Managing large numbers of passwords
Locked
Managing large numbers of passwords
 
|
http://m.phys.org/news/2013-12-scheme-visual-cues-people-multiple.html
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Managing large numbers of passwords
|
|
Interesting, but sounds pretty boring. Probably more useful for studying how our minds work than for as a practical tool for remembering passwords.
My preference lately is the “password vault” solution of LastPass, 1Password, etc. I’d rather remember one really obscure phrase or made-up word with lots of punctuation than 100 such words or phrases. But then, if my master passphrase or password got cracked, my accounts could be toast. Gary On Dec 4, 2013, at 12:33 PM, Carl <[hidden email]> wrote: > http://m.phys.org/news/2013-12-scheme-visual-cues-people-multiple.html ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Managing large numbers of passwords
|
Administrator
|
It will fail. Why? Each fucking site has different rules for password creation. I ran into that when I started using a scheme that was easy to remember/type and unique for all sites.
BTW it mentions 100 passwords. What planet is he living on? I be we all have at least 400, 300 of which we don't even know we have. I've been on the net since it started and have more sites that I can name. Indeed, I started using 1Passward last year just to collect slowly over time all my logins. I'm at 150 now and during the christmas season I discover many that I have because I bought a gift! QVC for heavens sake!
Look: this whole PW thing HAS to be simplified. Yes we all have schemes for managing logins. But they have lots of failure cases. 2-factor isn't too bad but is a pain at times, especially when you change hardware that you'd like to be "trusted". And the billions of different rules for passwords for given sites is horrid.
I think a combo of a simple set of passwords and 2-factor may become my standard, especially with OAuth allowing logging in with Google and others that support 2-factor.
My brain is too small.
-- Owen
On Wed, Dec 4, 2013 at 10:48 AM, Gary Schiltz <[hidden email]> wrote: Interesting, but sounds pretty boring. Probably more useful for studying how our minds work than for as a practical tool for remembering passwords. ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Managing large numbers of passwords
|
|
More to the point, our brains are too small and our years too few to fill with mindless drivel. Better to use them writing poetry, creating a better world, or even reading and writing FRIAM posts :-)
On Dec 4, 2013, at 1:45 PM, Owen Densmore <[hidden email]> wrote: > My brain is too small. > > -- Owen ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Managing large numbers of passwords
|
Administrator
|
Agreed. And do you know one of the biggest problems? Phones! Yes, 1Password and others run on phones, but mainly for browser logins. Then cam "apps". Browser's could't keep up with the demands of phone apps so the devs had to go to "native" apps, or more general PhoneGap type apps. Yes iP can work with them but you have to cut/paste to use them which is a total pain in the rear.
Possibly apple's new phones with thumb recognition will simplify things .. you'll have a "key chain" in the sky. But it'll be broken by the bad guys too, I guess. And depends on the apple ecology which I find too incomplete compared with google.
-- Owen
On Wed, Dec 4, 2013 at 11:50 AM, Gary Schiltz <[hidden email]> wrote: More to the point, our brains are too small and our years too few to fill with mindless drivel. Better to use them writing poetry, creating a better world, or even reading and writing FRIAM posts :-) ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Managing large numbers of passwords
|
|
In my as yet brief use of LastPass, it is very good on my Mac (and probably equally good on Windows). I haven’t yet even tried it on my iPad or iPhone, but the problem there is that mobile Safari doesn’t support plugins, so the kinds of content rewriting that the plugins must do to work seamlessly with the browser can’t be implemented. I don’t know if this is just a problem with Safari, but it seems to be a restriction with iOS generally, being a highly restricted ecosystem. I suppose Android would be less restrictive, although I don’t have any experience with it.
Gary On Dec 4, 2013, at 1:56 PM, Owen Densmore <[hidden email]> wrote: > Agreed. And do you know one of the biggest problems? Phones! > > Yes, 1Password and others run on phones, but mainly for browser logins. > > Then cam "apps". Browser's could't keep up with the demands of phone apps so the devs had to go to "native" apps, or more general PhoneGap type apps. Yes iP can work with them but you have to cut/paste to use them which is a total pain in the rear. > > Possibly apple's new phones with thumb recognition will simplify things .. you'll have a "key chain" in the sky. But it'll be broken by the bad guys too, I guess. And depends on the apple ecology which I find too incomplete compared with google. > > -- Owen > > > On Wed, Dec 4, 2013 at 11:50 AM, Gary Schiltz <[hidden email]> wrote: > More to the point, our brains are too small and our years too few to fill with mindless drivel. Better to use them writing poetry, creating a better world, or even reading and writing FRIAM posts :-) > > On Dec 4, 2013, at 1:45 PM, Owen Densmore <[hidden email]> wrote: > > > My brain is too small. > > > > -- Owen ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Managing large numbers of passwords
|
|
I certainly do not want to rely on mnemonics, and I find it (almost)
astonishing that people would devote time to developing a mnemonic method. I long ago came up with a simple two-step device to keep track of my 100's of passwords: It is called a spreadsheet. All you need to remember is the password to get into the spreadsheet. This is my "key chain". My method only works on a device where I can access my spreadsheet, but that is not an issue for me. I think this could be easily adapted to other devices, were I so motivated. Joe On 12/4/13, 12:09 PM, Gary Schiltz wrote: > In my as yet brief use of LastPass, it is very good on my Mac (and probably equally good on Windows). I haven’t yet even tried it on my iPad or iPhone, but the problem there is that mobile Safari doesn’t support plugins, so the kinds of content rewriting that the plugins must do to work seamlessly with the browser can’t be implemented. I don’t know if this is just a problem with Safari, but it seems to be a restriction with iOS generally, being a highly restricted ecosystem. I suppose Android would be less restrictive, although I don’t have any experience with it. > > Gary > > On Dec 4, 2013, at 1:56 PM, Owen Densmore <[hidden email]> wrote: > >> Agreed. And do you know one of the biggest problems? Phones! >> >> Yes, 1Password and others run on phones, but mainly for browser logins. >> >> Then cam "apps". Browser's could't keep up with the demands of phone apps so the devs had to go to "native" apps, or more general PhoneGap type apps. Yes iP can work with them but you have to cut/paste to use them which is a total pain in the rear. >> >> Possibly apple's new phones with thumb recognition will simplify things .. you'll have a "key chain" in the sky. But it'll be broken by the bad guys too, I guess. And depends on the apple ecology which I find too incomplete compared with google. >> >> -- Owen >> >> >> On Wed, Dec 4, 2013 at 11:50 AM, Gary Schiltz <[hidden email]> wrote: >> More to the point, our brains are too small and our years too few to fill with mindless drivel. Better to use them writing poetry, creating a better world, or even reading and writing FRIAM posts :-) >> >> On Dec 4, 2013, at 1:45 PM, Owen Densmore <[hidden email]> wrote: >> >>> My brain is too small. >>> >>> -- Owen > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com > -- "Sunlight is the best disinfectant." -- Supreme Court Justice Louis D. Brandeis, 1913. ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Managing large numbers of passwords
|
Administrator
|
Just out of curiosity, how many of us have a reasonable idea of the number of logins we have? At a guess, I'd say I have over 200 simply because over the last year I have logged 150+ in 1Password.
One good source, btw, is the monthly mail-list reminders.
-- Owen
On Wed, Dec 4, 2013 at 9:37 PM, Joseph Spinden <[hidden email]> wrote: I certainly do not want to rely on mnemonics, and I find it (almost) astonishing that people would devote time to developing a mnemonic method. I long ago came up with a simple two-step device to keep track of my 100's of passwords: It is called a spreadsheet. All you need to remember is the password to get into the spreadsheet. This is my "key chain". My method only works on a device where I can access my spreadsheet, but that is not an issue for me. I think this could be easily adapted to other devices, were I so motivated. ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Managing large numbers of passwords
|
|
~240 accounts stored in keepass. -- rec -- On Thu, Dec 5, 2013 at 10:03 AM, Owen Densmore <[hidden email]> wrote:
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Managing large numbers of passwords
|
|
About 900, but not all are active.
On 12/5/13, 10:08 AM, Roger Critchlow
wrote:
-- "Sunlight is the best disinfectant." -- Supreme Court Justice Louis D. Brandeis, 1913. ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Managing large numbers of passwords
|
|
In reply to this post by Roger Critchlow-2
150, 240, 900 !?
?!What!? are you guys addicted to? Including PINs for bank-cards (not used online) I can't estimate over a dozen or two myself. OK maybe hundreds over decades, but ... current? Admittedly, I have probably cranked through a similar number of "throwaways" where I've signed up for something (because that is the only way to sample/test) and then let the login die or go fallow (and my hashword) with it. But hundreds? Really? I'm worried about you guys! They have groups and 12 step programs for things like this! As for mnemonics or mental-hash-generators (hashwords?)... my decades of high security environments where writing my password down anywhere (including or especially electronically) or sharing it with anyone (e.g. speaking it aloud) was a felony or low treason or something, I just can't stand to see a password in clear text... it makes me cringe... so a whole spreadsheet of my family jewels... I just couldn't... I only wish there were a 2-factor system for the masses that isn't spoofable (the ones that use your Mac address of your device are better than nothing but not unspoofable by far). - Steve
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Managing large numbers of passwords
|
|
My spreadsheet is password protected. But you're right. One of the
systems I use employs a Verisign token system. It would be useful
to have something like that generally available to protect
spreadsheets, files, etc.
Joe On 12/5/13, 11:20 AM, Steve Smith
wrote:
-- "Sunlight is the best disinfectant." -- Supreme Court Justice Louis D. Brandeis, 1913. ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Managing large numbers of passwords
|
Administrator
|
In reply to this post by Steve Smith
Exactly! But you do have > 100 and you know it! How many on-line gifts? How many forums, even for trivial use? How many mail lists? How many bank, credit card, paypal logins? Amazon? Google? Moocs? Travel related? Airlines? NetFlix/Hulu/iTunes? Gmail? Dropbox? GitHub? Clothing? Shopping in general? NYTimes and other news sources? LinkedIn, Facebook, Twitter, G+, ...
I could go on but dozens. I seriously, Seriously doubt it.
Not so fast, mister! They're still there and very hackable.
Login die? You sure? And indeed, how many folks can "delete" an account? Most don't have an obvious way do do so.
I am so worried about you guy who don't know just how many logins you have! :)
-- Owen ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Managing large numbers of passwords
|
|
I see steves side of things. I have I think 3 user names I might use. One password I vary. The one I'm most concerned about is the seemingly low grade of security Del Norte. On Thu, Dec 5, 2013 at 12:08 PM, Owen Densmore <[hidden email]> wrote:
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Managing large numbers of passwords
|
|
In reply to this post by Owen Densmore
Well, I have a 50k ascii file with all my passwords and "security questions" in it. It's ~800 lines long, but that doesn't mean 800 accounts, since some accounts require lots of security questions. Plus, I keep track of some old passwords after I change them and such. I keep this file encrypted with GPG. I shred <http://www.gnu.org/software/coreutils/manual/html_node/shred-invocation.html#shred-invocation> the unencrypted file each time I edit it... but it's not clear to me whether an unencrypted copy hangs around for awhile or not... plus, one of my machines uses SSD, which presents some issues <http://static.usenix.org/events/fast11/tech/full_papers/Wei.pdf> of its own. But in the wake of this story <http://www.troyhunt.com/2013/12/introducing-have-i-been-pwned.html> and the Pony story <http://blog.spiderlabs.com/2013/12/look-what-i-found-moar-pony.html>, I decided to change a bunch of my passwords today. Does anyone have the data for the SSH credentials that were compromised? I can't imagine mine would be in there. But it did remind me that I don't have a practical policy for updating those. On 12/05/2013 11:08 AM, Owen Densmore wrote: > On Thu, Dec 5, 2013 at 11:20 AM, Steve Smith <[hidden email]> wrote: > >> 150, 240, 900 !? >> >> ?!What!? are you guys addicted to? Including PINs for bank-cards (not >> used online) I can't estimate over a dozen or two myself. >> > > Exactly! But you do have > 100 and you know it! How many on-line gifts? > How many forums, even for trivial use? How many mail lists? How many bank, > credit card, paypal logins? Amazon? Google? Moocs? Travel related? > Airlines? NetFlix/Hulu/iTunes? Gmail? Dropbox? GitHub? Clothing? Shopping > in general? NYTimes and other news sources? LinkedIn, Facebook, Twitter, > G+, ... > > I could go on but dozens. I seriously, Seriously doubt it. > > >> OK maybe hundreds over decades, but ... current? >> > > Not so fast, mister! They're still there and very hackable. > > >> Admittedly, I have probably cranked through a similar number of >> "throwaways" where I've signed up for something (because that is the only >> way to sample/test) and then let the login die or go fallow (and my >> hashword) with it. But hundreds? Really? I'm worried about you guys! >> They have groups and 12 step programs for things like this! >> > > Login die? You sure? And indeed, how many folks can "delete" an account? > Most don't have an obvious way do do so. > > >> As for mnemonics or mental-hash-generators (hashwords?)... my decades of >> high security environments where writing my password down anywhere >> (including or especially electronically) or sharing it with anyone (e.g. >> speaking it aloud) was a felony or low treason or something, I just can't >> stand to see a password in clear text... it makes me cringe... so a whole >> spreadsheet of my family jewels... I just couldn't... >> >> I only wish there were a 2-factor system for the masses that isn't >> spoofable (the ones that use your Mac address of your device are better >> than nothing but not unspoofable by far). >> >> - Steve >> > > I am so worried about you guy who don't know just how many logins you have! > :) > > -- Owen > > > > On Thu, Dec 5, 2013 at 11:20 AM, Steve Smith <[hidden email] > <mailto:[hidden email]>>wrote: > > 150, 240, 900 !? > > ?!What!? are you guys addicted to? Including PINs for bank-cards > (not used online) I can't estimate over a dozen or two myself. > > > Exactly! But you do have > 100 and you know it! How many on-line > gifts? How many forums, even for trivial use? How many mail lists? How > many bank, credit card, paypal logins? Amazon? Google? Moocs? Travel > related? Airlines? NetFlix/Hulu/iTunes? Gmail? Dropbox? GitHub? > Clothing? Shopping in general? NYTimes and other news sources? LinkedIn, > Facebook, Twitter, G+, ... > > I could go on but dozens. I seriously, Seriously doubt it. > > OK maybe hundreds over decades, but ... current? > > > Not so fast, mister! They're still there and very hackable. > > Admittedly, I have probably cranked through a similar number of > "throwaways" where I've signed up for something (because that is the > only way to sample/test) and then let the login die or go fallow > (and my hashword) with it. But hundreds? Really? I'm worried > about you guys! They have groups and 12 step programs for things > like this! > > > Login die? You sure? And indeed, how many folks can "delete" an > account? Most don't have an obvious way do do so. > > As for mnemonics or mental-hash-generators (hashwords?)... my > decades of high security environments where writing my password down > anywhere (including or especially electronically) or sharing it with > anyone (e.g. speaking it aloud) was a felony or low treason or > something, I just can't stand to see a password in clear text... it > makes me cringe... so a whole spreadsheet of my family jewels... I > just couldn't... > > I only wish there were a 2-factor system for the masses that isn't > spoofable (the ones that use your Mac address of your device are > better than nothing but not unspoofable by far). > > - Steve > > > I am so worried about you guy who don't know just how many logins you > have! :) > > -- Owen > > > > ============================================================ > FRIAM Applied Complexity Group listserv > Meets Fridays 9a-11:30 at cafe at St. John's College > to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com > -- glen ep ropella -- 971-255-2847 ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Managing large numbers of passwords
|
|
In reply to this post by Steve Smith
Yeah, I'm about at 5-10 in regular use. Stuff I don't use much if
at all, maybe 20. Moderation in all things.
On 12/5/13, 11:20 AM, Steve Smith
wrote:
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Managing large numbers of passwords
|
Administrator
|
OK so you don't have a mail account? Oops, clearly so. Google? Probably. Amazon?
I'd be willing to bet 20 is just silly.
-- Owen ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Managing large numbers of passwords
|
|
I agree, I considered a subpoena for the browser password management page to see how many "accounts" are being hidden by these scoundrels. -- rec -- On Thu, Dec 5, 2013 at 2:21 PM, Owen Densmore <[hidden email]> wrote:
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Managing large numbers of passwords
|
|
In reply to this post by Owen Densmore
I don't see storing your varius personas in one location helps. Surely you see the irony ^_^ . On Thu, Dec 5, 2013 at 2:21 PM, Owen Densmore <[hidden email]> wrote:
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
Re: Managing large numbers of passwords
|
|
In reply to this post by Owen Densmore
On 12/5/13 12:08 PM, Owen Densmore
wrote:
I really don't... I use the G constellation with one password (one of it's features)... I don't Yahoo. I don't Mooc, I use only Southwest Airlines (and while I have a "rapid rewards number" I don't have a password/account)... I have a Mac account which covers iTunes/apps/stuff... my wife has the Netflix account, no Hulu, no Facebewk, recently re-linked in... use Google Drive (see above) . I don't shop,and I don't read anything with a paywall ($6 NYT Sunday old fashioned newsprint at Tesuque Village Market most weeks... need it for firestarter in my woodstoves)... no, some services/servers are long gone, but yes, I could lose my login on some of the "throwaways" but I've lost nothing of value to me... usually a psuedonymous ID and one of my Hashwords. If someone gathered all my abandoned psuedonymic throwaways and Hashwords and cracked them they might begin to get a hint of my hashWord algorithm. Remember, until 5 years ago I lived behind firewalls and proxies and close scrutiny... I just didn't sign up for much. Yes, not all dead, deprecated in the sense that I haven't logged since the first 1,2, 3 times to realize that said service wasn't very useful to me... and again... psuedonym (my favorites are word scrambles of "Owen Densmore" or "Doug Roberts" ;) grin... touche... I will maybe inventory, but you can bet I won't write them (passwords) down... - Steve ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com |
«
Return to Friam
|
1 view|%1 views
| Free forum by Nabble | Edit this page |