Author Topic: OPSEC: Layered Digital Security and passwords  (Read 12935 times)

Offline Docwatmo

  • May Ignite Spontaneously
  • Administrator
  • Survival Veteran
  • *******
  • Posts: 8828
  • Karma: 266
  • The Prepper Rising from the Ashes
Re: OPSEC: Layered Digital Security and passwords
« Reply #30 on: August 19, 2011, 09:55:22 AM »
LOL,  Yeah, its a catch 22 for sure.

I use a system with the pas-phrase similar to what amerigo was talking about.   However I make up my own pass-phrase and go from there.


An example of a system similar to what I do is this.

I create my own pass-phrase.  For example.  "docs wife is a wonderful lady"  then I choose a set of letters, either the first and last letter of each word or the first 2 or the last 2 etc, etc, however, if a word is 2 or less characters it gets skipped)  in this example we'll use the first and last so the beginning is  "ds we wl ly" (keep the spaces) Then I add a symbol in the first 2 spaces,  in this case we'll add the @ and $ (I always use 2 or more, but 1 is generally sufficient).  so now we are at "ds@we$wl ly"  now I pick a system of capitals that is entirely my own.  could be ever 3rd character is capitalized.   so now we have "ds@We$ws ly"   Now I need numbers to round it out to 14 characters.   This is the easy part.  Pick something you like.  say car engines.  350 or 400 etc.   And add them together to make a number that rounds out the 14 characters.   (This is so you don't fall into the dictionary trap if someone uses a dictionary of car terminolagy).  So in this case, I'd add the numbers 302 and 400 together for 602.  So now my password is "ds@We$ws lv602"  The secret to this is to now memorize the sections that make up the password (Which you can always work out in your head slowly if you do forget the password)  and just make a couple minor changes for using the password in other places. 

1.  Gmail would be "ds@We$ws lv602"
2.  hotmail would be "ds@We$ws lv599"  (350 + 249 (249 being the engine size of my first motorcycle for 599 ))
3.  Bank login would be "ds$We@ws lv602  (Just swapped the two symbols

etc, etc, etc.   By the time you get done, you will know your system very well and even if you completely forget your password for something you haven't used in a long time.  Since you know (only in your head, not on paper anywhere) how to generate your own passwords, you can "determine" your own forgotten passwords pretty easily.

I've used this type of system for years now.   Its really simple to remember (because its all personal stuff) but damn near impossible to crack.

Also the beauty of it is, since its a system known only to you, you don't need to record passwords.  If the system is done correctly, you can keep dozens of passwords in your head easily.   I use 3 versions of this.  One for work stuff, one for personal stuff and one for stuff I do adhoc on other peoples machines.    I do keep an encrypted list of passwords, but I rarely ever open it (its on an encrypted USB Stick in a locked safe inside a locked vault at work)  except to add new passwords, as its easy to remember or determine the passwords with this kind of a system.  I know that the password will be one of about a dozen variations of one of those permutations.   I rarely have to try a password more than 3 times to find one I've forgotten with this system.

It is a lot of work up front determining your own system, but once you have it down.  It's easy to work with.

Offline inthego

  • Survivalist Mentor
  • *****
  • Posts: 762
  • Karma: 18
  • No man is free who is not master of himself..
    • My Biz web site
Re: OPSEC: Layered Digital Security and passwords
« Reply #31 on: August 19, 2011, 11:44:37 AM »
Seriously, do you have any suggestions for how to make 14 apparently-random characters easy to remember?  Because otherwise the user is just going to write them on a Post-It note, which is a separate security problem.
that is how I get most of the passwords I need to log on to new PCs is under the keyboard or taped on the monitor... 

just don't tell anyone, OK?
 :-X

Offline Amerigo

  • Survivor
  • ***
  • Posts: 126
  • Karma: 14
Re: OPSEC: Layered Digital Security and passwords
« Reply #32 on: August 19, 2011, 04:28:24 PM »
Will someone tell me if this is a stupid idea, or fairly secure?

I'm using a Mac (not sure if that matters).  I'm not a nuclear scientist with national secrets on my laptop, but I do have some sensitive documents that contain my social, etc.  I also do all of my banking, bill pay, etc, online. 

I have an Excel file with all of the websites I need logins for, the username for that website, and the password.  However, while the websites and usernames are displayed, my actual passwords aren't written in there.  I have a "standard" password, with slight deviations for those sites that don't allow special characters, require less characters, etc.  For example, if my "standard" password was "Oh63*1ip", then for most of the sites listed, I have written, "The usual".  Any variations on that say something like, "The usual, but with 8", letting me know that instead of the asterisk, I have the number 8.

That Excel file has a password on it, and then I have locked that down with TrueCrypt (along with those sensitive documents that contain identifying info).  My TrueCrypt password is over 20 characters long with all characters included. 

What are the flaws, if any, in my system here?  My laptop goes with me to a lot of public places like school, so it is vulnerable to theft, but if they can't hack that TrueCrypt file, I'm probably fine keeping a list of passwords on my computer, right?

Offline inthego

  • Survivalist Mentor
  • *****
  • Posts: 762
  • Karma: 18
  • No man is free who is not master of himself..
    • My Biz web site
Re: OPSEC: Layered Digital Security and passwords
« Reply #33 on: August 20, 2011, 05:04:36 PM »
Will someone tell me if this is a stupid idea, or fairly secure?

Fairly secure... You are doing WAY more that the average person by far.
If someone who knew security in and out and knew you and your background in & out then your under the safe line. So unless
the NSA or other Govt. agencies are gunning for you with a vengeance your fairly secure.  8)

Offline hanzel

  • Survivalist Mentor
  • *****
  • Posts: 319
  • Karma: 19
    • Prepper Living
Re: OPSEC: Layered Digital Security and passwords
« Reply #34 on: August 20, 2011, 06:02:39 PM »
Will someone tell me if this is a stupid idea, or fairly secure?


Only flaws I can see would be the encrypted vault becoming corrupt and you dont have a backup ( drive failure ), you forget the main password ( lets say the wife accidentally hits you over the head  with a rolling pin while learning to make home made bread  ).  One "flaw" to look at is how the "normal" password was created.  Coming from years of desktop support ( meaning users have giving me tons of user names and passwords ) once I have been in your office and know what your password currently is, I can made a good guess of what you will change it to ( the passwords you pick will reflect your reality and your office will leave clues ) .  You may will to try picking a new "normal" password via some on line program to randomly pick it for you and your add on from there.  Two passwords never to use are your wifes birthday or your anniversary, you will lock your self out in no time.   ;)