open. It's encrypted, and in my case, the database is within an encrypted Truecrypt volume. This isn't a text file labeled passwords, I think it's a little more secure than that.
This little program has worked well for me.
It allows me to store several differnet types of information for each site, program etc, that I need.
It's smallenough to keep on a flash drive if you whish, and from what I am told, unless you know the master password to access it, no one is going to open it.
question about the open surce program mentioned earlier on, I'm no exspert on open source but I do understand the concept that it allows others to work on and improve the software, at least that's my understanding. If that's the case would it not be a bit less secure from those who know open source programming, reverse engenering?
thanks.
It allows me to store several differnet types of information for each site, program etc, that I need.
It's smallenough to keep on a flash drive if you whish, and from what I am told, unless you know the master password to access it, no one is going to open it.
question about the open surce program mentioned earlier on, I'm no exspert on open source but I do understand the concept that it allows others to work on and improve the software, at least that's my understanding. If that's the case would it not be a bit less secure from those who know open source programming, reverse engenering?
thanks.
And when you back up the Passwords Plus database, you need the master password to restore it, so I do not feel too vulnerable storing backups in the cloud. Exports into csv are plaintext however, so you have to take a little care there.
Absolutely! My brain is alread overtaxed trying to remember too many things! I've been using eWallet for several years and find its ability to sync with my cell phone is terrific. My passwords and other important data are always handy and encrypted in my Smartphone.
I recommend (a) hobbies that are unique to all of us and tend to be things WE never ever forget. I build ship models so I can associate the name of the ship with a significant year. Secondly, corporate accounts should have a common but unique syntax that is enforced.
Yes, though I'm not an IT specialist.
I use Roboform and have about 100 pages of passwords recorded in it - printed pages I mean - so that's maybe 1000 passwords. I joined a lot of schemes, forums, download programs, memberships etc in the Internet Marketing field!
I use Roboform and have about 100 pages of passwords recorded in it - printed pages I mean - so that's maybe 1000 passwords. I joined a lot of schemes, forums, download programs, memberships etc in the Internet Marketing field!
I use the same password pattern at every web site, but I use www.pwdhash.com to scramble it into a complex password. I get to remember it the easy way, but the web site sees only my complex one. I use a software product (InfoKeep) to keep a list of those passwords just in case.
Passwords Plus by DataViz. It runs under Wine in Linux too. And I keep the most useful of the dozens of passwords in the password keeper app on my smartphone for convenience.
Try KeePass, it's FREE, opensource.
It seems to work great, i haven't tried any others though.
It seems to work great, i haven't tried any others though.
I just remember one password - and Identity Safe logs me on with varied complex passwords. The list can be transferred from one computer to another with a flash drive & your master password. - As with any password manager, memorize your master password and don't write it down anywhere for obvious reasons.
you can keep unbelievable difficult passwords to crack, and you don't have to remember them or even attempt to write them down. When they get changed ID safe asks you if you want to append the new password.
Piece of cake!
Piece of cake!
I use KeePass on Windows and KeePassX on Linux/OSX. I have it require both a password and a keyfile which I keep on a flashdrive, which is kept with me.
It's the only one that I have found so far that is truly cross platform and I can use for both work and home.
I have been using LastPass as a Firefox plugin for awhile now and it has really been a great help!
I keep them all in an encrypted excel spreadsheet. I only have to remember the password to the spreadsheet. Inside are my username, password, URL, security question, etc. I also use white font on white background in case anyone walks by while I have it open. The cell value shows up at the top only, not in the cell itself.
takes a snapshot of your passwords when viewing or appending the spreadsheet.
I know AV/AS solutions should prevent that, but since XP, their haven't been any good Input/Output firewalls for Vista, or 7.
I know AV/AS solutions should prevent that, but since XP, their haven't been any good Input/Output firewalls for Vista, or 7.
The problem with some of the password managers listed above is that they store passwords on the hard drive. This is generally not a good idea, whether the dbase of passwords is encrypted or not.
Like www.pwdhash.com, passwordmaker.org uses a master password to generate an encrypted password. Unlike www.pwdhash.com, passwordmaker.org never sends anything to the web server. PasswordMaker uses javascript or html to generate the password, which is more secure than sending information back and forth to the web server.
Password Maker is available across all platforms, accessible online at http://passwordmaker.org/passwordmaker.html, as well as a Mac Widget and firefox addon. All you have to remember is the url string and the master password. You can also assign usernames for each website. You can save the master password to the disk, but I don't recommend this. I type in the master password every time I need to enter my password, then just copy the result password to my login credentials and log into the desired site.
This service offers a number of encryption schemes, such as MD4, MD5 Ver 6, SHA-1, SHA-256 (recommended), and several others.
All of my login passwords are different, using a few different master passwords. I can even access my passwords on my mobile device via the online method, or running a javascript plugin.
Again, you don't have to be connected to the server to get your password, it is all client-side, which adds to the security.
Like www.pwdhash.com, passwordmaker.org uses a master password to generate an encrypted password. Unlike www.pwdhash.com, passwordmaker.org never sends anything to the web server. PasswordMaker uses javascript or html to generate the password, which is more secure than sending information back and forth to the web server.
Password Maker is available across all platforms, accessible online at http://passwordmaker.org/passwordmaker.html, as well as a Mac Widget and firefox addon. All you have to remember is the url string and the master password. You can also assign usernames for each website. You can save the master password to the disk, but I don't recommend this. I type in the master password every time I need to enter my password, then just copy the result password to my login credentials and log into the desired site.
This service offers a number of encryption schemes, such as MD4, MD5 Ver 6, SHA-1, SHA-256 (recommended), and several others.
All of my login passwords are different, using a few different master passwords. I can even access my passwords on my mobile device via the online method, or running a javascript plugin.
Again, you don't have to be connected to the server to get your password, it is all client-side, which adds to the security.
to obfuscate the typing your doing on the client side too.
Your link didn't work, so I can't comment on the capability.
Your link didn't work, so I can't comment on the capability.
Using an online password manager, Mitto (http://mitto.com)
I use Password Safe, free download on SourceForge. I have used it for the past Decade, and with 100% satisfaction and performance!!!
Go Robo!!!! I'd be lost without it. I use both the resident application as well as the USB flavor. It allows me to make passwords very long and complex and yet I never have to worry about remembering them. Combined with a good synch software and internet web storage I'm synched and locked down 24/7 365 from anywhere on the planet with internet access.
One word KeePass
Opens source and works great
Opens source and works great
I came up with a system that lets me "know" all my passwords without recording them anywhere. It's not perfect, but basically I use a simple substitution system based on the name of the site or software that requires the password. That way, all the passwords are different, they all use uppercase/lowercase/numbers/symbols in an apparently unpredictable way, and they're also easy to remember.
That said, I do keep a file on my computer that contains all my passwords. It's part of my "What if I got hit by a bus?" file--which contains all sorts of information that would allow family, coworkers, and friends to keep various projects that I care about going even if something unexpected were to happen to me. The passwords used to be in AnyPassword, which I really liked, but since my newer computer runs Vista I had to give AnyPassword up--so they're actually in OneNote now. It works.
That said, I do keep a file on my computer that contains all my passwords. It's part of my "What if I got hit by a bus?" file--which contains all sorts of information that would allow family, coworkers, and friends to keep various projects that I care about going even if something unexpected were to happen to me. The passwords used to be in AnyPassword, which I really liked, but since my newer computer runs Vista I had to give AnyPassword up--so they're actually in OneNote now. It works.
And it's worked for many years now!
Love it, and it is inexpensive...
HTH
Love it, and it is inexpensive...
HTH
If you are a sieve head and can't remember passwords, carry a "little black book" with the relevant details of accounts and passwords - Really, how safe is a lump of software to use to save passwords, when you can find passwords etc. to circumvent the registration of said software ... ?!?!?!
and if their security for registration can be bypassed - what other features of that database can be hacked as well ...
Rather like those chain letter emails which ask to be passed to as many "friends" as possible, only to be monitored by a scam site which harvests emails for its propagation use ...
Think about it !
and if their security for registration can be bypassed - what other features of that database can be hacked as well ...
Rather like those chain letter emails which ask to be passed to as many "friends" as possible, only to be monitored by a scam site which harvests emails for its propagation use ...
Think about it !
When you have dozens of PCs to manage and 100's of applications and websites.
Even a little black book is struggling with that much data, and if you lose it .....
I do not trust these passwords to PC's or Browsers, or the cloud. A password vault on a PDA is my solution.
But I will confess to letting FF remember a common PW for those myriad sites where you have to register/login to get information and drivers etc.
Even a little black book is struggling with that much data, and if you lose it .....
I do not trust these passwords to PC's or Browsers, or the cloud. A password vault on a PDA is my solution.
But I will confess to letting FF remember a common PW for those myriad sites where you have to register/login to get information and drivers etc.
Hey, great poll and article. I can't imagine my life without password manager. And the the best one I've found on the market is Sticky Password http://www.stickypassword.com
Integrated into browser or application, easy, very secure, just great. I can only recommend it to all of you.
Integrated into browser or application, easy, very secure, just great. I can only recommend it to all of you.
Quite addictive actually, I store everything there, carry the encrypted backup with me on USB stick and have no trouble logging quickly and safely from anywhere.
Actually finally changed passwords on all my accounts to more sophisticated ones (created easily by StickyP) since I do not have to remember them. Good bye to three passwords for 50 sites:-)
Actually finally changed passwords on all my accounts to more sophisticated ones (created easily by StickyP) since I do not have to remember them. Good bye to three passwords for 50 sites:-)
It's opensource, secure, transportable, and easy to use. I did use Bruce Schneier's Password Safe previously, and probably would be still, but KeePass came around in a portable version and that convinced me to change. Its database is on the same thumbdrive as the app itself, and I use Pegtop's PStart as the UI to easily kick the app into life. Wrapping it in TruCrypt is a good additional step.
Yes but the only way to go is to use this toolhttp://www.hpl.hp.com/personal/Alan_Karp/site_password/index.html
I have used this free tool for 3 years and it is perfect! Thanks Alan
I have used this free tool for 3 years and it is perfect! Thanks Alan
Yes, I like password programs that are secure as long as it doesn't use over-kill ideas.
I use HP Canada Password Safe. it is a very small program I only havbe to remember one password and this lists all the others.The HP Canada Password Safe uses 128-bit Blowfish encryption to store your data securely. This encryption ensures that only a user with your password will be able to access the information you store in the HP Canada Password Safe.
I've tried others, but his one seems most user-friendly. But then, I'm really user-friendly and I could see it in a different light.
I use HP Canada Password Safe, version 3.1
Questions regarding this software and accompanying
documentation must be made to:
By Mail:
HP Canada Password Safe
77 Mowat Avenue, Suite 507
Toronto, ON
M6K 3E3
By email:
passsafe@hpknows.com
All inquiries must include the Product Name and Version.
I've tried others, but his one seems most user-friendly. But then, I'm really user-friendly and I could see it in a different light.
I use HP Canada Password Safe, version 3.1
Questions regarding this software and accompanying
documentation must be made to:
By Mail:
HP Canada Password Safe
77 Mowat Avenue, Suite 507
Toronto, ON
M6K 3E3
By email:
passsafe@hpknows.com
All inquiries must include the Product Name and Version.
I use Deepnet browser, and one reason is the good password file it has.
Occassionaly I have to use Explorer, and it is a mess: if you make a mistake, you cannot undo it, and if once you say "dont keep" it will NEVER keep. And I cannot access the file to delte the mistaken ID...
Occassionaly I have to use Explorer, and it is a mess: if you make a mistake, you cannot undo it, and if once you say "dont keep" it will NEVER keep. And I cannot access the file to delte the mistaken ID...
As above, I asked my boss if it wouldn't be a good idea to move away from the horrible way they stored sensitive usernames/passwords etc. in Outlook Notes (!).
I suggested KeePass, seemed the easiest to use and has synchronizing capabilities when more than one are working on the file at once, less implementation and hassle.
While I had to listen to some complaining about "yet another program" and "I'm not logged on to the network so can't access the file", for the most part a lot of time has been saved in just by not asking around for recent password updates...
Haakon
I suggested KeePass, seemed the easiest to use and has synchronizing capabilities when more than one are working on the file at once, less implementation and hassle.
While I had to listen to some complaining about "yet another program" and "I'm not logged on to the network so can't access the file", for the most part a lot of time has been saved in just by not asking around for recent password updates...
Haakon
I like Sticky Password because it stores my passwords on my computer not somewhere online and it also has the portable version included, so I'm never without my passwords. Since I've been using sticky password I've been able to increase the strength of my passwords and I don't have to get all those 'remind me of my password' emails for my accounts. AND it supports programs too! http://www.stickypassword.com
This is what I live about my ID safe in my Norton Product, but plenty of good solutions for free, are posted here!
well the laptops entire file system is encrypted with 256 aes with 18 character random pass upon every boot/recover from hibernation and i keep all passwords in another 128 or 256 encrypted database managed by infokeep 1.4 within the encrypted file system. had it for many years, infact 9 years! never use open wireless, always use 256bit 63 character wpa-psk that is changed every few months! any more security than that is too much hassle! if anyone wants to get in, they will eventually regardless!
Love Roboform2go Pro on U3,Specifically for multiple profiles,RoboForm Online as a backup with free Goodsync use,and Safenotes.Very Valuable App.
currently holding 15 different passwords in my head, should I list them?
Guess not.
Should I write them down?
I hope I never have to. My passwords are linked to life experiences that if I forget, well nothing will matter at all anyway.
A software to store my passwords, what if it fails?
No, I will continue to rely on my memory, just another exercise for my aging brain. I think.
Guess not.
Should I write them down?
I hope I never have to. My passwords are linked to life experiences that if I forget, well nothing will matter at all anyway.
A software to store my passwords, what if it fails?
No, I will continue to rely on my memory, just another exercise for my aging brain. I think.
Why get fancy? I just use an Excel spreadsheet that is password protected. I can put the sheet on a USB drive and carry it with me anywhere.
I've used this for at least 10 years (why fix it if...). It is encrypted, portable, customizable, quiet, generates random passwords according to your own specs (length, types of characters, etc.), floats if you want it to. Friendly support, decent Forum. Free limited use (20 passwords) and good price (Euro 29).
I neglected to mention that Password Depot automatically completes logon steps without typing or tabbing, etc. Also, the clipboard is monitored to determine if any applications are monitoring it (keyloggers will do this as well as monitor the keyboard) and will notify the user BEFORE anything goes to the clipboard. The user can approve the app that is monitoring the clipboard.
Just wondering; I assume you mean a clipboard to the application and not to the operating system.
Just read somewhere on TR about this recently.
Very hard to keep things from keyloggers on public hardware.
Just read somewhere on TR about this recently.
Very hard to keep things from keyloggers on public hardware.
It is my understanding that it monitors the Windows clipboard and watches for all applications. Not sure how it does it but it has deteced Itunes, Excel, Word, and Foxfire that I have approved and have not seen any other heinous apps. I keep a pretty clean system so I don't think I have any nosy apps.
In addition, it also clears the clipboard after a designated amount of time.
Passwords are also encrypted.
You can check Password Depot out at Acebit.com...both German and English are supported.
I also saw the an article on Windows Secrets about Keyloggers...I wrote to them about PD but haven't heard back yet.
Sorry, I'm not sure what you mean about video hooks.
In addition, it also clears the clipboard after a designated amount of time.
Passwords are also encrypted.
You can check Password Depot out at Acebit.com...both German and English are supported.
I also saw the an article on Windows Secrets about Keyloggers...I wrote to them about PD but haven't heard back yet.
Sorry, I'm not sure what you mean about video hooks.
spy-ware has the capability to monitor "hooks" in the hardware layer at the input/output level. In XP, Snoopfree Privacy Shield can detect and block these to ANY process running on the PC. Basically an I/O firewall.
However this does not help on PCs not under you control. Most good encryption software, intercepts the data before it can reach any keyboard hooks.
However video hooks can take snapshots of SSL sessions to discover user IDs and secret questions, multi-factor authentication, etc.
Authors at Windows Secrets claim this capability is taxing to the CPU and makes the system unstable, which supposedly puts the malware author at a disadvantage. But this does not hold water in my lab tests.
I have had many unwelcome video spywares on my honeypot lab system units that exhibited no instability or any behavior odd at all, other than Snoopfree popping alerts that they were trying to read my screen.
Some screen reading behavior is normal for some applications, but they are poorly written in my opinion. No one needs to be reading your screen in an SSL session; that is just not kosher!
Anytime this information can be intercepted before reaching the hard-drive is good as well, as some spyware only has to do a quick scan of the hard drive to look for sensitive information. This is done quite rapidy, and with no outward detectable behavior.
The anti-keylogger/spyware methods on that Windows Secrets article was quite eye opening but notice the author was not definitive about 100% defeat of every type of method and madness out there.
It is a very discouraging situation, and reading their article and user reviews at CNET, is paramount, to see which utilities can win the war against this despicable criminal activity
However this does not help on PCs not under you control. Most good encryption software, intercepts the data before it can reach any keyboard hooks.
However video hooks can take snapshots of SSL sessions to discover user IDs and secret questions, multi-factor authentication, etc.
Authors at Windows Secrets claim this capability is taxing to the CPU and makes the system unstable, which supposedly puts the malware author at a disadvantage. But this does not hold water in my lab tests.
I have had many unwelcome video spywares on my honeypot lab system units that exhibited no instability or any behavior odd at all, other than Snoopfree popping alerts that they were trying to read my screen.
Some screen reading behavior is normal for some applications, but they are poorly written in my opinion. No one needs to be reading your screen in an SSL session; that is just not kosher!
Anytime this information can be intercepted before reaching the hard-drive is good as well, as some spyware only has to do a quick scan of the hard drive to look for sensitive information. This is done quite rapidy, and with no outward detectable behavior.
The anti-keylogger/spyware methods on that Windows Secrets article was quite eye opening but notice the author was not definitive about 100% defeat of every type of method and madness out there.
It is a very discouraging situation, and reading their article and user reviews at CNET, is paramount, to see which utilities can win the war against this despicable criminal activity
Been using Roboform for quite some time and find it's a blessing, considering the great number of logins required for 'benign' sites, such as e-magazines,information sites, etc. The danger of course is that if the intial password is discovered, you are totally compromised. However that one password can be well protected and is less likely to be hacked or stolen.
I use KeepPass both the installed version and the portable version for my USB drive. Lots of times when I go to a new website, I find I need to set up a new account. So how in the world could I remember them all? I do a few that I re-use, but only in areas that I feel are pretty safe to start with.
I use Open Office Calc to store websites, user names, and passwords. Also MS Excel works good for this task.
don't forget to lock the USB of floppy your using to provide these solutions to Mobil password safes.
Wouldn't want the bad guys hopping on board your device and pwning you key safe would you?
Wouldn't want the bad guys hopping on board your device and pwning you key safe would you?
We have to have too many passwords... What is needed is biomentric protection so one does not need to rember a bazzilion different complex %@#$*##dam passwords.
RoboForm is a software easy to understand and use. Secure and fast. I use it for everything - passwords, secure notes etc. It uses modern encryption algorithms and is ready to protect any password/login or bookmark you offer it.
I am not in favour of working in a closed environment, i.e. firewalled company network, and also having to change my password every 2 months, not being able to use the same password again for 12 months and then having to remember increasingly complex passwords without writing them down.
What is the point of making a company network so secure and then expecting users to dream up new passwords every 2 months.
I am a system administrator. I have a complex password that I have never changed on my UNIX systems. Security on those systems has never been breached.
The powers that be dream up rules but don't subject themselves to the same environment, perhaps only having to log on to a single system. We all know that managers only need email, right! Goodness knows how they would go supporting a dozen or so different systems and juggling a set of unique complex passwords in their heads.
Password keeping software is fine for some. But the reality is that it is useless for you if you are unale to log onto your computer to access the software to tell you your passwords or you have to store it on some portable media thta represents a greater risk if lost in the public domain.
What is the point of making a company network so secure and then expecting users to dream up new passwords every 2 months.
I am a system administrator. I have a complex password that I have never changed on my UNIX systems. Security on those systems has never been breached.
The powers that be dream up rules but don't subject themselves to the same environment, perhaps only having to log on to a single system. We all know that managers only need email, right! Goodness knows how they would go supporting a dozen or so different systems and juggling a set of unique complex passwords in their heads.
Password keeping software is fine for some. But the reality is that it is useless for you if you are unale to log onto your computer to access the software to tell you your passwords or you have to store it on some portable media thta represents a greater risk if lost in the public domain.
I have used Password Safe ver 1.7 for 10 years. It has served me well and it was free.
Yes! I am very happy with a freeware utility for Firefox and Internet Explorer called "LastPass." It does an excellent job for all things password related, ie: auto-login, encrypted passwords, password generator, yubikey support, fill form profiles, secure notes, etc.. and best of all, none of my passwords are stored on their server, so I don't have to worry about their website being compromised and having to change all of my passwords. There is an premium version but it is geared towards businesses and has no effect on the single user, like it isn't crippleware.
I am in favor of this type of software and I use RoboForm. It now works with Firefox.
probably the last password safe I'll ever need! Works even better that the Identity Safe feature in NIS 2010!
LastPass is a piece of cake!
LastPass is a piece of cake!
Yeah, it's a little late to reply here, but I missed this one last year. I use Bruce Schneier's Password Safe for Windows: http://www.schneier.com/passsafe.html. It's free, open source, easy to use, and designed by the world's premier security expert. That's hard to beat.
The only thing I don't know is whether it's cross-platform. The executable is pwsafe.exe, same as the pwsafe in Linux, but that could be coincidental.
The only thing I don't know is whether it's cross-platform. The executable is pwsafe.exe, same as the pwsafe in Linux, but that could be coincidental.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
