Password Management Tools

hi all
i'm looking for password management tools to save all my id & passwords for banks , &  other requirement in secure & safety places against hackers
i have iphone , but i worry to save it inside if no secure place
any advice
NiceMan331Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Scott ThomsonCommented:
It's called paper. hackers have a very hard time accessing this. its wifi secure and no maleware can attack it :P

Ok now for real.
and in theme with the above no hacker can access something that is off network. so if you have an old pc that has no internet access then this is a good idea.

Everything from the NSA to TOR and even SSL is being hacked these days. Hell I read an article where some geniuses hacked the firmware on a usb in the way it reads and sends data meaning it is capable of being infected with no way of knowing.

really there are many programs that work well but the key is to
1. use a strong password
2. Use a long password
3. Do NOT use your cat/dog/son/wife as any form of password
4. Do not ever use the same passwords for multiple accounts

The danger about "wallets" which store multiple passwords is that if you get the 1 wallet password you get the bonanza to all passwords.

There is no real easy solution here for you. but you can reduce the risks.
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
Scott Thomson has made some excellent points.  That said, you need to balance security with ease.  If possible, use nothing.  You brain cannot be lost, hacked (practically speaking), or copied.  

Change passwords regularly, but I use a tool called KeePass 2 - it's free and does a lot of things to protect your password, including never displaying the password unless you explicitly request it be displayed, you can copy it to your clipboard without viewing it and then a timer expires the clipboard so it's never residing in memory very long. My master password is not a password, but a pass phrase that's well over 30 characters long.
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
Oh, and KeePass offers ports on multiple platforms - I save my KeePass database to OneDrive and can access the database from my Android Cell phone, Windows laptop, Windows desktop, Surface tablet, Windows Tablet, and Android tablet so I don't have to maintain multiple databases.  There is a version for iPhone, but it's poor at best because you can't tell it to use the "shared" database (just the way apple likes you to work).
0
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

NiceMan331Author Commented:
ok thanx to both
by the way , i'm already regular customer for : bitdefender total security
it has one available product in my purchased bakage named : security wallet , it can save all passowrds , but i not yet use it because i still worry about it , do you think that it is usefull to use it ?
0
EirmanChief Operations ManagerCommented:
The best online solution I have come across is Lastpass
https://lastpass.com/

Nevertheless I still wouldn't recommend using any online solution for hyper-critical passwords such as paypal and banking.

I've attached my easy-to-remember passphrase guide
Passphrases.txt
0
NiceMan331Author Commented:
Eirman , good quidness to create secured password , but still my brain cann't remember all of them , don't forget that i want to save also the user names for all sites
0
EirmanChief Operations ManagerCommented:
I have been researching this further (for my own security)

This is a really excellent free local password manager ....
http://passwordsafe.sourceforge.net/

If you want to use your data from passwordsafe online try this
http://www.axantum.com/Xecrets/Default.aspx

(Axantum created the very useful and free AxCrypt encryption program)
0
Sean JacksonInformation Security AnalystCommented:
I use 1Password by Agile Bits, and I swear by it.  It creates all my passwords for me, I can monkey with the recipe (how many symbols, how many numbers, and length of password), and then I don't have to remember a single one (except for my 24-character passphrase to get into 1Password).  I am able to port it over to my phone, so I can have all my passwords there too.  It also has secure notes, so I can put notes in there, get them from my computer or my phone, and they're protected as well.

I love it.
0
NiceMan331Author Commented:
let me think well about using online store , or keep it manual paper in my pocket
0
NiceMan331Author Commented:
hi to all
i think i will get advice of manual writing of password , more safety than be online saving
but i would like to thank all experts who posts here
now i'm in trouble , how do i distribute the points , admin please help me
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
I would suggest that you also look at the priority of your passwords.

Bank and credit card passwords and those to pay bills need to be protected more strongly than the password you use to log in to most forums.  

The other thing you can do is NEVER store the ENTIRE password - use a program and save the passwords, but then always leave off the last two characters of the password - memorize those.  Anyone gets hold of the file, they think you've changed them all, not that they have to guess two more characters to get in.

Finally, DO NOT use the same password for every site or even a class of sites (PERHAPS except for low priority sites).  Meaning if you have two bank accounts, use two COMPLETELY different passwords (not the same one for all your bank accounts but different for your email).
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lee W, MVPTechnology and Business Process AdvisorCommented:
As for points, distribute them based on who gave you information you found valuable.  If someone posting something that wasn't helpful AT ALL, they deserve nothing.  If you got useful information, figure out how useful it was and award SOME points, the more useful, the more points.
0
EirmanChief Operations ManagerCommented:
The other thing you can do is NEVER store the ENTIRE password - use a program and save the passwords, but then always leave off the last two characters of the password - memorize those.
Great suggestion Lee
0
Scott ThomsonCommented:
^ yes I agree. or pick a letter like "e" and when you enter your password replace "e" with a fake letter like "g" that way every password you have is "incorrect" yet when read by yourself again you can easily decrypt them. this is what we call "old school encryption" haha

that way the amount of time required to guess your passwords and attempts will lock any account long before they manage to get the pattern
0
EirmanChief Operations ManagerCommented:
+1 for the collective EE brain.
0
NiceMan331Author Commented:
scott
very good advice
thanx
0
Scott ThomsonCommented:
Happy to help ^_^
0
NiceMan331Author Commented:
Can you help me to memorize letter to letter , as your example e=g etc
0
Scott ThomsonCommented:
Oh its not change ALL the letters. Maybe just 2 common ones..

Make each password have at least 1 of these letters

Perhaps sounding similar
A > k
E > c
Theres no need to change all letters.. thats grand overkill.. just 1 or 2 at most I would say.
0
NiceMan331Author Commented:
Ok , I got it , thanx
0
Scott ThomsonCommented:
That way you could even store them in plain text (I wouldn't suggest it) but if they are found they are still at least 10,000 combinations to be tried (with lets say 6 digits) before they might guess it correctly.
0
NiceMan331Author Commented:
i will use ms access database to store them in
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Home Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.