Passwords on Cell Phones

[dvd1955]

Does anyone know if there is a truly secure app to store passwords on an android phone? I'm wanting a way to have some key account info with me without having to carry my little black book of passwords around. Things like health insurance accounts, INGO account , and others.

Thanks

 

[Tyler-The-Piker]

don't forget the password to open the file with your passwords in it

 

[lizerdking]

Password security tip. Don't use passwords, use passphrases. The way I keep track of them is either an acronym or something that'll trigger the phrase in my mind. Also something to trigger the username (they tend to differ). Security tip Two, never reuse your passwords across accounts

Say I had an account at Bank of America, username is TomGreen (if your name was Tom Green ), and the Password is SmallMcdonaldsShake.

I would have that have it written down, as BoA/firstlast/SMS.

I have just such a list stored securely on paper and in my wallet which is less likely to be hacked than a phone...

Even if a wallet finder/mugger found that list, good luck...

 

[pudly]

LastPass and KeePassDroid are two good options with a lot of users and high ratings on Google Play. Both are multi-platform, so you can sync them with the equivalent tool on your desktop/laptop.

There are a few differences, with the most significant being: LastPass has a robust cloud/sync setup and is a commercial/closed-source app. KeePass is open source and does not have the same kind of cloud/sync support. You would need to do your own manual sync setup.

 

[phylodog]

I've been using SplashID for a couple of years now with few complaints. I can't get it to sync all of the data to my Macbook but other than that it works great. I believe I used it on my Droid before I switched to iPhone.

 

[Tactically Fat]

One thing you COULD do is to save it all to some kind of document and then save that document inside an email on an email account. Like a Yahoo acct. or Hotmail.

When you need access, you open a browser and then sign into the email -access document. However, you MUST SIGN OUT in order for it to be secure. Don't use the email program's app to access - unless you have it sign out upon exit.

 

[dvd1955]

I would be concerned with using an email account to store passwords, even as an attachment - seems those can be hacked.

Not really concerned about syncing to anything - pretty tough to sync to a handwritten little black book! I will look into LastPass and Keypass and see if the sync function can be disabled.

I think lizerdking probably has the best idea of what would work for me. I do code the passwords in my little black book, maybe I should just copy them onto a single sheet of paper fold it up and keep it in my wallet. I just need to remember to keep it up to date as some of the sites I use require new passwords occasionally.

Thanks

 

[lizerdking]

One thing you COULD do is to save it all to some kind of document and then save that document inside an email on an email account. Like a Yahoo acct. or Hotmail.

When you need access, you open a browser and then sign into the email -access document. However, you MUST SIGN OUT in order for it to be secure. Don't use the email program's app to access - unless you have it sign out upon exit.

My heart started beating rapidly after reading this. This is the opposite of what you should do. NEVER do this. If you are doing this, delete that e-mail, then go and change all your passwords. Now. Not tomorrow. Now.

Security is everyone's responisibility, get educated.
https://blogs.mcafee.com/consumer/15-tips-to-better-password-security/

Then try some test passwords vs passphrases, have fun with it. Length matters. Try typing that passphrase I used as an example, then try tying something similar to yours.
https://howsecureismypassword.net/




To expand on my earlier sheet of paper that i use... I type it out in a text document. I shrink the font down small, like 4pt small. Then print it out, cut it out so it fits nicely in a wallet, and poor mans laminate it with tape.

 

[BugI02]

Does anyone know if there is a truly secure app to store passwords on an android phone? I'm wanting a way to have some key account info with me without having to carry my little black book of passwords around. Things like health insurance accounts, INGO account , and others.

Thanks

NOTHING web enabled is 'truly secure'

 

[AngryRooster]

I have a friend that uses the make/model/caliber/SN of his EDC for passwords. Always has access to it, and helps him remember his SN if ever needed.

Something along the lines of S&W-M&Pc9mmABC123. He uses it across a few places though.

I use KeePassX on my Linux system and have been happy with it for years. I've not tried the android version, I didn't know it existed. Guess I'm off the the play store to give it a try.

 

[pudly]

I have a friend that uses the make/model/caliber/SN of his EDC for passwords. Always has access to it, and helps him remember his SN if ever needed.

Something along the lines of S&W-M&Pc9mmABC123. He uses it across a few places though.

Reusing passwords is a big no-no. That is a well known problem. Once someone's account get's hacked, it is common to try using that same password on Twitter/Facebook/other major sites to see if it is also used there. It also means that if you hear that one site has been hacked and you have to change your password, you will have to remember to go to all sites that use that password and change them as well.

 

[phylodog]

I would be willing to get micro-chipped if it meant that I never had to come up with/remember/type in another password as long as I live. It's to the point now that apparently you don't run a real business until you require people to have a password. It won't be long until I'll need one to order a #9 with hot peppers at Jimmy John's.

I've got about 17 different passwords for my work computer. None of them expire at the same rate, none of them have the same requirements. I do have to admit taking great pleasure in creating passwords full of expletives and usually including the name of the software company or business. I sincerely hope that someone at those companies looks at the passwords people use.

 

[pudly]

I've got about 17 different passwords for my work computer. None of them expire at the same rate, none of them have the same requirements. I do have to admit taking great pleasure in creating passwords full of expletives and usually including the name of the software company or business. I sincerely hope that someone at those companies looks at the passwords people use.

An understandable frustration. I have over 100 total, which is why I use a password manager. The majority are long and random and they are all unique.

Expletives are not uncommon in passwords. Here is a link to a word cloud of the most common passwords (250?) collected from various hacks and there are a good number of such words scattered around. The most common passwords found are pathetic: password, 123456, qwerty, etc.

PS- If the companies are handling passwords properly, they store it in an encrypted form rather than as plain text, so they couldn't read your password if they wanted to.

 

[AngryRooster]

Reusing passwords is a big no-no. That is a well known problem. Once someone's account get's hacked, it is common to try using that same password on Twitter/Facebook/other major sites to see if it is also used there. It also means that if you hear that one site has been hacked and you have to change your password, you will have to remember to go to all sites that use that password and change them as well.

I've tried explaining that to him. He at least doesn't use the same one for his banking and critical things. I think it's just mainly forums and social sites.

I would be willing to get micro-chipped if it meant that I never had to come up with/remember/type in another password as long as I live. It's to the point now that apparently you don't run a real business until you require people to have a password. It won't be long until I'll need one to order a #9 with hot peppers at Jimmy John's.

I've got about 17 different passwords for my work computer. None of them expire at the same rate, none of them have the same requirements. I do have to admit taking great pleasure in creating passwords full of expletives and usually including the name of the software company or business. I sincerely hope that someone at those companies looks at the passwords people use.

Once at a factory I worked in several years ago we had to have a password in order to clock in/out and do labels etc. on the workstations. The security guard was the one who set us up in the computer. No idea why it wasn't personnel dept. Anyway, when he set us up in the system he looked up and asked me what I wanted for my password. I got up to come around the table to type it in. He said, just tell me, I won't remember it anyway. There were only 20 of us standing there waiting to get set up.... Oh yeah, your user name was: first name-last name for everyone in the company.

 

[PMR]

What I'm using is either Keeper or @Keeper, it's a freebie or you can go with a pay sync, either way it can be set to self destruct after five missed attempts of logging into it.

 

[BugI02]

I would be willing to get micro-chipped if it meant that I never had to come up with/remember/type in another password as long as I live. It's to the point now that apparently you don't run a real business until you require people to have a password. It won't be long until I'll need one to order a #9 with hot peppers at Jimmy John's.

I've got about 17 different passwords for my work computer. None of them expire at the same rate, none of them have the same requirements. I do have to admit taking great pleasure in creating passwords full of expletives and usually including the name of the software company or business. I sincerely hope that someone at those companies looks at the passwords people use.

As you say, this is becoming more and more common as is wanting you to set up an account. I had to set up an account to buy a small part for one of our vacuum cleaners! My theory is that in a normal Visa/Mcard transaction they're not allowed to capture info about the card/card holder, but if they make you set up an account they can. And of course events show just how (not) much security they keep your cc account info under.

 

[bwframe]

LastPass and KeePassDroid are two good options with a lot of users and high ratings on Google Play. Both are multi-platform, so you can sync them with the equivalent tool on your desktop/laptop.

There are a few differences, with the most significant being: LastPass has a robust cloud/sync setup and is a commercial/closed-source app. KeePass is open source and does not have the same kind of cloud/sync support. You would need to do your own manual sync setup.

LastPass now offered for free on mobile devices, but there's a catch - TechSpot

 

[bulletsmith]

I have been using lastpass for a few years now. Encryption is pretty robust, good track record. You can load it on any computer or phone. Encrypted file is stored on your device and on their cloud.

 

[Hop]

I've used LastPass for a long time and finally went with the paid version.

 

[david890]

There's an encryption method called "Double Transposition" that you can use. You'll have to do it long-hand, which isn't necessarily bad in our wired-up environment.

The procedure is this:

1) Select two 5-letter words; they can use the same letters (LABEL) if you wish. For example, we'll use LABEL MAKER (a nice, easy phrase to remember).
2) Write your password or message under those 5 letters. So, for example:

L A B E L
M Y P A S
S W O R D
I S T O M
A T O

(My password is "Tomato"; spaces have been omitted)

3) Beginning with the 1st letter of the alphabet, go down the column under that letter and write it under the 2nd key word ("Maker" in this example).

So, under "A" in "LABEL", I see "YWST". Write that under "Maker" as such:

M A K E R
Y W S T

Under "B" in "Label", we see "POTO", so we now have:

M A K E R
Y W S T P
O T O

Continuing on with "E", then the first L and finally the 2nd L, you end up with:

M A K E R
Y W S T P
O T O A R
O M S I A
S D M

4) Going down the column of the 1st letter found in the alphabet, "A", then "E", then "K", "M" and finally "R", my encoded message would read as "WTMD TAI SOSM YOOS PRA"

The nice thing about this method is that it's easy to use, and you can use pretty much any words you wish for your 2 key words. Use your first and middle names if they are 5 letters. If you're communicating with someone, you can use the first two 5-letter words in a given passage of a chosen book. Only you and your target know which book it is, but the Bible is too obvious so don't use that. You can ID the page and paragraph of your chosen book openly, followed by your encoded message. The only way to crack it would be to know the chosen book!