Norton Identity Safe

[Moses Yoder]

Okay, thanks to the password thread I did a search and found Norton Identity Safe. I am just starting out generating passwords and using them. I am the guy that only had one password for everything, my email got hacked in India (I should think they were bored to death). At the time I was not banking online and did not have PayPal linked to my bank account, now I do. So is Norton Identity Safe and the Norton password generator good enough for an average Joe or is it really necessary to spend money on something that isn't free?

[Dan Hintz]

Why anyone would spend money on a password generator is beyond me... create a random string in your head and write it down for safe keeping.

[John Huds0n]

Take a look at "LastPass" (which is free by the way)

https://lastpass.com/misc_download2.php


some reviews of password managers:
http://www.pcmag.com/article2/0,2817,2407168,00.asp

[Myk Rian]

I agree with Dan. Make up your own passwords.
I have never linked my bank account to PayPal. My C C is enough for their records.

[Moses Yoder]

Why anyone would spend money on a password generator is beyond me... create a random string in your head and write it down for safe keeping.

According to your posts in the thread on passwords that wouldn't work. You need an air gap around your electronics and need to design a new house built as a faraday cage. For those of us who don't know anything about computers that sounds really ridiculous and at the same time a little scary. The advantage of the Norton Security safe (a free download) is that it generates a completely random password for each application. This would not be true if you made one up in your head; the passwords would all be based on your preferences and characteristics. Plus, with the Security safe I can copy the password for each site and paste it in. I think if I figure out how it will even enter the user name and password for me. The only password I have to make up and write down will be the one for the safe. I find it extremely difficult to enter a string of 12 or 15 random characters from a piece of paper into the computer.

[Scott Shepherd]

According to your posts in the thread on passwords that wouldn't work. You need an air gap around your electronics and need to design a new house built as a faraday cage.

In fairness, I don't think Dan ever told anyone to create and air gap or use a faraday cage. Someone had said the only way to keep things safe was to unplug from the internet, and he replied you were still at risk if you did that, to the right people. I asked about the faraday cage, just as curiosity, and he replied that it would help, but not stop it. There was never mention that anyone should use either of those things to maintain security.

I don't think it's as hard as you are making it. Pick something in your life that has meaning, maybe your first family pet's name. Then just add one number and one character to it. Like "Muffin5$". If you have to change it, change it to "Muffin6$", "Muffin7$", "Muffin8$". Or make it "5$Muffin5$". Doing that, you'll be pretty darn safe.

My Apple products have the password generator built in, they'll generate some crazy scheme of passwords, save it across tablets, phones, desktops, and laptops, but if you ever use someone else's computer to log into something, you won't know what it is. Most of the time, since I let it generate them, I have no idea what my passwords are, nor do I need to know. If I forget it, or can't log in, I hit the "forgot password" button and create a new one.

[Raymond Fries]

Moses - I believe that any application that creates passwords that are strong is adequate. I am not familiar with the Norton application but would guess that it creates strong passwords.

Strong passwords use a series of numbers, letters, and or symbols. A mix is required and sometimes a capital letter is required.

I used to work in an IT position for a large corporation and our passwords were strong and needed to be a minimum eight characters long.

If you really want to be safer, change them sometimes. We had to change our login passwords every 30 days.

[Dan Hintz]

According to your posts in the thread on passwords that wouldn't work. You need an air gap around your electronics and need to design a new house built as a faraday cage. For those of us who don't know anything about computers that sounds really ridiculous and at the same time a little scary. The advantage of the Norton Security safe (a free download) is that it generates a completely random password for each application. This would not be true if you made one up in your head; the passwords would all be based on your preferences and characteristics. Plus, with the Security safe I can copy the password for each site and paste it in. I think if I figure out how it will even enter the user name and password for me. The only password I have to make up and write down will be the one for the safe. I find it extremely difficult to enter a string of 12 or 15 random characters from a piece of paper into the computer.

You're making things harder on yourself than necessary. If you want truly random (what was originally asked for), write down letters, numbers, and symbols from the keyboard on scraps of paper and put them into a fishbowl. Keep picking scraps of paper (and putting them back in the bowl after each pick) until your password is as long as you deem safe.

If you want something that's more easily remembered, do the same as above for only a few characters in the password, and make the rest a word/phrase that has meaning to you but not anyone outside of your immediate circle. Steve's "Muffin" option, for example.

[Dave Sheldrake]

is that it generates a completely random password for each application

Sadly Moses it doesn't, a windows based PC has not had the ability to generate a truely random output for many years.

Imagine having 15 bank vaults with 15 different locks and 15 different passwords. It's going to be very hard for the thief to get through all 15 layers of security. Good news for them is, they don't have to...they just need to get through one....the code that lets them into the safe that stores the passwords.....

Was me that mentioned nothing online is safe Scotty and it remains true...

The determined and resourceful attacker can get through just about anything...the only consideration is will the result justify the time, if they are going to steal $200 from your paypal, they won't bother, if there was $200,000,000 in paypal that attracts people with better resources.

In effect if it exists...it can be stolen...the question is will those with the resources want to?

cheers

dave

[Dan Hintz]

Moses - I believe that any application that creates passwords using strong encryption is adequate. I am not familiar with the Norton application but would guess that it uses strong encryption.

Strong encryption uses a series of numbers, letters, and or symbols. A mix is required and sometimes a capital letter is required.

I used to work in an IT position for a large corporation and our passwords used strong encryption and only needed to be eight characters long.

You're confusing two totally different things. Encryption has zero to do with how a user-viewable password is generated or how easy it is to guess such a password via brute-force methods. I would only suggest 8-character passwords for sites such as forums (like this), junk email accounts, etc.

[Raymond Fries]

Well maybe I had a bad term told to me. I will edit my post. Thanks

Moses - I believe that any application that creates passwords using strong encryption is adequate. I am not familiar with the Norton application but would guess that it uses strong encryption.

Strong encryption uses a series of numbers, letters, and or symbols. A mix is required and sometimes a capital letter is required.

I used to work in an IT position for a large corporation and our passwords used strong encryption and only needed to be eight characters long.

If you really want to be safer, change them sometimes. We had to change our login passwords every 30 days.

[Chuck Wintle]

Why anyone would spend money on a password generator is beyond me... create a random string in your head and write it down for safe keeping.

i agree with dan...just pick some letters, numbers and symbols at random and write it down in a little book. do not waste money on a program...can you be sure this program is legit and not sending info back to the collective?

[Jessica Pierce-LaRose]

I don't think it's as hard as you are making it. Pick something in your life that has meaning, maybe your first family pet's name. Then just add one number and one character to it. Like "Muffin5$". If you have to change it, change it to "Muffin6$", "Muffin7$", "Muffin8$". Or make it "5$Muffin5$". Doing that, you'll be pretty darn safe.

Those types of passwords are going to be fairly quickly cracked by anyone using tables. Some of the Ars Technica articles I've linked in the past threads (like this one ) discuss this a bit.

Again, this is not really an issue for things like forum accounts, etc. - provided you aren't using the same password for your email account, or banking accounts, or other accounts. Honestly, the major hacking to be concerned about as an individual is via shoddy security on the sites end, not yours. If some forum has lax security, because they don't think there's anything of value there (and their probably isn't) but a hacker is able to get ahold of all the password information for that site, a large number of those people are apt to have the same password for their email accounts. From there, they've got a good snapshot of info on you, and a chance at getting into banking or something else. More likely, they'll be using those password/username combos at other places, trying to get to somewhere (an iffy online retailer, etc.) that has your credit card info saved. That's usually the final target, in my understanding, for these types of hacks - getting credit card numbers, which are sold in bulk numbers to other crooks. If you're not a high-profile target, (you have access to gov't or corporate secrets, you're a diplomat, etc.) just a schmoe, the two things that nefarious folks are probably looking to do is get your credit card number, or make your computer part of a bot-net.

At the end of the day, your credit card issuer should protect you from all fraud, (i.e., you won't be liable) assuming you report it if you catch it before they do. I only use credit cards, not debit cards online, because being without my credit card while things sort themselves out might suck, but having my actual money tied up for any period of time would be a hassle.

Again, using two-factor authentication on websites you care about (banking and email, and anything that stores your credit card) goes a long way. Simple passwords for things that don't have sensitive info (like SMC) provided they aren't the same as other places is probably fine. Using different email addresses for things that involve money and everything else is a good idea.


Ars also has a good article on getting started with password managers:
http://arstechnica.com/information-t...sword-manager/

But even Bruce Schneier says writing down your passwords is a find idea. The only trick here is to continue to use hard to crack passwords where needed.

[Scott Shepherd]

Joshua, thanks for that link, I guess I missed it completely earlier. That was an astounding thing to read. It's just changed my entire philosophy on passwords.

I was amazed while looking at the screen shots of cracked passwords and how so many of them followed a pattern, a pattern that would surely be easy to figure out.

Looks like the use of my Mac's password manager is about to get stepped up. Different, random password for every single site that requires a password. I'm not sure you can do much more than that.

[Moses Yoder]

Thank you for lots of good info so far. I normally stay logged in to forums. Does this make it easier to get the password? And the other question, does it really matter if someone hacks my Sawmill Creek password so long as I am not using the same word for everything?