[AccessD] OT: RE: Password Managers

John Colby jwcolby at gmail.com
Sun Sep 19 07:37:36 CDT 2021


Both OnePass and Bitwarden store passwords in an encrypted vault.  They do
sit out on the web but they are encrypted by your password and so are as
secure as the encryption engine and your password.

I used to use a system somewhat similar to Jims, and I still will in an
emergency.  My system is to take an acronym. "My daughter is a lovely
little girl", easy for me to remember.  Take the first char of each word.
"Mdiallg"  notice the leading capital letter.   On the end of this I add
XXX which are letters from the company or environment.  "GMA"il or "SAM"s
club.

Throw in numbers and special characters that only I know but are standard.
Perhaps start at zero and work down.  09.  Then special characters perhaps
!@.

The result is something like 09MdiallgGma!@

It turns into an easy to remember pattern with three characters buried in
there somewhere that change.  I have never been hacked.  But it is not
particularly safe because if a hacker gets my password from a dozen sites
the pattern falls right out.

I decided that in the end a password manager was a better solution.
Additionally a password manager can store credit card info, automobile
license, vin, registration numbers etc.  Really anything you need to have
available on your phone or computer but which should be strongly password
protected.  Just make your password for the manager strong and reliable.

The final plus of the password manager is that they all will enter your
username and password right into most login forms.  Not all but most.  And
even enter in credit card info.  And I am not typing them in so if I were
to get infected with a keylogger... I am not typing in the info.

Bitwarden is open source and works a treat as our British cousins like to
say.  Onepass is not and grows more restrictive by the year but I still use
both.  And Bitwarden can sing all of OnePass' stuff.

And both will make up really random passwords of length N (you choose) a
different password for every site.

Worth it in my opinion.

On Sun, Sep 19, 2021 at 7:22 AM Arthur Fuller <fuller.artful at gmail.com>
wrote:

> Thanks everybody.I like your thoroughness, Jim
>
> On Sat, Sep 18, 2021 at 4:28 PM Jim Dettman via AccessD <
> accessd at databaseadvisors.com> wrote:
>
> > << So far I haven't used one. >>
> >
> > Me neither.
> >
> > I prefer not to store my passwords anywhere.   What I use is a two-part
> > password system.    One part I memorize, which is a "base" password.
>  The
> > second part I write down on a cheat sheet and it's unique for each
> password
> > I need, and include a token to represent the base password.     So on my
> > cheat sheet, I might write:   Sec1+)95483$.    Only I know what Sec1 is.
> >
> >  So even if someone picks up my cheat sheet, they can't use it. If
> someone
> > hacks a web site, they get the full password, but it's only good for that
> > site.
> >
> > I also take it one step further in that I have multiple base passwords.
> > One I use on only 2 or 3 sites, which is for the critical stuff, like
> > banking, where I know they take security very seriously.   Chances of
> them
> > getting hacked are slim.    Then a second one for sites like Linked-in,
> > Facebook, etc.   Places where security is a concern, but they might be
> > hacked.  Then I have a few for all the junk sites, like ordering parts
> for
> > the dishwasher from xyz company, where chances are high that they will be
> > hacked and the password exposed (i.e. they run a Word Press site).
> >
> > And there's all kinds of flexibility in this.
> >
> > 1. You can put the base password anywhere     )3923$Sec1  or )392Sec13$
> as
> > you don't have to memorize the whole thing.   Just what represents the
> base
> > password.
> > 2. The second part can be lengthened / shortened  to allow for sites that
> > have different allowed password lengths (i.e. must be 8 characters, 6-10
> > characters, etc).    There's nothing more frustrating than having a
> > password
> > memorized, and a site won't accept it because it is too long or short.
> > 3. You can have as many base passwords as you want.    I make them easy
> to
> > remember by thinking of book or movie titles, then take the first letter
> of
> > each word and throw in a special character and/or numbers.   You also can
> > do
> > the character substitution thing ($ for S), utilize unique capitalization
> > (last letter instead of first, 2nd letter in, etc).    Whatever makes it
> an
> > easy mnemonic/system for you to remember.
> >
> > Jim.
> >
> > -----Original Message-----
> > From: AccessD On Behalf Of Arthur Fuller
> > Sent: Saturday, September 18, 2021 10:25 AM
> > To: accessd at databaseadvisors.com
> > Subject: [AccessD] Password Managers
> >
> > So far I haven't used one. Google reported to me that one of my passwords
> > was detected in a data breach I have a couple of questions. 1. Will a
> > manager create strong passwords automatically?  2. Is there one that is
> > cross platform? I have three working computers, each running a different
> > OS.
> >
> > --
> > Arthur
> > --
> > AccessD mailing list
> > AccessD at databaseadvisors.com
> > https://databaseadvisors.com/mailman/listinfo/accessd
> > Website: http://www.databaseadvisors.com
> >
> > --
> > AccessD mailing list
> > AccessD at databaseadvisors.com
> > https://databaseadvisors.com/mailman/listinfo/accessd
> > Website: http://www.databaseadvisors.com
> >
>
>
> --
> Arthur
> --
> AccessD mailing list
> AccessD at databaseadvisors.com
> https://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
>


-- 
John W. Colby
Colby Consulting


More information about the AccessD mailing list