Solved

How to keep a password file on your Windows PC?

Posted on 2016-10-18
21
161 Views
Last Modified: 2016-10-29
I used to put passwords into a hidden and encrypted file in cygwin. But now it looks like the -x option for vim gives a warning itself that it's not very secure. Plus I have not been able to resolve an issue I posted earlier on here whereby I can not paste to/from VIM in Cygwin to/from Windows. What could I use that's fast and easy. I've thought of just password protecting an XLS file but I've heard of those getting easily hacked. Any other suggestion? Thank you.
0
Comment
Question by:amigan_99
  • 5
  • 4
  • 3
  • +6
21 Comments
 
LVL 21

Expert Comment

by:Larry Struckmeyer MVP
ID: 41849299
Have you considered RoboForm or LastPass or the like?  If installed on the local computer with a strong pass phrase an attacker would have to gain access to your system then figure out/break the pass phrase.  If installed on a USB key an attacker would have to gain access to your pocket and hack the pass phrase.
1
 
LVL 61

Assisted Solution

by:btan
btan earned 50 total points
ID: 41849321
Probably just have to remember one master password (strong passphrase) and use keepass to store the password

KeePass can minimize itself and type the information of the currently selected entry into dialogs, webforms, etc. Of course, the typing-sequence is 100% user-customizable, read the documentation file for more.
KeePass features a global auto-type hot key. When KeePass is running in the background (with opened database) and you press the hot key, it looks up the correct entry and executes its auto-type sequence.
All fields, title, username, password, URL and notes can be drag&dropped into other windows.
http://keepass.info/features.html

Choosing a strong passphrase
https://www.experts-exchange.com/articles/18309/Choosing-an-easy-to-remember-strong-password.html
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 41849330
Is there a PHP script involved with this question?  If so, please show us the PHP issues you are dealing with, thanks. ~Ray
0
 
LVL 23

Assisted Solution

by:Eirman
Eirman earned 50 total points
ID: 41849877
If you just want to encrypt a single file,  AES Crypt or AxCrypt from this list looks quite good.
https://www.bestvpn.com/blog/10995/6-best-open-source-alternatives-to-truecrypt/
0
 
LVL 26

Assisted Solution

by:skullnobrains
skullnobrains earned 50 total points
ID: 41849967
you have a crazy wealth of apps that will do the job.

if you want something free that you have control over, what about using pgp encryption with a password. it is MUCH more difficult to break than password protected excel sheets. you can also use archiving software : 7z and RAR both feature decent encryption.

then obviously decoding stuff in memory comes with a wealth of potential problems which you already face anyway

--

I can not paste to/from VIM in Cygwin to/from Windows

i've had good experience using the Xserver with keyboard integration and preferring ctrl+insert and shift+insert to ctrl+c ctrl+v. with vim, it might be additionally necessary to open your vim in rxvt or xterm rather than in the windows console
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 50 total points
ID: 41850073
0
 
LVL 61

Assisted Solution

by:btan
btan earned 50 total points
ID: 41850356
one thing to make it secure is besides the usual password, you can opt for a keyfile assuming you do not want to remember the password but willing to safekeep the keyfile in own possession
The point of a key file is that you have something to authenticate with (in contrast to master passwords, where you know something), for example a file on a USB stick. The key file content (i.e. the key data contained within the key file) needs to be kept secret. The point is not to keep the location of the key file secret
http://keepass.info/help/base/keys.html

For e.g. besides using keepass keyfile, you can protect keepass DB using Yubikey
configured your YubiKeys to protect your KeePass database with OATH HOTP! To test your login, lock your database and attempt to regain access to it. At the log in screen, enable Key File and select One-Time Passwords.
In the dialog box that is displayed, position the cursor at the start of each bar and emit 3 consecutive passcodes (one for each bar) by pressing the button on your YubiKey for three seconds

https://www.yubico.com/why-yubico/for-individuals/password-managers/keepass/
0
 
LVL 91

Accepted Solution

by:
nobus earned 250 total points
ID: 41851515
you could make a strong password, by using a sentence like "My $Grandma is 84"
and keep only a reminder phrase - even not encoded to remmeber your password, like how old is Granny ?
0
 
LVL 38

Assisted Solution

by:BillDL
BillDL earned 50 total points
ID: 41851936
nobus has suggested exactly what I do.  I do not store any actual passwords anywhere.  I store ONLY reminder phrases or sentences in a text file on a USB Flash Drive that would be meaningless to somebody else if found, but would instantly spell out the password to me.  The contents would seem like rubbish to anybody else.  I tend to create passwords that bear some relationship to the nature or name of the website in question and then choose some numbers to include that are somehow related to the nature of the site or the password.  The combination of these is often enough whereby I would not really have to keep a note of it anywhere, but I'm getting older and sometimes I need a reminder.

For example I want to create a new login profile for Amazon.  The capybara is an animal that resembles a giant guinea pig and is quite unique to wetlands of inland Brazil.  For some reason I seem to remember this animal's name.  Although not part of the Amazon river, "capybara" would be enough to remind me of the Amazon and hence the Amazon website.   Panos Constantinou who lived at number 37 in the street where I stayed as a child had a guinea pig as a pet.

If I combined these elements to form the password "Capybara37Constantinou", I could use the following sentence as a password reminder phrase (read from right to left as a rule for all such reminder phrases) and there is no way that I would forget what it meant:
"Panos House Number Big Pig TC"  - where "TC" means "Title Case" to me.
If I needed to remember what email address went with this password for the login profile and I was using, for example, a Verizon one, I could change this phrase to "Panos House Number Big Pig TC Horizon".

A person who is so paranoid that what is clearly a "riddle" might still be "cracked" could make the phrase a complete sentence and even change Horizon (if it sounded too much like Verizon) to something like "skyline" or "sunrise".

The above is just a hypothetical method.  Mine is similar in concept but different in phrase layout.

On the subject of username and password storage programs, one of the weakest links is the means by which the credentials are extracted from the program for use.  Some use drag and drop while others execute a copy and paste.  The Windows Clipboard is used as the intermediary step, and this is the reason that I never have the actual password stored to copy from a file.  People who copy passwords from text-based files and paste into browser fields have left something for a hacker to acquire because the clipboard isn't overwritten until something else is copied to it.  Password vault programs often DO use the Windows Clipboard for pasting passwords out, but the good ones (like Keepass) flush any trace of the copied data from the Clipboard after a timed delay.

As with any application, if there are people clever enough to code and compile them, then there will be unscrupulous people who are equally clever and can hack them or employ a vulnerability with the program itself or how it runs in the operating system.  Nothing is failsafe, you just have to mitigate the potential consequences of a hack.  There is probably far more likelihood of the server hosting the website you log into revealing your credentials to hackers than there is of them being harvested from your own computer.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 91

Expert Comment

by:nobus
ID: 41852405
Tx Bill for backing me ! i trust all is well on your side?
0
 
LVL 38

Expert Comment

by:BillDL
ID: 41854864
Hi nobus.  Yeah, things are fine here thanks.  Just trying to get some outdoor projects finished in between work before Winter starts.
0
 
LVL 91

Expert Comment

by:nobus
ID: 41854871
same as here then - see you later !
0
 
LVL 1

Author Comment

by:amigan_99
ID: 41855411
Thanks for all the great ideas.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 41855917
Thank you amigan_99
0
 
LVL 91

Expert Comment

by:nobus
ID: 41855924
i find it strange that i have no points assigned
Bill started by saying "nobus has suggested exactly what I do."
0
 
LVL 38

Expert Comment

by:BillDL
ID: 41856597
That's true nobus.  Sorry, I hadn't noticed.  I assumed it had been a points split.
0
 
LVL 91

Expert Comment

by:nobus
ID: 41856808
it was a o,ne way split Bill
amigan, if you like to redistribute points  -use the request attention and ask the mods to do it, or reopen the Q
0
 
LVL 1

Author Comment

by:amigan_99
ID: 41859593
Sure - go ahead and re-open it. The question was just awash in more answers than I had time to review closely for merit.
0
 
LVL 1

Author Comment

by:amigan_99
ID: 41864942
Thanks
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now