Password Safe (Vault)

[tyger_claw]

Hey All,

Figured I'd pass along some good info to others.

If most are like me, you guys try to vary your passwords for everything you require a login. And probably try to make your passwords as hard as possible (ansci numeric) making all of them difficult to remember.

Well here's a little tool I found that could be useful. (although I haven't used it yet)

It's called Password Safe and it stores your passwords for you, protected by a blowfish encryption.

Many computer users today have to keep track of dozens of passwords: for network accounts, online services, premium web sites. Some write their passwords on a piece of paper, leaving their accounts vulnerable to thieves or in-house snoops. Others choose the same password for different applications, which makes life easy for intruders of all kinds.

So instead of having to remember 12 passwords, you only have to remember the one for the "vault" and a few here and there.

This is also useful for those who do use the same password for several sources and gives them a reason to change them all!

Password Safe features a simple, intuitive interface that lets users set up their password database in minutes. You can copy a password just by double-clicking, and paste it directly into your application. Best of all, Password Safe is completely free: no license requirements, shareware fees, or other strings attached.

Here's the link to the site: http://www.counterpane.com/passsafe.html

Another little note: The download is for v.1.7.1 but they also have an opensource version to better the product (v.2.0) check it out!

[Zonewalker]

not to be picky ...but... I'd already posted links to it here

http://www.antionline.com/showthread...hreadid=233600

but it's probably a good idea to post a link to it again... being as many would have missed it the first time round. It's an excellent program and well worth getting hold if like me you have over 40 passwords (most of them over 15 characters in length)

Z

[tyger_claw]

Oops!

Sorry about that, I missed it.

[Eversor]

I use a similar tool which generates and stores passwords as well. I've uploaded it (it's free). It's called Whisper32 and I've been using it for about 2 years and I love it.

[Zonewalker]

no problem tyger..... as I say it's probably a good idea to post a link to it again anyway

Z

[instronics]

While this application(s) might sound interesting and usefull, and it is an application which falls into the category security, only personally do i disagree with this. But know that i am paranoid when it comes to security and privacy. From a security point of view allow me to try to explain how and why i disagree. The positive side is that we are talking about a security application to help manage passwords. This has an advantage which helps you avoid using similar or same passwords for different locations. It also has the advantage that its security orientated. The bad side however is: You keep your passwords stored on your computer? Your using up resources and you are trusting an application of which you do not have a source code with your passwords? Think like when creating firewall rules. First, dissallow everything, then only allow what is really needed. Meaning, the less you have installed, the better. I never keep my passwords on a machine that has access to or from anything else. Please do not get me wrong, i dont want to rant about this, just from a secure point of view, only the idea of keeping passwords on your computer (if not otherwise possible) gives me the creeps. Dont trust any application with sensitive information. Passwords belong to THE most SENSITIVE information available (sensitive = key to invade privacy). For people who dont really care that much about security, its an excellent tool. Just dont whine when/if these kind of applications "leak".

Cheers.

[tyger_claw]

Insotronics, I hear you!

I totally agree that if someone wanted to target something on a computer, that would be the best target since it holds all passwords. The reason I posted this is for those users that have simple, easy(er) to crack passwords who use the excuse of "I can't remember a password like chHf34lD". (If you get what I mean).

But here's a little mod you might agree to using this little app. People can purchase those little USB devices (portable 64mb USB hardrives) and place the program and passwords on it and carry it on them at all times? This would also be something you only plug into a computer at a need to time, not keeping it accessible for more then 2 minutes?

Another thing, for those paranoid about the idea of keeping such sensitive information on their computer, is to enrypt the whole directory of the vault. Then, when you need to remember a password for something you haven't used in 2 months, you decrypt, and tada.

I totally agree with insotronics that keeping sensitive information on a computer or any device is not the best practice but it is a step some can use (& may find practical).

If someone is seriously concerned about their sensitive data, then they will take the steps to ensure the best form of protection possible.

[DjM]

Originally posted here by instronics
While this application(s) might sound interesting and usefull, and it is an application which falls into the category security, only personally do i disagree with this. But know that i am paranoid when it comes to security and privacy. From a security point of view allow me to try to explain how and why i disagree. The positive side is that we are talking about a security application to help manage passwords. This has an advantage which helps you avoid using similar or same passwords for different locations. It also has the advantage that its security orientated. The bad side however is: You keep your passwords stored on your computer? Your using up resources and you are trusting an application of which you do not have a source code with your passwords? Think like when creating firewall rules. First, dissallow everything, then only allow what is really needed. Meaning, the less you have installed, the better. I never keep my passwords on a machine that has access to or from anything else. Please do not get me wrong, i dont want to rant about this, just from a secure point of view, only the idea of keeping passwords on your computer (if not otherwise possible) gives me the creeps. Dont trust any application with sensitive information. Passwords belong to THE most SENSITIVE information available (sensitive = key to invade privacy). For people who dont really care that much about security, its an excellent tool. Just dont whine when/if these kind of applications "leak".

Cheers.

instronics, I do agree with you, but like tyger said many of us have way to many passwords to remember. I use a similar program, Password Agent Lite from Moon Software. It is a standalone executable which I first installed on my laptop, configured, install all my system passwords then I burned the whole thing to CD-R. I then wiped the application from may laptop. Now I keep this application with the rest of my tool-kit (which is never to far away) on an unmarked, unlabeled CD, When my mind takes a walk, I load up the CD, retrieve the password and I'm off to the races......

Cheers:

[phishphreek]

tyger_claw: I know you like palm pilots... so this is for you.

I have a cool little application on my palm that I use. It is called YAPS(freeware) (Yet Another Password Safe)

Description:
Yaps (Yet Another Password Safe) stores your passwords and other confidential information on your Palm, using 256-bit encryption. Access to the safe is password protected with automatic lock-out when the device switches off, or you go to another application. Other features include ease of use, import and export to Memo, masked or hidden records, fully implemented Palm search.

Now you are thinking... what if you loose your palm? If you are like me... you would NEVER do such a thing. I have it with me at all times. I have my whole life in there... (/action is a geek)
Of course I have a backup(encrypted) and an older one just in case anything was to happen to this one. I can restore my data to that.

I have the palm "password protected" and the beam is disabled.

If someone got a hold of it all they could do is do a hard reset... which would wipe all my data anyway.

[tyger_claw]

Hey phishphreek,

Thanks, I was using the notepad with the hidden feature and screenlock when not using my palm.....

Here's a good tread for palm security Secure PDA

I've been using an encryption notepad for my info. (noted below) but I'll check that program too....

So what next? Something that's always practical, passwords. While I know that many believe this is a common thing, PDA security is still not quite up to par for protection of the determined (like most thing, but, a little easier). Since most PDA passwords protect everything (which means a guessed password unlocks everything) it's best to use seperate programs for seperate reasons. Use programs that require passwords like Secret (An encrypted Memo pad), PDA Safe ID, FileSafe, or other applications