1 2
Johnboyjjb
Johnboyjjb HalfDork
8/23/20 10:03 a.m.

The two from work that get people in trouble:
What city was your wife born in? People change wives with a regular interval at work so they have to remember which wife.

What travel destination do you want to go to the most? At a well paid engineering company, many people get to do their dream travel, as so this changes all the time.

Bonus:
First car? Crap was it 77 or 1977?

Pete. (l33t FS)
Pete. (l33t FS) MegaDork
8/23/20 10:21 a.m.
secretariata (Forum Supporter) said:
Pete. (l33t FS) said:

What if your childhood crush, childhood hero, worst movie you have ever seen, AND historical figure you'd most like to meet, are all the same answer?

Betsy Ross wasn't that hot... cheeky

You're not the boss of me!

Ranger50
Ranger50 UltimaDork
8/23/20 10:23 a.m.

1miata2, 2miata3, 3miata4....

slowbird
slowbird SuperDork
8/23/20 11:23 a.m.

I hate the ones that don't apply to me. Spouse's middle name? don't have one, berkeleyers. Color of first dog? never had a dog. What was the name of your favorite teacher? Who the heck has a favorite teacher?

Pete. (l33t FS)
Pete. (l33t FS) MegaDork
8/23/20 11:26 a.m.

In reply to slowbird :

Those are the perfect questions because you can make E36 M3 up that even people who know you wouldn't get.

 

For example.  Spouse's middle name?  Danger.  Color of first dog?  Bolor.  (I had an incident with a bat as a sboolboy)  Name of favorite teacher?  Ms. Krabappel.

Keith Tanner
Keith Tanner MegaDork
8/23/20 11:40 a.m.
RevRico said:
Keith Tanner said:

You guys need password vaults. They work for "secret questions" too.

yea, they're great, until you have an unexpected hard drive crash and can't login to it anymore on your new build, because "new password can't match the old password" that they said was berkeleying wrong in the first place. 

And you need to work on your backup strategy :) I use PWSafe, and the vault file is stored on a Dropbox-synchro folder so I can access it on multiple computers. A hard drive failure wouldn't take it out. 

I've had more trouble with 2FA authentication apps. They're tired to a single device and if it goes down, you're locked out. My phone died recently from a hardware failure and now I can't get into the accounts secured by Google Authenticator.

1988RedT2
1988RedT2 MegaDork
8/24/20 9:46 a.m.

As an old guy, I find the current necessity to access accounts online and keep a password for each one, and 2-factor authentication and all that crap to be a huge pain in the general region of the buttocks.  As someone who does not use a smartphone, it's gotten to the point where the whole system just does not work.

As for programs that will store all your passwords in one place, just how secure is that?  Seems like a convenient hustle where you believe you have security but are actually making it easy for those who would gain from having all your passwords.

Keith Tanner
Keith Tanner MegaDork
8/24/20 10:06 a.m.

Blame the necessity on those who want your stuff without having to pay for it. There are people who still resent having to lock the front door of their house as well, and I totally get that.

If the passwords in your vault are stored in an encrypted form (they had better be!) the only way to get them is to either:

1. break the encryption. Difficult to the level of practical impossibility if the program is designed well.

2. get the master password for your vault and the file with the encrypted passwords. Your master password had better be a decently good one, no using your birthday or your mother's maiden name. The file should be stored in a smart place, somewhere with security beyond that of your usual ecommerce or forum site where your individual passwords can be lost. 

Most people don't think about this, but the most important password you have is your email password. That's the one you use to reset all the others.

BTW, I've found that car/engine/chassis numbers are actually a good equivalent to a randomly generated password but memorable to car guys, because we can understand and remember stuff like GT3RS911 or 1990NAFE3mx5, but you'll never find them in a dictionary attack!

AngryCorvair (Forum Supporter)
AngryCorvair (Forum Supporter) MegaDork
8/24/20 10:06 a.m.
Pete. (l33t FS) said:

What if your childhood crush, childhood hero, worst movie you have ever seen, AND historical figure you'd most like to meet, are all the same answer?

Seka?

Greg Smith (Forum Supporter)
Greg Smith (Forum Supporter) Dork
8/26/20 10:40 a.m.

In reply to ProDarwin :

LastPass is free and online (Web based)

 

Greg Smith (Forum Supporter)
Greg Smith (Forum Supporter) Dork
8/26/20 10:41 a.m.

In reply to Keith Tanner :

Set up 2 devices. or device + call / email backup. 

NickD
NickD UltimaDork
8/26/20 10:43 a.m.
Pete. (l33t FS) said:

What if your childhood crush, childhood hero, worst movie you have ever seen, AND historical figure you'd most like to meet, are all the same answer?

Abraham Lincoln, Abraham Lincoln, Abraham Lincoln :Vampire Hunter and Abraham Lincoln. E36 M3.

aircooled
aircooled MegaDork
8/26/20 11:00 a.m.
Greg Smith (Forum Supporter) said:

In reply to ProDarwin :

LastPass is free and online (Web based)

 

Both of which, honestly, make me a bit nervous.

e.g. Facebook is "free"

The eggs / basket thing is a bit of a worry also.

NickD
NickD UltimaDork
8/26/20 12:02 p.m.
aircooled said:
Greg Smith (Forum Supporter) said:

In reply to ProDarwin :

LastPass is free and online (Web based)

 

Both of which, honestly, make me a bit nervous.

e.g. Facebook is "free"

The eggs / basket thing is a bit of a worry also.

"Hey, give us all your passwords to everything and we'll totally not ever get hacked and lose them all at once and give hackers access to every aspect of your life in one blow. Pinky promise."

Ian F (Forum Supporter)
Ian F (Forum Supporter) MegaDork
8/26/20 12:24 p.m.
secretariata (Forum Supporter) said:
Pete. (l33t FS) said:

What if your childhood crush, childhood hero, worst movie you have ever seen, AND historical figure you'd most like to meet, are all the same answer?

Betsy Ross wasn't that hot... cheeky

I'm related to Betsy Ross. "Childhood crush" would be awkward. frown

Keith Tanner
Keith Tanner MegaDork
8/26/20 12:43 p.m.
NickD said:
aircooled said:
Greg Smith (Forum Supporter) said:

In reply to ProDarwin :

LastPass is free and online (Web based)

 

Both of which, honestly, make me a bit nervous.

e.g. Facebook is "free"

The eggs / basket thing is a bit of a worry also.

"Hey, give us all your passwords to everything and we'll totally not ever get hacked and lose them all at once and give hackers access to every aspect of your life in one blow. Pinky promise."

That's why I use PWSafe. Solid crypto, I have control over the files.

ProDarwin
ProDarwin UltimaDork
8/26/20 1:35 p.m.
Keith Tanner said:

That's why I use PWSafe. Solid crypto, I have control over the files.

Does it require a local client?  Or did you say you can access from your Google drive when you are remote?

 

Greg Smith (Forum Supporter)
Greg Smith (Forum Supporter) Dork
8/26/20 3:07 p.m.
NickD said:
aircooled said:
Greg Smith (Forum Supporter) said:

In reply to ProDarwin :

LastPass is free and online (Web based)

 

Both of which, honestly, make me a bit nervous.

e.g. Facebook is "free"

The eggs / basket thing is a bit of a worry also.

"Hey, give us all your passwords to everything and we'll totally not ever get hacked and lose them all at once and give hackers access to every aspect of your life in one blow. Pinky promise."

It's encrypted so they can't get to them. Nor can you ifg you lose the keys. Exportable, data kept in US. We just went through multiple options for work, and while I personally have KeePass with a local file and OneDrive sync, I'm moving to LastPass slowly as well. The browser integration is pretty cool. 

 

Greg Smith (Forum Supporter)
Greg Smith (Forum Supporter) Dork
8/26/20 3:08 p.m.
ProDarwin said:
Keith Tanner said:

That's why I use PWSafe. Solid crypto, I have control over the files.

Does it require a local client?  Or did you say you can access from your Google drive when you are remote?

 

With KeePass, I sync the file across machines; it does use a (portable) client for PC's or an app "MiniKeePass" on your mobile. 

Keith Tanner
Keith Tanner MegaDork
8/26/20 3:28 p.m.
ProDarwin said:
Keith Tanner said:

That's why I use PWSafe. Solid crypto, I have control over the files.

Does it require a local client?  Or did you say you can access from your Google drive when you are remote?

 

Yes, local client on my phone or computer. I sync the vault file via Dropbox. Even if the vault gets lifted somehow, there's no realistic way to decrypt it. 

thatsnowinnebago (Forum Supporter)
thatsnowinnebago (Forum Supporter) UltraDork
8/26/20 3:33 p.m.
The0retical (Forum Supporter) said:
ProDarwin said:

 

I can't even answer most of these.  Those that I can answer, there is nearly no chance of me answering the same way a second time.

 

Anyone have a trick for dealing with these?

 

KeePass synced to Google Drive.

There's a note field for that info, but you never forget your password so W/E.

I know exactly 2 passwords. One for Google and one for the KeePass2 .kdbx file.

Seconding KeePass stored on Drive. The KDBX file is encrypted so it's safe enough if Drive gets hacked. Then use the notes field like someone else way saying to store the made up answers to a security question. Makes it much more difficult to guess when the answer isn't true. KeePass has a lightweight version that runs off a thumb drive too for ultimate protection. Can't hack a air-gapped drive. I like the built-in password generator too. 

1 2

You'll need to log in to post.

Our Preferred Partners
Wt5QkmPsXjoqoXG7vmjd1vLELjHCJmzIBMywW0oLBUQSCGrS47gbMYgkB52trZzc