Security of computer data and passwords

[hotvette]

I hope there are some security-minded folks that can reply with practical suggestions.

I've become increasingly nervous over time about the security of the data on my laptop (mostly financial) and online information via the myriad of username/password combinations that are used for everything from e-mail, Facebook and eBay to investments (401k, bank, etc.).

For the former, what I've found so far in my research suggests that most things you do (pehaps the simplest is an HDD password) are rather trivial to circumvent and that encryption is about the only real choice. Thus, I'm considering using a software encryption application (e.g. TrueCRYPT) to create an encrypted container on my hdd were I can store sensitive files.

1. My first question is whether using encryption software is really worth the effort (i.e. what degree of security does it really add?).

2. Second question is how on Earth to come up with a decent password you can remember without writing it down somewhere (which would defeat the purpose). TrueCRYPT recommends >20 random upper/lower case letters + numbers + special characters.

For the second issue (how to manage user id's and passwords), I suppose I could arrange them very nicely in a spreadsheet and store the sheet in the encrypted container on my hdd. I've also seen specialized password manager applications that appear to do the same, but I'm guessing you need a strong password to get to your passwords. I almost see this one as more important than the first, particularly because of direct access to $$. The biggest mistake I can imagine is having a neat list of user id's and passwords on my laptop that if obtained opens the doors to everything. Right now I have a mismash of memory and written hints in various places that probably isn't very secure at all.

Sorry for a bit of a ramble, but would appreciate some sound advice. Thanks.

 

[DavidSnider]

Take a look at this:
http://www.thinkgeek.com/product/91a2/

 

[r4z0r84]

You can create a password generator in excel quite easily, so you don't have to use random.org for example keeping all your passwords offline.

In excel copy and paste this into sheet 2 c1

=CONCATENATE(Sheet2!A1,Sheet2!A2,Sheet2!A3,Sheet2!A4,Sheet2!A5,Sheet2!A6,Sheet2!A7,Sheet2!A8,Sheet2!A9,Sheet2!A10,Sheet2!A11,Sheet2!A12,Sheet2!A13,Sheet2!A14,Sheet2!A15,Sheet2!A16,Sheet2!A17,Sheet2!A18,Sheet2!A19,Sheet2!A20,Sheet2!A21,Sheet2!A22,Sheet2!A23,Sheet2!A24,Sheet2!A25,Sheet2!A26,Sheet2!A27,Sheet2!A28,Sheet2!A29,Sheet2!A30,Sheet2!A31,Sheet2!A32:A32,Sheet2!A33,Sheet2!A34,Sheet2!A35,Sheet2!A36,Sheet2!A37,Sheet2!A38,Sheet2!A39,Sheet2!A40,Sheet2!A41,Sheet2!A42,Sheet2!A43,Sheet2!A44,Sheet2!A45,Sheet2!A46,Sheet2!A47,Sheet2!A48,Sheet2!A49,Sheet2!A50,Sheet2!A51,Sheet2!A52,Sheet2!A53,Sheet2!A54,Sheet2!A55,Sheet2!A56,Sheet2!A57,Sheet2!A58,Sheet2!A59,Sheet2!A60,Sheet2!A61,Sheet2!A63,Sheet2!A62,Sheet2!A64,Sheet2!A65,Sheet2!A66,Sheet2!A67,Sheet2!A68,Sheet2!A69,Sheet2!A70,Sheet2!A71,Sheet2!A72,Sheet2!A73,Sheet2!A74,Sheet2!A75,Sheet2!A76,Sheet2!A77,Sheet2!A78,Sheet2!A79,Sheet2!A80,Sheet2!A81,Sheet2!A82)

Copy and paste this into sheet 2 b2 through b91 (can click and drag bottom right corner to copy the formula over the whole spectrum)

=RANDBETWEEN(1,82)

now to get a limited number instead of an 82 character password and to hide the working out

go to sheet one, and put this into a1

=LEFT(Sheet2!C1,A4)

in a4 type the amount of characters you want in your new password.

now finally to input all the data you want for your password

in sheet 2 for the a collum go through the alphabet in lower case upper case and use all numbers and symbols on each new line.
a1, a2, a3, a4, a5 ect.

now to randomize, select all of a and b collums (can click a and b up the top when you are shown an arrow pointing down)

now simply right click, sort biggest to smallest or smallest to biggest going by the b collum.

I created a macro to do the same thing automatically when pressing ctrl+G i would upload it here but the forums only support 2003 excel and its impossible to create a function using more than 30 cells in 2003 excel.

Not sure if this helps you or not but i use it on a daily basis.

Now in order to answer your questions in a round about way,

If you have a password for a word document that you know off by heart and is not written anywhere, if you encrypt the file and password protect it, its safe to have your information in there, you can't open it with notepad or any other program. this is how i store all the information on passwords, user names ect for my workplace (government school)

TrueCrypt works if you have other sensative data, so does winrar but requires you to uncompress files to view information (slower but free)

In terms of what encrypting an word document for example, the attached files are a password protected word document containing the word "hello" the password for the file is "hello" hello.txt shows the encryption where as hello_nopw.txt shows when the file is not encrypted.

really simple but works efficently, as long as you don't write the password to enter the word document down it is secure.

Now in terms of remembering a very long password i personally don't have issues with this due to my password generator plus i store my passwords in a password protected word doc, but there are a few simple ways to remember long "random" numbers/letters

My mother for example uses a sentence and takes the first letter from each word to create a "random" string, The fox ran across the field, Tfratf.

To remember a randomly generated password that i don't want stored anywhere i use notepad and just enter it again and again line after line until its imbedded into my memory, this is how i learned pi.

3.141
3.14159
3.1415926
3.141595653
3.14159265358979323... ect.

Your brain doesn't remember the numbers as per say as one large number but it remembers the patterns used to create the number.

Hope this helps.

 

[256bits]

Talking about passwords
http://arstechnica.com/security/2012/09/windows-passwords-exposed/

http://www.datagenetics.com/blog/september32012/index.html