Cruisers Forum

  This discussion is proudly sponsored by:
Please support our sponsors and let them know you heard about their products on Cruisers Forums. Advertise Here
Thread Tools Search this Thread Rate Thread Display Modes
Old 12-10-2017, 09:35   #46
Registered User
spsexton's Avatar

Join Date: Jan 2017
Location: Eagan, MN
Boat: Com-Pac 16
Posts: 8
Re: Passwords In A Paperless World

Here's advice on this from one of the most well respected security experts.
spsexton is offline   Reply With Quote
Old 12-10-2017, 10:05   #47
Registered User
Broadside's Avatar

Join Date: May 2017
Location: Florida
Boat: Aquarius Pilot Cutter
Posts: 7
Re: Passwords In A Paperless World

I use DataVault Password Manager for Mac and iOS devices. All devices are synced through Dropbox, (other cloud storage works also). All data files are encrypted on both the device and the cloud. If your phone is hacked, the data file is useless to the hacker. And before the peanut gallery jumps in, yes the encryption could POSSIBLY be broken, but not at all likely. All you really have to remember is a good strong password to get into the DataVault and the rest of your stuff becomes available. On any of these password managers, make sure it encrypts all data files.
This approach also helps out if something happens to you, your family can get access to accounts and such.
Hope that helps
Broadside is offline   Reply With Quote
Old 12-10-2017, 10:09   #48
Registered User
maxingout's Avatar

Join Date: Dec 2006
Location: Cruising
Boat: Privilege 39 Catamaran, Exit Only
Posts: 2,723
Re: Passwords In A Paperless World

Sometimes I use the names of cruising yachts that I have seen around the world as passwords, and I always use at least the names of two different yachts making the password longer and more difficult.

At other times, I choose the names of remote cruising destinations around the world as passwords.

Thumb drives are now so small that they are easy to hide, so that may be another way for me to store encrypted passwords.
Dave -Sailing Vessel Exit Only
maxingout is offline   Reply With Quote
Old 12-10-2017, 10:50   #49
Registered User
MV Wanderlust's Avatar

Join Date: May 2016
Location: Palmetto, FL
Boat: "Wanderlust" -- 1999 Jefferson Rivanna 52'
Posts: 875
Images: 28
Re: Passwords In A Paperless World

As others have said, nothing is entirely bulletproof. If someone really wants in and has adequate skills, they'll get in. That said...

There are some really good password schemes that have already been shared. I've taken an approach similar to what others are doing with a minor modification. I chose a random word... not something from my past or a child or pet's name or has any significance so social engineering probably wouldn't figure it out... and then appended the date it was set.

For example:
Let's say the random word was something like Escalade.
And let's say the password is being used for Dropbox (I don't have a Dropbox account) and it was set on 9-17-2017.
The Dropbox password would become Escalade9172017$. The dollar sign is used as an example of an extended character but it could be any of them.
To remember the password for any site, I save a shortcut to it and edit the name of the shortcut to include the date it was set and the number 4, to represent the extended character used, if it was a dollar sign.
The password on any site can be changed as often as you like by just changing the date and then modifying the name of the shortcut with the new date.
This approach has been working for nearly twenty years and has never been hacked. It would be tough to hack without knowing the random word and yet the hint for each site is readily available.
MV Wanderlust is offline   Reply With Quote
Old 12-10-2017, 10:52   #50
Registered User

Join Date: Mar 2016
Location: Jersey City, NJ
Boat: longing for a trimaran
Posts: 79
Re: Passwords In A Paperless World

Most sites can support a 12 character password and requires both upper and lower case, numbers and special characters. I meet this requirement by creating an 8 character passphrase. For example, I convert "JEANNEAU" to "J34Nn=^u". Then tack on a four number PIN, say 1234.

Now here is how it works.
When I am logging in to:, my password will be "J34Nn=^ucrui", my password will be "J34Nn=^uyaho", my password will be "J34Nn=^uebay", my password will be "J34Nn=^u6pm4"

The system provides for a UNIQUE password per website, but you only have to remember your special PASSPHRASE and PIN.

For those that have not picked it up yet, I use the PIN to figure our which letters of the websites name I will be using. For the same sites above, if my PIN where 6835 the passwords would be:
"J34Nn=^uesus" for
"J34Nn=^u68ho" for
"J34Nn=^u68a5" for
"J34Nn=^u68m5" for

Nothing to get hacked, not much to remember, just be careful you don't bump your head.

One more thing, I actually have 2 PASSPHRASEs and PINs. I use a different one for sites where I have financial info and sites where I don't.
tatomaceda is offline   Reply With Quote
Old 12-10-2017, 11:20   #51
Registered User

Join Date: May 2008
Posts: 3,451
Re: Passwords In A Paperless World

Security has gotten much easier in the last year mostly due to the spread of two factor authorization where a code is sent to your phone. With two factor enabled, it's almost impossible for a guy in Russia to get into your account even if your password is "1234". Here's what I do:

All my passwords go into standard Apple Notes - it has encryption based on Apple security. It copies to both my Iphone and ipad by SSL. Apple has never had a successful direct breach of Icloud (people get in by guessing passwords - not Apple's fault). I worry more about being hit by a meteor. I also encrypt the individual Apple note of passwords a 2nd time with a different password (although this really isn't necessary because you can't get past the lockscreen in the first place)

My Apple password is 16 characters long and only used for Apple. The passcode is six numbers. Fingerprint is also turned on. Two factor security is enabled so a code is sent to the phone for any change (two factor is also enabled on any account that allows it). The Iphone and Ipad are both set to erase themselves if someone gets the phone passcode on the lock screen wrong 10 times.

I only need a few passwords because I use the same password on any unimportant site - like this site. I'm not worried about someone posting here using my name - it might be an improvement

If an important site doesn't have two factor but uses "questions", my answers are not real so they can't be guessed (What city were you born in? "Ice Cream"). The answers are all put in the Apple Notes file.

I assume that any link in an email or text that later asks for my password or personal information is phishing. I back out and go to the site without using the link.

Here's a fun site to test your password:
CarlF is offline   Reply With Quote
Old 12-10-2017, 11:21   #52
Registered User
CaptTom's Avatar

Join Date: Apr 2004
Location: Southern Maine
Boat: Prairie 36 Coastal Cruiser
Posts: 2,885
Re: Passwords In A Paperless World

Originally Posted by Captain Bucknut View Post
Passwords....i like the consistent algorithm method (it's also approved by the Catholic Church)...
I see what you did there. Good one!

Originally Posted by ZULU40 View Post
It was discovered recently that an Australian defence supplier had been hacked over a period of 4 months. Turns out they hadnt changed passwords in over a year. Passwords like admin for admin and guest for guest.
Good example. They weren't hacked because some USER didn't change their 12-character, alpha-numeric, with numerals and special characters (but not the first or last character) and no more than two repeating characters and none containing any part of the last 12 you used, password.

They were hacked because (1) their IT shop was lazy, and (2) the hackers wanted to get into the whole system, not just some poor schmuck's individual account.
CaptTom is offline   Reply With Quote
Old 12-10-2017, 12:46   #53
Moderator Emeritus
David M's Avatar

Cruisers Forum Supporter

Join Date: Sep 2007
Location: Eastern Tennessee
Boat: Research vessel for a university, retired now.
Posts: 10,406
Re: Passwords In A Paperless World

I use the name of the entity plus a series of letters and numbers after that which only my wife and I know. Never been hacked and each password is unique. No paper or recording it electronically necessary.

Life begins where land ends.
David M is offline   Reply With Quote
Old 12-10-2017, 12:48   #54
Registered User
GILow's Avatar

Join Date: Sep 2008
Location: On the boat, somewhere in Australia.
Boat: Swanson 42 & Kelly Peterson 44
Posts: 8,991
Re: Passwords In A Paperless World

Regarding the frequently changed passwords thing...

The main reason for this is actually manage the "social" weakness of passwords. That is, people in corporate offices will, no matter how hard you try to stop them, end up sharing passwords. There's always a "good" reason in their eyes, usually it is something to with needing urgent access to something while they are on the road without technology to gain that access.

So they share their current password with a fellow worker.

Now, if you force regular changes two things happen. 1. That shared password expires pretty soon, and 2. there is less temptation for the other person to write down the shared password and subsequently have it found, or 3, and this one is the real bugger, the tendency of the recipient of the shared password to share it with another coworker is also managed by the regular change. (It is an interesting and understandable behaviour that "shared" passwords are subsequently treated with much less respect than a person's own password.)

So the whole regularly-rotating password thing, I believe, is a bit of a furphy in the "normal" world. As noted, most hackers are going act very quickly on a discovered password, so the typical 60 - 90 day rotation scheme is unlikely to be much good unless the expiry date happens to be tomorrow or the next day.

Refitting… again.
GILow is offline   Reply With Quote
Old 12-10-2017, 14:31   #55
Registered User

Join Date: Dec 2016
Location: Houston, TX
Posts: 13
Re: Passwords In A Paperless World

This is a good discussion and contains some really useful information for those of us with lots of password. Like some of the others have mentioned, I have several hundred passwords in my IT world - both personal and work.

I'm highly resistant to changing passwords on a regular basis and recent (within the last five years) studies have pretty conclusively determined that regularly changing passwords is actually often harmful to security in that users tire of thinking up complex password and end up using easily guessed passwords rather than long, complex password.

In my mind, best practice is to use a LONG password that is also complex; how you come up with this password is up to you. You can use an algorithm as has been mentioned above or create a common root and derive passwords from that. The key characteristics of good passwords are that they are long and complex.

As for how to remember them, if you use an algorithm as outlined above, you could "remember" the password for any given site using the tricks mentioned. That doesn't really work for me due to the large numbers of passwords I have to keep track of, so I use (and recommend) a password manager. In my case, I use Dashlane and find it to be a large contributor to my peace of mind and my ease of use of password.

If you choose to use a password manager, it's key that you use one that encrypts the password database locally, even if it's then stored in the cloud. Basically, you're creating a copy of your password database that the application, by itself, can't open, and that requires your password and the correct copy of the database for use. Even if this is stored in the cloud (I highly recommend that approach for ease of use) the password database should be at least as secure as any website for which you may have a password and, ideally, should be much more secure because you can use a lllooonnnggg password for the database.

Ultimately, the responsibility for securing your online access rests with you, so it behooves you to use long, complex password wherever possible and to secure those passwords in some manner as discussed in this thread. Certainly, two-factor authentication is a must when available and I truly wish that more sites would leverage something like Google Authenticator to enable that two-factor capability.
mickeyelam is offline   Reply With Quote
Old 12-10-2017, 14:35   #56
Registered User
Reefmagnet's Avatar

Join Date: May 2008
Location: puɐןsuǝǝnb 'ʎɐʞɔɐɯ
Boat: Nantucket Island 33
Posts: 4,864
Re: Passwords In A Paperless World

Simple rule to having a secure password. Use a password of at least 7 characters containing a mix of numbers, non alpha-numeric characters, lower case alpha and upper-case alpha. Avoid dictionary words preceeded or proceeded by just numbers. For example, "WindSong20!7" makes a very effective password that is easy enough to remember but is hard to crack by brute force and dictionary attacks. You can test the strength of a proposed password by using one of the many password testing sites on the internet like

I'd also advocate using a password vault like LastPass . Whilst it may have potential vulnerabilities, it is used commercially and is about as secure as you can get, especially when used with multi factor authentication. Personally, I just use around a total of 5 passwords that I don't forget for everything and for those wackjob sites with stupid password rules where I can't use one of my faves , I just click the "forgot my password" link should I need to login.
Reefmagnet is offline   Reply With Quote
Old 12-10-2017, 15:14   #57
Registered User

Join Date: Jul 2014
Location: Massachusetts, USA
Posts: 55
Re: Passwords In A Paperless World

I use common phrases, and mispelll some off the wordds. I also throw in the numbers from my gym padlock that I have told to nobody. So "what a great day" becomes something like "whhatagraetday#172108".
Captain-Avenger is offline   Reply With Quote
Old 12-10-2017, 17:13   #58

Join Date: Jan 2017
Boat: Retired from CF
Posts: 13,317
Re: Passwords In A Paperless World

Password tips

Title:Passphrases That You Can Memorize — But That Even the NSA Can’t Guess | MetaFilter

Titleon't Kill the Password. Change the Password | WIRED
john61ct is offline   Reply With Quote
Old 12-10-2017, 18:09   #59
Registered User
dwedeking2's Avatar

Join Date: May 2014
Location: Key West, FL
Boat: Morgan Out Island 415
Posts: 909
Images: 1
Re: Passwords In A Paperless World

But That Even the NSA Can’t Guess
They're not guessing
S/V Pomaika'i Blog
dwedeking2 is offline   Reply With Quote
Old 12-10-2017, 21:06   #60
Registered User

Join Date: Feb 2015
Boat: Land bound, previously Morgan 462
Posts: 1,992
Re: Passwords In A Paperless World

Thanks for this idea. Best simplest thing I have seen yet.
waterman46 is offline   Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Going PAPERLESS afloat? SecondBase General Sailing Forum 32 11-10-2017 15:04
World Ocean Database and World Ocean Atlas Series GordMay The Library 2 15-01-2007 20:14
starting a business in 3rd world florensic Boat Ownership & Making a Living 7 13-01-2004 04:16
Hello world of cruisers filit7 Meets & Greets 0 09-03-2003 21:40

Advertise Here

All times are GMT -7. The time now is 18:12.

Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2023, vBulletin Solutions, Inc.
Social Knowledge Networks
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2023, vBulletin Solutions, Inc.

ShowCase vBulletin Plugins by Drive Thru Online, Inc.