IME Thumb drives go bad every few years, but you should be able to tell when you can’t back up to them anymore. I use thumb drives for backing up everything I have at work (regular documents and QuickBooks). I like it over external drives because I just keep it in my coat pocket or car so it’s if there’s a fire it’s not at work (usually). But I do try to remember to get a new one every other year or so. Luckily, I can get one that’s large enough (and physically small enough to carry around) for $10 or $15.
For me, it’s capacity. I have a lot of really big art files. Some Photoshop docs (psd) that are over 200 mb. I also keep multiple versions of things so I can edit in the future, reuse stuff, go back to earlier iterations if the client wants to, etc. Whenever I’ve done a delete/purge because of space, I’ve had it bite me in the ass. I have about half of each 1.5 T drive filled.
My father, who works in IT on a college campus, informs me that thumbdrives and flash drives in general tend to go bad faster the more often you write to them, particularly if you’re overwriting older data. Just FWIW.
I recently started using LastPass, and I love it! I also have it installed on my iPad and iPod. Since it’s locally stored on my desktop computer, I’d like some input as to what password to use to log into Windows on startup. Should I use my same Master Password?
A old style rolodex or address book is great for having them written down and they can be put in a safe.
I’d say yes, except: if someone gets physical access to your computer and cracks (or otherwise knows) your Windows password, then they would probably try that as the LastPass master password as their first guess - then they have access to everything. Obviously that’s mainly an issue if you have that written down somewhere a thief might find, or if there’s someone in your household who might be untrustworty.
Maybe some mnemonic that you might figure out but an untrustworthy housemate is less likely to, to use as a variant - e.g. MyWindowsPassword for Windows, MyWindowsPasswordFirstGradeTeachersName for LastPass or something.
I am using a password manager called LastPass. But the thing is, I don’t really trust it because it seems to me that if all my passwords are retrievable using only one LastPass password then somebody only has to crack that one password to get access to all my other ones.
Obviously this must have been considered by the folks who make password manager software, but I don’t understand how. What enables a password manager program to be secure?
I think the point is that it’s secure compared to the alternatives, like writing them all down, or giving up and using easily remembered and insecure ones.
The bad guys have to:
- Gain access to your LastPass files
- Hack the password.
To gain access, they have to either hack into whatever cloud storage you have it stored under (if appropriate), or gain physical (or remote, via keylogger / trojan) access to one of your devices. They’d have to figure out the master password just to decrypt the files, as well.
So there’s two levels of security right there. I don’t know how common it is to have cloud storage hacked without someone knowing your password - certainly social engineering can play a role in letting someone get into your gmail or whatever (as one writer found!) in which case you can be really screwed no matter how you’ve safeguarded your passwords.
So: obviously “safest” would be to have the information on a local machine which has no internet connection. And a strong master password, so that a casual thief couldn’t get into your files.
But there are tradeoffs of convenience versus safety obviously.
No. Use a separate unrelated password for that. The master password for your password manager is critical - never reuse it elsewhere, and make sure any other passwords you make up yourself give no clues as to what it might be.
Thanks, I’ll come up with a different one for Windows login.
Here’s a site that generates strong passwords and a (challenging) mnemonic to remember them.
It seems as safe as a keypress to me. I don’t get the logic behind that either, but they’re very common.
Hmm so it looks like having a list isn’t that uncommon. Now I wonder how to store this list, preferably somewhere with multiple access.
What’s a keypress?
And what do you mean by multiple access? Something like one of the vaults which uses Dropbox etc. to sync the encrypted files to several devices?
You could mimic that, to some extent, by keeping a regular typed-in-word-processor document saved in Google Drive or Dropbox or whatever, and putting a password on that document. I don’t know if those are encrypted as well as the big guns password vaults like 1Password, mSecure etc.
Those locked boxes in offices that hold all the keys? Maybe they’re called something else in the US.
Yes, that’s what I meant. No point using a password manager on my phone if that gets lost.
Yep it’s in with our living trust…have to update though.
The way I see it, a physical list is difficult to keep updated, especially if it’s stored in an obscure location. Every time you change your password (and you should be doing this often) you have to change your list. It’s easy for your list to becomes obsolete.
Email is my only big one. I don’t stay logged into my mobile banking app and, while I would change Amazon ASAP, at least I could wrangle that out with the bank. With control of your email people could start requesting password resets from any number of places.
I heartily recommend the free application, Password Corral, which is probably the same thing as Keepsafe.
As mentioned above, you can keep the secure password file uploaded somewhere like DropBox for access anywhere.
Whenever I open a new account that requires a password, I open it up and add it. I’ve often had to refer to it for a forgotten password. Just yesterday, in fact, so my wife could use my paypal.
For accounts like forums, where there’s no money at stake and no big security risk, I tend to use one of two or three passwords, which makes it easier to remember. That’s a security no-no, but it’s OK for forums. If someone hacks my SD account, I’ll be devastated but I’ll survive. It makes it easier to remember. But I still log it in the list, and that saves a bit of hassle every now and then. I try two guesses, and then go to the list.