- Joined
- Sep 5, 2016
- Messages
- 106
- Reaction score
- 9
I tried three of the third party PW Managers but found during the setup stage they wanted to do quite radical things (for example, one wanted to transfer all my passwords to a safe place which they did not identify and I was worried that they might disappear.)
I am the sole user and Administrator and a PW is needed to start up the computer.
Having rejected the use of a PW Manager, and looking more widely at my security arrangements, I put my existing Xcel spreadsheet containing all my PWs into a Windows 10 folder with a disguising name, encrypted it with a PW and put a shortcut on my desktop. All I need to do is click on it, enter its PW and all is conveniently revealed ready for me to enter a site. Simple and quick.
For reasons explained below, I have a paper copy of that spreadsheet securely hidden somewhere in my house, and another copy on a highly secure encrypted USB stick, also hidden.
Having guarded my PWs, the security test to do is to imagine returning home and finding a blank space where your computer used to be. How worried would you be that a thief could get at your data? In my case, I would be worried. A thief would have to crack or bypass the Admin PW (which I am told is not difficult for those in the know) and also the PW for the spreadsheet on the computer (see above).
To recover from a theft of the computer I would go to the paper copy of the spreadsheet securely hidden somewhere in my house (see above) and immediately contact the 6 crucial sites with financial info (they all have a phone number). I would then buy a replacement computer within a day or two and open in it a copy of the spreadsheet contained in my hidden encrypted USB stick (see above). Then I would plough through the process of changing all 40 PWs
.
My main weakness is that a thief could quickly startup my computer (cracking or bypassing the Administrator PW) and immediately get at all my email contacts, causing havoc. Even if I added a PW to the email program (which would be a nuisance as I go to it many times a day) it could be cracked. My first recovery step would be to change all three of my email addresses and send a message to all 350 people in my Contacts telling them to ignore any message sent recently and please note the new address.
What do you folks think of my analysis and setup?
I am the sole user and Administrator and a PW is needed to start up the computer.
Having rejected the use of a PW Manager, and looking more widely at my security arrangements, I put my existing Xcel spreadsheet containing all my PWs into a Windows 10 folder with a disguising name, encrypted it with a PW and put a shortcut on my desktop. All I need to do is click on it, enter its PW and all is conveniently revealed ready for me to enter a site. Simple and quick.
For reasons explained below, I have a paper copy of that spreadsheet securely hidden somewhere in my house, and another copy on a highly secure encrypted USB stick, also hidden.
Having guarded my PWs, the security test to do is to imagine returning home and finding a blank space where your computer used to be. How worried would you be that a thief could get at your data? In my case, I would be worried. A thief would have to crack or bypass the Admin PW (which I am told is not difficult for those in the know) and also the PW for the spreadsheet on the computer (see above).
To recover from a theft of the computer I would go to the paper copy of the spreadsheet securely hidden somewhere in my house (see above) and immediately contact the 6 crucial sites with financial info (they all have a phone number). I would then buy a replacement computer within a day or two and open in it a copy of the spreadsheet contained in my hidden encrypted USB stick (see above). Then I would plough through the process of changing all 40 PWs
.
My main weakness is that a thief could quickly startup my computer (cracking or bypassing the Administrator PW) and immediately get at all my email contacts, causing havoc. Even if I added a PW to the email program (which would be a nuisance as I go to it many times a day) it could be cracked. My first recovery step would be to change all three of my email addresses and send a message to all 350 people in my Contacts telling them to ignore any message sent recently and please note the new address.
What do you folks think of my analysis and setup?