Keep passwords in USB thumb drive: good idea?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
User avatar
teacher
Posts: 995
Joined: Sun Oct 05, 2008 5:45 pm
Location: California

Keep passwords in USB thumb drive: good idea?

Post by teacher » Wed Apr 16, 2014 2:51 pm

Does anyone keep their passwords and user IDs in a USB thumb drive instead of using a password manager like LastPass or KeePass? It seems it would be easy to keep the list of passwords/user IDs with corresponding websites on an excel spreadsheet and copy/paste onto websites. Does this idea seem workable? Would it leave a trace for hackers?

investor1
Posts: 1040
Joined: Thu Mar 15, 2012 8:15 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by investor1 » Wed Apr 16, 2014 2:56 pm

It is never a good idea to store login information in plain text anywhere on your computer.

Mordoch
Posts: 350
Joined: Sat Mar 10, 2007 11:27 am

Re: Keep passwords in USB thumb drive: good idea?

Post by Mordoch » Wed Apr 16, 2014 3:01 pm

Its vastly weaker, and would not work effectively without those passwords also backed up somewhere else.

Basically with KeePass, you can get exactly the same security level plus way more (making it tougher for a hacker to do something like see what the USB has on it when it gets plugged in) by having a key file in addition to your password with the key file only on the USB stick and a couple other places. (The idea is secure places not ordinarily connected to your computer to prevent a hacker from getting anywhere.) A password manager also tends to create significantly more secure passwords than any ordinary effort to do so randomly on your own.

User avatar
teacher
Posts: 995
Joined: Sun Oct 05, 2008 5:45 pm
Location: California

Re: Keep passwords in USB thumb drive: good idea?

Post by teacher » Wed Apr 16, 2014 3:03 pm

investor1 wrote:
It is never a good idea to store login information in plain text anywhere on your computer.
But if the information is in a thumb drive, it would be opened, info copied, closed and removed from the computer. It would never actually be on the computer. Right? Am I missing something?

Mordoch
Posts: 350
Joined: Sat Mar 10, 2007 11:27 am

Re: Keep passwords in USB thumb drive: good idea?

Post by Mordoch » Wed Apr 16, 2014 3:05 pm

teacher wrote:
investor1 wrote:
It is never a good idea to store login information in plain text anywhere on your computer.
But if the information is in a thumb drive, it would be opened, info copied, closed and removed from the computer. It would never actually be on the computer. Right? Am I missing something?
Yes, anytime you open the thumb drive spreadsheet for example it is actually in the computer's memory where all sorts of hacker programs could read it and end up transmitting it back to the malware author or the like. There are a couple strategies with sophisticated software to try to avoid this, but it ends up being a heck of allot of effect and is still less secure and more trouble than just using an effective password manager already.

Nummerkins
Posts: 271
Joined: Tue Jun 01, 2010 4:41 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by Nummerkins » Wed Apr 16, 2014 3:09 pm

The correct answer here is to use a password manager such as KeePass and store a backup of your encrypted key file on the thumb drive in addition to other places.

Thumb drives get lost, stolen, crushed, dropped in liquid and generally just die (they are cheap).

They are not effective in increasing security on their own.

investor1
Posts: 1040
Joined: Thu Mar 15, 2012 8:15 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by investor1 » Wed Apr 16, 2014 3:15 pm

teacher wrote:
investor1 wrote:
It is never a good idea to store login information in plain text anywhere on your computer.
But if the information is in a thumb drive, it would be opened, info copied, closed and removed from the computer. It would never actually be on the computer. Right? Am I missing something?
The drive would be mounted from the perspective of the operating system (Microsoft Windows, Mac OS X, etc.). Beyond that, it doesn't matter. It is just another drive on the computer. If someone has the ability to scan the files on your computer, they can most likely scan the other drives as well (especially on Windows). A thumb drive is no more secure than the drive in the computer. It is just more mobile.

Plain text password are always a bad idea.

User avatar
teacher
Posts: 995
Joined: Sun Oct 05, 2008 5:45 pm
Location: California

Re: Keep passwords in USB thumb drive: good idea?

Post by teacher » Wed Apr 16, 2014 3:22 pm

Thanks everyone. Using a password manager feels wrong because I am trusting an outside entity, but I have to get over it and bite the bullet. I'll read the "KeePass vs LastPass" thread to decide which one is best for a MacBook Pro. Dang. Thought we had a simple solution. :?

User avatar
Phineas J. Whoopee
Posts: 7569
Joined: Sun Dec 18, 2011 6:18 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by Phineas J. Whoopee » Wed Apr 16, 2014 3:39 pm

teacher wrote:Thanks everyone. Using a password manager feels wrong because I am trusting an outside entity, but I have to get over it and bite the bullet. I'll read the "KeePass vs LastPass" thread to decide which one is best for a MacBook Pro. Dang. Thought we had a simple solution. :?
I agree. There is no security without physical security.
PJW

Nummerkins
Posts: 271
Joined: Tue Jun 01, 2010 4:41 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by Nummerkins » Wed Apr 16, 2014 3:43 pm

FYI, with KeePass you trust nobody but yourself -- all the passwords are stored in an encrypted file :) You can make copies of it, store it online, or keep it in your physical possession.

User avatar
SnapShots
Posts: 915
Joined: Wed May 09, 2012 12:39 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by SnapShots » Wed Apr 16, 2014 3:55 pm

teacher wrote:Thanks everyone. Using a password manager feels wrong because I am trusting an outside entity, but I have to get over it and bite the bullet. I'll read the "KeePass vs LastPass" thread to decide which one is best for a MacBook Pro. Dang. Thought we had a simple solution. :?
Since you're a Mac user, Check out 1Password 4 before making a decision.
the best decision many times is the hardest to do

User avatar
tyrion
Posts: 1145
Joined: Fri Feb 08, 2008 3:33 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by tyrion » Wed Apr 16, 2014 4:25 pm

Here's an idea- Use keypass/lastpass to store the majority of your password, but leave something extra for you to complete each time.

So you could store 'i.love.A11igators' in your password file, knowing that you add 'soo.much' or '2' at the end each time. So your password file never contains the full password, but it contains most of it and you just remember the last little bit to complete it. If your password file is compromised, odds are they will assume you have already changed it and move on to the millions of less secure passwords around. Remember, you don't need the absolute best security, you just need to be better than those around you. You don't need to have fort knox security on your home if your neighbors never lock their doors. Don't be the slowest guy in the camp when then grizzly shows up. You get the idea.

User avatar
in_reality
Posts: 4529
Joined: Fri Jul 12, 2013 6:13 am

Re: Keep passwords in USB thumb drive: good idea?

Post by in_reality » Wed Apr 16, 2014 4:39 pm

teacher wrote:Does anyone keep their passwords and user IDs in a USB thumb drive instead of using a password manager like LastPass or KeePass? It seems it would be easy to keep the list of passwords/user IDs with corresponding websites on an excel spreadsheet and copy/paste onto websites. Does this idea seem workable? Would it leave a trace for hackers?
Yes I do.

I use an Ironkey USB.

* Password protected
* erases data after 10 failed login attempts
* Can't be physically opened to take out the memory and get around the password


http://www.ironkey.com/en-US/encrypted- ... sonal.html

User avatar
teacher
Posts: 995
Joined: Sun Oct 05, 2008 5:45 pm
Location: California

Re: Keep passwords in USB thumb drive: good idea?

Post by teacher » Wed Apr 16, 2014 5:06 pm

Tyrion wrote:
Here's an idea- Use keypass/lastpass to store the majority of your password, but leave something extra for you to complete each time.
What a great idea! I wouldn't have thought of that.

investor1
Posts: 1040
Joined: Thu Mar 15, 2012 8:15 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by investor1 » Wed Apr 16, 2014 5:42 pm

That is a good idea...

Jeff7
Posts: 329
Joined: Sat Nov 24, 2012 2:30 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by Jeff7 » Wed Apr 16, 2014 6:49 pm

teacher wrote:
investor1 wrote:
It is never a good idea to store login information in plain text anywhere on your computer.
But if the information is in a thumb drive, it would be opened, info copied, closed and removed from the computer. It would never actually be on the computer. Right? Am I missing something?
All it takes is to drop, lose, or forget your thumbdrive. Do that, and you'd better change all the passwords that you had stored on it.



I do keep my passwords stored on a thumbdrive, among other locations.

In plain text.

Inside of a heavily-encrypted volume. ;)

harrychan
Posts: 1418
Joined: Sun Nov 14, 2010 9:37 pm
Location: Pasadena

Re: Keep passwords in USB thumb drive: good idea?

Post by harrychan » Wed Apr 16, 2014 6:57 pm

I had a friend who did this and his USB thumb drive failed. Beyond this, he had a lot of other important documents in his thumb drive. Needless to say, he will not be doing this again.
This is not legal or certified financial advice but you know that already.

User avatar
Dogbreath650
Posts: 27
Joined: Mon Oct 28, 2013 9:37 am
Location: Colorado

Re: Keep passwords in USB thumb drive: good idea?

Post by Dogbreath650 » Wed Apr 16, 2014 8:01 pm

tyrion wrote:Here's an idea- Use keypass/lastpass to store the majority of your password, but leave something extra for you to complete each time.

I do the same thing but with an old fashioned notebook...

User avatar
in_reality
Posts: 4529
Joined: Fri Jul 12, 2013 6:13 am

Re: Keep passwords in USB thumb drive: good idea?

Post by in_reality » Thu Apr 17, 2014 12:54 am

harrychan wrote:I had a friend who did this and his USB thumb drive failed. Beyond this, he had a lot of other important documents in his thumb drive. Needless to say, he will not be doing this again.

..and he had no backup? Well that's not really a decent plan...

Jerrybaby
Posts: 172
Joined: Wed Dec 11, 2013 5:36 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by Jerrybaby » Thu Apr 17, 2014 1:36 am

I've been reading these threads and can't pull the trigger so to speak on a password manager. Can't seem to grasp how the security would be better with a password manager than with say, Target. Is it conceivable that such a password management company could be compromised and then a hacker knows EVERY password? I know I'm probably just paranoid, but actually I'm not enough. Whenever I bookmark a site, such as a bank or credit card site, I enter the username and password when I name the bookmark. Just counted 65 different sites like that. Boy.

I bet I use over 20 different passwords everyday. Its crazy. I'm doing good just remembering my password; now I need to graduate to password security.

User avatar
kcyahoo
Posts: 434
Joined: Mon Feb 19, 2007 9:59 pm
Location: Venice, FL

Re: Keep passwords in USB thumb drive: good idea?

Post by kcyahoo » Thu Apr 17, 2014 7:40 am

Bad bad idea for the reasons stated.

Also, I use the Dolphin browser on Android with the Lastpass extension. Works great. I'd be hard pressed to plug a USB drive into my Telephone or Tablet.
Retired @ 57, now 75 | was 50/45/5, then 42/54/04, now 35/60/5 | KC

User avatar
Toons
Posts: 13016
Joined: Fri Nov 21, 2008 10:20 am
Location: Hills of Tennessee

Re: Keep passwords in USB thumb drive: good idea?

Post by Toons » Thu Apr 17, 2014 7:43 am

I used to store on USB but have been using LastPass for quite a few years :happy
"One does not accumulate but eliminate. It is not daily increase but daily decrease. The height of cultivation always runs to simplicity" –Bruce Lee

jchef
Posts: 263
Joined: Wed Aug 29, 2012 7:04 am

Re: Keep passwords in USB thumb drive: good idea?

Post by jchef » Thu Apr 17, 2014 7:59 am

Jerrybaby wrote:I've been reading these threads and can't pull the trigger so to speak on a password manager. Can't seem to grasp how the security would be better with a password manager than with say, Target. Is it conceivable that such a password management company could be compromised and then a hacker knows EVERY password?
If you aren't comfortable storing your passwords on someone else's server you could look at KeePass. It isn't a company, it's just a program and your password won't be stored on a server unless you put it there. By you do need to make sure you have backups of your KeePass database and preferably at least one backup outside of you home.


And for companies such as LastPass that do store your passwords on their servers, the password database is encrypted using your master password before they are sent to LastPass's servers. And LastPass doesn't know you master password, so even if someone broke into LastPass's server and stole your database, they still don't have the master password to decrypt your database.

jchef
Posts: 263
Joined: Wed Aug 29, 2012 7:04 am

Re: Keep passwords in USB thumb drive: good idea?

Post by jchef » Thu Apr 17, 2014 8:08 am

tyrion wrote:Here's an idea- Use keypass/lastpass to store the majority of your password, but leave something extra for you to complete each time.

....

If your password file is compromised
This doesn't give you much additional security and is a bit of a hassle. If you choose a reasonably strong master password, the most likely way your password database is going to be compromised is through a key logger being installed on your machine. The chances that your password database is going to be compromised in some other way is extremely low.

And if there is a key logger installed on your machine, you've pretty much already lost.

rkhusky
Posts: 5710
Joined: Thu Aug 18, 2011 8:09 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by rkhusky » Thu Apr 17, 2014 8:14 am

If you have a Mac, you can just create an encrypted Disk Image and store your text or spreadsheet file there. You can also save the disk image on a thumb drive as a backup or for portability. I would also use a completely different password than your login password.

The nice thing about an encrypted Disk Image is that you can keep other sensitive information there as well.

You'll need something else though (like True Crypt), if you want to access the files from a Windows or Linux machine.
Last edited by rkhusky on Thu Apr 17, 2014 8:32 am, edited 2 times in total.

rkhusky
Posts: 5710
Joined: Thu Aug 18, 2011 8:09 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by rkhusky » Thu Apr 17, 2014 8:24 am

tyrion wrote:Here's an idea- Use keypass/lastpass to store the majority of your password, but leave something extra for you to complete each time.
I don't see the value of that other than keeping a casual person from using your password that is stored in plain text. Most crackers would try different variations of your old passwords, since that is what most people do when forced to change passwords. And if they can crack keypass or lastpass, they wouldn't be fooled by a simple trick like that.

User avatar
tyrion
Posts: 1145
Joined: Fri Feb 08, 2008 3:33 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by tyrion » Thu Apr 17, 2014 11:25 am

rkhusky wrote:
tyrion wrote:Here's an idea- Use keypass/lastpass to store the majority of your password, but leave something extra for you to complete each time.
I don't see the value of that other than keeping a casual person from using your password that is stored in plain text. Most crackers would try different variations of your old passwords, since that is what most people do when forced to change passwords. And if they can crack keypass or lastpass, they wouldn't be fooled by a simple trick like that.
Three thoughts here-

1. Hypothetically, if they can crack keypass/lastpass, they will have plenty of options. So when yours doesn't work, they will move on to another easier password. And if they can steal the hash but not decrypt it, they will not have any hints on what the password might be.

2. I used a generic phrase in the example. In reality, since you're using a password program, it would be a random password, followed by your personal extension of it.

3. I tend to think keypass itself is good enough for me (plenty of other people to hack who are using their kids names, pets name, etc as passwords). But if you have an objection to putting them all in one place, this is a mental crutch for overcoming it. You're not giving your full password to keypass/lastpass, just a portion of it.

User avatar
NAVigator
Posts: 2457
Joined: Tue Feb 27, 2007 7:24 am
Location: Iowa

Re: Keep passwords in USB thumb drive: good idea?

Post by NAVigator » Thu Apr 17, 2014 11:56 am

Jerrybaby wrote:I've been reading these threads and can't pull the trigger so to speak on a password manager. Can't seem to grasp how the security would be better with a password manager than with say, Target. Is it conceivable that such a password management company could be compromised and then a hacker knows EVERY password? I know I'm probably just paranoid, but actually I'm not enough. Whenever I bookmark a site, such as a bank or credit card site, I enter the username and password when I name the bookmark. Just counted 65 different sites like that. Boy.

I bet I use over 20 different passwords everyday. Its crazy. I'm doing good just remembering my password; now I need to graduate to password security.
A password manager maintains your password information in an encrypted format. The encryption "key" is based on your master password. This makes it very secure. You only have to remember your one master password.

There have been discussions about storing this encrypted information in online storage. With KeePass, the encrypted password file can be placed wherever you want such as a USB flash drive, your hard disk, etc. With LastPass, it is stored on their secure servers. Using your browser to store the username and password leaves the information rather vulnerable.

Jerry
"I was born with nothing and I have most of it left."

sls239
Posts: 928
Joined: Thu Oct 23, 2008 4:04 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by sls239 » Thu Apr 17, 2014 12:05 pm

I spent a little time refining my password advice.


But making and remembering a strong unique password for every site is NOT difficult! I will show you how in 2 easy steps:

Step 1: Get a character string

The easiest way to make a character string is to use a fact, like this:

azis-273C [absolute zero is -273 degrees Celsius]

It doesn't have to be a particularly science-y fact. Check this one out:

Hora=Hour or if you prefer Greek to Spanish, Hora=Dance

You may prefer 2 short facts like this:

sh8l,ih6 [spiders have 8 legs, insects have 6]

Or you could use a fact you actually use frequently:

ORmpt1:45 [Orville Reddenbacher microwave popcorn takes 1:45] I wouldn't know about that because I don't like popcorn. But that is why it works.

There's no way that hackers are going to be able to program in every fact in the world and they'll have no idea which fact you are using.

You could even use a fact that is personal:

Mhg@4pmF [Michael has gymnastics at 4pm Friday] This has the added possible benefit of reminding you when you really should change your passwords.

Your "fact" doesn't even have to be true, just memorable:

MNWis$3M [My net worth is $3 million]

If you are worried you won't remember exactly how you put your fact, you can write it down on a post-it note in your wallet for a while until you have it memorized. This character string isn't your whole password so it is unlikely someone is going to steal your wallet and get into your accounts without you noticing. (But that is no excuse for putting the post-it on your computer screen. Don't do that.)

Step 2: Use a numbering / lettering / symbol scheme
You will be able to take your character string and make it a unique password for each account by using a simple numbering scheme. You can make a list to match the various accounts to their numbers.

Once you have your character string, take a look at which of the 4 types of characters it has. The 4 character types are uppercase letters, lowercase letters, numbers, and symbols. If your character string is missing one or two of those types, use them in your numbering scheme.

So if you chose Hora=Hour, your will need to add a number for each account. So your bank account password can be Hora=Hour1 (or 1Hora=Hour) and your Amazon account can be Hora=Hour2.

If you have lots of accounts, you can even make a simple list that gives the number for you. Just don't label it "My passwords are all the same except for this number!" You can even password protect the list and store it encrypted if you want.

If you need to add a special character to your passwords, why not use it in your numbering scheme? Instead of 1 use !, instead of 2 use @ and so forth. Then if you store your list, it is even better protected because your "Amazon 2" entry on the list looks nothing like your actual password of mca33MPG@ [my car averages 33 miles per gallon]

And there you have it. Strong unique passwords for every account. And perhaps something you can now have a little fun with instead of dreading. And the more fun you have with it, the better the password is likely to be.

jchef
Posts: 263
Joined: Wed Aug 29, 2012 7:04 am

Re: Keep passwords in USB thumb drive: good idea?

Post by jchef » Thu Apr 17, 2014 1:38 pm

But making and remembering a strong unique password for every site is NOT difficult! I will show you how in 2 easy steps:

Step 1: Get a character string

The easiest way to make a character string is to use a fact, like this:

azis-273C [absolute zero is -273 degrees Celsius]
The short passwords you are generating are quite weak. The concept is reasonable, but the passwords need to be much longer.

After the huge LinkedIn password leak, someone tried to see how many of them they could crack. By using freely available tools they were able to quickly crack 2 million passwords such as "m0c.nideknil" (without the quotes). Even though this password looks like gibberish, it's just too short.

You can read the article here: https://community.qualys.com/blogs/secu ... -passwords

Step 2: Use a numbering / lettering / symbol scheme
You will be able to take your character string and make it a unique password for each account by using a simple numbering scheme. You can make a list to match the various accounts to their numbers.
I don't mean to sound harsh, but this is really horrible advice.

Hackers know many people do this. It's going to be one of the first things that they test.

So if they ever grab your password and email address or user name from one site, they are going to test to see if they can get into other sites with the same info. And if they can't get in with the same password then they are going to try slightly modify the password. Incrementing and decrementing letter and numbers in the known password is going to one of the first thing they try.


And if you don't mind me asking, are the numbers you are incrementing at the end of your password? But that's where nearly everyone who uses this method puts them. And hackers know this.

User avatar
kcyahoo
Posts: 434
Joined: Mon Feb 19, 2007 9:59 pm
Location: Venice, FL

Re: Keep passwords in USB thumb drive: good idea?

Post by kcyahoo » Thu Apr 17, 2014 1:49 pm

I have over 200 passwords. LastPass remembers all of them for me, on Windows and Android.

Passwords are not the only thing that needs to be stored securely.

I also store all Credit Card info in LastPass. I use this to auto-fill at shopping sites and at bill-pay sites.

I also save notes in LastPass that need to be recalled and secured (example, combination to a relatives garage door that I only need a few times a year. I whip out my Android phone and look it up).
Retired @ 57, now 75 | was 50/45/5, then 42/54/04, now 35/60/5 | KC

User avatar
Ged
Posts: 3616
Joined: Mon May 13, 2013 1:48 pm
Location: Roke

Re: Keep passwords in USB thumb drive: good idea?

Post by Ged » Thu Apr 17, 2014 2:00 pm

One thing to be concerned about with the 'passwords in excel' idea is the concept of screen loggers. That is virii that take screen snapshots periodically and transfer them to a mothership. Tools like Keepass provide protection against that because they do not provide displays of the password list in plain text.

Keepass has some defenses against keyloggers, but really there is no perfect defense against keyloggers, at least within the parameters of the Windows operating system.

For cases where you really need security, I'd suggest booting off a Live Linux DVD distro, say like Tails.

https://tails.boum.org/

http://www.wired.com/2014/04/tails/

dl7848
Posts: 440
Joined: Tue Mar 25, 2014 12:46 am

Re: Keep passwords in USB thumb drive: good idea?

Post by dl7848 » Thu Apr 17, 2014 2:32 pm

teacher wrote:Thanks everyone. Using a password manager feels wrong because I am trusting an outside entity, but I have to get over it and bite the bullet. I'll read the "KeePass vs LastPass" thread to decide which one is best for a MacBook Pro. Dang. Thought we had a simple solution. :?
It's funny, but I've seen some security experts say that the best protection these days is to put one's passwords down on paper. That's the exact opposite of the advice that used to be given. It seems we've come full circle. FWIW, I do have some of my passwords on KeePass (and have copies on thumb drives), but I've started to go with paper, and have the paper stored in more than one geographical location.

sls239
Posts: 928
Joined: Thu Oct 23, 2008 4:04 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by sls239 » Thu Apr 17, 2014 2:54 pm

And if you don't mind me asking, are the numbers you are incrementing at the end of your password?
You can put it wherever you want. You can make it as long or as complicated as you want. Your incrementing could be at the beginning and you could use the scheme of adding "1.50" "2.60" or even 1.@# and @.#$ or 32! and 43@ or you could insert Aa10* and Bb20* into the middle of your character string.

If you think it is worth your time, the possibilities are absolutely endless. And since you can change your character string independently of your numbering scheme, you can pretty much just learn your numbering scheme once and use it for a very long time.
Hackers know many people do this. It's going to be one of the first things that they test.
Maybe. If the hacker has a personal vendetta against me. Otherwise, I doubt they'd bother. Also, many EUA require unique user names so they wouldn't have the user name. And how would a hacker know where I bank anyway? That sounds more like a stalker than a hacker.

Sorry to sound so emprical, but can you even point to a single real world incidence of this happening in the impersonal hacking sense?

Most people know more than one fact, so it would be pretty easy to say have your bank accounts use one character string and your e-mail accounts and retail accounts use a different one.

The point wasn't to make passwords for people, but to give them a method for creating as many strong a passwords as they wanted that they would actually be able to remember.

But like someone said, you really just need something that is good enough. And by good enough I mean covering your ass in terms of the end user agreements.

Remember, passwords are not the be all end all of security. Most anyone who gained access to your e-mail account could reset your passwords to anything they wanted.

I don't live my life assuming all my information is secure and I don't suggest anyone else do either.

hulio82
Posts: 69
Joined: Wed Mar 12, 2014 1:19 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by hulio82 » Thu Apr 17, 2014 3:24 pm

if you don't want to use a 3rd party passwd manager or passwd vault, you could enter passwords in an excel sheet, password protect it and copy it on to a encrypted usb drive.

personally, i have about 8-10 passwords which i need to keep secure. i find the easiest way to keep track of them is on a piece of paper in my wallet. on the paper, i only list passwords, no other information and i list about 20-out of which half are fake. so if someone were to find the list, they wouldn't know which password is real and what app it corresponds too.

my concern with putting them on a usb drive is 1) keep on forgetting to take it with me 2) drive going corrupt. i have my wallet on me at all times, so don't have to deal with issue #1.

again, not for everyone, but works great for me.

Jerrybaby
Posts: 172
Joined: Wed Dec 11, 2013 5:36 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by Jerrybaby » Thu Apr 17, 2014 3:45 pm

NAVigator wrote:
Jerrybaby wrote:I've been reading these threads and can't pull the trigger so to speak on a password manager. Can't seem to grasp how the security would be better with a password manager than with say, Target. Is it conceivable that such a password management company could be compromised and then a hacker knows EVERY password? I know I'm probably just paranoid, but actually I'm not enough. Whenever I bookmark a site, such as a bank or credit card site, I enter the username and password when I name the bookmark. Just counted 65 different sites like that. Boy.

I bet I use over 20 different passwords everyday. Its crazy. I'm doing good just remembering my password; now I need to graduate to password security.
A password manager maintains your password information in an encrypted format. The encryption "key" is based on your master password. This makes it very secure. You only have to remember your one master password.

There have been discussions about storing this encrypted information in online storage. With KeePass, the encrypted password file can be placed wherever you want such as a USB flash drive, your hard disk, etc. With LastPass, it is stored on their secure servers. Using your browser to store the username and password leaves the information rather vulnerable.

Jerry
I appreciate the information; its starting to make sense. So I encrypt my passwords and remove them from my browser, then I've seriously upped my security. But in practical terms, when I access a website such as Vanguard and I don't remember my password because i don't have it as the bookmark name, how does the encrypted password for that site, stored somewhere, make itself available? Or do I enter this master password? Or does it auto populate in the username and password fields?

Sorry for not making the connection just yet.

User avatar
kcyahoo
Posts: 434
Joined: Mon Feb 19, 2007 9:59 pm
Location: Venice, FL

Re: Keep passwords in USB thumb drive: good idea?

Post by kcyahoo » Thu Apr 17, 2014 4:32 pm

You install LastPass as a browser extension (I use Chrome, IE and Dolphin). The first time you use a userid and a password combination LastPass asks if you want to save it, The first time you need a password after starting the browser you are queried for your master Password. LastPass stays active until you close your browser. LastPass keeps a relationship file for each site's name, your userid and the password. Most of the time it recognizes the need to fill in your userid and password. Sometimes, like with Vanguard where your user id and you password are on two different pages, on page one you need to right click copy id and paste then on page two you right click copy then paste in the password field. You can also access your entire LastPass file on your browser for data access or maintenance. If you change a site's password LastPass recognizes that and asks you to confirm the change. It takes a little getting used to but having a common absolute method of accessing passwords is well worth it (IMO).
Retired @ 57, now 75 | was 50/45/5, then 42/54/04, now 35/60/5 | KC

Jerrybaby
Posts: 172
Joined: Wed Dec 11, 2013 5:36 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by Jerrybaby » Thu Apr 17, 2014 5:08 pm

kcyahoo wrote:You install LastPass as a browser extension (I use Chrome, IE and Dolphin). The first time you use a userid and a password combination LastPass asks if you want to save it, The first time you need a password after starting the browser you are queried for your master Password. LastPass stays active until you close your browser. LastPass keeps a relationship file for each site's name, your userid and the password. Most of the time it recognizes the need to fill in your userid and password. Sometimes, like with Vanguard where your user id and you password are on two different pages, on page one you need to right click copy id and paste then on page two you right click copy then paste in the password field. You can also access your entire LastPass file on your browser for data access or maintenance. If you change a site's password LastPass recognizes that and asks you to confirm the change. It takes a little getting used to but having a common absolute method of accessing passwords is well worth it (IMO).
Thanks! Its much more clear now. I will assume that there are not issues with Macbook/Safari. I feel much better about it now.

User avatar
NAVigator
Posts: 2457
Joined: Tue Feb 27, 2007 7:24 am
Location: Iowa

Re: Keep passwords in USB thumb drive: good idea?

Post by NAVigator » Thu Apr 17, 2014 5:29 pm

Jerrybaby wrote:I appreciate the information; its starting to make sense. So I encrypt my passwords and remove them from my browser, then I've seriously upped my security. But in practical terms, when I access a website such as Vanguard and I don't remember my password because i don't have it as the bookmark name, how does the encrypted password for that site, stored somewhere, make itself available? Or do I enter this master password? Or does it auto populate in the username and password fields?

Sorry for not making the connection just yet.
The password manager is a program that can access and decrypt the password file using master password you enter as the encryption key. I use KeePass and there are screenshots and descriptions at http://keepass.info/. Google can lead you to other password manager resources. Look at the information to learn how it is set up and accessed. It is lengthy to explain, but really easy to use. :happy
"I was born with nothing and I have most of it left."

User avatar
Epsilon Delta
Posts: 7430
Joined: Thu Apr 28, 2011 7:00 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by Epsilon Delta » Thu Apr 17, 2014 5:57 pm

dl7848 wrote: It's funny, but I've seen some security experts say that the best protection these days is to put one's passwords down on paper. That's the exact opposite of the advice that used to be given. It seems we've come full circle. FWIW, I do have some of my passwords on KeePass (and have copies on thumb drives), but I've started to go with paper, and have the paper stored in more than one geographical location.
This is nothing new. Here's something from 2005.
https://www.schneier.com/blog/archives/2005/06/write_down_your.html wrote: Microsoft's Jesper Johansson urged people to write down their passwords.

This is good advice, and I've been saying it for years.
Of course the devils in the details. Once you write down your passwords what do you do with the piece of paper? That's not a rhetorical question. Sometimes there's a good answer, sometimes there isn't.

ddoubleu
Posts: 27
Joined: Sun Mar 02, 2014 6:17 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by ddoubleu » Thu Apr 17, 2014 9:20 pm

OP,

I would advise only using a USB flash drive that has hardware encryption like an IronKey. If you lose it and someone enters the wrong passphrase incorrectly 10 times, the flash drive becomes totally useless. I keep my KeePass file on an IronKey because I'm paranoid like that.

http://www.ironkey.com/en-US/encrypted- ... sonal.html

ddoubleu
Posts: 27
Joined: Sun Mar 02, 2014 6:17 pm

Re: Keep passwords in USB thumb drive: good idea?

Post by ddoubleu » Thu Apr 17, 2014 9:29 pm

Jerrybaby wrote:I've been reading these threads and can't pull the trigger so to speak on a password manager. Can't seem to grasp how the security would be better with a password manager than with say, Target. Is it conceivable that such a password management company could be compromised and then a hacker knows EVERY password? I know I'm probably just paranoid, but actually I'm not enough. Whenever I bookmark a site, such as a bank or credit card site, I enter the username and password when I name the bookmark. Just counted 65 different sites like that. Boy.

I bet I use over 20 different passwords everyday. Its crazy. I'm doing good just remembering my password; now I need to graduate to password security.
While it's conceivable that a password management company could be compromised, that is not my worry. The company can have the greatest protection against external threats, but what every organization will have a hard time defending against is the insider. Edward Snowden is a perfect example of this.

I simply won't trust a third-party to store my passwords when the internal threat is hard to mitigate or eliminate. NSA has started using two-person integrity when it comes to administrators accessing files, but who's to say the second person won't be in on it too?

User avatar
in_reality
Posts: 4529
Joined: Fri Jul 12, 2013 6:13 am

Re: Keep passwords in USB thumb drive: good idea?

Post by in_reality » Thu Apr 17, 2014 9:56 pm

ddoubleu wrote:OP,

I would advise only using a USB flash drive that has hardware encryption like an IronKey. If you lose it and someone enters the wrong passphrase incorrectly 10 times, the flash drive becomes totally useless. I keep my KeePass file on an IronKey because I'm paranoid like that.

http://www.ironkey.com/en-US/encrypted- ... sonal.html
"on an IronKey" ... should be "on my IronKeys" because like any form of storage, you do need a backup.

I use them too.

User avatar
sperry8
Posts: 1616
Joined: Sat Mar 29, 2008 9:25 pm
Location: Miami FL

Re: Keep passwords in USB thumb drive: good idea?

Post by sperry8 » Thu Apr 17, 2014 10:15 pm

I use LastPass so it can't be lost or stolen. I also have a USB drive from Corsair that is waterproof http://www.amazon.com/Corsair-Flash-Sur ... B006B7R8ZG and use http://www.truecrypt.org/ to protect it. It's hidden so no one even knows the passwords are on it. They just see some other files I keep there to make it look like it's a photo album backup. The Corsair/Truecrypt combo is safer than Ironkey (waterproof), cheaper, and also hides the files (so they can't be seen).
Humbling BH contest results: 2017: #516 of 647 | 2016: #121 of 610 | 2015: #18 of 552 | 2014: #225 of 503 | 2013: #383 of 433 | 2012: #366 of 410 | 2011: #113 of 369 | 2010: #53 of 282

Post Reply