On Sun 25 Mar 2018 at 11:52:13 -0400, rhkra...@gmail.com wrote: > I started reading up on password managers in order to consider using one. > > Up until now, I've made up passwords myself, and stored them in an encrypted > file. Some of the drawbacks include: > > * I keep the passwords on the short side
The PIN for my credit card has only four digits. > * I don't change the passwords as often as I should There isn't and never has been a need to do this. Passwords don't deteriorate with age. > * I sometimes use the same password on more than one site Tut, tut. > All of the above because it is not convenient enough for me to do better. > > My head is just not "into" reading about password managers--it just seems to > be too boring to really get into, so, I thought I'd try posting here to get > opinions and recommendations from the list. (I am continuing my effort to > read--maybe I'll get a renewed burst of enthusiasm after I send this ;-) > > Here are some of what I think are my criteria for a password manager: > > * encrypted storage on my own machines (no storage "in the cloud") Definitely done by http://masterpasswordapp.com/ It is designed that way. > * ability to transfer to other devices, including Android tablets and > phones--either all the passwords or just one for some special logon on a > machine I don't normally use. Currently I do almost everything (that > requires > a password) on one of my desktop computers. I have a laptop that I use very > occasionally. Occasionally I've had to go to a library (or similar) to use a > Windows machine. I do have an Android tablet and phone, and, in general, I > don't use that for confidential type stuff (no banking, for example), but > that > could change if either I feel very secure or in some sort of extreme > emergency. I don't use such such exotic devices but see how http://masterpasswordapp.com/ suits. > * (a repeat of part of the previous bullet) a means to easily take an > individual password to another machine for occasional use of another machine http://masterpasswordapp.com/ has only one password; you can take it anywhere you want. > * a means to recover all the passwords if the password manager becomes > defunct (and this also implies backup and restore capabilities) Not too sure about this but, provided you have the app, you have the ability to (re)generate all your passwords. > * a means to automatically generate secure passwords That's http://masterpasswordapp.com/ > * a means to automatically update passwords on the target websites (to > facilitate regular / frequent password changes)--this is probably a > stretch--I > mean something that would work its way through the various screens and > prompts > to change a password with a minimum of manual intervention by me See above. A waste time. > As an alternative to a password manager, I may create my own memorizable > password generator "algorithm" that I can mostly use "in my head". For > instance, it could be something like this: Don't bother. http://masterpasswordapp.com/ got there before you. And does it better than you and I could ever do. > * think up a multiword phrase, possibly with a mnemonic connection to the > target website (or, have a means to extract them from a book, e.g., the 3rd > sentence of the 5th chapter of War and Peace--or maybe the first sentence in > the book that contains the word bank would become the passphrase for my bank). > * have a consistent substitution algorithm, which might do things like > this: > * capitalize the nth letter of each word (or the nth letter of the > first > word, the (n+1)th letter of the 2nd word, ... > * substitute (or insert) a punctuation mark for (like above) the mth > letter of each word (or the mth letter of the first word, the (m+1)th letter > of > the 2nd word, ... --the puntuation might be selected in, for example, > keyboard > order (or reverse keyboard order) across the numeric keys (e.g., !@#$%^&*() > (although maybe some of those might be invalid in (some?) passwords) > * some other similar generation rules > > Obviously, having "published" these ideas, my actual implementation will be > somewhat different ;-) masterpasswordapp is a deterministic password generator. Such things sometimes get a bad press. In this case, much of the criticism is unjustified. Documentation and support for it is excellent. -- Brian. (Who doesn't have any commercial connection with masterpasswordapp.com/)