Comments on: No chocolates for my passwords please! http://www.welivesecurity.com/2011/05/19/no-chocolates-for-my-passwords-please/ News, Views, and Insight from the ESET Security Community Mon, 03 Feb 2014 08:49:00 +0000 hourly 1 http://wordpress.org/?v=3.7 By: David Harley http://www.welivesecurity.com/2011/05/19/no-chocolates-for-my-passwords-please/#comment-3017 Wed, 16 May 2012 05:25:06 +0000 http://blog.eset.com/?p=6866#comment-3017 Thanks for the suggestion. I’m afraid I don’t know enough about KeePassX to comment.

]]>
By: Dave http://www.welivesecurity.com/2011/05/19/no-chocolates-for-my-passwords-please/#comment-3016 Fri, 11 May 2012 19:11:06 +0000 http://blog.eset.com/?p=6866#comment-3016 KeePassX is very useful on the mac too, as long as you use a memorable-yet-secure password for the key file, and back up the keyfile somewhere in case your machine dies.  As an alternative for the password generators out there, I've created , which can generate up to a 64-char password in the browser and uses alpha-numeric, whitespace, and symbols to create something which should be very useful. Would love to hear what you think.

]]>
By: David Harley http://www.welivesecurity.com/2011/05/19/no-chocolates-for-my-passwords-please/#comment-3015 Wed, 23 Nov 2011 10:32:20 +0000 http://blog.eset.com/?p=6866#comment-3015 You can’t really be surprised that the author didn’t recommend one of ESET’s direct competitors? ;-) There are, of course, several products (not just general internet security products) that include password management, and Paul did mention some of them, as Randy has also done in the past. Personally, I tend to avoid recommending specific products unless I know them very well. In principle, your master password sounds ok, though a passphrase is even better, if the product you use allows it (strangely, not all do). And that’s a very good point: it’s essential to keep passwords backed up somewhere secure. I use a post-it on my monitor (just kidding!)

]]>
By: cj http://www.welivesecurity.com/2011/05/19/no-chocolates-for-my-passwords-please/#comment-3014 Tue, 22 Nov 2011 07:46:11 +0000 http://blog.eset.com/?p=6866#comment-3014 I'm sorry, but it's kinda hard for me to really take this seriously when you can't spell or type the words correctly.  There is spellcheck ya know.

]]>
By: Keith Sullivan http://www.welivesecurity.com/2011/05/19/no-chocolates-for-my-passwords-please/#comment-3013 Tue, 22 Nov 2011 02:57:28 +0000 http://blog.eset.com/?p=6866#comment-3013 I am surprised the author and commentors have not brought upy Norton 360…It has a great protection record and I always make different passwords and my master password is long and detailed and can't be simply dictionaried.
I have used norton products for years and They have never done me wrong….
Also I have all the passwords backed up on a flashdrive and keep it locked away

]]>
By: Debbie http://www.welivesecurity.com/2011/05/19/no-chocolates-for-my-passwords-please/#comment-3012 Tue, 22 Nov 2011 02:39:34 +0000 http://blog.eset.com/?p=6866#comment-3012 I have been using different pets names {the ones since childhood} and then different people that I know dates of birth. What do you think of these types of passwords?

]]>
By: Amy http://www.welivesecurity.com/2011/05/19/no-chocolates-for-my-passwords-please/#comment-3011 Tue, 22 Nov 2011 01:38:17 +0000 http://blog.eset.com/?p=6866#comment-3011 I say…put your complex password in your will.  Then your lawyer will hand the sealed envelope to your family.

]]>
By: Paul Laudanski http://www.welivesecurity.com/2011/05/19/no-chocolates-for-my-passwords-please/#comment-3010 Fri, 15 Jul 2011 18:32:18 +0000 http://blog.eset.com/?p=6866#comment-3010 Better succession planning and excution at the company.  Easier said than done right?  That may involve more than one administrator.

]]>
By: aaron http://www.welivesecurity.com/2011/05/19/no-chocolates-for-my-passwords-please/#comment-3009 Fri, 15 Jul 2011 18:28:59 +0000 http://blog.eset.com/?p=6866#comment-3009 but what if the master password dies with the person as well?  I have worked in IT security for ages adn I have came into mulitple companies where master passwords were lost or not shared or forgotten due to the complex nature of the password.  If its something that can be memorized to open the safe them you dont have to record it on paper but can share it with other team needed groups or individuals.
just my 2 cents

]]>
By: Paul Laudanski http://www.welivesecurity.com/2011/05/19/no-chocolates-for-my-passwords-please/#comment-3008 Fri, 15 Jul 2011 18:21:21 +0000 http://blog.eset.com/?p=6866#comment-3008 Good points Aaron.  A typical concern I see is what happens if a person passes away untimely, and that person's family cannot access bank accounts, etc?  Having a database with a single password can help plan for such events for family and loved ones who are left behind.

]]>
By: aaron http://www.welivesecurity.com/2011/05/19/no-chocolates-for-my-passwords-please/#comment-3007 Fri, 15 Jul 2011 18:17:54 +0000 http://blog.eset.com/?p=6866#comment-3007 I have to say if you make your password too complicated it leads to a reliance on password storage tools.
I can make a complex password out of words, number, special characters and no spaces  that I can memorize and can not be hacked.
example 1biguglydogeating@yourHouse456
my password is easy to remeber and wont be hacked by dictionary attacks.
I can still save it in a safe in case I lose my memory, but what to do if I lose my memory and can't remeber the safe password?  Back to writing it on a sticky notes and putting it under our keyboard or on the computer screen.
use longer passwords not more complicated passwords.
reply back to me if you want

]]>
By: Paul Laudanski http://www.welivesecurity.com/2011/05/19/no-chocolates-for-my-passwords-please/#comment-3006 Sun, 29 May 2011 23:53:33 +0000 http://blog.eset.com/?p=6866#comment-3006 Good query… I have not used them.  Can you comment how the recent news on the master password affected you?  And can you comment on their service?

]]>
By: Ivan Nausley http://www.welivesecurity.com/2011/05/19/no-chocolates-for-my-passwords-please/#comment-3005 Sun, 29 May 2011 16:15:20 +0000 http://blog.eset.com/?p=6866#comment-3005 I’ve been using LastPass for a while now, and like it.  I noticed you didn’t mention them, what are your thoughts?

]]>
By: Dave Montgomery http://www.welivesecurity.com/2011/05/19/no-chocolates-for-my-passwords-please/#comment-3004 Fri, 20 May 2011 08:42:35 +0000 http://blog.eset.com/?p=6866#comment-3004 I’d like to say that I agree with everything above with a slight addition.
Once you’ve generated or changed your passwords, make sure you take a backup (encrypted offsite or to a hardware encrypted USB flash drive) of your “password” file. It’s be a shame to update one or more passwords, not take a backup then have a failure of some kind.

]]>
By: Birta Levente http://www.welivesecurity.com/2011/05/19/no-chocolates-for-my-passwords-please/#comment-3003 Fri, 20 May 2011 06:17:44 +0000 http://blog.eset.com/?p=6866#comment-3003 KeePass have multiple versions too … 

]]>
By: Ian Cervantez http://www.welivesecurity.com/2011/05/19/no-chocolates-for-my-passwords-please/#comment-3002 Fri, 20 May 2011 01:47:23 +0000 http://blog.eset.com/?p=6866#comment-3002 I like to use iLium eWallet as a password safe, due to the multiple versions available for Windows, Mac, Android, iPhone/iPad/iPod Touch, Windows Mobile, BlackBerry…

]]>