Storing Passwords?

I have many accounts in many different sites. Read to not use same password on same site for obvious reasons. I have all my username/passwords on my computer in a microsoft office sheet and also on my usb as well. Obviously if i lose it, thats very bad b/c it has the site and the password in it.


First off, how does one lock a document? I know when someone sent me an adobe document, i couldnt open it without entering a passport that they told me. So basically whenever i try to open the same document that is saved on computer, it requires the password. Can someone tell me how i would be able to do this for word documents? I have openoffice by the way and not microsoft word on this computer.


Also is there a place to store it online? I heard someone mention keepass. I downloaded it but not sure how it really works. So basically you only need to remember 1 password right? Then when you access it, you have all the password for each site you have on it? How does one even put the password in keepass? You suppose to type it manually or transfer a document to it such as an openoffice or microsoft word or wordpad or excel sheet on it because im not sure how that works. Also is keepass very safe? Thus if someone hacks your acct, then they would have all the passwords. So would it be good idea to just put passwords in it but dont put the actual site to it and just recall which password is which site when you see all the password if that makes sense?

 

In Word, create your doc, then save it. Then under the File tab (or Office Button), select INFO, then Protect Document. It will give you a list of choices on what type of protection you want to assign to the file.

For OpenOffice, you simply check the Save with a Password box when you select Save As.

https://www.openoffice.org/dev_docs/features/3.3/#Increased_Document_Protection_in_Writer_and_Calc

I don't advocate online password backups. Too much potential for hacking. The app I use is strictly for Android/iOS. It's called UPM. All your passwords are saved into an encrypted database file (which I have tried to crack using brute force, but have never been successful). The database file can be backed up onto the device's memory card in case of whatever.

 

I use KeePass and have for nearly 3 years now. It is indeed a concept of you have one really good password, and then store all your other passwords in KeePass. KeePass stores those passwords, encrypted, in a file, and you can unlock them by entering your one master password. Then you can copy and paste your other passwords to your web browser or wherever else you need them. The key advantage over an unprotected Word document is that if someone copies the file to their computer, they still can't access your passwords (unless they guess you master password). I'm not sure how good the encryption is on Office, but I know KeePass uses 256-bit AES encryption, which one of the standard recommended types of encryption and should be secure against any potential adversary, even government ones (unless you use a poor master password).

To get started in KeePass, you can start the program, go to File -> New, choose a name and location for your password file, and then enter your Master Password in the next dialog ("Create Composite Master Key"). Optionally, you can also link to a specific file or your Windows account for greater variety in your master password (although be careful - if you modify the file, or lose your Windows account, you would be locked out forever. If you use a file, for example, you should make sure you have backup copies of that file in case you lose the original). I just use a high-quality password that I use nowhere else, personally. You can go with the default on Page 2 of the database setup. There is no step 3 - at that point, you have a password database with some default folders, and can add entries to folders with the icon that looks like a key with a plus sign to the right of the floppy disk save icon.

For each password, you just need to enter a title (such as NBR), and your password, twice (such as password1, only hopefully better). To the right of "Repeat password", you can also click the Generate Password button to have the program create a randomly generated password for you, of a length and character composition (capitals, lowercase, numbers, special characters, etc.) that you specify. That way you don't have to come up with 50 passwords for your 50 sites all by yourself.

After creating a few entries, you can click on an entry, hit Ctrl+C to copy the password, and then paste it with Ctrl+V wherever you need it.

I would recommend taking advantage of the randomly generated passwords and the control-paste features. You'll wind up with much better (harder to randomly guess) passwords, and as long as you don't use a poor master key, should be in good shape security-wise. Essentially, instead of trying to memorize 50 passwords or using the same one for all sites, you just have to remember one good one. Nowadays, I don't know my own password to most sites. My e-mail and work account passwords I know since I have to be able to enter them myself, but most of my other ones are randomly generated, and I couldn't tell them to someone if I wanted to. The downside is it also means I can't, say, log on to NBR from a random computer... but if I really needed to I could use the Forgot Password feature to reset it.

Another common password management program is LastPass. It does do online backup, which KeePass doesn't. That is more convenient, but it also means there's the chance of it being hacked, and since it is closed-source it isn't possible to verify that there aren't back doors. I come from the days before cloud backup existed, so I'm somewhat distrustful of cloud backup security, and prefer a purely-local solution like KeePass. It's one of those things where, while LastPass is probably fairly secure, if it did get hacked everyone who used it would be hosed. With KeePass, it's open source (so a back door would be harder to hide), and even if there were a security vulnerability, someone looking to steal your passwords would still have to gain access to your computer, which would be a much lower-priority target than LastPass's servers.

You will want to back up your database somewhere, though, in case your hard drive crashes. I have it backed up on another hard drive; you could even back it up on a flash drive since even if you lost the flash drive, the file would still be heavily encrypted, unlike your current Word document.

 

KeePass - best program out there. Use a secondary authentication key. And do not lock the file to the user account. Enjoy great password security.

 

Ditto on this.

 

Keepass ...is Number 1...in my playbook. It's invaluable in storing massive accounts and sites linked to those accounts. I can click and open directly to the site login and auto fill the password and not worry about where did I write the password down at.

 

And another plus...you can make a portable version and sync the keepass database and that way if on the road you never forget sites links passwords....another invaluable accessory in this modern day and age of so many passwords and is one can never remember all of of them as the same time. I just plug into another computer USB and open keepass enter Master password and key right on working.

 

Another vote for KeePass. It's pretty simple to use really (Apollo13 gave a good how-to above), and it does a great job at storing passwords. I wouldn't want to use a locked document since the security isn't very impressive in office suites.

 

+1 on KeePass; it's the solution to use for this problem. Storing passwords in a Word document, on the other hand, is just one step short of the infamous Sticky Notes on the monitor, and is the wrong approach. Wildly unsafe for a host of reasons, even if the document gets password protected.

 

Not to mention how many would be able to go back in time to remember what password they used to lock the word doc or excel doc. Not many....most forget what password they used. This is the reason one shouldn't password lock word/excel docs memory is ages with age and one can never insure they remember every password connected to which documents.

 

Sometimes that's the only option. Because sometimes, you're working with very temperamental people who can't use anything (and I mean ANYTHING) outside of MS Office. So the best you can hope for is to create a login list in Excel and encrypt it.

 

True but then again this is why we call it "Conversation" talk to them in calm and constructive manner and that will get your point across even if they don't want to listen...arguing never get anything productive complete. Business fail or turn profits based on how everyone works together. Also this is called create a backup for yourself and one for them and if they forget or loss the password then they are to blame for not thinking outside the box.

 

Oh this wasn't with work. This was with my aunt & uncle. Believe you me, they are both more than capable of learning new software. One's too lazy to learn, the other is too crotchety to listen.

 

I know how hard it can be dealing with people who don't want to listen. Recently my mom was taken advantage of by one of those "Dave from Windows" types (luckily, she didn't give any payment info), and when I reinstalled the OS and made a standard account for the family, they wanted me to make it an administrator account :/... Why? Because UAC is annoying.

 

With these 2, it's far more than that.

The one that's lazy is better with software than I am. He just doesn't want to put the effort it. He can get into the protected excel file no problem, but getting him to actually use it is another story. He just doesn't do whatever he set out to because it was too much like work to open the login list and check the credentials.

The crotchety one...whoo boy...

I can repeat myself to her and step her thru things 100 times. She'll get frustrated the next time around because something is minorly different. And then the whole thing gets screwed up because she can't adapt and compensate.

 

This is what is called let them learn the hard way...sometimes only then will people understand....and think outside their little world. Sounds harse but sometimes reality bites...

 

Letting them learn the hard way causes the bank logins to become frozen. And I'm not making a trip to Washington to get the unlocked (again...).

 

This is called reality check whether we like it or not. Sometimes starving will make them wake up from the rosy garden that help isn't always there when they want it. Sounds harse but sometimes that is what it will take them to smell the BS.

 

Any thoughts on lastpass?

 

Do i download the classic edition or professional edition?

 

I use KeePass with the KeePass2forAndroid app on my tablet/phone.

I use a strong master password and a keyfile, I wish you could change the encryption strength but 256 is good enough. When I generate crypto keys on routers though I do at least 512bit

 

okay i downloaded keypass2. Are most of you using keypass2 or keypass1?

Okay so i created the mastercode. So for every email i have and the password, example for email, do you guys just put yahoo as the title and thats it?

I see they also have a 20 letter/word password generated for me. Do most of you just use this password as the default yahoo password then? Or do u use the password you created a while back and then change the 20 letter/word password and put in yours?

For all my passwords for email , banking and sites, i created my own password and it isn't that that long. So would u guys recommend me to whatever password is generated for each title, just use that default password then change the password for each site i have?

Also if i didnt ask this quesiton, i think every password of mien would be 20 letters/numbers long. That would be a horrible/bad idea right? Also i see option for 40
128 and 256 bits. Wouldn't it make to make every one of them 256 bits ?

 

I use KeePass 2 at home and KeePass 1 at work. They're awfully similar. From a security standpoint, both should work. Appearance-wise, KeePass 1 looks like it was designed for Windows 2000 (at least on Windows 7), and KeePass 2 looks like it was designed for XP (at least on XP). There's a few minor UI niceties on 2. But they're very similar. One minor benefit of 1 is that some non-Windows implementations of it are only compatible with KeePass 1 files, such as the dumbphone version. But unless there's a particular reason you need 1, you might as well stick with 2.

Indeed, I usually just put the site name as the title, such as NBR or New York Times. The key thing is that you can remember what it's for.

Password strength depends on the site. I tend to go 24 with special characters, upper and lower case, and numbers as a default, sometimes 32. Some sites don't support that many, though, such as Amazon, which maxes out at 19 or 20. I've been known to use up to 128 characters at times though.

I only put passwords into KeePass when they are new, or already-good-and-unique ones. Otherwise you'll just wind up with a bunch of weak passwords and no improvement. I'd definitely generate strong, unique ones for banking, shopping sites, etc. - that's the primary benefit.

The password strength estimator will tell you approximately how strong your password is, and indeed longer ones are generally more secure. 20-24 characters tends to give approximately 128 bits of security, which is probably more than enough for your NBR account, but you might want something more for, say, your primary banking account.

 

Read the help over there at keepass thoroughly. Make sure to backup the file regularly and to where you can retrieve it easily.
Take your time because it is a very customizable program that can do a lot of things.

BTW, I use keepass2

 

How do i keep a backup of it? Thus once i change all my passwords for all the sites, then have the password for each site saved, i know all i have to remember is the main password. So if say i no longer have access to this computer, what would happen then? Thus if i download keypass2 on another computer, that obviously wouldn't work right? Thus they dont ask you for your username or im making a mistake here? I heard you dont even need the program but could just log into the site and get access to your passwords right?


I would be using my laptop and a iphone4s i have so what should i be doing? Im bit confused but if i downloaded keypass2 on iphone4s, i assume i dont have to import all the stuff from my laptop to it right? That wouldn't make any sense. But if i dont do that, how can i even access the same keypass2 from my computer on it since theres no username?

 

Just make a backup copy of it after making changes and store off the computer. The file is stored in a default location or wherever you want.
Keepass help recommends NOT associating the file to a user account. Because simply creating/reproducing a user account name will not suffice to allow reopening the file. A new Windows user account gets a security descriptor assigned to it that is not based on the username. Keepass then would not open on another device either.

Practice without a keepass keyfile first, then add a keyfile as you become familiar. I keep my keyfile on a USB Flash Drive. And backup the keys too!!!

Keepass doesn't store itself on an internet site either. I suppose you could back it up to a site like dropbox.

 

Currently the keypass2 is on the desktop of my computer. Is that bad? Should i have it somewhere else where you can't see it? How do i know if i am associatiing the file to a user acct. I dont recall if i clicked yes or to all users in the computer when i installed it... did it ask that and is this what you mean?

Do i basically just copy and paste the keepass file to the usb? Im a bit confused but thats all needed to be done to have the same keepass on a usb? Thus i would open the file with the master password like i do in my laptop?

Then if i download keepass on my iphone4s, that means i have to manually do each password for each site? Thus look at what it is on the laptop then type each password into the password for each keepass acct on the iphone4s. That wouldnt make sense b/c those who have 50 letter passwords... i can't imagine u are doing this typing it one by one am i cirrect?

 

Help Center - KeePass

Composite Master Key - KeePass

As long as you have it secured correctly, store it wherever you like. You just need to understand how it all works to enjoy all that it will do.

From the keepass website help entry on the left frame:

KeePass can make the database dependent on the current Windows user account. If you enable this option, you can only open the database when you are logged in as the same Windows user when creating the database.

Warning Be very careful with using this option. If your Windows user account gets deleted, you won't be able to open your KeePass database anymore. Also, when using this option at home and your computer breaks (hard disk damaged), it is not enough to just create a new Windows account on the new installation with the same name and password; you need to copy the complete account (i.e. SID, ...). This is not a simple task, so if you don't know how to do this, it is highly recommended that you don't enable this option. Instructions on how to restore a backed up account can be found in a Microsoft TechNet article: How to recover a Vault corrupted by lost DPAPI keys.

You can change the password of the Windows user account freely; this does not affect the KeePass database. Note that changing the password (e.g. a user using the Control Panel or pressing Ctrl+Alt+Del and selecting 'Change Password') and resetting it to a new one (e.g. an administrator using a NET USER <User> <NewPassword> command) are two different things. After changing your password, you can still open your KeePass database. When resetting the password to a new one, access usually is not possible anymore (because the user's DPAPI keys are lost), but there are exceptions (for example when the user is in a domain, Windows can retrieve the user's DPAPI keys from a domain controller, or a home user can use a previously created Password Reset Disk). Details can be found in the MSDN article Windows Data Protection and in the support article How to troubleshoot the Data Protection API (DPAPI).

If you decide to use this option, it is highly recommended not to rely on it exclusively, but to additionally use one of the other two options (password or key file).

Protection using user accounts is unsupported on Windows 98 / ME.

 

Okay so i have keepass 2 in my laptop and also have it saved it to a usb. My issue though now is how do i input this same keepass 2 program to my iphone 4s? Thus all the passwords i have in my keepass 2 are very long thus generated by keepass itself. I cannot log into any of my email accounts etc b/c i cant just copy and paste the username/password from my laptop or usb to it. Can someone tell me how i can do this?

Apparently theres a mini-keepass program for the iphone but is it the same or not same thing? I can't imagine you guys manually typing each password into mini keepass on the iphone so how are you guys doing this?

 

When using keepass 2x pro, you can open a database on the android but cannot edit anything. keepass 1x you can edit. This is using the custom app built by a contributor/developer.

How it is with iphone will probably be similar. Download the appropriate reader then copy/paste the password. Or send it to yourself in an email.

 

What do you mean the appropriate reader? Im confused with the send it to yourself in an email as well. So basically i have to copy/paste every single password on my keepass 2 on my laptop and do it manually for each site for the iphone?

 

The appropriate reader is the port of KeePass for your phone. You can view the options at the download page. There's options for nearly every type of phone out there - Windows Phone, BlackBerry, iPhone, Android, Palm OS, etc. I used KeePassMobile on my dumbphone, and it worked well enough (although typing in my complex password on a dumbphone was a pain).

After installing it on your phone, just copy the file from your desktop version of KeePass to the phone, and you can open it with the port you installed on your phone. I used Bluetooth to transfer my KeePass file to my dumbphone, and it worked pretty well. No need to re-enter the passwords on my mobile. I'm sure it would work similarly on an iPhone, although the method of transferring the password file may be somewhat different, particularly if your computer lacks Bluetooth.

 

Make THEM to trip to Washington and it's SOLVED.
Or at least make them pay for a 1st class tickets and escort

 

Go Keypass...it's both standalone and portable on USB lastpass isn't portable USB....

 

Another alternative software to hide your passwords in: Locknote.

https://www.steganos.com/us/products/for-free/locknote/overview/

It's free, No installation required, AES 256bit encryption.

just open, put in whatever info you want as TEXT, and save with a password.

 

Okay im bit confused here still. So at the moment i have keepass 2.0 on my laptop and on a usb drive. I want it on my iphone 4s. I downloaded mini keepass there.


How do you copy the file from desktop version of keepass to the phone? I just copied and then clicked paste on my iphone in my computer and that doesn't work at all... shows error.


I read online that i could download dropbox to do this though? I downloaded dropbox then put the keepass2.0 on it. Then i downloaded dropbox on iphone4s, then signed on... then i see the 2kb of the keepass there. However, how do i get it to minikeepass? It shows file is not viewable. I clicked on open file in ... then it give me option of only google drive. So im confused why this is happening.

 

ok here's what I did ... I have a Android phone but I did get it to work...

Downloaded:

1. Download Keepass2Android.
2. Dowload Dropsync but I went and updated to Dropsync Pro paid version for more control.
Created account on there.
3. Download Dropbox.
Created account.
4. Download the PC version Dropbox and created folder.
Drag/Drop/Copy to that folder it creates and then I use the Dropsync on my Android to sync to Keepas2Android to make a copy to my Android phone.
Run Keepass2Android and open up the data folder it created from Dropsync and presto there is my Keepass data on my Android.

This is a quick rundown might've have missed some stuff in between but by doing this way I can open my Keepass2Android and access my web account using this program just like if I was using it on my computer cause it can copy and paste my login and password to my online accounts being a smaller screen but I can atest it works and is handy to have.

 

Isn't that an andriod phone though? Can someone tell me how to do this with an iphone?

 

See that big question mark at the bottom of your minikeepass app? Why don't you tap it, and follow the instructions.

 

I did saw that. When i clicked on dropbox and the keepass file in it, i clicked open in. Whe i do this, it only gives me option to Open in Drive. Then it requires me to sign in into my google account. Why does it do that? Why does it ask me to sign into google when my file is in dropbox?

Also i will have to type in that long password from my google account into it. For some reason it doesnt work and thus i always when signing into my google account, i would open keepass2.0 up in my laptop then copy and paste it etc.

 

Keepas also does auto fill if you look closer to the options when clicking on the account to log in there is a second part "auto fill" as well so you don't have to copy and paste.

 

Where is this? I checked and don't find it.


Also does anyone know how to input keepass into iphone using the problem im having?

 

It does that because, contrary to the instructions, you chose to open the file using the Google app.

So, once again, this time really slow: When you tap on the file in your Dropbox app, you'll see a message that the file cannot be opened. Now tap on the Action icon (the little square with an arrow pointing outwards on the top right). There's a window that will pop up, that has two rows of icons at the bottom. In the bottom row, find the icon that says " Open in..." (you may have to scroll the bottom row to the left if you don't see this icon). Tap on that one. Now you'll see an icon that says "minikeepass". Tap on that one. You'll have to enter the master password for the database only once; after the file has been opened in minikeepass, you can access it later with just your phone security identifiers.

 

I clicked on the dropbox icon on my iphone. I then clicked on that little square with the arrow pointing up.

The window that pops up shows me


Message, Mail, Twitter, Facebook

Copy Link, Open In, More


When i click on open in, options are Open in OneDrive, Open in Drive, More



Also when i clicked more, it basically shows open in one drive, open in drive but u can't click on anything.


There's no minkeepass.

I just uninstalled minikeepass and installed it again on my iphone. First off, am i suppose to create new database for it first? Also, is there a reason why they dont even ask me for my masterpassword when i open the file? I am assuming the masterpassword is going to be the same one as my laptop.


This is extremely confusing. I don't ever see the option to open the keepass file in my dropbox app where it allows me to pick minkeepass. I read that in other sites but its not there at all...

 

After you opened the Dropbox app on your phone, did you tap on the .kdbx file, before tapping the Action button?

 

Yes. The files is called KeePass 2.Ink and its about 1.1kb.

It then shows couldn't load file, this file type can't be viewed.

I then clicked on the square with the arrow and thats all i see.



Now... when i click on the square with the arrow, nothing pops up at all...

okay the problem here was i didn't copy the kdbx file and copied the file from my desktop....


However right now when i click on the kdbx file, it doesn't open when i click that square box.

 

So the answer is no, you did not tap on the keepass database file.

No, you did not copy the file, you copied a link to the file, which has no validity outside of your Windows environment.

What doesn't open?

Once again and for the last time now, just follow the extremely detailed instructions you were given. If you do that then the file will appear in minikeepass. Short of physically holding your hand there's nothing more I can do to help. Good luck.

 

Well i copied the wrong file to the iphone thats why. Last time i just copied from desktop to it and thought that was the file.

The reason why it didn't work was b/c it required me to log out first then log back in again.

So now i finally got it to work.

I had tried lastpass and didnt like it so thats why i wanted to stick with this one.

Also to the person that mention i dont need to copy and paste for each password, how do i do this on the laptop? I looked at the login and didn't see it nor the options. Basically everytime i go to a site, i would have keepass program on, then copy username then paste, then copy password then paste. Thats fine with me but someone mentioned it could just autofill?

 

This is when your using it in a Desktop Windows environment. In the Android app is a little more trickier to use and you have to play around with it to figure some of it's function and how it does the Login and Password fill in. In reply you need to have keepass open to do this feature for it to work. It's hard to explain but if you haven't read the instructions and help at the keepass site giving a explanation will be hard to do? So did you read through keepass site instructions? So go to their site and look at their FAQ...

Technical FAQ - KeePass

 

Short answer: RTFM. Enough said.