Password safety

shop deals on amazon
Shop deals on ebay
Advertise with us
Homesteading & Country Living Forum

Help Support Homesteading & Country Living Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
Haertig

Haertig

Awesome Friend
Neighbor
Joined
Dec 6, 2017
Messages
7,604
Location
Colorado
I have a file on my computer screen desktop entitled "In the even of my death or severe illness" (actually it's a directory of files). One of the files in that directory is "Who to contact". A subsection of that file is "Internet friends". That lists people and their emails/phone numbers as well as forums and their logins/passwords. Would my family follow my wishes here? Probably. Eventually. You can't miss the existence of this on my computer desktop screen, which is almost completely blank (I hate tons of icons cluttering up my desktop).

This does remind me that I need to update files pointed to by that desktop icon. Unfortunately some of my friends that I listed to notify have died themselves, and I have dropped off of some forums that I had listed. I need to add a notification "Files in this directory last reviewed/updated on date XYZ". Some files there are pretty static and don't require updates, so their file timestamps may make it appear that they are out of date. But that's not necessarily the case. So I should add this "last reviewed" notification to make that clear.
 
OldSchool said:
Maybe in my will I’ll give her my passwords.
Click to expand...

I struggle with finding the best way to communicate logins/passwords/account_numbers to my kids. They are documented in my encrypted password application on my computer. Would the kids be able to find the master password I gave them long ago to get into that file? This encrypted file is also up on my self-hosted cloud server for them to download. Would they remember the URL? If my house burns down, so would my computer and my server, so these electronic copies would be gone too. So I have also printed copies. They are with my other estate documents. Would my kids be able to find the binder that holds all this stuff (it tends to move around sometimes)? If the house burns down, that binder is going with it. I could put it in our safe deposit box at the bank. But then, the information to access that safe deposit box would be INSIDE the safe deposit box, so useless. I'm thinking of buying a small super fireproof safe. Our gun safes are "fire resistant", varying from an advertised 30 minutes to 45 minutes. Do I trust that advertisement? No. Plus, those ratings are for time until paper documents inside catch on fire I believe. But they will be charred beyond use long before actually igniting. Hence, me thinking about a smaller super fire resistant safe that has emphasis on fire rather than ultimate security. That would also be easier for the kids to find than a binder that sometimes moves about the house. A safe, even if small, is more stationary and easier to locate.

I do like some kind of online (commercial) solution in addition to what I currently have or am considering above. One that is not only on my self-hosted server that is subject to a house fire. Maybe Google Drive or something like that. It would have to be encrypted by me, not just the default Google encryption (which Google itself can probably access, even if they say they can't). I played with this in the past, but due to my own negligence, I have not kept it up to date. But I know that I should. I still have the issues of the kids remembering the URL to it and also finding the decryption keys.

Giving the kids printed copies of the info might help some, but they rapidly go out of date as banks and other places force you to change passwords. Plus, most stuff uses 2FA these days, so having a login/password is not enough. They'd also need my 2FA device (usually my smartphone) to access the account.

Has anyone come up with a good solution for the above? I'm sure we are all dealing with the same or a similar situation (even if we haven't thought about it yet).

One other thing I have considered ... a free app named "SyncThing". That could be set up to sync my encrypted password apps files to everyones cellphones and computers over the internet. It's all peer-to-peer syncing, so you don't need a central main location for the file(s) that are being synced or a centralized application to do the syncing. A technical solution like that might be hard for non-technical family members to use or remember about though. And you still have the issue of remembering passwords and accessing decryption keys securely. Hmmm, .... I'm just not sure what the best way to proceed is.
 
Haertig said:
I struggle with finding the best way to communicate logins/passwords/account_numbers to my kids. They are documented in my encrypted password application on my computer. Would the kids be able to find the master password I gave them long ago to get into that file? This encrypted file is also up on my self-hosted cloud server for them to download. Would they remember the URL? If my house burns down, so would my computer and my server, so these electronic copies would be gone too. So I have also printed copies. They are with my other estate documents. Would my kids be able to find the binder that holds all this stuff (it tends to move around sometimes)? If the house burns down, that binder is going with it. I could put it in our safe deposit box at the bank. But then, the information to access that safe deposit box would be INSIDE the safe deposit box, so useless. I'm thinking of buying a small super fireproof safe. Our gun safes are "fire resistant", varying from an advertised 30 minutes to 45 minutes. Do I trust that advertisement? No. Plus, those ratings are for time until paper documents inside catch on fire I believe. But they will be charred beyond use long before actually igniting. Hence, me thinking about a smaller super fire resistant safe that has emphasis on fire rather than ultimate security. That would also be easier for the kids to find than a binder that sometimes moves about the house. A safe, even if small, is more stationary and easier to locate.

I do like some kind of online (commercial) solution in addition to what I currently have or am considering above. One that is not only on my self-hosted server that is subject to a house fire. Maybe Google Drive or something like that. It would have to be encrypted by me, not just the default Google encryption (which Google itself can probably access, even if they say they can't). I played with this in the past, but due to my own negligence, I have not kept it up to date. But I know that I should. I still have the issues of the kids remembering the URL to it and also finding the decryption keys.

Giving the kids printed copies of the info might help some, but they rapidly go out of date as banks and other places force you to change passwords. Plus, most stuff uses 2FA these days, so having a login/password is not enough. They'd also need my 2FA device (usually my smartphone) to access the account.

Has anyone come up with a good solution for the above? I'm sure we are all dealing with the same or a similar situation (even if we haven't thought about it yet).

One other thing I have considered ... a free app named "SyncThing". That could be set up to sync my encrypted password apps files to everyones cellphones and computers over the internet. It's all peer-to-peer syncing, so you don't need a central main location for the file(s) that are being synced or a centralized application to do the syncing. A technical solution like that might be hard for non-technical family members to use or remember about though. And you still have the issue of remembering passwords and accessing decryption keys securely. Hmmm, .... I'm just not sure what the best way to proceed is.
Click to expand...
My passwords, Log in's are in the Safety Deposit box at the bank.
So is my will.
 
Haertig said:
I struggle with finding the best way to communicate logins/passwords/account_numbers to my kids. They are documented in my encrypted password application on my computer. Would the kids be able to find the master password I gave them long ago to get into that file? This encrypted file is also up on my self-hosted cloud server for them to download. Would they remember the URL? If my house burns down, so would my computer and my server, so these electronic copies would be gone too. So I have also printed copies. They are with my other estate documents. Would my kids be able to find the binder that holds all this stuff (it tends to move around sometimes)? If the house burns down, that binder is going with it. I could put it in our safe deposit box at the bank. But then, the information to access that safe deposit box would be INSIDE the safe deposit box, so useless. I'm thinking of buying a small super fireproof safe. Our gun safes are "fire resistant", varying from an advertised 30 minutes to 45 minutes. Do I trust that advertisement? No. Plus, those ratings are for time until paper documents inside catch on fire I believe. But they will be charred beyond use long before actually igniting. Hence, me thinking about a smaller super fire resistant safe that has emphasis on fire rather than ultimate security. That would also be easier for the kids to find than a binder that sometimes moves about the house. A safe, even if small, is more stationary and easier to locate.

I do like some kind of online (commercial) solution in addition to what I currently have or am considering above. One that is not only on my self-hosted server that is subject to a house fire. Maybe Google Drive or something like that. It would have to be encrypted by me, not just the default Google encryption (which Google itself can probably access, even if they say they can't). I played with this in the past, but due to my own negligence, I have not kept it up to date. But I know that I should. I still have the issues of the kids remembering the URL to it and also finding the decryption keys.

Giving the kids printed copies of the info might help some, but they rapidly go out of date as banks and other places force you to change passwords. Plus, most stuff uses 2FA these days, so having a login/password is not enough. They'd also need my 2FA device (usually my smartphone) to access the account.

Has anyone come up with a good solution for the above? I'm sure we are all dealing with the same or a similar situation (even if we haven't thought about it yet).

One other thing I have considered ... a free app named "SyncThing". That could be set up to sync my encrypted password apps files to everyones cellphones and computers over the internet. It's all peer-to-peer syncing, so you don't need a central main location for the file(s) that are being synced or a centralized application to do the syncing. A technical solution like that might be hard for non-technical family members to use or remember about though. And you still have the issue of remembering passwords and accessing decryption keys securely. Hmmm, .... I'm just not sure what the best way to proceed is.
Click to expand...
I’ve read enough of your posts to know you have a clue about it all. The super fireproof safe is the way to go.

Me? I just write on paper my passwords, given the event that my memory fails.

I actually don’t worry about my internet signature. When I think about that I’m tempted to say F that, I’m still fine.
 
Haertig said:
I struggle with finding the best way to communicate logins/passwords/account_numbers to my kids. They are documented in my encrypted password application on my computer. Would the kids be able to find the master password I gave them long ago to get into that file? This encrypted file is also up on my self-hosted cloud server for them to download. Would they remember the URL? If my house burns down, so would my computer and my server, so these electronic copies would be gone too. So I have also printed copies. They are with my other estate documents. Would my kids be able to find the binder that holds all this stuff (it tends to move around sometimes)? If the house burns down, that binder is going with it. I could put it in our safe deposit box at the bank. But then, the information to access that safe deposit box would be INSIDE the safe deposit box, so useless. I'm thinking of buying a small super fireproof safe. Our gun safes are "fire resistant", varying from an advertised 30 minutes to 45 minutes. Do I trust that advertisement? No. Plus, those ratings are for time until paper documents inside catch on fire I believe. But they will be charred beyond use long before actually igniting. Hence, me thinking about a smaller super fire resistant safe that has emphasis on fire rather than ultimate security. That would also be easier for the kids to find than a binder that sometimes moves about the house. A safe, even if small, is more stationary and easier to locate.

I do like some kind of online (commercial) solution in addition to what I currently have or am considering above. One that is not only on my self-hosted server that is subject to a house fire. Maybe Google Drive or something like that. It would have to be encrypted by me, not just the default Google encryption (which Google itself can probably access, even if they say they can't). I played with this in the past, but due to my own negligence, I have not kept it up to date. But I know that I should. I still have the issues of the kids remembering the URL to it and also finding the decryption keys.

Giving the kids printed copies of the info might help some, but they rapidly go out of date as banks and other places force you to change passwords. Plus, most stuff uses 2FA these days, so having a login/password is not enough. They'd also need my 2FA device (usually my smartphone) to access the account.

Has anyone come up with a good solution for the above? I'm sure we are all dealing with the same or a similar situation (even if we haven't thought about it yet).

One other thing I have considered ... a free app named "SyncThing". That could be set up to sync my encrypted password apps files to everyones cellphones and computers over the internet. It's all peer-to-peer syncing, so you don't need a central main location for the file(s) that are being synced or a centralized application to do the syncing. A technical solution like that might be hard for non-technical family members to use or remember about though. And you still have the issue of remembering passwords and accessing decryption keys securely. Hmmm, .... I'm just not sure what the best way to proceed is.
Click to expand...
An address book works for keeping passwords.
 
Weedygarden said:
An address book works for keeping passwords.
Click to expand...
I have one too- though I recently started a new paper file with bank/insurance stuff also.
I had my children go to their banks and add names of next of kin, in case anything happens to them, they thought I was nuts, but I pointed out I wouldn't have the time or the energy to fight for their savings.
I did consider leaving written postcards to be sent out to certain people online whose addresses I have, so my kids wouldn't have to do much, but it seemed a bit morbid!
 
Haertig said:
I struggle with finding the best way to communicate logins/passwords/account_numbers to my kids. They are documented in my encrypted password application on my computer. Would the kids be able to find the master password I gave them long ago to get into that file? This encrypted file is also up on my self-hosted cloud server for them to download. Would they remember the URL? If my house burns down, so would my computer and my server, so these electronic copies would be gone too. So I have also printed copies. They are with my other estate documents. Would my kids be able to find the binder that holds all this stuff (it tends to move around sometimes)? If the house burns down, that binder is going with it. I could put it in our safe deposit box at the bank. But then, the information to access that safe deposit box would be INSIDE the safe deposit box, so useless. I'm thinking of buying a small super fireproof safe. Our gun safes are "fire resistant", varying from an advertised 30 minutes to 45 minutes. Do I trust that advertisement? No. Plus, those ratings are for time until paper documents inside catch on fire I believe. But they will be charred beyond use long before actually igniting. Hence, me thinking about a smaller super fire resistant safe that has emphasis on fire rather than ultimate security. That would also be easier for the kids to find than a binder that sometimes moves about the house. A safe, even if small, is more stationary and easier to locate.

I do like some kind of online (commercial) solution in addition to what I currently have or am considering above. One that is not only on my self-hosted server that is subject to a house fire. Maybe Google Drive or something like that. It would have to be encrypted by me, not just the default Google encryption (which Google itself can probably access, even if they say they can't). I played with this in the past, but due to my own negligence, I have not kept it up to date. But I know that I should. I still have the issues of the kids remembering the URL to it and also finding the decryption keys.

Giving the kids printed copies of the info might help some, but they rapidly go out of date as banks and other places force you to change passwords. Plus, most stuff uses 2FA these days, so having a login/password is not enough. They'd also need my 2FA device (usually my smartphone) to access the account.

Has anyone come up with a good solution for the above? I'm sure we are all dealing with the same or a similar situation (even if we haven't thought about it yet).

One other thing I have considered ... a free app named "SyncThing". That could be set up to sync my encrypted password apps files to everyones cellphones and computers over the internet. It's all peer-to-peer syncing, so you don't need a central main location for the file(s) that are being synced or a centralized application to do the syncing. A technical solution like that might be hard for non-technical family members to use or remember about though. And you still have the issue of remembering passwords and accessing decryption keys securely. Hmmm, .... I'm just not sure what the best way to proceed is.
Click to expand...
I just found out that there are password books, similar to address books. They sell them on Amazon and for less than $10. I'm getting myself one to keep in my bag that I take my laptop and other electronics in.

https://www.amazon.com/Password-Alp...8380986&sprefix=password+book,aps,142&sr=8-21
 
Weedygarden said:
I just found out that there are password books, similar to address books. They sell them on Amazon and for less than $10. I'm getting myself one to keep in my bag that I take my laptop and other electronics in.

https://www.amazon.com/Password-Alphabetical-Password-Notebook-Internet/dp/B0B2WH213X/ref=sr_1_21?crid=K099WRMIO28D&dib=eyJ2IjoiMSJ9.4pKT8gYhRbaRW-QlZNSck2s81UJXiiJrCGqI4OdoGd42JqlkNbo_JfR_ERZmLnMbPu9eK-kaCyrGEort-IgjerjDcIZFCjNRqFUV536VqTnNuuPE2UoTTbk2EMglyGZVWTpdngpYzQvBrkcAX0aT-JSlAn7rqMY-ltzbfXILCXHCheraV_MWAwA98ztsor67XNgnwz4yTrIrzJ7XRwo58MKZV06d1L0sUU07vQkL6mKeFdPZlpbP2toCpckz0SEXtrWHOuLY2H3z1vLd3hfSb1bNSMLI-Wj379IevBsuaM8.i4ZKgZw-erCYIDJhom2vNI6uGenTLvWn3DuCCbtawa8&dib_tag=se&keywords=password+book&qid=1718380986&sprefix=password+book,aps,142&sr=8-21
Click to expand...
Lori and have ours on a spreadsheet, when we make a change, we print 2 new copies.
 
Weedygarden said:
I just found out that there are password books, similar to address books. They sell them on Amazon and for less than $10.
Click to expand...

My passwords got too long for writing them down. I have typically used long randomly generated text strings for my passwords. Impossible to remember, and difficult to read when written down and then manually typed in. If long enough, these passwords are secure. But ergonomically, they are almost impossible to use. You definitely need a software app to (1) generate the passwords, and (2) allow you to cut-n-paste saved passwords into the computer screen you are trying to enter them in.

Example:

t&:7$'F'Jc7ZD3LTUMg@Eg?{+qi5YHNo

Currently, I have been switching to "diceware" type passwords. Which are common dictionary words chosen by "rolling the dice" multiple times. They are still difficult to remember (not quite as bad as the above type of password however), but when written down, it's easy to type them in as you read them (assuming you have a reasonably sized vocabulary and know how to spell well). I use a software app for these type of passwords as well, but if push comes to shove, writing them down and typing them in manually is perfectly doable.

Example:

diffusive stencil concierge mollusk ripening trillion landlord onstage

Password strength comes from the length of the password/passphrase. You certainly wouldn't want to use a one or two dictionary word password - that could probably be cracked in minutes (at most). But eight dictionary words, randomly chosen, is quite secure. "Randomly chosen" is key. Hence the "dice" reference.

https://en.wikipedia.org/wiki/Diceware

2FA ("two factor authentication") adds a whole 'nuther level of security to single password/passphrases like the above.

@Weedygarden : I like the idea of your book above. What I may do if I get one is "pre-create" some diceware passwords and save them somewhere - on my phone, written down on a slip of paper - and then when I need to create a login/password in my book, use one of my pre-created ones for the new book entry. I would also keep the logins/passwords stored in my software app for redundancy and convenience.
 
Haertig said:
My passwords got too long for writing them down. I have typically used long randomly generated text strings for my passwords. Impossible to remember, and difficult to read when written down and then manually typed in. If long enough, these passwords are secure. But ergonomically, they are almost impossible to use. You definitely need a software app to (1) generate the passwords, and (2) allow you to cut-n-paste saved passwords into the computer screen you are trying to enter them in.

Example:

t&:7$'F'Jc7ZD3LTUMg@Eg?{+qi5YHNo

Currently, I have been switching to "diceware" type passwords. Which are common dictionary words chosen by "rolling the dice" multiple times. They are still difficult to remember (not quite as bad as the above type of password however), but when written down, it's easy to type them in as you read them (assuming you have a reasonably sized vocabulary and know how to spell well). I use a software app for these type of passwords as well, but if push comes to shove, writing them down and typing them in manually is perfectly doable.

Example:

diffusive stencil concierge mollusk ripening trillion landlord onstage

Password strength comes from the length of the password/passphrase. You certainly wouldn't want to use a one or two dictionary word password - that could probably be cracked in minutes (at most). But eight dictionary words, randomly chosen, is quite secure. "Randomly chosen" is key. Hence the "dice" reference.

https://en.wikipedia.org/wiki/Diceware

2FA ("two factor authentication") adds a whole 'nuther level of security to single password/passphrases like the above.

@Weedygarden : I like the idea of your book above. What I may do if I get one is "pre-create" some diceware passwords and save them somewhere - on my phone, written down on a slip of paper - and then when I need to create a login/password in my book, use one of my pre-created ones for the new book entry. I would also keep the logins/passwords stored in my software app for redundancy and convenience.
Click to expand...
Darn brainiac!:comp bullet
 
12icemaker said:
So if you have a password book with your computer and someone steals the bag or you leave it in the park, they can access all of your stuff?
Click to expand...

I wouldn't have the password book with the computer. I was thinking of that as something that would stay with out wills, trust, estate documents, etc. in the safe.

For computer use, I would use an app - personally, I use one of the KeePass compatibles - KeePassX or KeePassXC on the computer, and KeePass2Android on my phone. These store all your passwords in an encrypted file. You do have to remember the master password to open and decrypt the file in the first place. There are other password apps, many of them store your passwords up in the cloud so they can be synced to all your devices. This is good, but I don't trust a third party to handle my passwords. I mean, they wrote the encryption that their app uses, so in theory they could have put a backdoor in for themselves to access your stuff. Or, since most of these apps are not open source, their programmers just might not be very good at cryptology.

KeePass and compatibles keep their database on my local devices. So they're totally under my control. I do my own syncing between my devices using my self-hosted cloud server (that resides in my house). So I do the same thing the other commercial app guys do, but I do it all on my own computers and servers that are under nobody elses control - only my control. The failure point for my setup is if I die. Would my wife and family be able to access all my stuff on these "self-hosted" servers? I mentioned this dilemma before somewhere (maybe even in this thread?) This is why I like Weedy's idea of the password notebook. Not for my use, or even for my family's use when I'm still alive and maintaining my self-hosted infrastructure. But it would be good as a redundant password storage system for after I die and my infrastructure goes to hell. My family knows how to use written down passwords stored in a book in a safe. No computer infrastructure needed for that. And they would know where to look for it too - in the safe with all the other important documents. A few problems still exist though - keeping the written book up to date will require me remembering to do that. Which is not a given... :(

We should probably move this discussion to it's own thread. It doesn't really fit into "Concern for Missing Members". It was a well-intentioned tangent when first mentioned, and somewhat relevant to the concept of people going missing (how to contact them and how to access their online stuff when they are missing). Picking through this thread of over 2500 posts to pull out the "computer password" stuff would be a daunting task. I say we should probably just abandon the discussion here and someone start a new thread. People that have contributed password stuff to this thread could then go find their previous contributions and copy them over to the new thread if they so desire. Maybe pulling the password stuff out wouldn't be that hard. A search for posts in this thread that contain the word "password" would probably identify the relevant posts. But then, how do you extract them as a group and put them into a new thread? That's not something I would know how to do. Maybe mods have access to a tool that is designed to do exactly this.
 
My dad used to write passwords and combination lock info down in Thai instead of English while at his office. He was the only one there who could read Thai.

Hope Frodo gets a new phone or gets it fixed soon.

I also can't handle the heat anymore. I don't know what temp it was outside today but I overheated and I wasn't even doing anything strenuous. I was drenched with sweat.
 
12icemaker said:
So if you have a password book with your computer and someone steals the bag or you leave it in the park, they can access all of your stuff?

Or do you have the login setup so there is no backdoor ability to generate a new administrative account that can take control over all of the accounts.
Click to expand...
I will still have my Rolodex at home to access my accounts and request password changes.

When I request password changes, I get a text message.
Nothing is foolproof.

I am pretty careful about my laptop. It stays in my house, or travels with me when I house sit. It is the first thing I take in and the last thing I take out when I am moving my stuff around. I load up my suitcase, food, etc., and then walk out with my laptop bag and get in and drive.
 
Just for your info, you can buy a fingerprint secure, encrypted, USB flash drive for around $30. Just have your loved one scan their print, you can scan yours and he/she can access it when the time comes. Of course mine just contains a map that reveals where the real data is in a way that only the intended recipient would really understand.
 
You must log in or register to reply here.

Latest posts

Back
Top