I would be interested in comparing my password experience to that of others. Mine are on a spreadsheet and there are four pages of them. Although many are duplicates there are enough variations that the record is necessary to keep it all straight. Over the years I have collected different combinations of numbers and letters that are meaningful to me but no one else, for example an old laundry number that was randomly assigned, and I’ve assigned symbols to each combination. It is the symbols that appear on my spreadsheet, not the passwords themselves. For example # means one group and % means another and I’m fairly successful at memorizing these. I also use combinations of groups. I keep the key to the symbols in a secure place – I have to refer to it rarely, perhaps less than once a month.
I understand the process is necessary, but what I don’t understand is why so many sites push the need to constantly change passwords. There is one federal site I use that just announced they not only demand a lengthy password with symbols, cases, numbers and letters, but that they will require it to change every few months! Why? Here’s what I don’t understand. If my password is still secure, why should I change it? Am I supposed to think there’s some nefarious hacker out there running an analysis of my code for a month or two to break it down and my changing it in three months will thwart him? Sounds ridiculous to me. One password should be as good as another of the same complexity. My plan for that federal site is to just reverse some groups back and forth each time, but still I will have to record it. What a pain.
The clip is funny, but it’s also close to the truth.
Oh my, I’ve never gotten into anything that complex. I have a few different logins and passwords that I use in different combinations. They are things I can easily remember but I doubt anyone could guess them or derive them from reading personal information about me. They do include caps, lowercase, numbers, and symbols. I have two main gripes. The first is supposedly secure sites that won’t let me use symbols and/or aren’t case sensitive; what good is it to follow all the best advice for strong passwords when a site won’t accept them? As I recall, one of them was a bank. You’d think a bank would have the most stringent security available. My other gripe is sites that require (not just suggest) you to change your password periodically and require that the new one not be any password you’ve ever used before. When I run into that, I’m tempted to enter something like “YOUrM*therWEarsC_mbatb00ts!!
There’s a Mac app called 1Password that my son highly recommends. I wish I’d bought it the day he found it on sale for half price, because it normally costs $50. I don’t recall exactly how he said it works; I think it generates random long, very secure passwords for you and remembers and enters them for you.
I don’t know what I’d do without my KeePass. It not only allows me to store all my passwords in a nicely structured way, but can also generate new ones for me. I use the portable version so I don’t have to install it on my PC and can keep a copy safe and secure on a flash drive! 😀
Yup, me too. Makes me more nervous than a cat in a roomful of rocking chairs. I have this vision of typing in my master password and . . . nothing happens. 😯
I found a $10 app in the Apple store called “Datavault” and am contemplating.
1Password’s $50 price tag seems very high to me, but I saw Apple had several password apps available. If you get one of the others, let me know how it works out. I’m biased toward my son’s recommendation just because he’s a developer and creates apps, websites, and their security for a living.
Will do.
Speaking of “another step,” I keep hearing about a new “two-step” log in procedure. Does that mean I’d have to wait for a call to my cell phone before I can actually log in to an account? Also, Gmail (Google) has been asking me to give them a cell phone number “just in case” I’m unable to log in. I’m trying to figure out how exactly it is that they’d know if I was unable to log in?!?! 🙄
I have exactly the same questions. The two-step WP login may be more secure, but when it involves using a cell phone, which I rarely use, I think it verges on too complex to be worthwhile. Why should I have to involve a device other than my computer? Maybe the phone is only for the initial sign-up. I’m don’t really understand the process.
I haven’t given Google my cell phone number either. I haven’t given that number to anyone yet and may never do so; I’ve become absolutely paranoid about my phone numbers and robocallers/telemarketers. I’m on the verge of getting a new unlisted home phone number to thwart them (and I’ll have to pay $2 a month forever for the privilege).
Giving Google a cell phone number, or any phone number, is an open invitation to be on one of those “lists” they sell if I’ve ever heard of one!
That’s what I was thinking. If I make the switch to routing all callers through Google Voice, I might be willing to hand out that number. But of course, that would put ALL my phone numbers in Google’s hands …
Right. And in reading about the Datavault for Mac I see in the fine print that “synchronization with handheld devices is sold separately”. So, I gather I would have to buy and install a second piece of software for my iPad, and up goes the complexity of the thing. Which would I install first, or does that matter? I’m nervous.
I don’t blame you Jim!
If I’m going to add the step of buying and using a password app of any kind, it better sync with all my devices.
My son explained to me today that different devices have different operating systems and that’s why you have to pay an additional amount for the different devices. He has 1Password on his computer. If he needs that information while using a different device, he uses Dropbox to get his passwords from his computer. Dropbox is a great app for making files (stored in the cloud) available to all your different devices. I use it mostly for moving files from my laptop to my big computer, or for storing/moving backup files.
Well, I took the plunge and down-loaded “DataVault” for Mac from the Apple Store for all of $9.99. My experience so far:
1. It didn’t work because it required a plug-in for Safari browser (no charge) and my OS put it in a “sandbox”, a security mechanism I knew nothing about before this. Turns out, it was because I kept my older OS rather than updating to LION, and that was because LION isn’t compatible with my personal finance software, Quicken 2007. Whew.
2. When I went to complain to the provider of DataVault, Ascendo, they have no phone support, only email. They did reply after a day and one day later provided a different browser plug-in that worked.
3. I’m still trying to get the feel of this thing. I thought there might be a mode in which I could type in the master password once per session but I guess that’s too risky – it has to be for every log-in.
4. DataVault won’t handle sites where the log-in and password blanks are on separate pages. Ascendo said they’re working on that.
5. If I decide I’m going to use this, I will have to spring for another 10 bucks to sync with my iPad – like PT’s son said, a different OS.
6. Also, if I had read the fine print (when will I learn?) I’d have seen that buying from Ascendo’s web site rather than the Appple Store would have entitled me to a free 30-day trial.
The college of hard knocks continues, and class is never out . . .
Well, that’s discouraging. Those are the types of details that aren’t mentioned in a product description and I wouldn’t have known to ask. Have you tried using Dropbox to synch everything? (It was free, as I recall.) Not sure how you do that with a password manager, but apparently it works for Michelle and my son.
BTW, you were wise to avoid Quicken Essentials. I had to switch to it when I switched to this MacBook, and I’m still cussing it.
I tried Dropbox and found that I really didn’t need it, plus it seemed distracting. But that’s probably because I use my desktop for all complex stuff and the iPad only for e-reading and casual surfing. As for Essentials, I knew it wasn’t for me. For a while I thought Mint.com might be the answer, and then found it had no desk-top app, just portables. Eventually my OS Snow Leopard will get so old I’ll be obsolete I suppose, but I’m compulsively tied to knowing my net worth and Quicken seems to be all that will do it with automatic downloads of the main accounts. 😡
I’ve thought a lot about jumping to Mint, but there’s something about having all my financial information online that bothers me (even though I do all my banking online). Plus the hassle of making yet another change. I don’t understand why Quicken won’t produce a decent program for Mac users.
I just commented to Izaakmak, so I’m sure you read it. But I love my Keypass. I’m Android, and I have it synced between all my devices… A desktop (Win 7), two laptops (one is Win 7 and other is Ubuntu), Android tablet and phone. Via Dropbox they sync when I power up any device. And I store a copy on my external just in case…….
I love Dropbox. And it seems it has far more uses as a “synchronizer” than I’d imagined. I guess the only way I’m going to really understand about how the password apps work is to pick one and jump in. KeePass is looking good …
Sweet!!! I use Keypass, too. I keep it in my Dropbox and have it linked between my computer, laptops, tablet and phone. I never leave home without it. And I use some wicked passwords as I let Keypass generate them.
That was just hilarious PT! 😆
I figured every one of my readers had some experience with passwords. Something for everybody.
I would be interested in comparing my password experience to that of others. Mine are on a spreadsheet and there are four pages of them. Although many are duplicates there are enough variations that the record is necessary to keep it all straight. Over the years I have collected different combinations of numbers and letters that are meaningful to me but no one else, for example an old laundry number that was randomly assigned, and I’ve assigned symbols to each combination. It is the symbols that appear on my spreadsheet, not the passwords themselves. For example # means one group and % means another and I’m fairly successful at memorizing these. I also use combinations of groups. I keep the key to the symbols in a secure place – I have to refer to it rarely, perhaps less than once a month.
I understand the process is necessary, but what I don’t understand is why so many sites push the need to constantly change passwords. There is one federal site I use that just announced they not only demand a lengthy password with symbols, cases, numbers and letters, but that they will require it to change every few months! Why? Here’s what I don’t understand. If my password is still secure, why should I change it? Am I supposed to think there’s some nefarious hacker out there running an analysis of my code for a month or two to break it down and my changing it in three months will thwart him? Sounds ridiculous to me. One password should be as good as another of the same complexity. My plan for that federal site is to just reverse some groups back and forth each time, but still I will have to record it. What a pain.
The clip is funny, but it’s also close to the truth.
Oh my, I’ve never gotten into anything that complex. I have a few different logins and passwords that I use in different combinations. They are things I can easily remember but I doubt anyone could guess them or derive them from reading personal information about me. They do include caps, lowercase, numbers, and symbols. I have two main gripes. The first is supposedly secure sites that won’t let me use symbols and/or aren’t case sensitive; what good is it to follow all the best advice for strong passwords when a site won’t accept them? As I recall, one of them was a bank. You’d think a bank would have the most stringent security available. My other gripe is sites that require (not just suggest) you to change your password periodically and require that the new one not be any password you’ve ever used before. When I run into that, I’m tempted to enter something like “YOUrM*therWEarsC_mbatb00ts!!
There’s a Mac app called 1Password that my son highly recommends. I wish I’d bought it the day he found it on sale for half price, because it normally costs $50. I don’t recall exactly how he said it works; I think it generates random long, very secure passwords for you and remembers and enters them for you.
I don’t know what I’d do without my KeePass. It not only allows me to store all my passwords in a nicely structured way, but can also generate new ones for me. I use the portable version so I don’t have to install it on my PC and can keep a copy safe and secure on a flash drive! 😀
Looks interesting, Mak, but I can’t use it on a Mac. I’ll see if I can find something similar for it.
KeePassX for Mac might be worth a look Jim. Obviously, I haven’t tried it myself…
My problem with any password app is breaking old habits and getting over the reluctance to add yet another step or two to the login process.
Yup, me too. Makes me more nervous than a cat in a roomful of rocking chairs. I have this vision of typing in my master password and . . . nothing happens. 😯
I found a $10 app in the Apple store called “Datavault” and am contemplating.
1Password’s $50 price tag seems very high to me, but I saw Apple had several password apps available. If you get one of the others, let me know how it works out. I’m biased toward my son’s recommendation just because he’s a developer and creates apps, websites, and their security for a living.
Will do.
Speaking of “another step,” I keep hearing about a new “two-step” log in procedure. Does that mean I’d have to wait for a call to my cell phone before I can actually log in to an account? Also, Gmail (Google) has been asking me to give them a cell phone number “just in case” I’m unable to log in. I’m trying to figure out how exactly it is that they’d know if I was unable to log in?!?! 🙄
I have exactly the same questions. The two-step WP login may be more secure, but when it involves using a cell phone, which I rarely use, I think it verges on too complex to be worthwhile. Why should I have to involve a device other than my computer? Maybe the phone is only for the initial sign-up. I’m don’t really understand the process.
I haven’t given Google my cell phone number either. I haven’t given that number to anyone yet and may never do so; I’ve become absolutely paranoid about my phone numbers and robocallers/telemarketers. I’m on the verge of getting a new unlisted home phone number to thwart them (and I’ll have to pay $2 a month forever for the privilege).
Giving Google a cell phone number, or any phone number, is an open invitation to be on one of those “lists” they sell if I’ve ever heard of one!
That’s what I was thinking. If I make the switch to routing all callers through Google Voice, I might be willing to hand out that number. But of course, that would put ALL my phone numbers in Google’s hands …
Right. And in reading about the Datavault for Mac I see in the fine print that “synchronization with handheld devices is sold separately”. So, I gather I would have to buy and install a second piece of software for my iPad, and up goes the complexity of the thing. Which would I install first, or does that matter? I’m nervous.
I don’t blame you Jim!
If I’m going to add the step of buying and using a password app of any kind, it better sync with all my devices.
My son explained to me today that different devices have different operating systems and that’s why you have to pay an additional amount for the different devices. He has 1Password on his computer. If he needs that information while using a different device, he uses Dropbox to get his passwords from his computer. Dropbox is a great app for making files (stored in the cloud) available to all your different devices. I use it mostly for moving files from my laptop to my big computer, or for storing/moving backup files.
Well, I took the plunge and down-loaded “DataVault” for Mac from the Apple Store for all of $9.99. My experience so far:
1. It didn’t work because it required a plug-in for Safari browser (no charge) and my OS put it in a “sandbox”, a security mechanism I knew nothing about before this. Turns out, it was because I kept my older OS rather than updating to LION, and that was because LION isn’t compatible with my personal finance software, Quicken 2007. Whew.
2. When I went to complain to the provider of DataVault, Ascendo, they have no phone support, only email. They did reply after a day and one day later provided a different browser plug-in that worked.
3. I’m still trying to get the feel of this thing. I thought there might be a mode in which I could type in the master password once per session but I guess that’s too risky – it has to be for every log-in.
4. DataVault won’t handle sites where the log-in and password blanks are on separate pages. Ascendo said they’re working on that.
5. If I decide I’m going to use this, I will have to spring for another 10 bucks to sync with my iPad – like PT’s son said, a different OS.
6. Also, if I had read the fine print (when will I learn?) I’d have seen that buying from Ascendo’s web site rather than the Appple Store would have entitled me to a free 30-day trial.
The college of hard knocks continues, and class is never out . . .
Well, that’s discouraging. Those are the types of details that aren’t mentioned in a product description and I wouldn’t have known to ask. Have you tried using Dropbox to synch everything? (It was free, as I recall.) Not sure how you do that with a password manager, but apparently it works for Michelle and my son.
BTW, you were wise to avoid Quicken Essentials. I had to switch to it when I switched to this MacBook, and I’m still cussing it.
I tried Dropbox and found that I really didn’t need it, plus it seemed distracting. But that’s probably because I use my desktop for all complex stuff and the iPad only for e-reading and casual surfing. As for Essentials, I knew it wasn’t for me. For a while I thought Mint.com might be the answer, and then found it had no desk-top app, just portables. Eventually my OS Snow Leopard will get so old I’ll be obsolete I suppose, but I’m compulsively tied to knowing my net worth and Quicken seems to be all that will do it with automatic downloads of the main accounts. 😡
I’ve thought a lot about jumping to Mint, but there’s something about having all my financial information online that bothers me (even though I do all my banking online). Plus the hassle of making yet another change. I don’t understand why Quicken won’t produce a decent program for Mac users.
I just commented to Izaakmak, so I’m sure you read it. But I love my Keypass. I’m Android, and I have it synced between all my devices… A desktop (Win 7), two laptops (one is Win 7 and other is Ubuntu), Android tablet and phone. Via Dropbox they sync when I power up any device. And I store a copy on my external just in case…….
I love Dropbox. And it seems it has far more uses as a “synchronizer” than I’d imagined. I guess the only way I’m going to really understand about how the password apps work is to pick one and jump in. KeePass is looking good …
Don’t buy when this is a reputable open source product. http://keepass.info/
Sweet!!! I use Keypass, too. I keep it in my Dropbox and have it linked between my computer, laptops, tablet and phone. I never leave home without it. And I use some wicked passwords as I let Keypass generate them.