Results 1 to 10 of 10
  1. #1
    Star Lounger
    Join Date
    Dec 2009
    Location
    Bend, OR
    Posts
    67
    Thanks
    10
    Thanked 2 Times in 1 Post
    I have a long list of passwords I have entered into an Excel spreadsheet. Some are sensitive, some are simply for web site access (like my password to this forum). I used normal Microsoft Vista software to prevent access. OK -- Not the best solution but I'm not very sophisticated at this stuff.

    In case of my incapacitation, I gave a disc to my daughter containing the list and the password so she can get to my finances. She is not the issue but ...

    1) What is the best way to convey access to someone only if they need it? Do I put the code into my will? Do I do one of those "Open in the event..." letters and stick it in my desk?

    2) My portables are always at risk of theft. I'm reluctant to use some super-sophisticated protection/encryption hidden vault for this file since my children are not likely to have the software themselves or know how to use it. Also, software developers come and go, systems change, updated operating systems foul up programs, etc. Finally, the presence of their encryption software on my computer pretty much fingers the password break-in procedures for any really determined thief. Am I 'safe' using such software to assure safety?

  2. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 985 Times in 915 Posts
    I use KeePass (open source) and it keeps all passwords / information encrypted with one master password. It also types the information or you can drag n drop, copy paste etc. The software does not require installation and you can provide a copy with the database to ensure access.
    To make this information available to others I only need to send them a CD / USB / email containing the database file, 2 - 10k, and the executable, 500k.

    Keeping the password separate but available is the tricky part. You could put it in a will, or an "open in case" envelope, but you need to ensure it is always available in more than one place in case of fire etc.You could also send it in a separate email.

    Maybe you could set up a free Google web site and put the password file and any required software on the page, but without a visible link. Then you could email the link in one mail and the password in a different email / put in in your will / envelope.

    cheers, Paul

  3. #3
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    It's a great idea that you've made a list and are attending to making it available to others.

    Quote Originally Posted by JES Mason View Post
    1) What is the best way to convey access to someone only if they need it? Do I put the code into my will? Do I do one of those "Open in the event..." letters and stick it in my desk?
    Perhaps you can put a USB flash drive in your safe deposit box? Fewer places to look seems better to me. Of course, this assumes someone has the key to the box.

    Quote Originally Posted by JES Mason View Post
    2) My portables are always at risk of theft. I'm reluctant to use some super-sophisticated protection/encryption hidden vault for this file since my children are not likely to have the software themselves or know how to use it. Also, software developers come and go, systems change, updated operating systems foul up programs, etc. Finally, the presence of their encryption software on my computer pretty much fingers the password break-in procedures for any really determined thief. Am I 'safe' using such software to assure safety?
    Recent versions of Excel include strong encryption, so you can set a password to open the file and if you use one of the newer algorithms, it will be exceedingly difficult to break. (When choosing, the strong ones usually have RC4 in the name.) You will still need to make the file and password available somehow. And anyone accessing the file would know that it is password protected.

    Quote Originally Posted by P T View Post
    Maybe you could set up a free Google web site and put the password file and any required software on the page, but without a visible link. Then you could email the link in one mail and the password in a different email / put in in your will / envelope.
    I would only trust this for temporary access. It's hard to truly "hide" anything on a shared web server.

  4. #4
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    I use Last Pass for my passwords. All someone would need is the master password which you could tell your daughter by whatever form you think best. This password manager is very well respected and reviewed.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  5. #5
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 985 Times in 915 Posts
    Having a properly encrypted file on a web site is not an issue, you can even link to it as it's effectively impossible to break.

    cheers, Paul

  6. #6
    Bronze Lounger
    Join Date
    Apr 2001
    Location
    Peterborough, Ontario, Canada
    Posts
    1,450
    Thanks
    0
    Thanked 1 Time in 1 Post
    RoboForm and RoboForn2Go will both let you use a master password (I don't know the maximum complexity) that can be applied to all (and only all) sensitive logins, and let you leave routine logins unprotected, at your convenience. If you want more than one login for the sensitive stuff, then you would have to have more than one copy of the program (although the suggestion that they add an option for more than one master password per installation is something they might take note of and, if implemented, for which they might reward me handsomely). They will also let you store your passwords online, I believe.

  7. #7
    Silver Lounger t8ntlikly's Avatar
    Join Date
    Dec 2001
    Location
    Chandler, AZ
    Posts
    2,162
    Thanks
    46
    Thanked 13 Times in 11 Posts
    I personally use Steganos Password Manager With it just like the others you do need the master password. You can also sync the passwords between your computer and a USB drive, and use that USB drive when you need to access information away from your own computer.. As for letting someone know what the master is, I chose to use a 3 letter key as a hint as to the master. Sounds weak, but it really isn't because you have to think about what the 3 key letters mean, and if you guess correctly then you have to be somewhat astute to figure out what the password is. Convoluted, maybe but then again!
    The 3 letter key part is not part of Steganos. That is something I came up with all by my lonesome!...
    Thanks John
    Teamwork is essential; it gives the enemy other people to shoot at. (Murphy's War Laws #39)

  8. #8
    Bronze Lounger
    Join Date
    Apr 2001
    Location
    Peterborough, Ontario, Canada
    Posts
    1,450
    Thanks
    0
    Thanked 1 Time in 1 Post
    Here is another tip if you really have only a few sensitive passwords: RoboForm is free of charge for ten passwords or fewer, which means that you might have a free manager for ten and let your browser remember the plain old log in passwords.

  9. #9
    New Lounger
    Join Date
    Dec 2009
    Location
    Washington NJ, USA
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    In my opinion the best way to encrypt information with maximal availability later is with WinZip[tm]. It's very doubtful that WinZip (or some equivalent) won't be available pretty much for the forseeable indefinite future; and it uses AES for encryption, which is of military grade (i.e., secure) and should also be available for the forseeable indefinite future.

    As a bonus, WinZip compresses the text or file before encryption, and combines multiple files into a single archive, all of which not only improves the security of the encryption, but also makes the resulting archive smaller and easier to store and/or to send via E-Mail.

    For your purposes, this is at least as secure as any of the suggestions given by other people here.

    By the bye, storing a flash drive in a safe deposit box isn't at all a bad idea -- but there are reservations. Bearing in mind that "IANAL", it will be easiest if you can set it up so that the box passes to a designated recipient automatically upon your death; but even without this, your next of kin, or failing that the executor of your Will (or the administrator of your estate if you don't leave a Will) will probably have legal access. In such a case there would almost certainly be a significant delay. Check with the laws of your state. Also bear in mind that "legal access" is quite a different thing from physical access, and that the bank would probably need to charge a very hefty fee to first drill out the lock on your box (!) and then to replace same (!!), in order to grant said access.

    Personally, I do NOT recommend making any sensitive file publicly available on a Web page, encrypted or otherwise, hidden or otherwise. While it's true that there is no evidence that AES will be breakable for the forseable future, it is also true that those of us who once used the Commodore-64 could never have forseen the quantum computer, either. Why on Earth would anyone want to tempt fate?

    Hope this helps, and good luck!

    The Elephant says, "Tusk, tusk!".

    ---End---

  10. #10
    4 Star Lounger
    Join Date
    Jan 2010
    Location
    Chichester, UK
    Posts
    401
    Thanks
    1
    Thanked 10 Times in 9 Posts
    You don't say which version of Excel you are using, but if it is Excel 2007 or 2010, password protecting the file with a strong password will make the Excel file virtually uncrackable, certainly as strong as any of the free Password safes or WinZip, etc. Even the earlier Excel 2003 has very strong encryption if you use a strong password. But don't trust any of the earlier versions.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •