The two from work that get people in trouble:
What city was your wife born in? People change wives with a regular interval at work so they have to remember which wife.
What travel destination do you want to go to the most? At a well paid engineering company, many people get to do their dream travel, as so this changes all the time.
Bonus:
First car? Crap was it 77 or 1977?
secretariata (Forum Supporter) said:
Pete. (l33t FS) said:
What if your childhood crush, childhood hero, worst movie you have ever seen, AND historical figure you'd most like to meet, are all the same answer?
Betsy Ross wasn't that hot...
You're not the boss of me!
1miata2, 2miata3, 3miata4....
I hate the ones that don't apply to me. Spouse's middle name? don't have one, berkeleyers. Color of first dog? never had a dog. What was the name of your favorite teacher? Who the heck has a favorite teacher?
In reply to slowbird :
Those are the perfect questions because you can make E36 M3 up that even people who know you wouldn't get.
For example. Spouse's middle name? Danger. Color of first dog? Bolor. (I had an incident with a bat as a sboolboy) Name of favorite teacher? Ms. Krabappel.
RevRico said:
Keith Tanner said:
You guys need password vaults. They work for "secret questions" too.
yea, they're great, until you have an unexpected hard drive crash and can't login to it anymore on your new build, because "new password can't match the old password" that they said was berkeleying wrong in the first place.
And you need to work on your backup strategy :) I use PWSafe, and the vault file is stored on a Dropbox-synchro folder so I can access it on multiple computers. A hard drive failure wouldn't take it out.
I've had more trouble with 2FA authentication apps. They're tired to a single device and if it goes down, you're locked out. My phone died recently from a hardware failure and now I can't get into the accounts secured by Google Authenticator.
As an old guy, I find the current necessity to access accounts online and keep a password for each one, and 2-factor authentication and all that crap to be a huge pain in the general region of the buttocks. As someone who does not use a smartphone, it's gotten to the point where the whole system just does not work.
As for programs that will store all your passwords in one place, just how secure is that? Seems like a convenient hustle where you believe you have security but are actually making it easy for those who would gain from having all your passwords.
Blame the necessity on those who want your stuff without having to pay for it. There are people who still resent having to lock the front door of their house as well, and I totally get that.
If the passwords in your vault are stored in an encrypted form (they had better be!) the only way to get them is to either:
1. break the encryption. Difficult to the level of practical impossibility if the program is designed well.
2. get the master password for your vault and the file with the encrypted passwords. Your master password had better be a decently good one, no using your birthday or your mother's maiden name. The file should be stored in a smart place, somewhere with security beyond that of your usual ecommerce or forum site where your individual passwords can be lost.
Most people don't think about this, but the most important password you have is your email password. That's the one you use to reset all the others.
BTW, I've found that car/engine/chassis numbers are actually a good equivalent to a randomly generated password but memorable to car guys, because we can understand and remember stuff like GT3RS911 or 1990NAFE3mx5, but you'll never find them in a dictionary attack!
In reply to ProDarwin :
LastPass is free and online (Web based)
In reply to Keith Tanner :
Set up 2 devices. or device + call / email backup.
NickD
UltimaDork
8/26/20 10:43 a.m.
Pete. (l33t FS) said:
What if your childhood crush, childhood hero, worst movie you have ever seen, AND historical figure you'd most like to meet, are all the same answer?
Abraham Lincoln, Abraham Lincoln, Abraham Lincoln :Vampire Hunter and Abraham Lincoln. E36 M3.
Greg Smith (Forum Supporter) said:
In reply to ProDarwin :
LastPass is free and online (Web based)
Both of which, honestly, make me a bit nervous.
e.g. Facebook is "free"
The eggs / basket thing is a bit of a worry also.
NickD
UltimaDork
8/26/20 12:02 p.m.
aircooled said:
Greg Smith (Forum Supporter) said:
In reply to ProDarwin :
LastPass is free and online (Web based)
Both of which, honestly, make me a bit nervous.
e.g. Facebook is "free"
The eggs / basket thing is a bit of a worry also.
"Hey, give us all your passwords to everything and we'll totally not ever get hacked and lose them all at once and give hackers access to every aspect of your life in one blow. Pinky promise."
secretariata (Forum Supporter) said:
Pete. (l33t FS) said:
What if your childhood crush, childhood hero, worst movie you have ever seen, AND historical figure you'd most like to meet, are all the same answer?
Betsy Ross wasn't that hot...
I'm related to Betsy Ross. "Childhood crush" would be awkward.
NickD said:
aircooled said:
Greg Smith (Forum Supporter) said:
In reply to ProDarwin :
LastPass is free and online (Web based)
Both of which, honestly, make me a bit nervous.
e.g. Facebook is "free"
The eggs / basket thing is a bit of a worry also.
"Hey, give us all your passwords to everything and we'll totally not ever get hacked and lose them all at once and give hackers access to every aspect of your life in one blow. Pinky promise."
That's why I use PWSafe. Solid crypto, I have control over the files.
Keith Tanner said:
That's why I use PWSafe. Solid crypto, I have control over the files.
Does it require a local client? Or did you say you can access from your Google drive when you are remote?
NickD said:
aircooled said:
Greg Smith (Forum Supporter) said:
In reply to ProDarwin :
LastPass is free and online (Web based)
Both of which, honestly, make me a bit nervous.
e.g. Facebook is "free"
The eggs / basket thing is a bit of a worry also.
"Hey, give us all your passwords to everything and we'll totally not ever get hacked and lose them all at once and give hackers access to every aspect of your life in one blow. Pinky promise."
It's encrypted so they can't get to them. Nor can you ifg you lose the keys. Exportable, data kept in US. We just went through multiple options for work, and while I personally have KeePass with a local file and OneDrive sync, I'm moving to LastPass slowly as well. The browser integration is pretty cool.
ProDarwin said:
Keith Tanner said:
That's why I use PWSafe. Solid crypto, I have control over the files.
Does it require a local client? Or did you say you can access from your Google drive when you are remote?
With KeePass, I sync the file across machines; it does use a (portable) client for PC's or an app "MiniKeePass" on your mobile.
ProDarwin said:
Keith Tanner said:
That's why I use PWSafe. Solid crypto, I have control over the files.
Does it require a local client? Or did you say you can access from your Google drive when you are remote?
Yes, local client on my phone or computer. I sync the vault file via Dropbox. Even if the vault gets lifted somehow, there's no realistic way to decrypt it.
The0retical (Forum Supporter) said:
ProDarwin said:
I can't even answer most of these. Those that I can answer, there is nearly no chance of me answering the same way a second time.
Anyone have a trick for dealing with these?
KeePass synced to Google Drive.
There's a note field for that info, but you never forget your password so W/E.
I know exactly 2 passwords. One for Google and one for the KeePass2 .kdbx file.
Seconding KeePass stored on Drive. The KDBX file is encrypted so it's safe enough if Drive gets hacked. Then use the notes field like someone else way saying to store the made up answers to a security question. Makes it much more difficult to guess when the answer isn't true. KeePass has a lightweight version that runs off a thumb drive too for ultimate protection. Can't hack a air-gapped drive. I like the built-in password generator too.