storing passwords on a computer a bad idea?

How safe is it really to store passwords on your computer i.e in a .txt file or password managing programs. What about printing all the passwords in word, but not saving the document. Will it be stored on the computer or laptop at all?

 

It is definitly not safe in a .txt file as ANYTHING can read those. Password managing programs generally generally have some form of encryption for protection, but again still not great. Also printing them out in word without saving can actually be stored on your computer as word usually autosaves into your TEMP directory. Conversely, printing them out without saving on notepad will not be autosaved or put into a TEMP directory. Eitherway storing any meaningful passwords on your computer is generally not a good idea. If you really can't remmeber them, i suggest using a hardcopy piece of paper and just keeping it in a safe place.

 

I agree with the poster above and add, that instead of making a password that you can't remember, make one you can remember that's still secure. That's the safest thing to do.

 

Depends on how safe your general "computing practices" are.

If you're the kind of person who *needs* constant spyware and virus scans because you manage to get your system compromised time and again, then no, you probably shouldn't store anything important on your computer. Even then you could still be keylogged when typing them in from a piece of paper.

For everyone else, a good password manager like KeePass can be extremely helpful. It allows you to use long and complex passwords without having to remember and type them in manually, and because of that, to use a unique password for every single service. It uses strong encryption and is considered safe if used as intended (i.e. with a strong master password).

It's not a silver bullet though - keyloggers (software or physical) are still a risk, especially if an attacker can also get his hands on the database file (think people carrying around all their passwords in a single database on a flash drive, plugging it into strange/public computers and typing in their master password there...).

Then the main issue shifts to physical access to your printout (safe or hidden under your keyboard?). Keylogger comment from the first paragraph above also still applies.

Word may create a temporary work copy (check your Word settings), printing will most likely cause a spool file to be written to disk. Both should be deleted automatically after closing Word/printing, but an attacker with physical access may be able to "undelete" them if they haven't been overwritten. Wipe your free disk space if you need to prevent that.

 

I have passwords stored in .txt files; but those files are stored in a 'Cryptainer'.

Works for me.

 

I figure it's not such a good idea unless you have a backup somewhere. You'll probably need to reference the list after a crash and...

 

I have a number of complex passwords, such as for my router and wireless access. I just tend to write these down the old fashioned way and keep them somewhere safe.

However as previously stated, you are still not safe from keyloggers and rootkits as these can steal the passwords when you type them into your pc.

Best pratice is preventative - ensure all your software is kept up to date and that you have the latest security patches. Use good anti-virus and firewall applications; with regular scans for viruses and spyware.

I use a Draytek Router with a hardware firewall and Kaspersky Internet Securtiy 7.0 with occasional spybot S&D scans and never have any issues....although I do work in IT which helps.

There are additional steps I take, like double checking all the net connections going in and out my pc.....and checking out the processes that are running however this is mostly curiosity and to see if I can improve my pc's performance.

As soon as you put a pc on the internet it is at risk however by taking the above steps you will greatly reduce the risk that any of your data will be compromised.

 

I use axcrypt for small files i want to protect. It's very easy to use and encrypts files on the fly, right-click -> choose encrypt -> enter pwd -> done. When opening the file double-click it and enter the pwd -> it will open up in the program that created it. If anyone wants to try it's available at:

http://www.axantum.com/AxCrypt/

For Vista use version 1.6b3.3.

 

I have used SplashId, and currently use eWallet for this. Both encrypt the data, both have a PC desktop program, and both have a PPC PDA program.

 

I tend not to store passwords on my computer. I am so lazy that I do not even write 'em down. As a result there are a few internet resources (a website redirector, an ICQ account, a couple of counter services, and a couple of free news accounts) I am no longer capable to access.
Not very clever, LOL.

Here's my bright idea : hiding apples in an apple basket.
I happen to have several pictures on one of my harddisks (damn Pizdaus! It's addictive!!!). How about getting a steganography software to encode the password in one out of several hundreds pictures?
Two minutes in Google and I came up with this:
http://www.stegano.ro/
Anyone knows it? I hope it's not the legendary trojan horse.

Let's say I have a 'secure' and trusted stegano prog. I would then encode my precious password in a picture.
I would know which picture it is (it's easier to remember a picture than a long password), but a hacker should have to spend a lot of time trying to tell which of the 2365 pictures conceals the hidden treasure.
This might suffice as a security measure if you want to keep a copy of all your passwords to retrieve in case you forgot one.

Problems arise, as already pointed out, when I also want to use that password: I have to tell the computer which picture to decrypt and I might have to type the decrypted password in a program's window.

An automated decryption should have to store the image location somewhere in the decryption program (-> you are telling the hacker which picture he has to focus on), and even if you manually choose the picture each time you have to enter a password you might leave some sort of track in some (undocumented but well known to hackers :-] ) 'most accessed files' database hidden somewhere in the windows registry.
Typing the password yourself each time exposes you to the mercy of a keylogger.

So, what do we do?

 

Use cryptainer to make an encrypted volume where you store your passwords (if necessary).