Safe way to list passwords on a computer

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Is there a relatively safe way to store a list of passwords and
sign-up info on a computer?  I have no reason to think that anybody
would be interested in me or what I do, and from all the tests I've
run, at places like GRC.COM, my firewall is doing a swell job of
keeping me in stealth mode.  Computers are great tools for organizing
and that's the temptation:  I want to organize my scads of user names
and passwords to gain entry to various groups and email accounts.

I'm not interested in buying a new program, and already have the
typical office programs like various word processing programs, Excel,
and  Access.

Maybe encrypting some files would do the trick?  I've never done that.

If you have some suggestions, please postum.  As I said, my stuff
isn't important to anybody really (except someone who just wants to
mess with me because they can) and I have no reason to think that my
computer security has been violated.

Re: Safe way to list passwords on a computer

Quoted text here. Click to load it

For stuff that isn't too sensitive, I have a file that I encrypted with
GnuPG on my disk. It works just fine, as I tend to remember the
passphrases for accounts I use often enough to get worried about the
bother of GnuPG.


Re: Safe way to list passwords on a computer

Quoted text here. Click to load it

There's a large number of "password holder" programs out there which will
store your other names & passwords under a single master password.   They
vary widely in extra features (e.g., whether you have to cut and paste or
the program does it for you automatically).

The grand-daddy of them all (although I don't know how it stacks up in the
features department) is Password Safe, written "under the supervision of"
Bruce Schneier (he's done a code review, I guess).  It's free too!


Re: Safe way to list passwords on a computer

Some of these programs hold both your password and the url it goes
with. Combined with disc encryption, it's pretty secure and gives you
the type of organization you want.


Re: Safe way to list passwords on a computer

Edw.Peach wrote:

Quoted text here. Click to load it

First I have to deal with a bit of a pet peeve. Sorry.

Dropping packets (stealth) might look appealing at first glance. What's
not to like about being "invisible", right? The problem is you're not
invisible at all, and in some cases you might be even MORE visible than
someone who replies according to RFC standards. By dropping packets you
can actually stick out.

For example, an attacker might spray echo requests across a block of IP
addresses and ignore "host unreachable" replies because they are the
standard response to pinging IP addresses that simply don't exist. But any
echo requests that seem to fall off the end of the Internet are a good
sign someone is using "stealth". Bingo! Start hammering on ports at this
"invisible" address and sooner or later something might give. :(

There's other similar disadvantages to so called "stealth", but enough of

Quoted text here. Click to load it

The two current de facto standards for file encryption are PGP and GnuPG.
They're very similar versions of the same basic principals. They even
"talk to each other". Files and messages encrypted with one can generally
be decrypted with the other and visa versa.

PGP is probably your better bet for novice users on Windows platforms.
It's notably less "geeky", and a wide user base means easy access to
problem solving information. GnuPG undergoes more scrutiny from the open
source community, and is arguably more trusted because of this "openness".

PGP is also open source, but laying hands on that source code is a bit
harder and most versions include a pretty GUI that bloats the code
considerably. It also comes in both free and paid versions, which may or
may not include features you want or don't want. GnuPG is command line
only, but a number of good "front ends" exist that make it more than
usable. It's also completely free in its full version. Here's a couple
starting points...

 PGP /


And another outstanding resource...

That should cover "standard" file encryption throughly enough, and to be
honest either one will give you what you want and more, including the
ability to send secured email, digitally sign files and messages, and
verify signatures on others' messages.

If you don't give a hoot about that stuff and you're a Windows user, you
might want to consider a free "password manager" that keeps your account
information stored in a password protected, encrypted file. Much like
using the two suggestions above, but with a fancy, "dedicated" user

They can also offer some advantages like one-button copy to clipboard for
login and passwords, clickable links to your accounts, and automagical
clipboard clearing when the program is terminated or minimized. The only
two I have any personal experience with are Password Safe, and PINs.

Password Safe is the brainchild of none other than encryption guru Bruce
Schneier. This carries lot of trust value with most people, including

PINs is also open source freeware, and a little more "pretty" if memory

In my opinion either one of these it *probably* the quickest and easiest
solution to your problem, but going with PGP or GnuPG, while a bit more of
a broad and "complex" solution, would be more ideal in the sense that if
you did decide you needed or wanted more or different types of security
they're right there at your fingertips. The trade off is the learning
curve. You'll have to deal with new concepts, while the two "password
managers" are going to be relatively intuitive.

Just my $.02.

Re: Safe way to list passwords on a computer

Thanks for the responses.

Okay, I'm not safe online.  Nobody is.  I just don't do anything or
have anything that someone would desire, other than use of my computer
resources if used in a DOS attack or something along those lines.  

I'll have to investigate these options and see what might be best for

The only bad thing I can see is if someone does compromise my security
and finds encrypted files, they might think there's something
worthwhile there.  LOL.

Re: Safe way to list passwords on a computer

Edw. Peach wrote:
Quoted text here. Click to load it
There is a open source package called password safe that uses MD5
encryption for passwords, has a random password generator that can be
set to various parameters.  Double click stored sitename to paste
password into memory, then paste in site.  It does require the password
safe password on access (only once till closed).  I have used the older
1.7 version and it has been stable.  I have never upgraded since it met
my meager requirements.  Simple tool to use. /


Site Timeline