Cruisers Forum
 


Join CruisersForum Today

Reply
 
Thread Tools Rate Thread Display Modes
Old 12-10-2017, 09:35   #46
Registered User
 
spsexton's Avatar

Join Date: Jan 2017
Location: Eagan, MN
Boat: Com-Pac 16
Posts: 3
Re: Passwords In A Paperless World

Here's advice on this from one of the most well respected security experts.
https://www.schneier.com/blog/archiv..._secure_1.html
__________________

__________________
spsexton is offline   Reply With Quote
Old 12-10-2017, 10:05   #47
Registered User

Join Date: May 2017
Location: California
Boat: J Boat J24
Posts: 5
Re: Passwords In A Paperless World

I use DataVault Password Manager for Mac and iOS devices. All devices are synced through Dropbox, (other cloud storage works also). All data files are encrypted on both the device and the cloud. If your phone is hacked, the data file is useless to the hacker. And before the peanut gallery jumps in, yes the encryption could POSSIBLY be broken, but not at all likely. All you really have to remember is a good strong password to get into the DataVault and the rest of your stuff becomes available. On any of these password managers, make sure it encrypts all data files.
This approach also helps out if something happens to you, your family can get access to accounts and such.
Hope that helps
Eric
__________________

__________________
Broadside is offline   Reply With Quote
Old 12-10-2017, 10:09   #48
Senior Cruiser
 
maxingout's Avatar

Cruisers Forum Supporter

Join Date: Dec 2006
Location: Fort Pierce, Phoenix
Boat: Privilege 39 Catamaran, Exit Only
Posts: 2,601
Re: Passwords In A Paperless World

Sometimes I use the names of cruising yachts that I have seen around the world as passwords, and I always use at least the names of two different yachts making the password longer and more difficult.

At other times, I choose the names of remote cruising destinations around the world as passwords.

Thumb drives are now so small that they are easy to hide, so that may be another way for me to store encrypted passwords.
__________________
Dave -Sailing Vessel Exit Only

http://SailingUNI.com
http://maxingout.com
http://PositiveThinkingSailor.com
maxingout is offline   Reply With Quote
Old 12-10-2017, 10:50   #49
Senior Cruiser
 
JohnEasley's Avatar

Cruisers Forum Supporter

Join Date: May 2016
Location: Palmetto, FL
Boat: "Yacht-a Yacht-a" -- 1986 Chris Craft 42' Catalina 426 Aft Cabin
Posts: 343
Images: 2
Re: Passwords In A Paperless World

As others have said, nothing is entirely bulletproof. If someone really wants in and has adequate skills, they'll get in. That said...

There are some really good password schemes that have already been shared. I've taken an approach similar to what others are doing with a minor modification. I chose a random word... not something from my past or a child or pet's name or has any significance so social engineering probably wouldn't figure it out... and then appended the date it was set.

For example:
Let's say the random word was something like Escalade.
And let's say the password is being used for Dropbox (I don't have a Dropbox account) and it was set on 9-17-2017.
The Dropbox password would become Escalade9172017$. The dollar sign is used as an example of an extended character but it could be any of them.
To remember the password for any site, I save a shortcut to it and edit the name of the shortcut to include the date it was set and the number 4, to represent the extended character used, if it was a dollar sign.
The password on any site can be changed as often as you like by just changing the date and then modifying the name of the shortcut with the new date.
This approach has been working for nearly twenty years and has never been hacked. It would be tough to hack without knowing the random word and yet the hint for each site is readily available.
__________________
JohnEasley is offline   Reply With Quote
Old 12-10-2017, 10:52   #50
Registered User

Join Date: Mar 2016
Location: Jersey City, NJ
Boat: longing for a trimaran
Posts: 42
Re: Passwords In A Paperless World

I use a PASSPHRASE and a PIN. NO PAPER. NO FILE.
Most sites can support a 12 character password and requires both upper and lower case, numbers and special characters. I meet this requirement by creating an 8 character passphrase. For example, I convert "JEANNEAU" to "J34Nn=^u". Then tack on a four number PIN, say 1234.

Now here is how it works.
When I am logging in to:
cruisersforum.com, my password will be "J34Nn=^ucrui"
yahoo.com, my password will be "J34Nn=^uyaho"
ebay.com, my password will be "J34Nn=^uebay"
6pm.com, my password will be "J34Nn=^u6pm4"

The system provides for a UNIQUE password per website, but you only have to remember your special PASSPHRASE and PIN.

For those that have not picked it up yet, I use the PIN to figure our which letters of the websites name I will be using. For the same sites above, if my PIN where 6835 the passwords would be:
"J34Nn=^uesus" for cruisersforum.com
"J34Nn=^u68ho" for yahoo.com
"J34Nn=^u68a5" for ebay.com
"J34Nn=^u68m5" for 6pm.com

Nothing to get hacked, not much to remember, just be careful you don't bump your head.

One more thing, I actually have 2 PASSPHRASEs and PINs. I use a different one for sites where I have financial info and sites where I don't.
__________________
tatomaceda is offline   Reply With Quote
Old 12-10-2017, 11:20   #51
Registered User

Join Date: May 2008
Posts: 1,920
Re: Passwords In A Paperless World

Security has gotten much easier in the last year mostly due to the spread of two factor authorization where a code is sent to your phone. With two factor enabled, it's almost impossible for a guy in Russia to get into your account even if your password is "1234". Here's what I do:

All my passwords go into standard Apple Notes - it has encryption based on Apple security. It copies to both my Iphone and ipad by SSL. Apple has never had a successful direct breach of Icloud (people get in by guessing passwords - not Apple's fault). I worry more about being hit by a meteor. I also encrypt the individual Apple note of passwords a 2nd time with a different password (although this really isn't necessary because you can't get past the lockscreen in the first place)

My Apple password is 16 characters long and only used for Apple. The passcode is six numbers. Fingerprint is also turned on. Two factor security is enabled so a code is sent to the phone for any change (two factor is also enabled on any account that allows it). The Iphone and Ipad are both set to erase themselves if someone gets the phone passcode on the lock screen wrong 10 times.

I only need a few passwords because I use the same password on any unimportant site - like this site. I'm not worried about someone posting here using my name - it might be an improvement

If an important site doesn't have two factor but uses "questions", my answers are not real so they can't be guessed (What city were you born in? "Ice Cream"). The answers are all put in the Apple Notes file.

I assume that any link in an email or text that later asks for my password or personal information is phishing. I back out and go to the site without using the link.

Here's a fun site to test your password:

https://howsecureismypassword.net
__________________
CarlF is online now   Reply With Quote
Old 12-10-2017, 11:21   #52
Registered User
 
CaptTom's Avatar

Join Date: Apr 2004
Location: Southern Maine
Boat: Prairie 36 Coastal Cruiser
Posts: 879
Re: Passwords In A Paperless World

Quote:
Originally Posted by Captain Bucknut View Post
Passwords....i like the consistent algorithm method (it's also approved by the Catholic Church)...
I see what you did there. Good one!

Quote:
Originally Posted by ZULU40 View Post
It was discovered recently that an Australian defence supplier had been hacked over a period of 4 months. Turns out they hadnt changed passwords in over a year. Passwords like admin for admin and guest for guest.
Good example. They weren't hacked because some USER didn't change their 12-character, alpha-numeric, with numerals and special characters (but not the first or last character) and no more than two repeating characters and none containing any part of the last 12 you used, password.

They were hacked because (1) their IT shop was lazy, and (2) the hackers wanted to get into the whole system, not just some poor schmuck's individual account.
__________________
CaptTom is offline   Reply With Quote
Old 12-10-2017, 12:46   #53
Moderator Emeritus
 
David M's Avatar

Cruisers Forum Supporter

Join Date: Sep 2007
Location: San Francisco Bay
Boat: research vessel
Posts: 10,120
Re: Passwords In A Paperless World

I use the name of the entity plus a series of letters and numbers after that which only my wife and I know. Never been hacked and each password is unique. No paper or recording it electronically necessary.
__________________
David

Life begins where land ends.
David M is offline   Reply With Quote
Old 12-10-2017, 12:48   #54
Bailing as fast as I can.
 
GILow's Avatar

Join Date: Sep 2008
Location: Adelaide, South Australia
Boat: Swanson 42
Posts: 3,567
Re: Passwords In A Paperless World

Regarding the frequently changed passwords thing...

The main reason for this is actually manage the "social" weakness of passwords. That is, people in corporate offices will, no matter how hard you try to stop them, end up sharing passwords. There's always a "good" reason in their eyes, usually it is something to with needing urgent access to something while they are on the road without technology to gain that access.

So they share their current password with a fellow worker.

Now, if you force regular changes two things happen. 1. That shared password expires pretty soon, and 2. there is less temptation for the other person to write down the shared password and subsequently have it found, or 3, and this one is the real bugger, the tendency of the recipient of the shared password to share it with another coworker is also managed by the regular change. (It is an interesting and understandable behaviour that "shared" passwords are subsequently treated with much less respect than a person's own password.)

So the whole regularly-rotating password thing, I believe, is a bit of a furphy in the "normal" world. As noted, most hackers are going act very quickly on a discovered password, so the typical 60 - 90 day rotation scheme is unlikely to be much good unless the expiry date happens to be tomorrow or the next day.

Matt
__________________
Very funny Scotty, now beam down my clothes.
http://www.swansonsailor.id.au
GILow is offline   Reply With Quote
Old 12-10-2017, 14:31   #55
Registered User

Join Date: Dec 2016
Location: Houston, TX
Posts: 12
Re: Passwords In A Paperless World

This is a good discussion and contains some really useful information for those of us with lots of password. Like some of the others have mentioned, I have several hundred passwords in my IT world - both personal and work.

I'm highly resistant to changing passwords on a regular basis and recent (within the last five years) studies have pretty conclusively determined that regularly changing passwords is actually often harmful to security in that users tire of thinking up complex password and end up using easily guessed passwords rather than long, complex password.

In my mind, best practice is to use a LONG password that is also complex; how you come up with this password is up to you. You can use an algorithm as has been mentioned above or create a common root and derive passwords from that. The key characteristics of good passwords are that they are long and complex.

As for how to remember them, if you use an algorithm as outlined above, you could "remember" the password for any given site using the tricks mentioned. That doesn't really work for me due to the large numbers of passwords I have to keep track of, so I use (and recommend) a password manager. In my case, I use Dashlane and find it to be a large contributor to my peace of mind and my ease of use of password.

If you choose to use a password manager, it's key that you use one that encrypts the password database locally, even if it's then stored in the cloud. Basically, you're creating a copy of your password database that the application, by itself, can't open, and that requires your password and the correct copy of the database for use. Even if this is stored in the cloud (I highly recommend that approach for ease of use) the password database should be at least as secure as any website for which you may have a password and, ideally, should be much more secure because you can use a lllooonnnggg password for the database.

Ultimately, the responsibility for securing your online access rests with you, so it behooves you to use long, complex password wherever possible and to secure those passwords in some manner as discussed in this thread. Certainly, two-factor authentication is a must when available and I truly wish that more sites would leverage something like Google Authenticator to enable that two-factor capability.
__________________
mickeyelam is offline   Reply With Quote
Old 12-10-2017, 14:35   #56
Registered User
 
Reefmagnet's Avatar

Join Date: May 2008
Location: puɐןsuǝǝnb 'ʎɐʞɔɐɯ
Boat: Nantucket Island 33
Posts: 2,730
Re: Passwords In A Paperless World

Simple rule to having a secure password. Use a password of at least 7 characters containing a mix of numbers, non alpha-numeric characters, lower case alpha and upper-case alpha. Avoid dictionary words preceeded or proceeded by just numbers. For example, "WindSong20!7" makes a very effective password that is easy enough to remember but is hard to crack by brute force and dictionary attacks. You can test the strength of a proposed password by using one of the many password testing sites on the internet like https://howsecureismypassword.net/.

I'd also advocate using a password vault like LastPass . Whilst it may have potential vulnerabilities, it is used commercially and is about as secure as you can get, especially when used with multi factor authentication. Personally, I just use around a total of 5 passwords that I don't forget for everything and for those wackjob sites with stupid password rules where I can't use one of my faves , I just click the "forgot my password" link should I need to login.
__________________
Reefmagnet is offline   Reply With Quote
Old 12-10-2017, 15:14   #57
Registered User

Join Date: Jul 2014
Location: Massachusetts, USA
Posts: 55
Re: Passwords In A Paperless World

I use common phrases, and mispelll some off the wordds. I also throw in the numbers from my gym padlock that I have told to nobody. So "what a great day" becomes something like "whhatagraetday#172108".
__________________
Captain-Avenger is offline   Reply With Quote
Old 12-10-2017, 17:13   #58
Registered User

Join Date: Jan 2017
Posts: 1,894
Re: Passwords In A Paperless World

Password tips
Url:https://www.wired.com/2016/05/password-tips-experts/

Title:Passphrases That You Can Memorize — But That Even the NSA Can’t Guess | MetaFilter
Url:http://www.metafilter.com/155558/Pas...NSA-Cant-Guess

Titleon't Kill the Password. Change the Password | WIRED
Url:http://www.wired.com/2015/09/dont-ki...ange-password/
__________________
john61ct is online now   Reply With Quote
Old 12-10-2017, 18:09   #59
Registered User
 
dwedeking2's Avatar

Join Date: May 2014
Location: Jacksonville, FL
Boat: Morgan Out Island 415
Posts: 343
Images: 1
Re: Passwords In A Paperless World

Quote:
But That Even the NSA Can’t Guess
They're not guessing
dwedeking2 is offline   Reply With Quote
Old 12-10-2017, 21:06   #60
Registered User

Join Date: Feb 2015
Location: Oakland CA
Boat: Morgan 46 ketch
Posts: 192
Re: Passwords In A Paperless World

Thanks for this idea. Best simplest thing I have seen yet.
__________________

__________________
waterman46 is offline   Reply With Quote
Reply

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Going PAPERLESS afloat? SecondBase General Sailing Forum 32 11-10-2017 15:04
World Ocean Database and World Ocean Atlas Series GordMay The Library 2 15-01-2007 20:14
starting a business in 3rd world florensic Boat Ownership & Making a Living 7 13-01-2004 04:16
Hello world of cruisers filit7 Meets & Greets 0 09-03-2003 21:40



Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -7. The time now is 23:22.


Google+
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Social Knowledge Networks
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.

ShowCase vBulletin Plugins by Drive Thru Online, Inc.