Here’s a way to write down your passwords – safely!

Topic

New Reply

I originally posted this as a response to a discussion on this issue on another site and it seemed to generate a positive response, so since the Loungers here at WindowsSecrets have been so incredibly helpful to me with my computer issues, I thought I’d post this idea here in case it’s helpful to anyone.

Like many others who’ve written or posted on various sites with regard to passwords, I prefer LastPass (or Keepass) to keep my passwords safe, but if I need to write some down for any reason, I can do so with no security concerns. When I create passwords, remembering strings of random characters is way beyond the capacity of my aging brain, so I find it easier to just create little blocks of characters that I can easily remember and give them code names that will mean nothing to anyone but me.

For example, let’s say that your sister’s initials are PDG, born on the 27th of April, and your brother’s initials are MJD, born on the 6th of May, and that you all grew up at 673 Clarkson St. Your password could then be pdG27673mjD06. Your written-down code for that could be “SisClarksonBro” (without the quotes), or even SClarksonB, if that’s all you need to remember what it stands for.

Using this procedure (though you can easily invent your own – and should!), you could add blocks for Dad and Mom, your children or grandchildren, your pets, or anyone else you choose. However, if you want to get extra uses out of fewer blocks, especially for lower importance sites where a security breach wouldn’t be life-destroying, you could, using this system, keep the “Sis” and “Bro” blocks, but vary the middle one (or the first or last, as you choose). For example, if your best friend Mike lives on Dogbreath Drive, your password could be pdG27DogbreathmjD06 and your written code for that could be SisMikeStBro or SMikeStB. If you do a series of these and can remember the constant bits, all you have to write down is your middle block (or whichever block you vary), so your written-down password list would look like:

Site 1: Clarkson
Site 2: MikeSt
(Etc.)

Also, please remember that you’re not limited to only three blocks in a password (longer is always better), nor do you have to only vary one block. It’s important to make up your own system [this is not the one I use, which is of course Top Secret, but just an example I made up for this post], with the key point being to use character blocks you can easily remember because they have meaning to you, and for which you can have a simple code that will jog your memory, but no one else’s.

There you have it, a way to keep a written-down list of password codes that are meaningful only to you and will be utterly useless to anyone who might find your list.

Hope that helps.

Reply | Quote

Replies

I also use Last Pass. In the Form Fill section there is a notes tab. I have added all my keys to various S/W apps there. You can also add all the different PWs as well. In this manner you only need to remember one Master Password to access your Last Pass account. Plus if I have to reinstall an app for whatever reason, the key for that app is readily available for the installation.

edit: By the way, where did you get 4.1.2 for your Galaxy. My S2 is still at 4.0.4

Reply | Quote

edit: By the way, where did you get 4.1.2 for your Galaxy. My S2 is still at 4.0.4

Hi, Ted,

The honest answer to your question is, “I dunno.” When I first got my S2 last June, I found that I was able to upgrade immediately to 4.0.3 (ICS), which I’d used ever since. Then, a few days ago, I got a notification on my phone about a “Software Upgrade.” I was away on business, so I postponed doing anything about it until I got back yesterday, at which time I tapped on the notification and found that it would upgrade me to 4.1.2 (JB). How or why or from whom I received that notification is a total mystery to me , but not being one to look a gift horse in the mouth, I jumped at the opportunity first thing.

If anyone can explain how/why/from whom this sudden update notification came, I’ll share your interest in learning that.

Cheers,
Al

Reply | Quote

Ted,

I’m on AT&T & my S2 has version 4.0.4. When I run the manual check for updates Settings, About Phone, Software update it tells me I’m up to date according to the AT&T server and that I can check back in 24 Hrs. HTH :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Another way to do it is use substitute characters in your passwords. For example:

[indent]@=a
3=E
1=I
0=O
n=u

$=S[/indent]

So, if you want to use the word “password” for your password, simply write down

[indent]password[/indent]

but then type in

[indent]p@$$w0rd[/indent]

as your password.

Write down:

[indent]WindowsSecretsLounge[/indent]

Type in:

[indent]W1nd0w$$3cr3tL0ng3[/indent]

You get the idea.

Only you will know that you’re using substitutes for all vowels and a “$” in place of an “s”.

Reply | Quote

S.D.

Unfortunately, all of your substitutions, with the exception of n=u, are well known to the bad guys and if they know it they check for it. I’m just sayin’ :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Re: Galaxy SII – Sprint is up to v. 4.1.2. ??What’s your carrier??

Zig

Reply | Quote

I agree, those particular substitutions are known. So use other, or add more substitutions, or combine it/them with something else, or . . .

Reply | Quote

Our passwords are “freeze dried” so they can be reconstituted on the spot without remembering a thing except the phrase or lyric or passage they come from. Usually these don’t include numbers so that’s where the old street address or the answer to life, the universe and everything (reference to Hitchhiker’s Guide to the Galaxy) comes in. Capitalize names and places or such. Method falls a bit short on special character inclusion but I don’t know it that makes much difference to brute force computation effort or not.

Reply | Quote

I guess I will have to check because my SII is through Sprint as well.

Well that sucks, I am still at 4.0.4 and my phone tells me it’s Up To Date, both Firmware and Samsung S/W. You guys must ne considered very “SPECIAL” LOL

Reply | Quote

You guys must ne considered very “SPECIAL” LOL

Yep, they even get to ride the “Special Bus”!

Reply | Quote

I guess I will have to check because my SII is through Sprint as well.

Well that sucks, I am still at 4.0.4 and my phone tells me it’s Up To Date, both Firmware and Samsung S/W. You guys must ne considered very “SPECIAL” LOL

Hi, Ted,

Perhaps that’s the answer to your initial question about “where did you get 4.1.2 for your Galaxy. My S2 is still at 4.0.4.” I’m currently living overseas and have my phone service through Vodafone, so maybe different phone service providers get updated at different times. It seemed like an update from Samsung, which you’d think would apply to all S2 phones everywhere, but perhaps the timing of updates varies with the phone service provider, though I’m not sure why that would be.

Cheers,
Al

Reply | Quote

Al,

The different phone service providers pass out the update at different times because they have to ensure that the update will work with their own modification (often crapware) of the OS. This is usually several months after Google has released the “official” update.

Zig

Reply | Quote

Al,

The different phone service providers pass out the update at different times because they have to ensure that the update will work with their own modification (often crapware) of the OS. This is usually several months after Google has released the “official” update.

Zig

Hi, Zig,

Thanks for that explanation. What’s interesting, though, is that I didn’t buy this phone from Vodafone. It’s officially set up with the original crapware from Telecom, Vodafone’s biggest competitor here, but I bought it unlocked from a local electronics store chain and it has worked fine through Vodafone. As a result, I’m not sure whether the update would have come from Vodafone, with whom I have my service, or through Telecom, who originally marketed the phone. No matter, though; I’m just glad to have the update. Now if only I could get rid of some of the Google crapware, THAT would be great, but that would require rooting the phone and I rely on it too much to risk bricking it.

Thanks again for the info.

Cheers,
Al

Reply | Quote

I store my passwords in my contacts folder — using fake names that I recognize as fake.

Thus:
Sidney Banque
2380 Westlake Blvd Apt #14J
Los Angeles CA 91335

Immerse this in your contacts list, and only you will know that your CitiBank password is 2380WestlakeBlvdApt#14j
You can, in most contact lists, add comments, so as an alternative to the address, your list might have a comment, like “Birthday April 28th” (or “Wife Cathy, Son Charles @ U. Michigan”) which is your password, Birthday_April_28th (or WifeCathySonCharles@U.Michigan).

For complete camouflage, you could use the actual contact information of actual people, and adopt their actual addresses or comments as passwords. Use defunct contacts, or random strangers from the phone book, so you won’t inadvertently change the entry. You can look up people named “C. Banker” or “M. Card” (or enter fake comments like “Knows Frank from Citicorp Dallas office”) to provide cues to the relevant accounts.

Reply | Quote

I like using pass phrases with just the first letter of an easily remembered sequence plus a couple of numbers (many sites require a combination of letters and numbers)
Thus “This is my secret bank account password Christmas” would become “Timsbap1225.”
Incidentally, that’s nowhere near what I use for my actual passwords.

Reply | Quote

Hello

Am I right in thinking that there are two threads running in tandem here; or am I just being thick?
My point is in regards to passwords, I don’t use and codecs or similar, I’m simply not bright enough.
All I have an excel sheet filed in “my documents” with all the relevant details (company, banks, user names etc) together with their relevant passwords, complicated as possible & totally random and simply “copy & paste” as required.

As no one has mentioned this system am I wonderfully clever or have I made the most basic error??

As always advice and guidance is most appreciated!!

Reply | Quote

Sgt,

Welcome to the Lounge as a new poster. :cheers:

The basic error you have made, from what I can tell from your post, is that this file is stored in the clear. Thus, anyone who gets access to your PC or just the hard drive has all your information. Now if you get a program like TrueCrypt and encrypt that file with a strong password and only open the file when you need it you’ll be just fine. HTH :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Thanks for this; I had a feeling that I was making a basic error when I noticed that no-one else including the more experienced were not employing the same tactic.
I will look at encryption, but if I merely used a memory stick and attached and detached it as required would I not achieve the same result?

Thanks Richard

Reply | Quote

Richard,

Yes that would get the same results except it’s too easy to forget and leave it in the computer and you’d have to lock it up somewhere not leave it sitting by the computer…sort of like using post-it notes for passwords. Personally, I use RoboForm Desktop well worth the money and no cut and paste involved as it fills the online fields for you. I’m just sayin’… HTH :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote