[lug] How do you keep your passwords safe while Paying bills and Day Trading at Work?

Jeremy Hinegardner jeremy at hinegardner.org
Sun Oct 5 09:42:12 MDT 2008


I had essentially the same issue, I wanted a password manager that would be
avaialble from everywhere, and it should be commandline based so I could run it
in a terminal.   That was the piece that got me, at the time I didn't really
find one that met my criteria. 

So I wrote one.  Its in ruby and uses the SSL libs for the encryption part.
Feel free to give it a whirl.

http://keybox.rubyforge.org/

On the bottom right hand side of the website, there's a list of other password
managers I examined when writing keybox.  

enjoy,

-jeremy


On Sat, Oct 04, 2008 at 09:21:19PM -0600, John Dollison wrote:
> Password managers are pretty common nowadays.  In fact, Wikipedia even has an article on them:http://en.wikipedia.org/wiki/Password_manager
>  
> I used to have a PDA with a password manager.  It stored an encrypted file on
> my PDA, and I had the option of keeping a backup copy on my home computer (or
> on a thumb drive connected to the home computer).  I was more worried about
> forgetting the primary password than I was worried about someone hacking into
> my PC and cracking my password file.  But I suppose it doesn't hurt to keep a
> hard copy in a safe deposit box in case the house (and PC, PDA, and file
> cabinet) go up in flames.  But then, a web-based password manager might be a
> better choice.
>  
> Googling "password manager review" ought to give you plenty of reading
> material. --John Dollison.
> 
> 
> 
> > From: siegfried at heintze.com> To: lug at lug.boulder.co.us> Date: Sat, 4 Oct
> > 2008 13:50:34 -0700> Subject: [lug] How do you keep your passwords safe
> > while Paying bills and Day Trading at Work?> > > As a result of listening to
> > an interview of a hapless share owner of Freddie> MaC (FRE) on NPR some
> > Sunday afternoon, actually bought some Freddie mac> stock and inadvertently
> > (I did not intend this when I initially purchased> the stock) started day
> > trading and actually made $5000 on Wednesday and lost> $3000 on Thursday
> > last week. Wow! Was that exciting! I'm so glad to still be> positive!> >
> > Anyway, this brings up a security problem: because I've also started paying>
> > my bills on line. Since credit card numbers and passwords to online bank
> > and> brokerage accounts can be recovered from deleted files on abandoned
> > disk> drives on the way to the recycler, I have abandoned magnetic media
> > for> recording this sensitive information even though I take a jump drive
> > with me> to work to store a running total of my work hours and my .emacs
> > file.> > So now that paper copy of my passwords is starting to make me
> > nervous> because I've started to take it to work everyday so I can pay bills
> > and> trade stocks (although so far I have given up on the day trading).
> > Suppose I> loose that paper with the passwords, URLs and the answers to
> > various> security questions? Yikes! That is a lot of banks and brokerages
> > and credit> cards to call up and cancel should I loose it.> > What to you
> > do? I was thinking about using pgp or gpg and storing my> passwords on my
> > jump drive and then I could physically destroy the jump> drive when I
> > abandon it. That would solve the problem of someone scavenging> old disk
> > drives. But then I'd have to have a backup jump drive. I suppose> that is
> > not a problem. And if I use GPG would I be secure (assuming I never> write
> > down the strong master password)?> > Does anyone use the emacs package "mew"
> > to encrypt? I just discovered> http://mailcrypt.sourceforge.net/ but have
> > not used it. If I store an> encrypted file on my jump drive and I decrypt it
> > using one of these> packages, where does the temporary unencrypted file get
> > stored? On my hard> drive where someone can scavenging it? What do you do?>
> > > Thanks!> Siegfried> _______________________________________________> Web

-- 
========================================================================
 Jeremy Hinegardner                              jeremy at hinegardner.org 




More information about the LUG mailing list