Password Overload
#1
Original Poster
Join Date: Feb 2005
Location: SFO
Programs: Delta Diamond, Some other impressive stuff
Posts: 450
Password Overload
I admit it, my ability to remember all my passwords is long gone. I have always resisted recording them all on a portable laptop for security reasons but now I am overwhelmed. Any successful practices or useful tips are appreciated especially by road warriors in the same boat.
#2
Join Date: Jul 2003
Location: Orlando
Programs: Delta-Million miler
Posts: 1,312
I agree totally! Here is my rant..
Alas, we live in a world of stupid internet security. Kazillion logins and passwords! I am a scientists and I review scientific articles for over 50 journals. All of them require logins and passwords. Since many journals are now controlled by publishers, often you can't keep the same login and password.
My work place is paranoid; I don't work directly with patients and yet, the level of security is outrageous. Yet, I hear of security breach every other day.
I hate the almost hourly "security updates".
I am convinced that some of the very common websites (not objectionable sites) leave more than cookies. The operating systems and web browsers are so full of holes, unless you stop surfing the web, you can't avoid these intrusions. Yes, there are password vaults, storage programs, etc. I bought one of them but they change so frequently that you need to keep buying their updates.
Computer business is for crooks. I switched to Mac and have less of these problems but it appears to be toothless.
My work place is paranoid; I don't work directly with patients and yet, the level of security is outrageous. Yet, I hear of security breach every other day.
I hate the almost hourly "security updates".
I am convinced that some of the very common websites (not objectionable sites) leave more than cookies. The operating systems and web browsers are so full of holes, unless you stop surfing the web, you can't avoid these intrusions. Yes, there are password vaults, storage programs, etc. I bought one of them but they change so frequently that you need to keep buying their updates.
Computer business is for crooks. I switched to Mac and have less of these problems but it appears to be toothless.
#3
Join Date: Jun 2002
Posts: 960
I admit it, my ability to remember all my passwords is long gone. I have always resisted recording them all on a portable laptop for security reasons but now I am overwhelmed. Any successful practices or useful tips are appreciated especially by road warriors in the same boat.
everything is encrypted and it can also auto-populate web pages so you don't need to type in long cryptic passwords. you can optionally use dropbox so it can sync multiple computers (mac or windows), iphones and ipads.
#4
Join Date: May 2005
Posts: 3,944
Easiest way at home is to use a dedicated address book.
Traveling, scraps of paper, same as recording credit card numbers--except that I use a simple code, in case the papers are lost--i.e., number 1 2 3 becomes number 2 3 4 or some such. I suppose "Password" could be written "Qwttxpse" or whatever.
Traveling, scraps of paper, same as recording credit card numbers--except that I use a simple code, in case the papers are lost--i.e., number 1 2 3 becomes number 2 3 4 or some such. I suppose "Password" could be written "Qwttxpse" or whatever.
#5
Join Date: Feb 2009
Location: WI
Programs: HHonors Gold, UAMP
Posts: 895
i keep mine abbr. in a notepad its fairly easy to do if you use a variation of word(s)/combos
ie.
password base is: flyertalk
American: FT1 (flyertalk1)
US: FT11 (flyertalk11)
UA: FT1- (flyertalk1-)
Delta: 11FT1 (11flytertalk1)
I have sites that require other chars and some that do not allow which is quite annoying. I have also used a number base so I could just use the # sign instead of the real number.
ie.
password base is: flyertalk
American: FT1 (flyertalk1)
US: FT11 (flyertalk11)
UA: FT1- (flyertalk1-)
Delta: 11FT1 (11flytertalk1)
I have sites that require other chars and some that do not allow which is quite annoying. I have also used a number base so I could just use the # sign instead of the real number.
#6
FlyerTalk Evangelist
Join Date: Sep 1999
Location: source of weird and eccentric ideas
Posts: 38,681
Firefox has a (I believe) safe encrypted password "vault" that works pretty well, and they now have a sync system that lets you sync amongst different computers. I use it AND I use 1Password. I don't like the fact that 1Password is not open source. But I use it anyway.
The nice thing is that you can use complicated passwords and you don't need to remember any of them (except the master password)
The nice thing is that you can use complicated passwords and you don't need to remember any of them (except the master password)
#7
Join Date: Dec 2001
Location: NYC
Programs: AA LT PLT, SPG Gold
Posts: 2,564
I've been in the market for something like 1Password. Is that generally considered one of the best of its kind?
I've also been meaning to revamp all my passwords. I'm long overdue. For years I only had a couple of passwords...1 for secure sites like online banking, and another for forums and similar less secure sites. But over time I started making different variations so that I wouldn't have the same password at dozens of sites. Now I'm all over the place and just this afternoon couldn't figure out how to log in to an email address I don't use on a regular basis.
I read a good article about taking a phrase you like or your favorite song lyric and taking the letters/numbers from that. For example...happy birthday to you, happy birthday to you would become hbtyhbty...and from that you could make Hb2u.Hb2u. To further differentiate you could then put a few of the letters of each site in the password...so for Flyertalk you could go with Hb2u.FT.Hb2u. That way you have a different password for every site but you can easily remember each one.
I've also been meaning to revamp all my passwords. I'm long overdue. For years I only had a couple of passwords...1 for secure sites like online banking, and another for forums and similar less secure sites. But over time I started making different variations so that I wouldn't have the same password at dozens of sites. Now I'm all over the place and just this afternoon couldn't figure out how to log in to an email address I don't use on a regular basis.
I read a good article about taking a phrase you like or your favorite song lyric and taking the letters/numbers from that. For example...happy birthday to you, happy birthday to you would become hbtyhbty...and from that you could make Hb2u.Hb2u. To further differentiate you could then put a few of the letters of each site in the password...so for Flyertalk you could go with Hb2u.FT.Hb2u. That way you have a different password for every site but you can easily remember each one.
#8
 
Join Date: Nov 2000
Location: Upcountry Maui, HI
Posts: 13,308
1passwd is what mac users use. Though it has both a pc and a mac version if you use both, that's a good choice. The browser integration on the pc is not as good as roboform. (it's not a huge problem, you get a pop-up instead of a pull down from the menu bar.) You only need to pay once per platform for 1passwd. (buy the mac version, and you can install it on all your macs. Buy the pc version and you can install it on all your pcs.) 1passwd supports roboform passwd import, with instructions on how to do it on their web site. 1passwd supports dropbox integration, so if you are using another backup, you can just get the free space for dropbox and just use that for dropbox sync across all your machines.
AI Roboform is what PC users use. It's great. But you need a license for each device you use it on, so it can get a little expensive. You can use any of the online backup methods for x-platform sync with roboform, including, I think, their own free method. (goodsync).
Both of those have app versions for i<devices>, which you may or may not like, at least you can get the passwd on those devices and copy/paste it, but the browser integration in them is basically non-existant or terrible. Both of those also have strong password generators, and they will typically remember the generated passwd for you when you use it, though you have to be careful about that with some web sites.
I've used both, but when I started buying Mac's last year, I has to switch over to 1passwd, since roboform does not have a mac version.
There's also something called lastpass, which is an alternative, but I've never tried it. You should check it out also. I just checked their web site, it is x-platform. If we have a x-platform lastpass user here, hopefully they will post it's good points and bad points in this thread.
-David
Last edited by LIH Prem; Jan 8, 2011 at 6:18 pm
#9
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
Bruce Schneier, the security expert, has a free and open-source program called Password Safe that does this.
http://www.schneier.com/passsafe.html
http://www.schneier.com/passsafe.html
#10
FlyerTalk Evangelist
Join Date: Sep 1999
Location: source of weird and eccentric ideas
Posts: 38,681
the browser doesn't save everything perfectly, but the sync works very well to share amongst computers, and 1password doesn't save everything either. Nothing is perfect.
In particular, banks use more sophisticated methods with multiple page logins, security questions and images you need to recognize, and nothing seems to work perfectly with these.
In particular, banks use more sophisticated methods with multiple page logins, security questions and images you need to recognize, and nothing seems to work perfectly with these.
#11
 
Join Date: Nov 2000
Location: Upcountry Maui, HI
Posts: 13,308
security images, questions that change, etc, sure, none of them can really do that today. though you can save your answers in passcards in the external programs if you really need to/want to. ING direct has made their PIN so complicated, and you can't save that either, but I have a passcard (safenote in 1passwd) for it, in case I forget what the 6 - 10 digit PIN is.
But I really don't have an issue with missing items in 1passwd or roboform, because you can always save the stuff manually if it doesn't recognize the page as a login screen, and once saved, it will fill those in. You can't do that with the browser built-in stuff. That's what I meant by the stuff the browser misses, not the image stuff and security questions from financial institutions.
Certainly some of this is personal preference. If something different works well for you, I think that's great. Personally, I use a combination of methods, including firefox sync, but firefox sync won't get me login/passwd/form data into IE or Safari or Chrome.
Does xmarks copy login/passwd data between different browsers? 1passwd/roboform, etc are all multi-browser. They have plugins for most browsers.
-David
Last edited by LIH Prem; Jan 8, 2011 at 6:23 pm
#12
Join Date: Jun 2008
Location: YVR
Programs: Aeroplan, AAdvantage
Posts: 2,100
The ultimate answer is supergenpass. Use an extension for your favorite browser not the original bookmarklet (or the mobile page from the latter)
https://chrome.google.com/extensions...lknncolofnaead
https://chrome.google.com/extensions...ibbaenpnnodkhk
https://chrome.google.com/extensions...dlbpfgegcibkjo
https://addons.mozilla.org/en-US/firefox/addon/52490/
https://chrome.google.com/extensions...lknncolofnaead
https://chrome.google.com/extensions...ibbaenpnnodkhk
https://chrome.google.com/extensions...dlbpfgegcibkjo
https://addons.mozilla.org/en-US/firefox/addon/52490/
#14
Join Date: Apr 2008
Location: GEG
Programs: Hilton Diamond, Hertz PC, Delta Silver
Posts: 475
I use a password vault program called "Keepass". I'm not necessarily endorsing it, although I'm happy with it.
I have one master password that is roughly 25 characters long, includes letter (upper & lower), numbers and spaces. Its essentially a phrase I'll remember. This password is used to gain access to my keepass database vault. Within the vault, I have all of my usernames and passwords, stored. When I setup a new account, I use keepass to generate a secure, random password, for each site.
The program then allows you to use two keyboard shortcuts to copy the username (CTRL-B) and password (CTRL-C). Or I can drag the user/password into the appropriate boxes on the program or website.
I additionally sync it with Windows Live Mesh, a cloud based storage provider. I chose mesh because I can easily access the files by logging into a website from any computer in the world (remember, I have a 25 char long password on the file, so even if someone hacks my password on mesh, they still have to break my master password - also my mesh password is easy enough to remember).
I now have a way to keep my password file in sync across my work, home and laptop computers, plus can access it on the road or at a friends house, if I don't have my laptop for some reason.
Because the passwords are random, I honestly couldn't tell you what my password was for any site, and if a person gains access to my flyertalk password, they won't be able to get into my bank account, trading accounts, FF...you get the idea.
Sometimes I miss the days of having a single easy to remember password across all sites, but after having my wife's email account hacked a while back, I'm convinced random passwords on all sites is the way to go.
I have one master password that is roughly 25 characters long, includes letter (upper & lower), numbers and spaces. Its essentially a phrase I'll remember. This password is used to gain access to my keepass database vault. Within the vault, I have all of my usernames and passwords, stored. When I setup a new account, I use keepass to generate a secure, random password, for each site.
The program then allows you to use two keyboard shortcuts to copy the username (CTRL-B) and password (CTRL-C). Or I can drag the user/password into the appropriate boxes on the program or website.
I additionally sync it with Windows Live Mesh, a cloud based storage provider. I chose mesh because I can easily access the files by logging into a website from any computer in the world (remember, I have a 25 char long password on the file, so even if someone hacks my password on mesh, they still have to break my master password - also my mesh password is easy enough to remember).
I now have a way to keep my password file in sync across my work, home and laptop computers, plus can access it on the road or at a friends house, if I don't have my laptop for some reason.
Because the passwords are random, I honestly couldn't tell you what my password was for any site, and if a person gains access to my flyertalk password, they won't be able to get into my bank account, trading accounts, FF...you get the idea.
Sometimes I miss the days of having a single easy to remember password across all sites, but after having my wife's email account hacked a while back, I'm convinced random passwords on all sites is the way to go.
#15
Moderator Hilton Honors, Travel News, West, The Suggestion Box, Smoking Lounge & DiningBuzz
Join Date: Jun 2000
Programs: Honors Diamond, Hertz Presidents Circle, National Exec Elite
Posts: 36,026