What's new

Portable Password Management

Raissermesser

Raissermesser

Okay, any suggestions on secure portable password management? I'm looking for a device that can slip into your shirt pocket, but encrypts the database so that the passwords are not compromised should the device be lost. I saw one that looked interesting - PasswordsFAST- but it's limited to 30 character passwords, and I have some longer than that. I was also unclear on the master password length and whether it would brick after X number of attempts - that would be a good feature.

I've also thought about a text file on my phone and then locking my phone down with a password, but I don't think this phone has that capability, or if the password would be long enough to discourage hacking should my phone be lost.

I know about encrypted USB drives through an external program, but what I'd like is a secure portable way that doesn't require a computer.

Any ideas?
 
Mick

Mick

You can encrypt an entire thumb drive so security should not be an issue unless you choose something like "mypassword" or "secure" or some other nonsense. I tell my customers that if they can remember their password it is NOT secure. ALSO NEVER use a password more than once. Always create a different password for each challenge everywhere. Make them random upper/lower alpha numeric with at least 2 special characters (!@#$%^&*) and between 17 and 19 characters in length. To avoid issues with older log in systems start and end your password with a character (aA-zZ).

Now that you have heard my "password lecture".......

I've used KeePass since it was in beta ages ago and I have hundreds of passwords I need to access on a daily basis. I provide it to all of my customers and encourage them to use it also. You can (and should) use their start up master password so should your thumb drive get cracked there is a second password challenge to open your passwords. The KeePass database is encrypted so useless without the program to open it.

http://keepass.info/
 
Pebcak

Pebcak

turtle said:
I've used KeePass since it was in beta ages ago and I have hundreds of passwords I need to access on a daily basis. I provide it to all of my customers and encourage them to use it also. You can (and should) use their start up master password so should your thumb drive get cracked there is a second password challenge to open your passwords. The KeePass database is encrypted so useless without the program to open it.

http://keepass.info/
Click to expand...

Another great thing is that it's cross platform compatible. I use it on my Android phone and on my Linux laptop at home with no issues.
 
Raissermesser

Raissermesser

turtle said:
I tell my customers that if they can remember their password it is NOT secure.
Click to expand...

Grin. I have a random password generator that I wrote myself using the programming language cryptography functions. Technically it's a pseudorandom generator, but it's more pseudorandom than one I wrote myself based on an article in Byte and tweaked a bit. Anyway, I find that after frequent use even passwords made from all printable characters chosen at random tend to be memorizable, even if I have to have a keyboard in front of me to type it out. And I've bumped up passwords beyond the old eight characters. My problem is with the ones I don't use frequently.

Passphrases are easier to memorize and can be pretty secure, as long as they're not from any published work and not subject to a dictionary attack. I've used Diceware some, which is just a list of words chosen at random by the roll of five dice. They recommend never using less than six words now; 6 words gives 77.6 bits of entropy. An eight character password chosen at random of all printable characters is 53.44 bits, and a 12 character password is 78.66 bits.

FWIW, I encrypt the thumb drives I often carry with me for no other reason than I don't want someone nosing through my personal information should I loose them. I've using Veracrypt for that, and was going to see if there was finally a Windows version of LUKS. Either way, I have to have a computer running the encryption program to open them.
 
StillShaving

StillShaving

If you are already carrying a smartphone then the already mentioned KeePass is a good choice, though not the only one. You can copy the database consisting of a single kdbx (or kdb) file manually or use one of the cloud services to help automate the syncing. The App(s) on the phone is nice in that once the database has been opened once using the full password, a short version of the password will unlock it later unless you enter it incorrectly in which case the process will start over.
 
You must log in or register to reply here.

Similar threads

Toothpick
  • Locked
  • Sticky
INFO! Terms of Use
Replies
0
Views
33K
Toothpick
Toothpick
ShavingByTheNumbers
Fatip Piccolo (Mk 2): Review, Photos, Measurements, Photo Analysis
2 3
Replies
50
Views
28K
NorthernSoul
NorthernSoul
ShavingByTheNumbers
1957 Gillette Tech: Review, Photos, Measurements, Photo Analysis
2 3
Replies
55
Views
22K
Swingboy8
Swingboy8
ShavingByTheNumbers
Bevel DE Safety Razor: Review, Photos, Measurements, Photo Analysis
3 4 5
Replies
80
Views
33K
StewB
StewB
DC_MPA
History of Mcclelland
Replies
4
Views
2K
paintflinger
paintflinger
Top Bottom