Join 3,439 readers in helping fund MetaFilter (Hide)

Accessible and secure - can they be friends?
September 23, 2010 3:53 AM   Subscribe

Help me design a secure method of keeping my passwords both safe and available.

I, like everyone, have been forced to create a variety of logins and passwords for the websites I visit. So far I have a system of a weak password for less-important logins (facebook, MeFi) and a strong one for important ones (banking, RDP to home computer). I also have a few stock usernames. That way, I just remember my logins and don't have to write them down / store them anywhere.

But inevitably there are websites that don't accept my regular logins. Some have username and password requirements that don't fit my current passwords. Some even require shorter passwords than I use - which drives me nuts.

My current system for keeping track of these variations sucks - I store them in a place online that's more obscure than secure. Sure, I have to log in and then dig up the place where they're stored, but then they're passed to me over an unencrypted http connection.

What I'd like is a place online where I can securely store these random logins and access them over a secured connection after using a very strong master password to get in. Does anyone know of such a place? I'd rather not store them on my home computer because I don't trust myself to keep it properly secured (especially since I've got a non-standard RPD port open). And I'd like to make these accessible online because I travel frequently and would like to pull them up from anywhere. Given those considerations, what would you do?

Also, any additional considerations that come to mind are welcome (e.g., whether I'm setting myself up for problems by reusing passwords, alternatives to what I've described, "what you're asking for is a terrible idea," etc).
posted by Tehhund to Computers & Internet (31 answers total) 13 users marked this as a favorite
Lifehacker has mentioned the use of KeePass Portable plus Dropbox. But you'd have Dropbox sitting on your PC.

KeePass Portable is at if you want a look.
posted by dragonplayer at 4:06 AM on September 23, 2010

I can't find the link, but I'm sure at some point Bruce Schneier recommended that it was basically worthwhile creating uberstrong passwords and then just writing them in a book - bearing in mind that the chances of losing or destroying the book were greatly outweighed by the risks of weak passwords and other faff to do with storing strong password in a secure way on a computer.
posted by MuffinMan at 4:14 AM on September 23, 2010

So your question is, how can you use an untrusted computer to download a list of passwords and still have that be secure....?
posted by devnull at 4:19 AM on September 23, 2010

So your question is, how can you use an untrusted computer to download a list of passwords and still have that be secure....?

95% of the time I'm using my home PC or work laptop, and I don't want to store these passwords on either of them because a) as I said, I don't 100% trust my ability to secure my PC and b) I don't want to store my personal passwords on a computer where my company's admins can access them.

But to answer your question more directly... *Sigh* Yes. Well, to download and view (not save to disk) a list of passwords, but yes. I'm not sure that I can 100% avoid using others' computers to access sensitive sites. I try not to, but when travelling it can become a tough policy to enforce. Feel free to give me the 5th degree as long as you also suggest other options (always RDP home before accessing secure sites?). After all, I'm here for advice :).
posted by Tehhund at 4:31 AM on September 23, 2010

Have you looked at ?
If you get Premium there - all of $1/month - you can also get a USB layer of protection:
posted by episodic at 4:37 AM on September 23, 2010

I would advocate just keeping a slip of paper in your wallet with passwords written on it. Obviously, don't include your username on the paper, in case it falls into enemy hands.
posted by Salvor Hardin at 4:50 AM on September 23, 2010

You could use a password card that you carry with you.

But I don't think you should be afraid of having an encrypted password database on your computer. Personally, I use a well-encrypted KeePass file that I keep on my computer, and I have a keychain flash drive with a useful subset of those passwords using a copy of KeePass Portable and a different strong password. KeePass files can't be cracked by your company's admins, and if you think they're, like, keylogging you...well, you have other issues that won't be solved by a password management solution.
posted by bcwinters at 4:54 AM on September 23, 2010 [1 favorite]

I would go for a combination of that episodic and Salvor Hardin say.

For your common passwords: write them down and keep them in your wallet.
For the other passwords, ssl site.

You need to balance the chance that all of your passwords will be compromised with the ease of use of having access to all of your passwords. I think a combination approach would be best for you.

I myself use encrypted everything on encrypted hardware that I own. I never enter a password anywhere else because it's not possible to tell if a computer is rooted.
posted by devnull at 4:56 AM on September 23, 2010

I use (and heartily recommend) 1Password. It's a fantastic app and works great with Dropbox. That should solve your problem. You can make your login passwords as strong (or weak) as necessary and you will only have to remember one master password to unlock the app. 1Password can also generate random passwords for you, if you'd rather not do it yourself.
posted by LuckySeven~ at 4:59 AM on September 23, 2010 [1 favorite]

If you are going to go the route of writing your passwords down, a slightly safer option is to use numeric passwords, and enter them into your phone, disguised as phone numbers. I.e. put in "contact names" of made-up friends, and give them prefixes that resemble numbers in your area, then add the password as the rest. Your phone is probably a little less likely to be stolen than your wallet, and the numbers are less likely to be identifiable as passwords.
posted by lollusc at 5:00 AM on September 23, 2010

An alternative to writing it all down is to have a system of usernames/passwords that accounts for all these variations while still being easy to remember. I do that, and it hasn't let me down yet.

For example, my username here is Xany and that's my default username, but there are some sites that demand a username that's at least 6 characters long. Or Xany's taken (it's fairly common now, but wasn't when I started using it, dammit). If I come across one of those, I sign up as Xanify. If that's taken too, I tack on 318 at the end. That generally covers all bases; I've yet to come across a website that won't let me sign up, and if I can't remember which one I've used, there aren't all that many permutations to try.

Passwords: I have a "master" password with letters and numbers in it, which I then customize for every site by adding extra letters and numbers using some predictable-to-me method. If the password has to be shorter than what I'd like, I just truncate it (because when logging in to those sites, they generally only let you enter n letters anyway, so I never have to remember- I just type in what I'd normally use). If the password has to be stronger than what I'd like ... well ... that hasn't happened to me, and shouldn't happen to you, if you've got a sensible master password.
posted by Xany at 5:09 AM on September 23, 2010

I email them (the multitudes ... not the banking ones) to myself, at my gmail account, and just do a gmail search for them as required ... works well enough as I have gmail always open.
posted by jannw at 5:27 AM on September 23, 2010

If you have a cellphone, keep them there as notes or as contacts as lollusc suggested. You can even obfuscate the password by padding them with letters or numbers you'll know not to include.

The risk you'll have to worry about with using online services is: if your PC is compromised by an information stealing trojan at any point, the data you view after decryption is subject to be stolen. The chances this would happen are rare, but these types of rackets do exist in the world of internet crime...and they do slip by even the most robust antivirus scanners. By taking your passwords offline but keeping them available, your exposure to that risk is minimized (albeit individual passwords as they are entered would still be compromised if a trojan is present).
posted by samsara at 5:38 AM on September 23, 2010

Consider using the KeePass and DropBox combo mentioned above. KeePass is an open source product and available for Windows as well as (under the name KeePassX) for Linux and Mac OS.

All your KeePass data is stored in a single file that you can store wherever you'd like. KeePass uses either AES or Twofish 256-bit encryption to encrypt that file. Access to the file is by either a master password OR a key file OR both. So if you want very strong security you can use both -- assign a strong master password to the KeePass data file and also require a key file (which is randomly generated by KeePass based on your mouse movements at the time of configuration of the keyfile), and carry the key file around with you on your person on a USB drive.

You could probably put that encrypted KeePass data file anyplace accessible to you and feel generally comfortable, but DropBox also encrypts files you store on their service via 256-bit AES encryption and transmits those encrypted files over SSL.

To get at your encrypted KeePass data file in DropBox someone would have to guess or brute-force your DropBox password OR crack SSL and 256-bit AES. And that's just to get at the encrypted KeePass data file through DropBox. Once they have your encrypted KeePass data file, they'd have to guess or brute-force your KeePass password OR crack AES or Twofish. And once they'd accomplished all of that guessing, brute-forcing, cracking, etc., they'd still need to physically mug you to get the randomly-generated keyfile off the drive in your pocket.

I'm no security expert, but that seems like a reasonably strong security set-up for layman needs.
posted by gritter at 5:40 AM on September 23, 2010

Here's a helpful podcast that covers all the basic options for remembering, storing, and accessing passwords:
posted by cymru_j at 5:47 AM on September 23, 2010

I really liked Pater Aletheias' answer to a similar question. It might not be exactly what you're looking for, but personally I'm always uncomfortable having a list of my passords around, online or off.
posted by Laura in Canada at 6:02 AM on September 23, 2010

Add another vote for the KeePass and DropBox combination.

Very secure and easy.
posted by Drasher at 6:33 AM on September 23, 2010

I would use truecrypt and a textfile. The reason for truecrypt is that you can store whatever you want in there.
posted by delmoi at 6:37 AM on September 23, 2010

I just make up some password that works and reset or recover it when I can't remember. It's a pain, but probably no more of a pain than figuring out some other solution. The worst is a site a use every quarter or so and I think the last time I had to choose a password, I went through four tries, each time with a new unwritten rule I had violated. GRAR indeed.
posted by advicepig at 6:51 AM on September 23, 2010

I'll second 1Password. They've got a Windows version in beta now. Syncing between my iphone and computer means that I've always got my passwords handy when I'm not at my home computer. Auto-login via 1Password on my home computer means that a) I don't have to remember any of my super-strong passwords, and b) it can defeat keyloggers.
posted by bluejayway at 7:14 AM on September 23, 2010

nthing KeePass + DropBox. Works on linux, mac, windows, iphone - pretty much everything that i use. If you're interested on it working on multiple platforms, use the 1.X version of keepass, not the 2.X version.
posted by escher at 7:41 AM on September 23, 2010

I've been using a password generator that was posted over on Projects awhile ago to avoid duplicating easily remembered passwords (some are very strong 13 characters or more, but still). You can save it to the desktop, or access it online. I'm wary of storing passwords on the desktop, or online and, much prefer to remember the one never written down password and, let an algorithm do the rest because I've noticed that one of my "I like this" is a password I used to use.
posted by squeak at 8:29 AM on September 23, 2010

Another thing to make some more diversity. ( as i found out in a previous ask metafilter ) if you have a gmail address you can make simple variations by inserting periods. ( if you are you are also and , tehu.und@gmail,com etc ) so you can use that to mark different usernames if the email address is used and filter them to different labels without the hassle of setting up different email accounts and forwarding them. If one goes spammy just mark it to spam and use another variant.

I also, for a quick different way of making passwords without writing them down use my favorite music album. I can always find it online ( or on a playlist ) and make up a password based on a title and track length of a song.( characters and numbers ) You pick the song based on some criteria ( say number of vowels or sitename length ) You know your favorite album i dont. It sits in plain sight and is accessible but only you know the album and hashing method. Just be consistent
posted by stuartmm at 8:57 AM on September 23, 2010

After lots of consideration I've converted to LastPass (as discussed in the blue). Their design seems quite secure; your password database is kept encrypted on their server, only decrypted on your client. The usability of the browser plugin is quite good. It works on my iPhone. Even so I keep my two most important passwords out of it; those I memorize.

1Password is quite popular with the Mac crowd, but my experience on Windows was disappointing. KeePass + DropBox seems like a reasonable DIY solution. I preferred the nice integration of LastPass.

The good news is now when I create an account on a new site, I generate a totally random strong password. I don't even know what it is. Most importantly, it has nothing to do with passwords on any other sites.
posted by Nelson at 9:02 AM on September 23, 2010

I just keep my passwords on a .txt file on my laptop, in a folder on my mobile phone, and on my wife's netbook, just make sure I always have a copy of the passwords somewhere.

It's not great if either of these devices gets stolen, and my strategy in case that happens would be to go through the list and change each login.

I'm just uncomfortable storing all my password information online, especially in DropBox. A brute force attempt to get into my Dropbox account seems more likely than someone stealing my laptop.
posted by KokuRyu at 11:11 AM on September 23, 2010

truly 'strong' passwords must be changed frequently. some reasons include: most wireless connections are not secure, malware/keyloggers are prevalant, online storage services are not truly secure (if citibank can suffer a compromise of a million+ accounts, who is really secure)

write it down, cause almost none of us can remember a new strong password every 6-8 weeks.

but, modify it. leave out a letter, or add a few. ie: the post it on your monitor says 'ya4Dh63o', your actual password is 'ya4Dh63oJ8'.
posted by kimyo at 2:15 PM on September 23, 2010

Password protected xls file in an htaccess protected directory on a webserver.
posted by Biru at 3:59 PM on September 23, 2010

I've been mulling over safety vs. availability myself. Here's my current line of thinking.

The password card is very appealing: If you lose the card, you can re-generate it from the seed number that you stored in a safe, offline place. Row and column to start from for each site, you can store somewhere online that you don't entirely trust, because it's useless information without the actual contents of the card. The path you follow on the card after the starting point, you can memorize, because you'll be using it all the time, and so you need never write it down.

The sticking point in all of this is various sites' stupid password policies. Must be longer than X, must be shorter than Y, must contain a digit, must contain a punctuation mark, cannot contain a punctuation mark, must contain a capital letter, blah blah blah. The length thing, well, just use their maximum length or N characters, whichever is shorter, and make a note of that next to the row/column stuff. If there are characters you can't use, and they come up in your random password selection, skip them and make a note you skipped them. Yeah, when the bad guys hack your storage account/steal your wallet, they know your path passes through a pound sign at some point. If your path isn't bone-stick-stone stupid, like left-to-right in order, that information still won't be too helpful.

That's my main line of thought. The second is like unto it, in that there's a paper you carry with a stock of randomness on it, and you use your brain and eyes to combine this randomness with other information to make the password. It's harder, though. The paper contains a grid for a gigantic Playfair cipher: both upper and lower case alphabets, all ten digits, and a bunch of punctuation marks (use 19 of them and you've got a 9x9 square). Print black lines between columns and colored backgrounds behind rows, or something, so you can still visualize the rectangles properly despite the larger grid. This preserves the essential quality of the Playfair family, which is that you can do them by eye, without written notes. Use one really good, extremely random, highly over-memorized password as a key by which to encipher a really crummy per-site password (like the site's name, partly reversed or with some of your favorite letter substitutions in it), thereby generating a good per-site password. That is, take one character of your good memorized password, one character of your crummy per-site password, look at the grid to see what the pair enciphers to, type in what corresponds to the crummy one, repeat. The grid is your store of randomness, the good password tells you how to combine randomness with the bad password, the bad password ensures that if multiple accounts are compromised it all just looks totally random, and in short multiple compromises are necessary to start breaking your system, which means in practice it's easier to just go find a moron whose password is 'passw0rd12345' and rip them off instead.

/code-and-cipher dork
posted by eritain at 6:49 PM on September 23, 2010

I have used KeePass for several years and have always kept a copy of my database on my USB drive. I have never had a breach of security this way. Now I've just started using MyKeePass (99 cents) and DropBox (free) as well. Here is a workaround to be able to use your DropBox KeePass database in a private, rather than public, folder.

Although the KeePass database file is encrypted with SHA-256, if you really wanted to be extra secure about it, you could store your KeePass database inside a TrueCrypt-encrypted file/folder. This would add the hassle of having to mount your TrueCrypt file every time you wanted to access your passwords.
posted by IndigoRain at 11:38 PM on September 23, 2010

devnull: "I myself use encrypted everything on encrypted hardware that I own. I never enter a password anywhere else because it's not possible to tell if a computer is rooted."

Any tips for encrypting local stuff for those of us who know very little about how to do it?

posted by InsertNiftyNameHere at 3:14 AM on September 27, 2010

The previous post of mine is referring to data file encryption. Now what the heck are you referring to when you say "encrypted hardware?" Thanks once again!
posted by InsertNiftyNameHere at 3:15 AM on September 27, 2010

« Older I need inspiration for a playl...   |  Im looking for a movie that is... Newer »
This thread is closed to new comments.