How to keep a password file on your Windows PC?

I used to put passwords into a hidden and encrypted file in cygwin. But now it looks like the -x option for vim gives a warning itself that it's not very secure. Plus I have not been able to resolve an issue I posted earlier on here whereby I can not paste to/from VIM in Cygwin to/from Windows. What could I use that's fast and easy. I've thought of just password protecting an XLS file but I've heard of those getting easily hacked. Any other suggestion? Thank you.
LVL 1
amigan_99Network EngineerAsked:
Who is Participating?
 
nobusConnect With a Mentor Commented:
you could make a strong password, by using a sentence like "My $Grandma is 84"
and keep only a reminder phrase - even not encoded to remmeber your password, like how old is Granny ?
0
 
Larry Struckmeyer MVPCommented:
Have you considered RoboForm or LastPass or the like?  If installed on the local computer with a strong pass phrase an attacker would have to gain access to your system then figure out/break the pass phrase.  If installed on a USB key an attacker would have to gain access to your pocket and hack the pass phrase.
1
 
btanConnect With a Mentor Exec ConsultantCommented:
Probably just have to remember one master password (strong passphrase) and use keepass to store the password

KeePass can minimize itself and type the information of the currently selected entry into dialogs, webforms, etc. Of course, the typing-sequence is 100% user-customizable, read the documentation file for more.
KeePass features a global auto-type hot key. When KeePass is running in the background (with opened database) and you press the hot key, it looks up the correct entry and executes its auto-type sequence.
All fields, title, username, password, URL and notes can be drag&dropped into other windows.
http://keepass.info/features.html

Choosing a strong passphrase
https://www.experts-exchange.com/articles/18309/Choosing-an-easy-to-remember-strong-password.html
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

 
Ray PaseurCommented:
Is there a PHP script involved with this question?  If so, please show us the PHP issues you are dealing with, thanks. ~Ray
0
 
EirmanConnect With a Mentor Chief Operations ManagerCommented:
If you just want to encrypt a single file,  AES Crypt or AxCrypt from this list looks quite good.
https://www.bestvpn.com/blog/10995/6-best-open-source-alternatives-to-truecrypt/
0
 
skullnobrainsConnect With a Mentor Commented:
you have a crazy wealth of apps that will do the job.

if you want something free that you have control over, what about using pgp encryption with a password. it is MUCH more difficult to break than password protected excel sheets. you can also use archiving software : 7z and RAR both feature decent encryption.

then obviously decoding stuff in memory comes with a wealth of potential problems which you already face anyway

--

I can not paste to/from VIM in Cygwin to/from Windows

i've had good experience using the Xserver with keyboard integration and preferring ctrl+insert and shift+insert to ctrl+c ctrl+v. with vim, it might be additionally necessary to open your vim in rxvt or xterm rather than in the windows console
0
 
btanConnect With a Mentor Exec ConsultantCommented:
one thing to make it secure is besides the usual password, you can opt for a keyfile assuming you do not want to remember the password but willing to safekeep the keyfile in own possession
The point of a key file is that you have something to authenticate with (in contrast to master passwords, where you know something), for example a file on a USB stick. The key file content (i.e. the key data contained within the key file) needs to be kept secret. The point is not to keep the location of the key file secret
http://keepass.info/help/base/keys.html

For e.g. besides using keepass keyfile, you can protect keepass DB using Yubikey
configured your YubiKeys to protect your KeePass database with OATH HOTP! To test your login, lock your database and attempt to regain access to it. At the log in screen, enable Key File and select One-Time Passwords.
In the dialog box that is displayed, position the cursor at the start of each bar and emit 3 consecutive passcodes (one for each bar) by pressing the button on your YubiKey for three seconds

https://www.yubico.com/why-yubico/for-individuals/password-managers/keepass/
0
 
BillDLConnect With a Mentor Commented:
nobus has suggested exactly what I do.  I do not store any actual passwords anywhere.  I store ONLY reminder phrases or sentences in a text file on a USB Flash Drive that would be meaningless to somebody else if found, but would instantly spell out the password to me.  The contents would seem like rubbish to anybody else.  I tend to create passwords that bear some relationship to the nature or name of the website in question and then choose some numbers to include that are somehow related to the nature of the site or the password.  The combination of these is often enough whereby I would not really have to keep a note of it anywhere, but I'm getting older and sometimes I need a reminder.

For example I want to create a new login profile for Amazon.  The capybara is an animal that resembles a giant guinea pig and is quite unique to wetlands of inland Brazil.  For some reason I seem to remember this animal's name.  Although not part of the Amazon river, "capybara" would be enough to remind me of the Amazon and hence the Amazon website.   Panos Constantinou who lived at number 37 in the street where I stayed as a child had a guinea pig as a pet.

If I combined these elements to form the password "Capybara37Constantinou", I could use the following sentence as a password reminder phrase (read from right to left as a rule for all such reminder phrases) and there is no way that I would forget what it meant:
"Panos House Number Big Pig TC"  - where "TC" means "Title Case" to me.
If I needed to remember what email address went with this password for the login profile and I was using, for example, a Verizon one, I could change this phrase to "Panos House Number Big Pig TC Horizon".

A person who is so paranoid that what is clearly a "riddle" might still be "cracked" could make the phrase a complete sentence and even change Horizon (if it sounded too much like Verizon) to something like "skyline" or "sunrise".

The above is just a hypothetical method.  Mine is similar in concept but different in phrase layout.

On the subject of username and password storage programs, one of the weakest links is the means by which the credentials are extracted from the program for use.  Some use drag and drop while others execute a copy and paste.  The Windows Clipboard is used as the intermediary step, and this is the reason that I never have the actual password stored to copy from a file.  People who copy passwords from text-based files and paste into browser fields have left something for a hacker to acquire because the clipboard isn't overwritten until something else is copied to it.  Password vault programs often DO use the Windows Clipboard for pasting passwords out, but the good ones (like Keepass) flush any trace of the copied data from the Clipboard after a timed delay.

As with any application, if there are people clever enough to code and compile them, then there will be unscrupulous people who are equally clever and can hack them or employ a vulnerability with the program itself or how it runs in the operating system.  Nothing is failsafe, you just have to mitigate the potential consequences of a hack.  There is probably far more likelihood of the server hosting the website you log into revealing your credentials to hackers than there is of them being harvested from your own computer.
0
 
nobusCommented:
Tx Bill for backing me ! i trust all is well on your side?
0
 
BillDLCommented:
Hi nobus.  Yeah, things are fine here thanks.  Just trying to get some outdoor projects finished in between work before Winter starts.
0
 
nobusCommented:
same as here then - see you later !
0
 
amigan_99Network EngineerAuthor Commented:
Thanks for all the great ideas.
0
 
BillDLCommented:
Thank you amigan_99
0
 
nobusCommented:
i find it strange that i have no points assigned
Bill started by saying "nobus has suggested exactly what I do."
0
 
BillDLCommented:
That's true nobus.  Sorry, I hadn't noticed.  I assumed it had been a points split.
0
 
nobusCommented:
it was a o,ne way split Bill
amigan, if you like to redistribute points  -use the request attention and ask the mods to do it, or reopen the Q
0
 
amigan_99Network EngineerAuthor Commented:
Sure - go ahead and re-open it. The question was just awash in more answers than I had time to review closely for merit.
0
 
amigan_99Network EngineerAuthor Commented:
Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.