Computer Newbies forum

General discussion

Question about password storage

I have stored my many passwords in a computer file. However, after reading recent discussions and posts, I know I had better take that file out. But many sites ask if you want to save your password, and there are also password software programs. My question is, how can these be any safer than storing a list in, say, a word document?

Discussion is locked
You are posting a reply to: Question about password storage
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Question about password storage
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Reply:

In reply to: Question about password storage

Password storage programs can be quite secure, as the best of them use encryption to hide the passwords from prying eyes.

For example, I use AI RoboForm which is free in a version that's limited to 30 passwords or $30 for a version that will store all the passwords you want, as well as generate very secure (letters, numbers, symbols) new passwords, which makes periodic password changing (always a good idea) easy.

There are many password storage programs out there, some freeware, some shareware. I do recommend that you get one, as leaving your passwords in a Word document is asking for disaster. At the minimum, you need a program that:

1. Has the capacity to store all the passwords you use

2. Encrypts them,

3. Stores them in a file that you can back up separately, and

4. Is spyware free. Hint: STAY AWAY FROM GATOR!

Robo Form meets those requirements; so do others.

Hope this helps.

Collapse -
ALRobo Form or password protection

In reply to: Reply:

Paul,
could you let me have the URL for the above, pls. or can I just look in google? I am going to download it also, just for extra protection, when I am feeling lazy..
also what happens when a computer goes into a repair shop? can all the technicians get at your passwords, if as I used to do, keep them in a notepad? I have often wondered how safe it is to leave anything on your computer once it leaves your home?

can you password protect your documents in windows xp? or is this a separate question?
Sabina.

Collapse -
Roboform

In reply to: ALRobo Form or password protection

Collapse -
URL for AlRobo

In reply to: Roboform

just to say thank you, Rob for the URL. I will be downloading it this afternoon.
Thank you
sabina.

Collapse -
AlRobo Form

In reply to: Roboform

Rob, I just downloaded the said AlRobo, but how do I actually hide it? Supposing somebody accesses my computer, all he has to do right now is click on 'passcards' or 'generate' and the information is right there.
or is the program only open for me? what if the computer has to go into the repair shop? I have windows xp Home edition.
Thanks for any help. I know I am hopeless.....
Sabina.

Collapse -
Answers, Sabrina:

In reply to: AlRobo Form

Supposing somebody accesses my computer, all he has to do right now is click on 'passcards' or 'generate' and the information is right there.

A valid concern, and you can handle it this way: Click on the RoboForm System Tray icon and select "Logins." Any login you create may be further protected with a master password that presumably only you know. Right-click the login and select "Protected." Enter the master password - you'll only need 1 for all logins RoboForm stores - and you're done. Then, all you need remember in your head is ONE password - RoboForm will remember the actual user ID's and individual passwords.

what if the computer has to go into the repair shop?

Before you take it in, copy the folder where the passwords are stored (default: C:\My RoboForm Data) and burn it to a CD - then open the folder on the PC and delete all the entries. When you get it back, simply copy the passcards back from the CD to the folder on the hard drive.

Also, make sure that this folder becomes one that you include on your regular backup of files you'd rather not lose.

Hope this helps!
Collapse -
password protection when the computer goes into repair

In reply to: Answers, Sabrina:

Hello Paul,
thank you, thank you. Yes, that helps tremendously...
Your answers are clear and precise.
Sabina.

Collapse -
passwords

In reply to: Reply:

Why stay away from Gator??

Collapse -
(NT) (NT) There's no reason - IF you like spyware!

In reply to: passwords

Collapse -
Claira/Gator -- ugh!

In reply to: passwords

Gator has such a bad reputation they changed their name to Claria -- but we know who they are and use adware/spyware detectors to rip them out by their roots and throw them into the vat of acid where they belong.

Gator "gives" you small software programs (smiley icons, search toolbar, password protectors, etc.) but in exchange you give them permission to innundate you with pop up ads generated from your own hard drive! They also track all your movements and report that back to the mother ship. They then use that data to download MORE ads onto your hard drive (sucking up your bandwidth)to throw more ads in your face. Perpetually. It never stops. All for one little application that. ONE Gator download will open up the floodgates to pain you don't want. Sure, it's all there in the Claria legalese consent form, but do you really read that?

Why do that when there are plenty of really free program that will do the same thing or better? I use Roboform, as the first poster suggested. It has a free amount of password capability -- enough for me to try it out.

When I reached the limit (various e-mail account, bank, credit card accounts, various utilities to pay online, etc) after a month or so, I decided it was of such good value I would go ahead and pay for the "unlimited" unlock key. There's others out there that are completely free and unlimited, I am sure. However, BE CAREFUL you are not agreeing to adware/spyware in return.

At work I see too many co-workers download crap onto their computers for little games and screen savers, then their computers become slow and useless. I have to use Ad Aware, Spybot (be sure you have the latest version, not an older version), and Giant (which Microsoft bought and now has re-labelled as their "anti-spyware program). I use all three at least once a week. With Spybot, you can "immunize" your computer against Gator so that it won't download and install any of those nefarious programs.

Collapse -
Encryption is the key to that.

In reply to: Question about password storage

IrisRose,

Those passwords (if it's any decent program) aren't stored in plain text as you type it, but in some encrypted form so that nobody can read it.

A solution I saw a few days ago here on these forums: put your file with passwords in a password protected zip-file. One password suffices to find them all. It's good enough to deter the occasional intruder, but probably not the FBI or NSA.

For extra security, apply an extra trick (and tell nobody!). Such as writing the password backwards, or exchanging upper and lower case, or add 5 (modulo) to each digit, or always add the same last two characters by head (no need to write them down then) or ... everything you can think of.

After all, nobody would guess your password to be fianchetto if you code it as g3 (and there's a good chance you don't even understand the code I used, I think, while it's a perfect reminder to me). Or 17romeo if I code it as julia71 (reverse the digits, put them in front and add the 'associated' word). But it could just as well be 83JuLiA, of course (subtract from 100 in stead of reversing the digits and change odd characters to uppercase).
Just don't tell anybody your own private secret algorithm, that's the idea. That makes the file rather unusable for anybody besides yourself, especially automated tools.

Kees

Collapse -
Thanks

In reply to: Encryption is the key to that.

Both of these suggestions are very helpful. Thanks!

Collapse -
Password storage

In reply to: Question about password storage

Why not get a memory stick and the after you have saved your password you can remove it and also if you have forgotten you can always plug it back on line and recover the one you want.
charlie

Collapse -
password protection

In reply to: Password storage

I have always put all my passwords on to a floppy, that way I have a back-up. But I must admit that until recently I have kept them in a word doc. on my computer, because it is so much easier to just click on look in your documents.....
however on reading the articles here on cnet I have started using a floppy and I am much more careful, especially since I seem to have increased amounts of spam.

Collapse -
AiRobo on flash drive

In reply to: Password storage

There's a version of AiRobo that runs on a flash drive. You can take your passwords with you when you travel and plug them in even to kiosk computers.

Collapse -
...or save passwords in a web-based email account

In reply to: Password storage

I use ONLY web-based email, like yahoo mail. I have all my passwords in one email which I then send to myself. Since it's the email account I use for daily correspondence, I'm not likely to forget that one.

If you have internet access, you can retrieve your passwords from any web-connected computer in the world. Just be sure that you chose an obscure password for that one email account, one that no one could ever guess but you won't forget. Then you only have to remember that one password. If you don't have internet access, you don't need the passwords at the moment, do you?

I move that email to a folder in yahoo mail I created for saved messages. Since it's a web-based email account, the message does not reside on my local hard drive at all. When I change or add a password, I update the email and send it to myself again, deleting the old email afterwards.

You can also use the ''Notepad'' feature in yahoo mail for this, but in an email, I can add a clickable URL link inside the email, then open that site in a new Firefox browser tab (love the Tabbrowser Preferences and Tabbed Clicking Options extentions for Firefox!!!)

I NEVER allow my browsers etc to remember my passwords. I make it a point to disable this feature in anything installed on my own PC, and I make sure to uncheck the ''Remember Password'' box any time I sign in anywhere.

Collapse -
...or save passwords in a web-based email account

In reply to: ...or save passwords in a web-based email account

...and as far as I know, web-based email accounts are not vulnerable to viruses, worms, trojans, etc. Unlike email read through Outlook or another email client.

That's another reason I use only web-based email instead of email requiring a reader client.

When I got my cable modem, I wouldn't even allow the ISP to create an email account for me. A friend who uses only Hotmail (hate it, yahoo is much better) had a worm hijack his never-used optonline ISP email account and propagated itself through that.

Collapse -
Not just a "list"

In reply to: Password storage

QUESTION: ''Why not get a memory stick and the after you have saved your password you can remove it and also if you have forgotten you can always plug it back on line and recover the one you want.
charlie

ANSWER:

Password protector programs like Roboform are MORE than just a ''list.'' They are active applications that will go to the site for you, and enter your user name and password automatically.

Roboform is like a neat IE ''Favorites'' or Netscape ''Bookmarks'' list. If I want to check my webmail or check my account balance at my bank, I click the appropriate name from the dropdown menu on my browser toolbar (say, Yahoo mail) and it goes to that site, plugs in my Yahoo user name and password, and there it is. All automatic. While on the Yahoo site, I can then choose my bank. It will go to the bank site, plug in the information, and there's my account balance. NO typing for me!

Roboform does offer a transportable version that will work on a flash drive for computers you might use elsewhere.

Collapse -
Roboform on PDA

In reply to: Not just a "list"

Roboform sounds good. Is there some way to download the password info in it to a Palm PDA so that the passwords can be taken with me? I understand that an application called "SplashID" hotsyncs with the PDA just like Outlook Contacts does. Roboform sounds like it is more functional with the auto fill in of information---I just hope it can get on a PDA--Thanks

Collapse -
Short and Sweet

In reply to: Question about password storage

I have a finite collection of passwords, some more complex than others. In my IE favorites, I rename the title, adding a couple of letters or numbers that give me a hint as to the complete userid and passwword. I suspect it would still take a hacker considerable time to figure out what "f" stands for.

Collapse -
What about using a floppy disk?

In reply to: Short and Sweet

I am also thinking about a more secure password storage system. Is there a risk to creating a list and keeping it on a disk, allowing me to copy and paste the names and passwords as I need them?

Collapse -
Yes, but it's better that keeping it on your desktop

In reply to: What about using a floppy disk?

There is still some risk involved in having critical passwords kept on anything unencripted...even if it's on flash memory.

Viruses, worms, etc. can access and send data when you simply plug it into the computer and it is detected by the OS (this is not likely, but still possible). However, if you open the document to check what a username/password is, the chances that you data is compromised is dramatically increased. Encription (and an antivirus/spyware solution to help a little) is important in keeping confidential information confidential.

Given there are many free solutions out there, why chance the headache and aggervation for an hours worth of time to do some reading and research. In the event that you don't know where to begin (or are just lazy like me at times), just ask.

Collapse -
Password Protection

In reply to: Question about password storage

I use a little thumb drive called MetaPass. This stores your passwords. It uses encryption and all you have to do is plug it into your USB port. This will let you use any computer with a USB port to retrieve your passwords. I also use a program that generates complex passwords that I store in the MetaPass.

Collapse -
Storing Passwords

In reply to: Question about password storage

I use a 512mb Lexar Secure Jump Drive (portable flash drive) to store them. You can remove it and hide it or carry it with you. Nothing stays on the computer to be hacked.

Collapse -
Safe Password Storage

In reply to: Question about password storage

A 3.5'' floppy disk (or a rewritable CD) is an excellent off-the-computer storage place for passwords. I also print my list for immediate use and keep the list with other private papers. When the paper is so overwritten as to be unreadable, updating the disk and reprinting the password list are fast and easy.

This all assumes, of course, that you have secure external physical storage for both the disk and the printout.

Collapse -
Passwords

In reply to: Question about password storage

The programme I use is called PasswordGenerator v2.1 and has a capacity to create multiple passwords. However, just to make things a little more secure, I store them on a Flash USB drive, that is not normally connected to my computer.

Collapse -
Layer your security...

In reply to: Question about password storage

Iris Rose,

Let's step back a little. Addressing only your password security is like focusing on security for a single jail cell without considering the perimeter, etc.

Security is best implemented as a system, not as an item. There are many simple, inexpensive, easily maintained practices and solutions worth considering. In the I.T. world, taking a system wide approach to security is called ''layered security''.

A note - even if you have nothing on your computer that would cause you any worry should it become public, security is still very important - especially if you use a broadband connection. This is due to the ease at which files can be surreptitiously installed on a computer.

Your computer can be remotely controlled to attack other computers. This will cause financial and/or physical harm. This isn't an ''if'' scenario, but a ''when''. The FBI released a very informative pamphlet on this several years ago. So, just because you're paranoid doesn't mean they're not out to get you.

If you're seeking simplicity and security, I would look at combining a good biometric device (I like Targus); a light resource consuming encryption dongle (BeyondIf Solutions does a great job with this) and if you're using an operating system capable of supporting it, use NTFS instead of FAT formatting on your hard drive. NTFS is both a more robust file system and you can (and should consider) activate encryption.

These are the benefits:

1) You can use incredibly complex passwords without having to memorize them. You can store them on anything from a piece of paper to a flash memory device and simply hide it well.
2) A well designed encryption dongle will add tremendous security - even to the point of encrypting the file in which the biometric password is held (this is an important point).
3) NTFS can encrypt your data as well - and it does a fine job.

So now, properly setup, you have coverage if you walk away from your PC and it's on, because sensitive documents will require your thumb scan and, if you have good habits, the dongle will be with you as well. But, we're human and that is why I suggest the belt and suspenders approach.

Should someone hack their way into your computer, the data is encrypted using the NTFS and the dongle. It's unlikely they have either of your dongles. Even if they do, they'll most likely require the thumbprint and getting through NTFS encryption isn't a picnic. So even if they have Admin rights and your dongle, it won't make their job easy, because they?ll need your thumb?

Finally, should your PC be stolen, you'll still have little to be worried about unless they steal you and the dongle. In that case, your computer is probably not going to be at the top of your list of concerns.

All that covered, there are best practices you should have in place: I suggest using both a software and hardware based firewall (remember layering?). Make sure at least one, preferably both, monitors outbound traffic!

Naturally, be sure your anti-virus, spyware and operating system software are updated regularly - I set mine for daily checks and automatic download/installation - the OS is only set to download as I prefer to determine when and if the installation will occur.

Also, you could download and install Sun Java and disable the Microsoft Java through Internet Explorer. Sun Java is considered to be more secure. My experience has been that it has been necessary to temporarily activate the Microsoft Java, perhaps once every year or two. That's easily accomplished through the browser tool settings.

Because hacking often can result from an unintended or unknown download, be wary of free downloads - even images! Also, I prefer to use Internet Explorer at a customized level between medium and high and only for well known sites (such as this). If I'm going to go searching into parts of the Web unknown, I use Mozilla with the highest security; it?s set to delete everything after the session ends. There are other browsers, but I don't want to worry too much about compatibility issues.

Collapse -
Password Storage

In reply to: Question about password storage

I used Access and created a simple form to store my password. I ensure that I have a ''secure'' password on the database -- thus allowing me to really know only one password. Simple to do and doesn't cost you a dime for another program.

Collapse -
More than just a storage "list"

In reply to: Question about password storage

Password protector programs like Roboform are MORE than just a ''list.'' They are active applications that will go to the site for you, and enter your user name and password automatically. (If you are already at the site, then it will just enter your user name and password.) Efficient -- saves you a lot of typing!

Roboform is like a neat IE ''Favorites'' or Netscape ''Bookmarks'' list. If I want to check my webmail or check my account balance at my bank, I click the appropriate name from the dropdown menu on my browser toolbar (say, Yahoo mail) and it goes to that site, plugs in my Yahoo user name and password, and there it is. All automatic. While on the Yahoo site, I can then choose my bank login. It will go to the bank site, plug in the appropriate information, and there's my account balance. NO typing for me!

Roboform does offer a transportable version that will work on a flash drive for computers you might use elsewhere.

Whereas if you just has manual list, you would always be looking at the list to see your passwords. Roboform does all that for you and more!

Collapse -
For a simple alternative, usa a PDA

In reply to: Question about password storage

Hi IrisRose,
I used to keep all of my IDs and passwords in a HUGE paper file once, but it became cumbersome. Once I got my second Palm PDA, I decided to use my original soley as a password keeper for every old and new ID and password since.
For safety sake, I keep a back-up on a laptop which is rearly connected to the internet, except for software updates.

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Enter to win* a free holiday tech gift!

CNET's giving five lucky winners the gift of their choice valued up to $250!