Allow Windows to Save Passwords or Not ???

[BuckSkin]

I have Windows 7 using Internet Explorer.

Every time I type in a password, a strip will pop-up across the bottom of the screen asking me if I want Windows to save the password.

I have always just X-ed away the box.

My questions are:

1. Are there any reasons why I should not allow my computer to save my passwords ?

2. What does saving the password do for me ?

I have had more than a few panicky moments while frantically searching through scraps of paper and the backs of old envelopes, searching for some password or other that I neglected to file away where I could retrieve it should I ever need it.

Just the other day, my wife was doing whatever these face-booking hippie women do and, in the process, signed me out of my e-mail account.

Just weeks before, I had made it clear that if I ever did get dis-connected from my e-mail, I had no notion as to what the password is nor how I answered the secret questions.

Thankfully, I found it scribbled inside a match-book cover that still had three or four matches intact.

Thanks for reading.

[Squirrel2014]

Hi Buckskin

I don't think it's Windows that saves passwords but your browser does. I've let Firefox store my passwords for years, although not for any financial stuff like credit cards etc. I haven't had a problem but as to the security of this I wouldn't like to comment. Having said that, I wouldn't have my passwords saved within my browsers if I felt it was too insecure.

As for keeping track of passwords, I use a very good, free download, Password Manager - KeePass. I generally put any new password into KeePass first and then I don't forget to store it - no way could I remember passwords! When I need to use a password, I generally open KeePass, copy & paste into the site. I seem to remember, a long time ago, that this was safer to paste it than typing your password in. Whether that still stands, I'd be interested to know.

I also keep a copy of the database, plus the exe file and others, on a usb flash drive which I can use on any other Windows machine, ie my laptop/tablet, or a friends etc (but clear the memory afterwards if someone else's machine

I'd be lost without it now!

KeePass - keepass.info/

Download - keepass.info/download.html - for the free version, for Windows, download version 1.29 (on top left, green download button)

Another popular one is LastPass, again free, but it is online whereas KeePass is on your PC/device. I've never used LastPass but it is well-reputed

Hope that helps a bit

[Inspeqtor]

Hi Julie,

KeePass sounds like a good piece of software, but looking at the site they offer a Classic Edition and a Professional Edition.  From what I am reading they do not explain what the difference is between the 2.  Do you know the difference?

Also on each version they have the Installer and they have the Portable.  I am 'assuming; the installer is for PC's and the portable is for phones, tablets etc.  Am I correct?

Thank you!

[Sepiana]

Dec 6, 2015 15:43:43 GMT Inspeqtor said:

KeePass sounds like a good piece of software, but looking at the site they offer a Classic Edition and a Professional Edition.  From what I am reading they do not explain what the difference is between the 2.

Charles,

I believe they do explain the difference. Click on the download link Julie provided. Then, scroll down to "Unsure which edition to choose?" and click on "Edition Comparison Table". This chart will come up.

keepass.info/compare.html

[Andy]

I use LastPass, which is another password manager. That one has plug-ins for the major browsers and that allows your username and password to be filled in automatically.

[ritage]

I allow my browser to store most of my passwords, except(like Squirrel) anything financial, or for any site that stores my Credit Card number, like e.g. Amazon.

As for remembering them, I don't even try. I have a spiral-bound booklet, where I note down every password at the time I make it, together with username and any info about the site itself that seems important to me. I find that much simpler than messing with third-party data bases.

I've never lost a password yet.

Rita

[Sepiana]

Rita,

My situation is very similar to yours.

- I allow my browser to store my passwords only for hand-picked websites.
- I keep a print list of my passwords.
- I don't use third-party help with my passwords (not even NIS). If you forget your password, you can always contact the site about it.  They always have provisions for resetting passwords.

EDIT:  This has worked really well for me! No lost passwords!!!

[Squirrel2014]

Dec 6, 2015 20:19:37 GMT ritage said:

I've never lost a password yet.

Rita

Ritage, you are clearly exceptionally organised   Well done!  A friend of mine, unfortunately, uses the same password for everything, except when it needs an extra character   However, her husband keeps tidying up and moves the book so she can never find it when she needs it.

She's got KeePass installed, and I've shown her many times how to use it but she just doesn't think to use it.  Such a shame, as she gets stuck at passwords so often but neither will she think to click on 'Forgotten your Password'.  She rings me to ask me what she should do ... !!!   

As I mentioned, I've not used LastPass, only KeePass.  I believe LastPass stores your data in the cloud, whereas KeePass is stored on your computer.

Regarding the Portable version, initially I had this on a flash drive but now I merely copy the 'regular' exe file and the configuration (.ini) file along with the database (.kdb) file to the flash drive when I want to be portable.  As to the difference between them, I'm not sure but I seem to remember that I couldn't see any difference, hence just using the regular one in flash drive - just easier.

Julie

[BuckSkin]

Okay, if I allow my browser to store my passwords, does it just automatically fill in the blanks so long as the particular password has been stored ?

If so, that would really be cool !!

[Tpgettys]

I use Dashlane and love it! It squirts my username and passwords into the fields and logs me in everywhere. It will also fill in most forms (payment info, for example); I don't know how it figures out what belongs in each field, but it does a great job of it. It keeps all my passwords in an encrypted file so even if someone somehow got hold of that file they couldn't use it. Here is a comparison of several password managers: link

[ritage]

Dec 6, 2015 21:28:29 GMT BuckSkin said:

Okay, if I allow my browser to store my passwords, does it just automatically fill in the blanks so long as the particular password has been stored ?

If so, that would really be cool !!

Yes, it will get you into sites like this forum.  It will not fill in forms, for that you need a password manager, such as have been mentioned above.

Rita

[Andy]

Dec 6, 2015 20:19:37 GMT ritage said:

I have a spiral-bound booklet, where I note down every password at the time I make it, together with username and any info about the site itself

The risk of writing down your passwords is that they can be easily compromised by anyone with access to your home (whether they are a visitor, friends of your kids, or a burglar). If you write them down, store them somewhere hard to find. All too often, having them written down means they are easily within reach of the computer and easy to find.

The other important things to remember: Don't make your password easy to guess, and don't make your password reset questions easy to guess.

[bobh]

Dec 7, 2015 0:58:17 GMT Andy said:

Dec 6, 2015 20:19:37 GMT ritage said:

I have a spiral-bound booklet, where I note down every password at the time I make it, together with username and any info about the site itself

The risk of writing down your passwords is that they can be easily compromised by anyone with access to your home (whether they are a visitor, friends of your kids, or a burglar). If you write them down, store them somewhere hard to find. All too often, having them written down means they are easily within reach of the computer and easy to find.

The other important things to remember: Don't make your password easy to guess, and don't make your password reset questions easy to guess.

I also write down my financial account usernames and passwords because I don't want to store them on a computer, as posted earlier, but I record them using my own code to decipher them. That code is stored only in my head. If anyone actually broke into my home AND actually managed to find where the username/passwords are stored AND managed to realise it is a list of username/passwords, they would have an extremely difficult time deciphering the information without the code.

If you record your usernames/passwords on paper I strongly suggest you do it in a way that it is not obvious to the unauthorised reader what the information actually is.  That way they are more likely to not waste time with it.

EDIT:  Also, if you have the option of 2 step authentication on your most important accounts (online banking etc) I recommend you use it.  I use 2 step authentication on all my online "financial" accounts, so a hacker would also need to have access to my mobile phone before being able to make an unauthorised withdrawal or other critical changes to my account.

[ritage]

sargenta1 and bobh,

I appreciate your concern for my security and your advice is not new to me and I have long considered it.

I am convinced, though, that a paper record in my own home is safer than anything on a computer or on someone else's server, which of course is where the "cloud" hides.
So far I haven't heard of a burglary in a private home where the object was to steal the files.
If I had kids, I would hope they were the kind who could be trusted with my secrets.
And if I ever reach the point where I cannot trust the friends I invite to my home, I think it will be time to shoot myself. 

Rita

[bobh]

Hi Rita. I was more replying to sarganta1's post in a very general way rather than replying to your post directly. Believe it or not, there are people who still have usernames/passwords on post-it notes stuck to their computer monitors in both their work place and homes which, of course, is ludicrous. I'm sure you don't do that. My post was aimed more at people who still keep easily read usernames/passwords on paper in their computer desk drawers or other commonly searched locations burglars rifle through looking for cash or other valuables. Burglars don't necessarily go looking for bits of paper with usernames/passwords but if they stumble across one, I'm sure they will take it if they think they can use the information for their benefit.

Maybe what I do is over-kill for some people but at least I sleep well at night.