@jonfive wrote:
@Anonymous wrote:I have 10 credit cards. I have three word documents I keep hidden on my computer and keep triplicate copies on flashdrives.
1) Websites of all issuers with handle and password.
2) Names of all issuers and how much I owe for the month.
3) Names of all issuers and when I was approved, APR%, date payments are owed and last date I received a CLI.
It seems to be a very organized system for me.
Just looking out for you and other forum members that read this thread here; mean no offense to your methods
Please don't put usernames and passwords in one file - if someone gets ahold of it, they have it all.. If you insist on continuing using word docs, spread them out to multiple password protected docs with no identifying information as to what they are or don't put them in a word doc. For 'hidden' files; if you accessed it at all, they can find it. It may as well be on your desktop.
While you can password protect a word doc, the password can be bruteforced - there's no protection stopping someone from doing so. They'll take all the time they need to do it because there is no protection. No protection from bruteforce = unlimited time to break it. If there were simply a "24 hours before you can try again", they'll wait 24 hours and continue. Costs them nothing and you everything.
If there's any identifying information used in any of your passwords (dates, names, places, times etc), someone would have every avenue to research it through your own browser, files, social media accounts and email. Thus making the bruteforce of your passwords much faster- if not instant. Also by having access to all of this information stored on your computer they have the ability to social engineer their way into your accounts. They get to know 'you' just by how you use your computer, then use it against you by seeing the businesses that you visit online and store in local files.
I highly suggest use of a password manager like Lastpass with two step verification ENABLED to log in. If you can avoid it, do not accept text verifications. There have recently been social engineering successes where the thief called the cell carrier, pretended they were the owner, gave identifying information they found and requested a new simcard; essentially HAVING the owner's cell phone in-hand. Carriers are more aware of these practices, but it still may happen. Get a hashed number in an authenticator app if possible. Apps like Google Authenticator, are not tied to your cellular service at all.
Lastpass includes extra steps, but it's worth it for security. You can export your user/passwords from Lastpass to a .csv, put it on a flash drive ***with read/write password protection***, then DELETE the csv from your local machine and empty the bin.
As for passwords:
Examples of bad passwords:
123456
password
passw0rd
qwerty
sally1216
bob1950
Examples of good passwords: DO NOT USE ANY OF THESE! Assume someone will try these immediately since they're posted on the internet.
eG%z^SEKb2OE
PTm&0n8v#Sxx
9DYwjN*g8y!U
^Bn3lIm&d33@
&Oc9IeEbtuXi
7o@cBMm8^uuc
As you can see in the good passwords; there's no identifying information, nothing tied to you, nothing tied to your usage and no full words.
Stay safe everyone!
Unless you're using something like Lastpass or similar those are flatly awful passwords 
Leads to dumb crap like writing them on postIt notes under keyboards... I've never been fully on the security side but I've had my encounters with such silly stuff.
Stringing random words together can be remembered, think the best example I remember reading was something like zenbluejumphorsebutterflies: nearly impossible to dictionary guess, more difficult to brute force than what you have, and best of all don't have to write it down to remember it.
@Revelate wrote:Unless you're using something like Lastpass or similar those are flatly awful passwords
Stringing random words together can be remembered, think the best example I remember reading was something like zenbluejumphorsebutterflies: nearly impossible to dictionary guess, more difficult to brute force than what you have, and best of all don't have to write it down to remember it.
Totally agree! A mnemonic is the way to go if allowed the character count - but some will not let a customer use something like a 27 character password.
The problem with a remembered password is that they eventually get re-used in multiple places.
@jonfive wrote:
@Revelate wrote:Unless you're using something like Lastpass or similar those are flatly awful passwords
Stringing random words together can be remembered, think the best example I remember reading was something like zenbluejumphorsebutterflies: nearly impossible to dictionary guess, more difficult to brute force than what you have, and best of all don't have to write it down to remember it.
Totally agree! A mnemonic is the way to go if allowed the character count - but some will not let a customer use something like a 27 character password.
The problem with a remembered password is that they eventually get re-used in multiple places.
True but a small variation wouldn't be hard say butterflies = barclays, antelope = amex, cheetah = chase etc.
The bigger problem as you suggest is lenders (and others) that only allow 8 characters and similar utter stupidity like that for passwords. So last millenium, get your crap together .
@Revelate wrote:
True but a small variation wouldn't be hard say butterflies = barclays, antelope = amex, cheetah = chase etc.
The bigger problem as you suggest is lenders that only allow 8 characters and other STUPID crap like that for passwords. So last millenium, get your crap together
Hah, Yeah!!
Pnc wouldn't even let me use special characters! Dropped them thankfully
@Revelate wrote:
@jonfive wrote:
@Anonymous wrote:I have 10 credit cards. I have three word documents I keep hidden on my computer and keep triplicate copies on flashdrives.
1) Websites of all issuers with handle and password.
2) Names of all issuers and how much I owe for the month.
3) Names of all issuers and when I was approved, APR%, date payments are owed and last date I received a CLI.
It seems to be a very organized system for me.
Just looking out for you and other forum members that read this thread here; mean no offense to your methods
Please don't put usernames and passwords in one file - if someone gets ahold of it, they have it all.. If you insist on continuing using word docs, spread them out to multiple password protected docs with no identifying information as to what they are or don't put them in a word doc. For 'hidden' files; if you accessed it at all, they can find it. It may as well be on your desktop.
While you can password protect a word doc, the password can be bruteforced - there's no protection stopping someone from doing so. They'll take all the time they need to do it because there is no protection. No protection from bruteforce = unlimited time to break it. If there were simply a "24 hours before you can try again", they'll wait 24 hours and continue. Costs them nothing and you everything.
If there's any identifying information used in any of your passwords (dates, names, places, times etc), someone would have every avenue to research it through your own browser, files, social media accounts and email. Thus making the bruteforce of your passwords much faster- if not instant. Also by having access to all of this information stored on your computer they have the ability to social engineer their way into your accounts. They get to know 'you' just by how you use your computer, then use it against you by seeing the businesses that you visit online and store in local files.
I highly suggest use of a password manager like Lastpass with two step verification ENABLED to log in. If you can avoid it, do not accept text verifications. There have recently been social engineering successes where the thief called the cell carrier, pretended they were the owner, gave identifying information they found and requested a new simcard; essentially HAVING the owner's cell phone in-hand. Carriers are more aware of these practices, but it still may happen. Get a hashed number in an authenticator app if possible. Apps like Google Authenticator, are not tied to your cellular service at all.
Lastpass includes extra steps, but it's worth it for security. You can export your user/passwords from Lastpass to a .csv, put it on a flash drive ***with read/write password protection***, then DELETE the csv from your local machine and empty the bin.
As for passwords:
Examples of bad passwords:
123456
password
passw0rd
qwerty
sally1216
bob1950
Examples of good passwords: DO NOT USE ANY OF THESE! Assume someone will try these immediately since they're posted on the internet.
eG%z^SEKb2OE
PTm&0n8v#Sxx
9DYwjN*g8y!U
^Bn3lIm&d33@
&Oc9IeEbtuXi
7o@cBMm8^uuc
As you can see in the good passwords; there's no identifying information, nothing tied to you, nothing tied to your usage and no full words.
Stay safe everyone!
Unless you're using something like Lastpass or similar those are flatly awful passwords
Stringing random words together can be remembered, think the best example I remember reading was something like zenbluejumphorsebutterflies: nearly impossible to dictionary guess, more difficult to brute force than what you have, and best of all don't have to write it down to remember it.
Also, I don't know how much effort it is worth putting into a credit card account login. Much more likely to be hacked at the bank, as far as I remember none of the accounts show SSN, so at best they have a credit card number (with no expiration date or CVV) And you aren't responsilbe anyway. Online bank accounts do need more protection as you can send money anywhere and probably much more work to get it back.
@Anonymous wrote:
Forgot to mention my 5th column says utilization.
I PIF all of the cards after each purchase except 2 which i keep total utilization below 10%. Details for the others pretty much stay the same. The chart is only for reference so I dont have to long into each account to remember the terms
The spreadsheet I developed for myself (yes, it is stored as a protected file with an irelvant name inside a protected folder with and irelvant name on a protected flash drive kept in a fire safe.. how's that for paranoid?) is a little more in-depth, because I found that it just works better for me. I fully admit I'm a little anal with my credit recovery.
Here are my columns:
CLI History-Opened-Updated-Account Name-User-Pass-Limit-Balance-Util-Avail-APR-Curent Month-Next Month-Amount Paid-Date Paid-Minimum Due-Due Date
I mark whether a payment has been made/scheduled in the month fields so I can tell at a glance what needs to be addressed. I also have a few color codes in there, as well.
@Anonymous wrote:I have 10 credit cards. I have three word documents I keep hidden on my computer and keep triplicate copies on flashdrives.
1) Websites of all issuers with handle and password.
2) Names of all issuers and how much I owe for the month.
3) Names of all issuers and when I was approved, APR%, date payments are owed and last date I received a CLI.
It seems to be a very organized system for me.
Don't see a lot of people use the term "handle." Are you an old dial-up BBSer, or a HAM operator?