Page 4 of 5 FirstFirst ... 2345 LastLast
Results 46 to 60 of 75
  1. #46
    New Lounger
    Join Date
    Dec 2009
    Location
    Central Washington
    Posts
    11
    Thanks
    12
    Thanked 1 Time in 1 Post

    help with acronyms

    Quote Originally Posted by diktater View Post
    @NKYadav--I am, like you, a long-time follower of the newsletters and the lounge, but I haven't figured out how to show your quote in a reply. So I just wanted to let you know that I appreciate your comments, but with all the abbreviations you have inserted, I am having great difficulties in what you are saying (I am a senior who doesn't recognize the difference between LOL and TFA systems, etc.--and when I try to search on Ixquick, I get everything from soup to nuts, AND I think both were there).

    I have been a ROBOFORM Pro user for many years, but they now only provide their updates/renewals through CNET downloads, and I suspect that part of my recent problems have come from the attached crapware/malware/etc. that I didn't detect. If you, or others could either expand the TFA, TOTP, RDP, TCATO, etc., or tell me that they are nothing of concern to someone like me, it would certainly be appreciated
    Thanks.
    Here are a couple of places to find those pesky abbreviations. One can be accessed by category, the other in many ways also. I find them invaluable:

    http://www.acronymslist.com/

    http://www.acronymfinder.com/

    Hope you find them useful
    "Life isn't about waiting for the storm to pass...
    It's about learning to dance in the rain. "

  2. #47
    New Lounger
    Join Date
    Dec 2009
    Location
    Seattle, WA, USA
    Posts
    2
    Thanks
    0
    Thanked 1 Time in 1 Post
    One major issue that seems under-reported: the security of the ownership of a company such as LastPass.

    Were a sizeable offer made for the company, ownership might change hands & the new owners may prove untrustworthy or downright nefarious.

    Nobody would be the wiser - until the deeds were done.
    Last edited by awb; 2014-03-07 at 05:28.

  3. The Following User Says Thank You to awb For This Useful Post:

    NKYadav (2014-03-07)

  4. #48
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,516
    Thanks
    7
    Thanked 220 Times in 208 Posts
    There are several enterprise password managers. Pleasant Password Server is based on KeePass.

    cheers, Paul

  5. #49
    New Lounger
    Join Date
    Mar 2014
    Posts
    4
    Thanks
    2
    Thanked 1 Time in 1 Post
    Quote Originally Posted by diktater View Post
    @NKYadav--I am, like you, a long-time follower of the newsletters and the lounge, but I haven't figured out how to show your quote in a reply. So I just wanted to let you know that I appreciate your comments, but with all the abbreviations you have inserted, I am having great difficulties in what you are saying (I am a senior who doesn't recognize the difference between LOL and TFA systems, etc.--and when I try to search on Ixquick, I get everything from soup to nuts, AND I think both were there).

    I have been a ROBOFORM Pro user for many years, but they now only provide their updates/renewals through CNET downloads, and I suspect that part of my recent problems have come from the attached crapware/malware/etc. that I didn't detect. If you, or others could either expand the TFA, TOTP, RDP, TCATO, etc., or tell me that they are nothing of concern to someone like me, it would certainly be appreciated
    Thanks.
    I use the all the time, so I can see how they may cause confusion. I also re-edited my post for additional typographical mistakes that I did not catch the first time.

    LP = LastPass, shortened. KP = KeePass, also shortened. PW - password. TOTP is a Time-based One-Time Password

    .NET = a programming framework developed and used by Microsoft on Windows operating systems. See https://en.wikipedia.org/wiki/.NET_Framework

    .REG = a file extension for a text-based file that contains information from the registry / to be imported into the registry. See http://filext.com/file-extension/REG

    SSL = Secure Socket Layers, a method employed to make connections to networks more secure (in a nutshell, before others start trying to correct me here). See https://en.wikipedia.org/wiki/Transport_Layer_Security

    URLs = Uniform Resource Locator - see https://en.wikipedia.org/wiki/Uniform_resource_locator

    FTP = File Transfer Protocol, another method to access your files over a network, see https://en.wikipedia.org/wiki/File_Transfer_Protocol

    UFD = USB Flash Device, see https://en.wikipedia.org/wiki/USB_flash_drive

    HD = Hard Drive.

    MSDN = Microsoft Developer Network. See https://en.wikipedia.org/wiki/Micros...eloper_Network

    RDP = Remote Desktop Protocol. See https://en.wikipedia.org/wiki/Remote_Desktop_Protocol

    TCATO is, according to KeePass's website, Two Channel Auto Type Obfuscation, and it is linked to the wiki page from KeePass explaining all about it.

    TFA is two factor Authentication, as explained in the next sentence (and also called Two Step Verification).

    I think that covers almost all of the ones I used.

    Quote Originally Posted by Paul T View Post
    There are several enterprise password managers. Pleasant Password Server is based on KeePass.

    cheers, Paul
    Nice. May have to look into that if the features of KP Pro don't suit my needs moving forward. Thanks Paul.

  6. #50
    New Lounger
    Join Date
    Mar 2014
    Posts
    4
    Thanks
    2
    Thanked 1 Time in 1 Post
    Quote Originally Posted by RandySea View Post
    Be careful. Your survivors may not have any legal right to access accounts online. Even your executor is likely legally obliged to provide proper documentation before having access to your accounts. It is a risk to bypass the law simply because you have passwords and have not informed the bank/brokerage etc. of the death.

    As for a password protected spreadsheet, in Excel 2010, the default encryption is 128 bit. That is not considered very secure. It would not meet HIPPA standards, for example, for your medical provider protecting your private information.

    And when you "printout for use beside the pc at home," what do you do with the printout that has all your bank info on it after you are finished at your pc?
    If you make provisions, as in a will, won't you have to at the very least consult with a lawyer to make the will official, and the lawyer you consult with should have the relevant knowledge for your area, and be able to tell you if you can or cannot make said provisions?

  7. #51
    New Lounger
    Join Date
    Apr 2010
    Location
    Tucson, AZ
    Posts
    9
    Thanks
    0
    Thanked 1 Time in 1 Post
    Well I wasn't trying to write an estate planning guide. Just trying to remind people that this online stuff lives on after the owner shuffles on. Lots of tools in addition to a will are out there: transfer on death docs, designation of beneficiary docs, successor trustee doc, etc will give your survivor(s) legal access to the stuff you leave behind without having to involve the local and federal governments.

  8. #52
    Lounger
    Join Date
    Dec 2009
    Location
    Washington
    Posts
    36
    Thanks
    13
    Thanked 2 Times in 2 Posts
    I have used Roboform account for many many years.It automatically sync's every day to my online everywhere account with them and I also do a printouts.I have over a hundred passwords and the important ones get changed every 3 months or so.All of the passwords are high strength.You can also set a master password for them all.I love it and no reason to ever change unless someone can prove my online everywhere account with them is not safe.
    In mourning for my Win XP Desktop while using a HP laptop Win8.1
    Some times I am confused an some times not.

  9. #53
    New Lounger
    Join Date
    Feb 2014
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have discovered yet another problem with the Chrome PW keeper. It never seems to forget, even if you ask it to! My bank uses a series of security questions (among other things) to increase the security. When I attempt to log in, using my userid, it enters whatever I answered the last time I answered one of the security questions! Then it errors out, and each time it enters a DIFFERENT answer, until the third attempt and then it locks me out! I have unchecked all the boxes in Chrome, yet it still tries to guess the answers. It's such an aggravation that I am near to pulling what little hair I have left, OUT! Password keepers just seem to me to be an ideal way for someone to hack into your system. Not really worth the trouble.

  10. #54
    New Lounger
    Join Date
    Dec 2009
    Location
    Seattle, Washington, USA
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    This is quite out of my field of knowledge, but I believe any password that is other than a completely random set of characters is vulnerable to decryption. The length of time (or cost) to decrypt the password will depend on the length of the key and the number of permutations in the character set. So, any key built with an algorithm is less than random regardless of the complexity of the algorithm. Someone with more knowledge of this topic might wish to comment? Also, I believe this is what compromised the Enigma machine for the German army/navy in WWII.

  11. #55
    Lounger
    Join Date
    Dec 2009
    Location
    Manchester, nh, usa
    Posts
    25
    Thanks
    0
    Thanked 0 Times in 0 Posts
    +10 for LastPass. Using a local password manager (KeePass for example) works great if it's just you AND you never loose the stupid thumb drive. I live in a household and the idea of trying to keep multiple independent password keepers in sync is a logistical nightmare. That's why I've opted for LastPass. Encrypted remotely. Encrypted locally. Available on pc, laptop, mac, windows, droid, kindle, you name it. I can download a copy of the password in the event that LP goes dark. Totally complex usernames and passwords for every site that I don't have to remember. I totally love this product.

    As a side note, the only problems I've ever had with 'hacking' were all physical attacks. I had my cc number used without permission, most likely stolen from a place of business by the cashier and banking data stolen when an employee of a check processing center left with a box of tapes. My on-line life (which started with CompuServe in '85 or '86) has actually been pretty calm so, while there are concerns, I don't sweat it all that much.

  12. #56
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,516
    Thanks
    7
    Thanked 220 Times in 208 Posts
    Quote Originally Posted by D Parker View Post
    I believe any password that is other than a completely random set of characters is vulnerable to decryption
    All passwords can be decrypted, it's the time required to do so that stymies attackers. The biggest factor here is password length as any attack must test all possibilities up to the length of your chosen password, so the longer the password the more possibilities exist - we are assuming the attacker does not know the password length.
    A relatively simple password that is 20 characters long is inherently more secure than a short random password, plus it's easier to remember.

    Test these two passwords at GRC and see how you get on.
    onetwothreefourfives
    fZ;@0-*z+`

    cheers, Paul

  13. #57
    New Lounger
    Join Date
    Jun 2010
    Location
    49th parallel
    Posts
    19
    Thanks
    4
    Thanked 0 Times in 0 Posts
    STrange I don't see that anyone has mentioned Yubikey. Used in conjunction with lastpass and properly set up It is impregnable. And a darn site easier the TFA/ Well as long as you dont lose your yubikey. I cannot get into my LP account without Yubikey from anywhere, especially my phone.
    I really wish access to my phone was tied to my Yubi as well but thats another story.
    Yubikey anyone?
    sj

  14. #58
    Platinum Lounger
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    3,516
    Thanks
    7
    Thanked 220 Times in 208 Posts
    Yubikey is great, but it is a physical item which you must not lose. I find a password I can remember is a preferable method.

    cheers, Paul

  15. #59
    Star Lounger
    Join Date
    Jul 2010
    Location
    Australia
    Posts
    69
    Thanks
    8
    Thanked 27 Times in 14 Posts

    A couple of tips / Passwords in a document which is encrypted is one option

    I use a 'system' for making passwords most of the time, so have some similarity between passwords, making some easy to remember. For financial accounts and my main e-mail, I use complex ones, and which might (as an example only) include the name of my first girlfriend, with 1stgf as part of the typed password, making it hard to crack if someone else does sight it in spite of precautions. Such mnemonic systems only go so far though, as different websites have different password rules, hence the need to record them.

    Never use Net cafes, I did a handful of times until I saw around two dozen malware processes running on the computer there. Management will claim they are safe, by which they mean (if it's not just spin) that the computers are re-imaged nightly. That won't save you unless you're the first customer of the day.

    Call me a Luddite, but I still keep all my passwords in a Microsoft Word document. When travelling I have it on my laptop, in a document secured by the excellent freeware AxCrypt, as well as the laptop's boot password (and I password the BIOS when travelling, as well as requiring passwords on wake from sleep/hibernate). In case of laptop loss, major breakage or theft I have a copy online similarly secured in a personal file storage account (only when travelling), with a very good password on that account. That password would be needed in a disaster, so I put it (encoded) in the planner that goes with me everywhere. If I was travelling a month and lost my laptop, I'd buy a cheap replacement for the trip, and sell it afterwards and choose a better one (if not too cash strapped from all the holidaying).

    And a fairly recent passwords list if the sh1te really hit the fan is available in my full offsite partition backup, on a small external hard drive, which is of course entirely encrypted and kept with a trusted family member. I swap it out with a more recent drive full of backups every couple of months.

    The 'passwords in a document' system involves more typing than KeePass or similar, but I don't have to pay a company to store my passwords or rely on perhaps inferior freeware, don't have to have a website login method the password-storage program will work with, don't have to worry if the password software company gets hacked, and what guarantee is there that any company won't get hacked, especially those with something as inviting as thousands of users' complete passwords lists on their servers (encryptions have been broken in the past). Also, I can add whatever notes I want to each account name/password set, including the e-mail address used to sign up, which varies since I use Spamgourmet (which rules). I can even add a note when a site sucks by abusing the e-mail address I gave them, etc.

    I'm not giving up the paper planner soon either, guess I'm part Luddite and part geek. A lot depends on personal preferences. But I will observe that in the decade I spent as systems analyst, I did learn that the lower tech solutions are sometimes by far the best solutions.

  16. #60
    New Lounger
    Join Date
    Mar 2014
    Posts
    4
    Thanks
    2
    Thanked 1 Time in 1 Post
    If you can take all those steps to keep an inherently insecure document pretty well secured, then just how secure would a KeePass database, that is already encrypted by default, be?

    As for LastPass users, well, KeePass is Open Source, and other than the professional version relying upon .NET, it's completely free, with no advertising at all, and no fee to upgrade to a premium use.

    It does take some work to get all of the features that I use it for to work (no inherent support for TFA challenge / response, you have to use a plugin, same goes for favicons for websites) but it also has the advantages of being able to store files, like SSL certificates, etc. and being available offline, with no usage restrictions on how many times you use it per hour / day / week / month / year.

    Mind you, I'm not saying anyone here is wrong for their particular method of storing passwords - I'm simply pointing out that, given a chance, I think that KeePass would work very very well as a substitute for most of the methods posted here.

Page 4 of 5 FirstFirst ... 2345 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •