Keep Your Passwords Secure

Discussion in 'Internet Security' started by jambutty, Apr 12, 2005.

  1. jambutty

    jambutty Geriatric Moderator

    As a surfer you will no doubt belong to various sites where you have to log in and they will need a password and a user name. To protect your logging in details you need RoboForm, yet another FREE bit of software that works perfectly but you can only have 10 passwords in it. You can download your free version from http://www.roboform.com/ and once installed it will store and keep safe from prying eyes (like key loggers) all your personal and logging in details. The Pro version at $29.99 and has unlimited password capability and you can pay for it via PayPal as well as credit card, cheque or money order.

    We all use passwords for one thing or another and these can be found by a key logger. But you can defeat them as well without buying expensive software.

    NEVER, EVER use a password that is an actual word or a birth date etc. Use random characters and have at least 12, preferably 15 or even more if the site allows more. Take my word for it that with a 15 character password there will be squillions and squillions of different combinations and thus all but impossible to try every one in a reasonable amount of time - even with the fastest computer. For a 15 character password there will be 62^15 different combinations. That is 768,909,704,948,766,668,552,634,368 combinations. If a computer could check ONE THOUSAND MILLION combinations per second it would still take it some 24,381,966,798 years to try them all.

    Some sites like E-Gold for instance have a password generator so you can always use that for all your passwords and copy and paste them into place.

    I do have one nagging thought though. Can you really trust a password generator attached so thoughtfully to some sites? Can you be certain that your selection hasn’t been logged on the site? Maybe that would explain why so many people have complained that their E-Gold account has been hacked?

    So to create your passwords and also store them try this:

    Open a Word document and call it Passwords or something. Underneath type in all the letters of the alphabet in upper and lower case and also all the numbers like this:
    ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890
    Don’t use the numbers keypad on the right. Use the numbers above the letters. Some sites don’t allow the number pad keys to be used for passwords.

    Highlight any three consecutive characters from the alphabet and numbers and copy and paste them alongside your username. Do the same several times – at least 12 times. Then delete 2 characters from each bunch of three and you will be left with a 12 characters password of random letters and numbers. Not a key pressed so even if you have a key logger on board it will not detect anything. I suppose that someone somewhere is working on a copy and paste logger but as far as I know it isn’t here yet.

    Your page will look like this:
    Passwords

    ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890

    Site name - your username - IJKZabz12lmn890NOPefgEFG345ijkOPQ456

    Then after you delete the unwanted like this:
    Site name - your username - Kb2m0PfE5iQ6

    In producing your password not a key has been pressed.

    Now go to the programme and in the logging in boxes copy and paste your userID and password. When you hit ‘enter’ or ‘log in’ RoboForm will pop up asking you if you want to save the details. Click Save. Windows will also poke its nose in asking if you want it to save the logging in details. I don’t trust Windows to keep them secure so I decline the offer. Then the next time that you go to that programme, RoboForm will pop up and all you have to do is check that the entry in ‘from Passcards’ is highlighted and click on ‘Fill Forms’ to just fill in the logging in details and you will have to hit the ‘enter’ or ‘login’ button. Or click on Fill & Submit and RoboForm will enter the details and click the ‘enter’ or ‘login’ button for you and you can cock a snook at key loggers. Many sites have their own forums so when you join the forum RoboForm will name it site name - 2.

    Just remember that some sites, as well as requiring your logging in details, also require you to input a PIN or Turing number. If that is the case use ‘Fill Forms’ to enter your details and then enter the extra by hand. They are one off numbers so it doesn’t matter if a key logger registers them. When you hit the Enter button RoboForm will pop up asking if you want to save all the entries which will include the PIN or Turing number. DO NOT SAVE – CLICK ON CANCEL. If you do hit save, the next time that, that particular site is accessed RoboForm will fill in outdated PIN or Turing numbers. Of course you can always delete the unwanted numbers and type in the correct ones.

    For really important sites like your bank or an Internet payment processor like PayPal or anywhere where money is involved change your password regularly, say once a month.

    One final word. From time to time you may get an email that asks you to click on the link in it to go to your bank or whatever to update your personal details. TRASH THE EMAIL It is A FAKE. I don’t care how genuine it may look, IT ISN’T because no bank or other site where money is involved and you need a password to get in will EVER send you such an email.
     
  2. -AJ-

    -AJ- Member

    nice tips!

    I've been using roboform for a while and it saves me a lot of time entering login names and pw. I have a question, will roboform get hacked and all the info/pw get stolen?

    I'd suggest also to write down your info and pw on a piece of paper and keep it in a SAFE place, just in case computer crash for no reason and you don't remember all the pw/info.
     
  3. jambutty

    jambutty Geriatric Moderator

    I suppose that RoboForm could get hacked by someone –AJ- but first they have to get into your computer and if you have a decent Firewall and you surf in ‘stealth’ mode then you are invisible to the Internet. Of course there are always other nasties like Trojans etc. but surely we are not daft enough to not have anti-virus protection and some form of anti-spyware and the like.

    Like anything to do with a computer it is best to back up data and as far as passwords and RoboForm are concerned I do it in two ways.

    First is - my Passwords document is stored on my data back up DVD as well as on the second hard drive for ready use if needed. For those people who do not have a re-write DVD drive you could always use a CD or even a floppy. I suppose that you could always print out your Passwords document as an ultimate back up but if you had to resort to using that to restore all your RoboForm data then as you did so a key logger could be gleefully rubbing its little hands as it sends out your passwords to its head office. You can’t copy and paste from a piece of paper.

    The second is - if you go to drive C: you will find a folder named My RoboForm Data and in that a folder with your name on it and in that all your RoboForm password data. As far as Windows XP is concerned if you save the My RoboForm Data folder to somewhere else, like in my case to my second hard drive and DVD, in the event of a tragedy you can just copy it over and you are back in business.

    It works for me and so far my passwords have been secure especially as I change the really important ones regularly.
     
  4. StArtist

    StArtist New Member

    i just started using the pro-version of robo form about a month ago. but, my version has a self-generating password button that generates random passwords in any combination you want it too. It makes all this step very quick and easy. maybe i have a newer version, i don't know.
     
  5. Gintoh

    Gintoh Banned

    Know what? I had a bit of a scare today when I tried to access my e-gold account and couldn't -- even if I was pretty sure I got my account no. and passphrase right. So I quickly sent a message to Support to report the problem. To my pleasant surprise, my next attempt to log in succeeded. So I wrote Support again to tell them to disregard my earlier message.

    Still, reading the above posts, I am beginning to get a touch of paranoia as I've noticed that ever since I started surfing HYIP sites, the number of adware/spyware detected by my scanning software seems to have increased. And since I'm a bit of a technophobe, I really don't want to bother about such security precautions as jambutty goes out of his way to share with everybody--if I can help it.

    Oh well, my learning curve gets steeper by the day :-(
     
  6. jambutty

    jambutty Geriatric Moderator

    Welcome to this forum StArtist.

    I just knew that I would forget something and thank you for reminding me. The ancient brain cell isn’t what it used to be. So yes RoboForm Pro does have a password generator and a very good one too, but not everyone has or wants to have RoboForm.

    If you have some time to spare maybe you would consider having a read of the following threads.
    http://goldentalk.com/t563.html
    http://goldentalk.com/t2504.html
    http://goldentalk.com/t2270.html
    http://goldentalk.com/t2413.html

    You might find them useful.


    Yesterday Gintoh as much as I tried I didn’t get my PIN number from E-Gold then suddenly and much later on the PIN arrived by the time that I had flicked over to MailWasher to check. E-Gold does have a few glitches from time to time.

    The beauty of RoboForm is that if you have logged into a site once you cannot get your logging in details wrong the next time. Most logging in failures on E-Gold are down to that blasted Turing number. It is all too easy to mistake a 3 for an 8 and vice versa, a 1 for a 7 if the background lines are just in the wrong place and other numbers as well. So maybe it was the Turing number that gave you grief.

    A touch of, but not too much of, paranoia isn’t a bad thing. It stops you from doing something silly.

    If you want to have your special data safe and you don’t want some dork taking over your computer and using it to route nasty things through it so that it is you who gets the police hammering on your door instead of him, you just have to take precautions. Otherwise you will find that you have a lot of explaining to do and your nest egg has gorn! In the early days when I first abandoned the Amiga for the PC and being as green as grass I found that my computer was being used to route porn emails to all and sundry. I found out by pure accident and since then I have learned a lot about Internet security.

    Since that day I have been extremely wary and now I’m as secure as possible, I think! But I’m not complacent about it. I get regular updates of everything and do a sweep once a week. But there is always the new ‘something’ that has no defence until it is discovered and sorted.

    Adware and spyware is the bane of everyone’s life and although relatively harmless who knows who will develop it further to beat the security systems. I don’t pretend to know anything at all about JavaScript but I do know that it is capable of a lot more than has been tried so far and who knows when some clever person out there finds a way of causing mischief via an innocent looking web site. At one time there was no such thing as a pop-up until someone developed a way of making one appear.
     
  7. gerryst

    gerryst Member

    Good work jambutty, this is really important for any newbie to online authentication and even most of the regular online users haven't gotten used to this yet.

    I'd like to add a little trick for accounts you may be using on a holiday trip or the like (like webmail, forums...)

    You can use a proverb like "The early bird catches the worm" and just use the first letter of each word.
    This would result in the password "Tebctw".

    This is a little short, but I think you get the idea.

    To make things even more difficult you could swap letters to numbers, like writing "1" (one) instead of "l" or "4" instead of "e".
     
  8. golden2000

    golden2000 Member

    i want to try this theory to safe my egold account. .
     
  9. Truly

    Truly Banned

    Very helpful tips!

    I am using and have to use RoboForm to manage tens of logins.

    I have my RF password protected, and also upload the cards to an online computer and a mobile phone. So easy to access accnts when using other computers.
     
  10. ksyou

    ksyou Member

    write very well.

    nowadays, when you surf, you must meet at some bookdoor programs.So,the best way to protect you password is to use firewall to protect your computer, and if you have two computers, use one to surf and another to log into your egold ,paypal,moneybookers ,etc accout.
     
  11. dawg

    dawg Banned

    http://www.dobysoft.com/products/keypass/index.html

    i am just starting to use this program and i luv it. has free version (with 10 pass limit,) generates passwords up to 32 characters of uppercase/lowercase letters, numbers, and characters, encrypted in 448 bit. u enter the passwords by using hotkeys (such as alt-right-click,) which brings up a menu where u can select which information to enter into the text field.
     
  12. unst0ppable

    unst0ppable New Member

    This is the last password site you will ever need. The end-all-be-all solution to creating unique, strong passwords for every website, that you can still remember.

    Chris Zarate's Password Generator

    Here's how this works. First, create a master password, something that's easy for you to remember (it doesn't even have to be a strong password). This is the LAST password you will ever need (!) Type the password into the form. Then type the site url (the site you are logging into). Press generate.

    What this does is use the MD5 encryption algorithm to take your password, combine it with the site url (stripped of any sub-urls so it works anywhere on the site) and generate a new, strong password, which you will use as the password you enter into the site. This means that every website you use will have a unique strong password, yet you only have to remember one password for all of them! And this thing is free!

    Note that MD5 is almost impossible to hack, so there is next to no chance that anyone will be able to obtain your master password.

    Even better, grab the bookmarklet for firefox. This will let you generate passwords and you don't even have to have access to the original site.

    Here is all I do to log into any website where I have an account. I click the "passgen" bookmarklet, as I've named it. The javascript box asks me for my master password. After I enter it and hit return, the strong generated password is entered into all password forms on the site.

    Tip: download the zarate website to your hard drive. Then you will always have a copy, even if the site goes down.

    Does this thing rule, or what?! :love:
     
  13. nobshyip

    nobshyip Active Member

  14. jambutty

    jambutty Geriatric Moderator

    Hello unst0ppable! Glad you could join us.

    Whether you are an experienced HYIP investor or new to the HYIP world a very warm welcome to you from our happy band of forum members.

    I’m jambutty (the ancient one) and over there sleeping in the corner is akuma99. Sssh! Don’t wake him he’s on night shift. Betsybee has joined us and will give a much needed female slant on things. jeFF is around here somewhere and if you see a shark swimming around don’t panic, it’s only the boss. He doesn’t bite! In the Indonesian section we have NDA corp to keep an eye on things. All that lot out there are the members and without them there would not be a forum.

    Please read the rules at http://goldentalk.com/t7526.html

    We look forward to you being an active member of this forum and reading what you have to say. We hope that the information and advice that you find on here will be useful to you.

    If you are new to HYIP then these threads may just help you not to make mistakes.
    HYIP Investing Strategy. Part I. http://goldentalk.com/t5214.html
    HYIP Investing Strategy. Part II. http://goldentalk.com/t5327.html

    If you have some time to spare maybe you would consider having a read of the following threads.
    http://goldentalk.com/faq.html
    http://goldentalk.com/t563.html
    http://goldentalk.com/t2504.html
    http://goldentalk.com/t2510.html
    http://goldentalk.com/t2270.html
    http://goldentalk.com/t2413.html

    You should find them useful.
    Jim
    (jambutty)
     
  15. Doommister

    Doommister Member

    I've just install roboform here.
    Now for the form filling for password I've a question :
    when I use roboform>tools>edits passcards and then I fill my password there while I am online, is it possible a keylogger which I don't know stole the password ? Do a spyware can see exactly what I'm type coz the data stored in the section are not hidden.
     
  16. diddi

    diddi New Member

    passwords

    I also have a problem with Firefox password manager; type in your master password and it saves all your usernames and passwords. The problem is
    that when I logout the username and passwords are not being deleted.
    Anybody know why?
     
  17. jambutty

    jambutty Geriatric Moderator

    The short answer Doommister is yes. If you have a keylogger on your computer it will record every keystroke.

    The answer is to first of all make sure that you do not have a keylogger on your computer. Do a Google search for keylogger and you will find plenty of free programmes that claim to search and destroy keyloggers on your machine. Try a few.

    Make sure that you have a reputable firewall installed (Zone Alarm is good) and something like Ad Aware or Spyware Doctor, not forgetting a quality anti virus software like AVG.

    Once you have done a complete sweep of your computer for things that shouldn’t be there you can then be reasonably sure that you key presses will not be monitored.

    But you need to go one step further.

    Disconnect from the Internet and if you have Microsoft Word open it up and name the document er Passwords. If you haven’t got Word, NotePad or WordPad will do.

    Type in the programme name, alongside your user name for that programme and alongside that the password. Underneath type in any relevant information like Secret questions and answers, Transaction codes etc.

    Open your browser and click on Generate in the RoboForm bar either underneath the browser address field or at the bottom of the browser. Select the number of characters that you want in your passwords. I use 15 characters although there is the odd site around that will only accept 12 characters. So just be careful.

    Generate yourself a couple of dozen passwords and copy and paste them to your Passwords document for ready use for when you need a new one or want to change an existing one.

    From then on only copy and paste your passwords or username so even if you do get a keylogger it won’t detect any key presses because there will be no important ones.

    Finally save your document to a floppy. If you can, save the Passwords document to a partition other than the boot partition usually named C: as well.

    Once RoboForm has your logging in details you won’t need to touch your keyboard or Passwords document.

    Hope that helps a bit.
     
  18. banzai

    banzai New Member

  19. nobshyip

    nobshyip Active Member

    try roboform banzai! :p
     
  20. jambutty

    jambutty Geriatric Moderator

    The only problem with sites like certtest is that you DO NOT KNOW if the generated password is sent back to the web site.

    Obviously they won’t know where you use the password but they will know that it is being used somewhere.
     

Share This Page