I keep my passwords in a text file, anyone else?

[GOW3]

I've been doing it in a text file for many years and just do ctrl f to find a sites password. I keep the text file on a separate partition away from windows, I signed up for roboforum trial i like it but i am wondering what you guys do for your banking passwords? Mine are so complex that copy and paste is the best way and i would not store them in a password manger regardless.

 

Been thinking about turning my text file into a more modern spreadsheet.

[Skiiwee29]

or, you could.. you know, use a proper secure method like oh say, a Password Manager App on all your devices like Bitwarden?

[FloRolf]

A password manager is definitely the better option. If you don't trust it fully, you can try "Peppering" (I think it's called). 

That basically means you just store your random 30 character password in the manager but before logging in you always add a personalized phrase (can be the same for all passwords basically, just don't write it down ever) at the end. 

So basically:

%!Rj£j%3qTL01KR9bxGuhPINEAPPLEPIZZA

 

 

Edit: a Passwordmanager also saves you from phishing attacks. When the website is called "facebcck.com" you might overread it, but a password manager won't. 

[emosun]

you can find an overly long txt file that already exists and hide it in that file. like a worthless readme file some where in the program files , then just change the extension to .bmp or something to break the file for anyone looking for something.

[GOW3]

30 minutes ago, Skiiwee29 said:

or, you could.. you know, use a proper secure method like oh say, a Password Manager App on all your devices like Bitwarden?

Do you put your bank login info in bitwarden? We thought lastpass was safe. I feel like any of these password mangers are a bigger target than a text file on my pc.

 

Have you guys heard of KeePassXC? Just wondering your opinions on it.

[Skiiwee29]

1 minute ago, GOW3 said:

Do you put your bank login info in bitwarden? We thought lastpass was safe. I feel like any of these password mangers are a bigger target than a text file on my pc.

 

Have you guys heard of KeePassXC? Just wondering your opinions on it.

I do have my debit/Credit cards in it, yes. Good thing about Bitwarden is its Open Source so it gets scrutinized by the community and attack vectors are usually identified (and closed) faster than closed source. 

[Spotty]

37 minutes ago, GOW3 said:

Mine are so complex that copy and paste is the best way and i would not store them in a password manger regardless.

Keep in mind if you copy and paste a password it will be stored in the clipboard history. Somebody without access to the password text file could still access any passwords you've copied and pasted from the clipboard.

[GOW3]

17 minutes ago, Spotty said:

Keep in mind if you copy and paste a password it will be stored in the clipboard history. Somebody without access to the password text file could still access any passwords you've copied and pasted from the clipboard.

That is true, i have a intel NUC that i do nothing on but bank and pay bills.

[GOW3]

19 minutes ago, Skiiwee29 said:

I do have my debit/Credit cards in it, yes. Good thing about Bitwarden is its Open Source so it gets scrutinized by the community and attack vectors are usually identified (and closed) faster than closed source. 

I need to give Bitwarden a try i hear so much about it is it related to vaultwarden?

[Skiiwee29]

2 minutes ago, GOW3 said:

I need to give Bitwarden a try i hear so much about it is it related to vaultwarden?

Vaultwarden is Bitwarden, written in a different language and is not an official bitwarden product, just a fork. 

[OhioYJ]

1 hour ago, GOW3 said:

Been thinking about turning my text file into a more modern spreadsheet.

Text files are pretty much universally accessible from any OS and hard to corrupt (at least to the point nothing is recoverable). Apps worry me (they definitely seem like targets), and I definitely don't want my passwords stored anywhere in the cloud to be compromised. 

 

The text file is fine, but it should be on an encrypted partition, or in an encrypted file container. Using something like Veracrypt is ideal for this as again it would make it accessible from any OS (in case something happens). 

[MidnightStars]

9 hours ago, GOW3 said:

I've been doing it in a text file for many years and just do ctrl f to find a sites password. I keep the text file on a separate partition away from windows, I signed up for roboforum trial i like it but i am wondering what you guys do for your banking passwords? Mine are so complex that copy and paste is the best way and i would not store them in a password manger regardless.

 

Been thinking about turning my text file into a more modern spreadsheet.

Use an encrypted drive, or encrypted folder.

And no, Window's BitLocker is not acceptable, it is easily bypassed by novice users. VeraCrypt is great.

 

Ideally, use LastPass, BitWarden, or any other password manager. I'm a fan of BitWarden. The company I work at uses LastPass entirely.

 

With your current method, it's easy for an attacker to simply *yoink* the file. Or if your device gets stolen, the drive only needs to be plugged into another device, and your drive's folders are accessible. User login not required.

[GOW3]

I have used VeraCrypt before it is what i use when i take my passwords with me on a long trip so i can still pay bills with a USB drive.

 

[GOW3]

10 hours ago, OhioYJ said:

Text files are pretty much universally accessible from any OS and hard to corrupt (at least to the point nothing is recoverable). Apps worry me (they definitely seem like targets), and I definitely don't want my passwords stored anywhere in the cloud to be compromised. 

 

The text file is fine, but it should be on an encrypted partition, or in an encrypted file container. Using something like Veracrypt is ideal for this as again it would make it accessible from any OS (in case something happens). 

 

It would not be the end of the world if someone got the passwords to my social media as i don't post anything and all my info is fake birthday etc

 

It's only the bank info i worry about maybe pen and paper is the answer for those accounts only or i could only keep half of the password in a text file and the other half on a post it note on my desk.

 

I have noticed a lot of these fast food places pizzahut for example don't even have a way to change your password in your account unless you do the forgot password option at sign in.

[Mark Kaine]

pen and paper is more secure tbh...

 

"but people could get access to that easily".... well yes, in theory,  but they wouldn't be able to read it! (or even make sense of it) trust me lol..

 

 

ps: after decades... i finally caved and use samsung pass on my phone,  but that's a nightmare in terms of transferring to a new (none samsung) phone ... i dont think its possible....  

 

hence i still have all my pws stored on an always offline laptop additionally lol...

[ToboRobot]

On 12/5/2023 at 7:04 PM, GOW3 said:

I've been doing it in a text file for many years and just do ctrl f to find a sites password. I keep the text file on a separate partition away from windows, I signed up for roboforum trial i like it but i am wondering what you guys do for your banking passwords? Mine are so complex that copy and paste is the best way and i would not store them in a password manger regardless.

 

Been thinking about turning my text file into a more modern spreadsheet.

if you write down the random part of the passwords, and keep part memorized, that's a bit better.

 

eg a password file with the following

 

username: example

password: 9i0o8u7y-P

and from memory complete the password with the end

eg
9i0o8u7y-Password

[Eigenvektor]

On 12/6/2023 at 2:05 AM, GOW3 said:

I need to give Bitwarden a try i hear so much about it is it related to vaultwarden?

Vaultwarden is a free re-implementation of Bitwarden's server. I self-host a Vaultwarden instance on a VPS. The good thing is that it's compatible with the official browser plugin and also mobile app of Bitwarden.

 

That's more secure than a text file and should also be less of a target, since it's not a big server containing passwords of thousands of people. Of course you still want to secure your server as much as possible and have multiple redundant backups. Losing your password safe sucks big time.