OK you have an OS crash and you lose all your passwords for online sites. Well firefox if I remember right has addons that store passwords online but then what if somehow that site is unknowingly hacked and your passwords are copied, kind of screwed then if the wrong person gets them and you do banking or something else.

Well I was just sitting there and I'd been trying to copy my passwords/usernames by highlighting and copying and firefox doesn't allow it "security I imagine" and typing up an entire document just seemed like a time consuming pain in the ass and then it hit me.

Open up your passwords window in options and click show passwords, now drag the corner of the window to make it big enough to see all of them "if still to small increase your desktop resolution and try again". Now when you can see everything easily just click your Print Screen button on your keyboard. Open Paintbrush or Irfanview or whatever image editor you use "some like photoshop you'll need to create new image first" and then just click edit and choose paste. You now have and image of all your passwords. Save the image to another partition, better yet another harddrive, or backup onto CD, DVD, ect. So next time you have to reformat you don't have to ask every site to email your passwords and usernames since you already have them and sure you have to retype them all into firefox again but they are at least safe and secure.

Sure there are other ways and probably better ones but when this idea popped into my head and let me backup in less than a minute I had to share it.

One of the addons I know that does this is Xmarks, although I personally don't save any passwords in my browser. I only use it to synchronize my bookmarks. Supposedly they encrypt all of the passwords on their server so without your PIN, it should in theory be difficult to obtain.

Personally though, I'm kind of a luddite when it comes to storing passwords. I don't store them on any of my computers. Though the means of various security exploits, viruses, spyware and rogue applications, it is generally possible for any information on your computer to be stolen by a third party. The sad truth of the matter is there is no such thing as any absolute security aside from removing all network connectivity.

I'm with VT-Vincent. The ONLY place I store passwords is on an encrypted thumb drive which I keep on my person at all times. It irks me to no end that browsers have 'store password' turned on by default so that idiots can just do it automatically without having to think about what it is that they're doing.

I'm with VT-Vincent. The ONLY place I store passwords is on an encrypted thumb drive which I keep on my person at all times. It irks me to no end that browsers have 'store password' turned on by default so that idiots can just do it automatically without having to think about what it is that they're doing.

Also, I've found that family members of mine that use automatic password storage/entry for anything inevitably wind up calling me at some point when some operation requires them to manually enter their password, and they can't remember it because it has been a while since they last had to enter it.

e.g. a phone call like:
Them: Hey, sorry, I'm at a friend's and I don't have my laptop with me, but I urgently need to check my email to find some info.
Me: Who do you haven your email account with?
Them: Um, Earthlink, I think.
Me: Ok, in the web browser on your friend's coomputer, go to...
*checks online for them*
... webmail.earthlink.net and enter your account info.
Them: It's asking me for a password.
Me: Well, yeah. Enter it in.
Them: What's the password?
Me: What? It's what ever you set it to; it's whatever you've been using.
Them: I don't remember what I set it to... On my laptop it just shows me my mail when I open whatsitcalled... um... "Outlook Express"?
Me: ... .... Er, yeah, that presents a bit of a problem...

:rolleyes:

I've taken to disabling password storage on their browsers and email clients.

Also, I've found that family members of mine that use automatic password storage/entry for anything inevitably wind up calling me at some point when some operation requires them to manually enter their password, and they can't remember it because it has been a while since they last had to enter it.

e.g. a phone call like:
Them: Hey, sorry, I'm at a friend's and I don't have my laptop with me, but I urgently need to check my email to find some info.
Me: Who do you haven your email account with?
Them: Um, Earthlink, I think.
Me: Ok, in the web browser on your friend's coomputer, go to...
*checks online for them*
... webmail.earthlink.net and enter your account info.
Them: It's asking me for a password.
Me: Well, yeah. Enter it in.
Them: What's the password?
Me: What? It's what ever you set it to; it's whatever you've been using.
Them: I don't remember what I set it to... On my laptop it just shows me my mail when I open whatsitcalled... um... "Outlook Express"?
Me: ... .... Er, yeah, that presents a bit of a problem...

:rolleyes:

I've taken to disabling password storage on their browsers and email clients.


Wow. I thought I had problems with the people computers I fix. You are a saint.

I use the store passwords function, but only on things that aren't particularly important. Other stuff (like my logon for here) are only stored in my brain.

I have 2 passwords. One for my OS, and the other one is for the internet. Both mean something important to me so it's hard to forget them.

I have 2 passwords. One for my OS, and the other one is for the internet. Both mean something important to me so it's hard to forget them.

So if someone were to set a forum such as this one to store your password in plain text (and that would be extremely easy to do) then the admin would have your password to your ISP *and* every website with which you have an account? What's your social security #?

I have 2 passwords. One for my OS, and the other one is for the internet. Both mean something important to me so it's hard to forget them.

I certainly have more than two, but I do try to keep some of my passwords the same across multiple services. It's just not possible to remember a unique password for every single computer and web service. Generally, I use unique passwords only for things that require a high level of security - such as my site and components related to it. All of my passwords though are created completely randomly and are made up of letters, numbers and symbols. For particularly critical passwords, I also throw in alternating case and place similar looking letter and numbers together. For example, if anyone were ever to by chance catch a quick glimpse of a password, one such as "kS5n0Od8Br_1l" might be difficult to grab at first glance.

I also think length is key, for critical passwords (such as the ones I use on my site and use to log in to all of my computers), I always use a password that exceeds 16 characters when possible. They take a while to memorize, but the odds of having one of them cracked are minimal.

So if someone were to set a forum such as this one to store your password in plain text (and that would be extremely easy to do) then the admin would have your password to your ISP *and* every website with which you have an account? What's your social security #?

My ISP gave me their own password, cannot be changed. I do not own a credit card. The password I use on forums, I use it only on message boards or e-mail accounts. My OS got it's own password.

I do not like the automatic logon. Since all my passwords mean something to me, it's easy to remember them.

The password I use on forums, I use it only on message boards or e-mail accounts.

Still, like InVerse was pointing out, using the same password for multiple forum and email accounts is risky. An admin (or any other person who may gain access to the info at some point) on one site can access your accounts on any other sites you are known or guessed to use.

Still, like InVerse was pointing out, using the same password for multiple forum and email accounts is risky. An admin (or any other person who may gain access to the info at some point) on one site can access your accounts on any other sites you are known or guessed to use.

These days, most forum software actually encrypts user passwords, which helps curb this slightly. Back in the day though, I remember when I ran a UBB (Ultimate Bulletin Board) on my site it actually stored all passwords in plain-text files.

Still, like InVerse was pointing out, using the same password for multiple forum and email accounts is risky. An admin (or any other person who may gain access to the info at some point) on one site can access your accounts on any other sites you are known or guessed to use.

I'm only registred here, on demonoid, mininova and hotmail. Except for hotmail, I wouldn't be too annoyed if one of my accounts get hacked. Never really gave critical information about myself on forums anyways.

These days, most forum software actually encrypts user passwords, which helps curb this slightly. Back in the day though, I remember when I ran a UBB (Ultimate Bulletin Board) on my site it actually stored all passwords in plain-text files.

That helps in terms of people hacking in and looking at stored passwords, but one is still left with the problem that an unscrupulous forum admin could still edit the software package to tell him all passwords that are submitted.

That reminds me-- every now and then, while logging into one website or another, I absentmindedly type in a password for a different site. When I do that, I sometimes change my password on the other site, just in case. I realize that may be a bit paranoid. =P

On the topic of passwords, one tool I found a while back might be of interest - SuperGenPass (http://supergenpass.com/). It takes an interesting approach to the problem of having a complex password. Obviously the longer and more complex, the better but everyone has trouble remembering them. Basically, what this tool does is take your "master password", which is basically a simple password such as "fluffy", then takes the site's URL (such as zophar.net), and using it's own algorithm creates a complex password based on the two. From there, you simply need to type the password "fluffy" into every site and it will decrypt your password using both the site's URL and your master password as ciphers.

They do recommend writing down the real password somewhere in case for any reason the program weren't available, but it doesn't seem like such a bad approach. The only downside I see to it is that you're dependent on the software for typical day-to-day use.

That reminds me-- every now and then, while logging into one website or another, I absentmindedly type in a password for a different site. When I do that, I sometimes change my password on the other site, just in case. I realize that may be a bit paranoid. =P

Wow, I have to admit that is quite paranoid. The biggest problem I see is a lot of people don't realize they aren't in the password field and end up typing their password in plain sight on the username box.