Mom just put a nice post on before this but it has been over a month since I provided an update. In addition to
the holidays, we have had work done on the front hall, our deck redone and repair and painting of our siding. I painted the large game room up stairs
and Carol and I painted our master bedroom, bath, and dressing rooms. It
has been a busy few weeks. In addition, I AM STOKED, TURNED ON, ENTHUSED,
PLEASED. (this means obsessed with some new gadget) I have been researching an option to finally
deal with one of the few, nagging, frustrating and ongoing issues in my
life. .. no..not Obama, not the stock market, not the plumbing, not the dogs..
but keeping track of website urls, logon
names and passwords.
Now I am quite sure that others of you have very little trouble
with such things, and even though I consider myself a rather “with it” septuagenarian and technologically savvy, I have been
using a stone age, brute force, luddite thinking approach to password
management.
Since we have both been active on our computers for more than 20
years or so, I have accumulated an Excel spread sheet with 6 pages of various
log on names, passwords, URLs, etc, etc..
I don't keep it on paper around the house, but have handled the security
of it by encrypting the Excel file (with an old XP program) and keeping it
backed up in several places. Not the best, but better than post-it notes
on the mirror. I had just never taken the time to understand the various
emerging "password manager" programs, and had not gotten comfortable
storing my data "on the cloud" for the government to peruse. This picture shows my BEFORE way of storing passwords.
This
has worked OK, but is a hassle in that every week or so, I have to decrypt the
file to update it or look something up or add a new entry. Then I have to
re-encrypt the modified file, and then use a program to “wipe” the deleted previous
unencrypted file. And I usually print
out part of it for immediate use which I then have to shred. Thankfully I am retired and have little
better to do at times.
The event that got me “moving” on this problem, (in addition to
the liberal dose of Metamucil I take each morning for cholesterol control) was
the Target credit card info hack last week. We
have most of our retirement assets in Fidelity, Schwab, and a couple of banks;
only protected from the bad people by a few somewhat obvious log-on names and
passwords. A really secure password needs
to be a random mix of at least 9 letters, and numbers and special characters
like ~ and ^ and changed frequently. Of
course this also makes it impossible to remember and equally difficult to type,
even with bifocals freshly cleaned. I am
not really worried that someone will find my spread sheets or guess my
passwords, but I am worried about some adolescent from Geekastan downloading
200,000 accounts and related info from one of the financial institutions,
cracking the passwords with computers running for a week in his barn, and then selling
the info to the Nigerian Mafia. Thus, I
want to have really strong passwords, different for each account and changed
frequently. The spread sheet approach
will no longer handle that; especially the changed frequently part.
Now, if none in the
above two paragraphs applies to you… read no further. You must really have your digital “stuff”
together. So at this point in the blog you
have been updated on what Ma and Pa Bennett have been doing. All is well here. You can go back to Bejeweled Twits, Candy Crackers, or
whatever else is important to you. However,
if your interest or concerns are tweaked a bit… read on.
=================
After a few early mornings reading posts, reviews, etc… I have
settled on a free (made a donation) password management program for Windows
called KeePass. There are a number of good ones out there (Lastpass
is one) but this seemed like it would do what I wanted. It looks very much like moving files around as
one normally does in Windows. It was a
quick and straightforward download, and I now have it on all of our computers,
as well as Carol’s tablet and my smartphone.
It creates a database that is encrypted and stored on your own hard
drives. While Carol and I could each have our own database, it makes more sense
to maintain just one database file that we can both access and modify as
needed. I accomplish this by having the
database file stored on our DropBox in a folder we “share” so both have access
to. So it is in the cloud, of sorts, but at least it is my cloud and it is
always encrypted by the Keepass program and we can get to it from any place
with internet. As you would expect, it is opened by one complex master
password, but one we can both remember.
A link to a two page Consumer Report article from 2012 which
discusses this subject may
be accessed by clicking HERE
A link to a review comparing Keepass to Lastpass may be found HERE
I am not “pushing” this program, but having used it for a week or
so and I am certainly satisfied with it. If you have an interest, I have created a
separate PDF file “Handy Sheet” with pictures, screen shots, etc.. and an explanation
of how one uses the program. I did this
for Carol, but thought it might be useful to others of you. . You
can open and read/download the file by CLICKING HERE
Late Note: believe it or not, while I was working on this I got three text fraud alert messages from Chase bank on my Visa credit card. Each between $300 and $900 on various clothing stores it seems. I called right away and stopped all three. Now I get to use my new program to enter the new credit card number and password in various things when the replacement card comes.
