Instructables
Picture of Family Password Security
There is a lot of advice about passwords and security on the web, but no one system is perfect for everyone because everyone has different needs and risk profiles.  This is my system, and it works great for my situation.  Some friends have asked about it, so I'm sharing this Instructable. Even if your goals don't quite match mine, you may find some useful techniques, so read on...

I'm assuming you already understand something about passwords, like the fact that "12345" an anything in the English dictionary are terrible choices for a password. I don't delve much further into cryptography or security theory, because it would take too long, it would be distracting, and mostly because I'm not an expert in that field (hopefully you will see that as a plus, since otherwise I would spend the whole time scaring you).  

The basic problem with passwords is that if you have enough strong passwords to have adequate security for all your different web sites and other situations, then it is difficult to remember them all. Solutions like writing them down or storing them in a spreadsheet solve those problems while introducing a host of other risks.  In addition to the obvious security holes, keeping that information up to date can be a bother. 

Now that I have a family, I realized there are other needs too.  I handle most of the family finances, but if I am hit by a bus, whether I survive or not, how will my wife figure out all the stuff needed to take over? Less important but more common, if my wife gets a new frequent flier number and password, is there a good way to share it so that either of us can access it when needed? 

If my laptop is stolen, or my house is burglarized, am I going to have to change all of my passwords?  If you are starting to catch my drift, you can see that the first step is to think about  your risks.  While most people are affected by the same risks: burglary, malware, injury, stupid mistakes, natural disasters, some situations may be more important to you than others, so it's still worthwhile to give some thought to your specific concerns.

Most of this is not terribly new; many people already use a password database stored on the cloud, but I haven't seen much written on how to share it securely.  Even if you don't need to share your passwords with a family, you will probably still find some or all of this system to be useful. 
 
Remove these adsRemove these ads by Signing Up
TheHawkeye3 years ago
Contrary to your statement in the first step about real words being poor choices they provide a much more easy to remember solution that takes more time to brute-force. See xkcd Password Strength.
password_strength.png
So your going to base your argument off of a web comic? really. correct horse battery staple is simple to remember, and easy for a computer to guess.
You can use a dictionary based brute forcer and get that within probably the hour. that gibberish thing, will take much longer as long as its upto 256 AES standards.
Remembering it isnt that hard either, repetition is the key
its explained IN THE COMIC why its hard to guess.

as for the comic bit, Randall, the guy that makes that comic is known for backing up what he says.

and for my passwords, i use a sentence about passwords, followed by gibberish.
WiringHarness (author)  TheHawkeye3 years ago
Sure, Kiteman had already mentioned that comic so I had put it into step 5, but that system only works for a couple of passwords. I have 148 passwords in my KeePass database and many of them were chosen by other people. That strong passphrase method alone is just not going to get the job done.

My work password is absolute gibberish, but since I type a few times a day, I don't have any problem remembering it. It's the other 147 that became the problem.
protecting passwords... just dont piss off /b/ or any other hacking site or people
WiringHarness (author)  archieburden2 years ago
Too late. Al Qaeda already hates you. And they could use some extra cash.
aren't you a bright ray of sunshine? and yeah its all those hardworking arabs that need the money. not the USA no sirree they owe noone nuffink.

theres pills for paranoia you know ... only mostly they will increase your brains overall succeptability to it and temporarily cut the symptoms, so if you ever stop buying and taking their drugs, you'll have no options left other than to kill yourself.

we all gots to make a living. specially those pharmaceutical companies.
techboy4112 years ago
Well...................your sys is a bit silly but ok
robby-now2 years ago
i think people read this so they could hack passwords not understand them sry only read pg 1 (first step ) too lazy next time get 2 the point
lemonie3 years ago

You worry too much I think. Do you spend money on the internet with credit-cards?

L
WiringHarness (author)  lemonie3 years ago
It's not paranoia if they really are after you.

Hmm I suppose so, keep avoiding "they"!

L
DIY-Guy lemonie2 years ago
Some people may not worry enough considering the reality of mass identity theft.
I wish I could "like" that comment.
fazgard3 years ago
Great concept and well written / researched.

In the digital world we live in this is only going to expand in complexity - and I like your take it.


I've got to delve a bit further into it for my family, it is important if I (or my wife) get 'hit by a bus - it would be better to have a system like this in place in order to be able to keep paying the bills..
Kiteman3 years ago
You don't need special hardware or software to manage your passwords if you pay attention to the way you create your passwords in the first place.
WiringHarness (author)  Kiteman3 years ago
Fun comic! I will add that to step 5.

Ok, now make twenty of those pass-phrases, and share them with your wife. Use one every two weeks, two others once a month, and don't use the rest for a year. How many did you remember? How many did she remember?
I only use one online financial site, that is not connected directly to my actual bank account.

It's been secure under the same password, written nowhere, filed nowhere, stored nowhere except our heads for over a decade.

My actual banking has always been, will always be, in person, by signature on hardcopy.

That means that, in the event of a disaster, my (currently under-age) children can get at the family finances without being faced with dozens of unguessable passwords.

Leper3 years ago
Any credit card that is serviced by CitiBank behind the scenes gives you access to one-time credit card numbers (They call them "Virtual Private Numbers", or something like that.) You use your (strong) password to log on to the bank's web site, and ask the bank to generate a number and CV2 code on demand. This number is automatically limited to a single vendor for one month and can optionally be limited by dollar amount or longer period of time (up to 12 months). I've had good results using this everywhere except Amazon.com, where there are sometimes multiple vendors behind a single transaction. This seems like a reasonable way to mitigate the risk of the vendor's system being compromised. It doesn't help when the bank's system is compromised (which does happen, but if it does the bank will blast old number and send you a new credit card.)