- May 19, 2011
- 18,628
- 11,342
- 136
I'm mulling over whether I should change my current password storage system.
At the moment I just have a collection of unencrypted files on my computer containing passwords on my home + business computer (self-employed). My only concern is that it's apparently becoming more common for break-ins to occur specifically for password lists (paper or electronic).
My system at the moment would require the person to know the names and location of the files (the main one has an uninformative file name, and is not stored in an obvious place).
I'm not happy with the idea of using password-storage-software because it's an extreme question of trust with the developers (in terms of both competence and honesty) and also the existence of such a piece of software on a victim's computer is a really obvious indicator of where the desired information is.
I'm considering using a TrueCrypt container as I have a fair bit of experience with TrueCrypt already and I'm pretty sure I can handle it without causing a catastrophic mistake resulting in me no longer having a record of the passwords I feel the need to keep a record of. I also like that TC doesn't keep a record of recently opened files. However, I haven't used TrueCrypt in this capacity before (ie. I want to quickly access a file then disconnect when I'm done, as leaving TC open and connected to the container and generally hibernating Windows would be A Bad Thing (tm). Any suggestions?
I have a Windows password set, FWIW.
At the moment I just have a collection of unencrypted files on my computer containing passwords on my home + business computer (self-employed). My only concern is that it's apparently becoming more common for break-ins to occur specifically for password lists (paper or electronic).
My system at the moment would require the person to know the names and location of the files (the main one has an uninformative file name, and is not stored in an obvious place).
I'm not happy with the idea of using password-storage-software because it's an extreme question of trust with the developers (in terms of both competence and honesty) and also the existence of such a piece of software on a victim's computer is a really obvious indicator of where the desired information is.
I'm considering using a TrueCrypt container as I have a fair bit of experience with TrueCrypt already and I'm pretty sure I can handle it without causing a catastrophic mistake resulting in me no longer having a record of the passwords I feel the need to keep a record of. I also like that TC doesn't keep a record of recently opened files. However, I haven't used TrueCrypt in this capacity before (ie. I want to quickly access a file then disconnect when I'm done, as leaving TC open and connected to the container and generally hibernating Windows would be A Bad Thing (tm). Any suggestions?
I have a Windows password set, FWIW.