wood burning stoves 2.0*
The moose likes Meaningless Drivel and the fly likes Too many password. Aaargh Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Other » Meaningless Drivel
Bookmark "Too many password. Aaargh" Watch "Too many password. Aaargh" New topic
Author

Too many password. Aaargh

Maneesh Godbole
Saloon Keeper

Joined: Jul 26, 2007
Posts: 10451
    
    8

Home laptop
Office laptop
Bank - 1 login + 1 transaction
Personal Email
Corporate email
Corporate intranet
Corporate HR + payroll (yeah three different ones. No domain password concept)
Skype
Phone

I thought I had mastered the situation when once I set the same password everywhere.....until I was told my bank password was about to expire and I needed to change it. How do you guys manage your passwords?


[How to ask questions] [Donate a pint, save a life!] [Onff-turn it on!]
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61417
    
  67

1Password

It's a really bad idea to use the same password everywhere. One security breach, and everything is compromised.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18651
    
    8

For the things where I sign on once a month or less (e.g. seeing my electric bill online) I don't bother with passwords at all. Sure, they make me have one, but I don't bother remembering it. I just click on the "Forgot My Password" link and they send me another one which is good for signing on once.
Maneesh Godbole
Saloon Keeper

Joined: Jul 26, 2007
Posts: 10451
    
    8

Bear Bibeault wrote:1Password

This is reliable? I mean it won't transmit it to the company or anything in the background?

Bear Bibeault wrote:It's a really bad idea to use the same password everywhere. One security breach, and everything is compromised.

Yeah I know. I was real stupid that time.

I like your idea Paul. Must try it out.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61417
    
  67

Maneesh Godbole wrote:This is reliable? I mean it won't transmit it to the company or anything in the background?


1Password security FAQ
Jeff Verdegan
Bartender

Joined: Jan 03, 2004
Posts: 6109
    
    6

I use RoboForm to remember my passwords on my personal computers for me.

At work it's a bit of a pain. I can never remember my email password, so if I ever have to enter it, I end up having to have IT reset it for me.

And logging into anything from my phone is a hassle, as I don't have a password vault there, and I'm so used to letting RoboForm remember everything for me that I usually can't log in from my phone.
Jeff Verdegan
Bartender

Joined: Jan 03, 2004
Posts: 6109
    
    6



http://imgs.xkcd.com/comics/password_strength.png
Matthew Brown
Bartender

Joined: Apr 06, 2010
Posts: 4421
    
    8

I use KeePass - encrypted password database. I don't have access from everywhere, but if I keep a copy of the database at home and at work that covers the vast majority of what I need.
Jesper de Jong
Java Cowboy
Saloon Keeper

Joined: Aug 16, 2005
Posts: 14268
    
  21

Maneesh Godbole wrote:Home laptop
Office laptop
...

I thought I had mastered the situation when once I set the same password everywhere.....until I was told my bank password was about to expire and I needed to change it. How do you guys manage your passwords?

Your list contains only 9 things and you already think you have too many passwords?

I use a different password for every service, website, computer etc., and I generate passwords consisting of random letters, digits and other characters using a small program I wrote. I have a file containing the usernames and passwords of about 200 accounts that I've created in the past ten years. Ofcourse I have to be very careful where I keep that file. My password file is an Excel sheet which is itself protected by a password.


Java Beginners FAQ - JavaRanch SCJP FAQ - The Java Tutorial - Java SE 8 API documentation
J. Kevin Robbins
Bartender

Joined: Dec 16, 2010
Posts: 998
    
  13

PasswordSafe. A password keeper protected by a very long master password. I carry it on a flash drive and have it installed on my desktops. It has a slick sync feature so that passwords added at one computer can be migrated to the other databases and it will generate random passwords for you when you create a new entry. I don't even know most of my passwords; they are 16 character random strings that I copy and paste from this app.


"The good news about computers is that they do what you tell them to do. The bad news is that they do what you tell them to do." -- Ted Nelson
Paul Anilprem
Enthuware Software Support
Ranch Hand

Joined: Sep 23, 2000
Posts: 3313
    
    7
These days many sites, specially the banks, have extreme rules for passwords - such as it must have at least one upper case, one lower case, one alphanumeric, one number, and must be at least 8 digits, must not use any part of your name, must not be same as any of the previous passwords. Then they make you change it every 90 days. It is not funny.
Is it even humanly possible to remember this kind of password after two days? I suspect the user would be tempted to write it somewhere thereby making it even less secure!


Enthuware - Best Mock Exams and Questions for Oracle/Sun Java Certifications
Quality Guaranteed - Pass or Full Refund!
Matthew Brown
Bartender

Joined: Apr 06, 2010
Posts: 4421
    
    8

I've got a part-time job somewhere that makes me change the password every 90 days. As a result I've got into the habit of making the passwords obscene. Which affects them not at all, but makes me feel slightly better .
fred rosenberger
lowercase baba
Bartender

Joined: Oct 02, 2003
Posts: 11406
    
  16

Matthew Brown wrote:I've got a part-time job somewhere that makes me change the password every 90 days. As a result I've got into the habit of making the passwords obscene. Which affects them not at all, but makes me feel slightly better .

I went through that phase for a while. Then I ran out of obscenities (I guess I'd never be a good sailor).

my work now offers the option of a short, use upper/lower/symbols/whatever and change every 90 days

or

use a really long pass phrase with fewer rules that is good for a year.
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

Paul Anilprem wrote:These days many sites, specially the banks, have extreme rules for passwords


As the XKCD shows, rules are pointless. It is trivial to implement pass phrases, just make the text entry field long. You are going to hash the input anyway.

Its clear that the whole username + password authentication scheme has over lived its usefulness. First person to invent a solution that doesn't use passwords will
be richer than Mark Zuckerberg.
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

Bear Bibeault wrote:
Maneesh Godbole wrote:This is reliable? I mean it won't transmit it to the company or anything in the background?


1Password security FAQ


I'll never never trust online services to store passwords, no matter how safe they may look like. Like Matthew, I'm using KeePass, so that I can access my password both from Linux and Windows.


[My Blog]
All roads lead to JavaRanch
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30753
    
156

I used patterns. One of my password requires changing monthly and requires 26 unique ones before you can repeat. I can get away with just writing down just two characters of the password to remind myself. And if I tell you my password has N5 in it, does that help you? (And yes, I just made those two up at random)


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Jeff Verdegan
Bartender

Joined: Jan 03, 2004
Posts: 6109
    
    6

Jeanne Boyarsky wrote:And if I tell you my password has N5 in it, does that help you? (And yes, I just made those two up at random)


Aha! So know we know that some password of yours does not have N5 in it. All your login are belong to us!
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61417
    
  67

If this were a movie, it'd take about 3 guesses to crack in!
Jeff Verdegan
Bartender

Joined: Jan 03, 2004
Posts: 6109
    
    6

Or there'd be a guy staring at a screen of zeros and ones saying, "This looks like one of the encryption schemes the Russians used back in the 80s. I might be able to crack the encryption if I reverse theIP address (type type type -- maybe 5 seconds) ... Got it!"

Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61417
    
  67

Or phase-shift the graviton beam using tachyon bursts. Oh wait ...
Jeff Verdegan
Bartender

Joined: Jan 03, 2004
Posts: 6109
    
    6

http://www.cracked.com/article_19160_8-scenes-that-prove-hollywood-doesnt-get-technology.html
M.E. Metcalf
Greenhorn

Joined: Apr 28, 2013
Posts: 1

Lastpass is a great solution? https://lastpass.com/index.php
Adrian Henry
Greenhorn

Joined: Apr 27, 2013
Posts: 13
10 passwords. , which are very difficult to remember.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Too many password. Aaargh