What's a Keychain?

Glimfeather · December 3, 2009, 3:45pm

So I’m not sure, but I think the idea of a keychain is so that you only have to remember one password for all the accounts you have on different sites. It sounds cool in theory, and more secure than just letting IE, Firefox, or Chrome remember all your passwords for you. Do I have this right, and is there a version available for PCs?

I have an .xls file with my passwords on it in case I forget, but that’s not the most secure. I’m working on other ways to do it. I’ve wasted a lot of time recently resetting passwords to accounts I forgot I have, and my car insurance provider’s site currently doesn’t recognize me (even though I know damn well who my first pet was, thank you very much).

Pike · December 3, 2009, 5:01pm

Essentially, it’s an encrypted file that holds your account info.

Your XLS file will work, you just need to encrypt it for security. You can simply make a password-protected ZIP file, for example.

(If you’re on a Mac, use Keychain Access. Very handy.)

Archtaku · December 4, 2009, 5:47pm

Better yet, use PasswordMaker. It lets you create a different unique password for each site you visit using a checksum function. You just enter a “master password” and some other data (url, etc) and it’ll generate a password for you, one that can be re-created time after time. It’s really the most secure way to keep track of passwords, since you don’t store your passwords anywhere. The checksum is run each time you enter your master password, and it spits out your password. It’ll give you the same password every time, provided you give it the same input.

There’s even a firefox extension for it that takes care of keeping track of all your settings, and makes it as easy as hitting Ctrl+` and typing in your master password to retrieve the password for the site you’re currently visiting.

Omra · December 4, 2009, 10:27pm

There is also a security program that will store all of your passwords and personal information onto a USB drive, that way your information is never available on your computer except when you plug it in.

Therefore if your computer were to be hacked or used by someone else while you were away, the information would not be in it. Very nice!

Unfortunately I cannot remember the name of it…

Archtaku · December 4, 2009, 11:07pm

That sounds like a HORRIBLE idea. What happens if you lose the USB drive?

BadgerSpoon · December 4, 2009, 11:23pm

RoboForm

Don’t.

Archtaku · December 8, 2009, 3:45pm

Or, just use PasswordMaker and you won’t be storing passwords anywhere.

BadgerSpoon · December 8, 2009, 5:51pm

If I’m understanding how it works (and I admit that I might not), for all intents and purposes, aren’t you basically using the same password for every site? Wouldn’t guessing the master password essentially give someone access to ALL of your passwords?

Archtaku · December 8, 2009, 6:07pm

There are actually a lot of ways to configure it. You can use any one of about a dozen different hashing algorithms, add modifiers, etc. So, even with the master password, one would have to know the precise way you configured the password for a given site. It’s conceivable that your passwords could become compromised if someone knew your master password, but this is why you choose a master password that’s not easy to guess.

Any password management system is only as secure as the person using it. At least with PasswordMaker you’re not storing the passwords anywhere. You’re quite literally regenerating them every time you enter your master password.

CylonMATRIX · December 23, 2009, 12:51pm

This is grounds for OCD I guess… but this is how my keychain works :

First of all, I use a mnemonic technique called Acrostics which I picked up from reading Tony Buzan books. Basically,

0 = the letter “S” or the russian “Sh”
1 = the letter “t” or “d”
2 = the letter “n”
3 = the letter “m”
4 = the letter “r”
5 = the letter “l”
6 = the letter “j”, the soft “g” or the russian “shcha”
7 = the letter “k” or the hard “g”
8 = the letter “f” or “ph”
9 = the letter “p” or “b”

This technique is pretty handy for memorizing phone numbers, bank account numbers, …just any set of numbers… Oh, and it works vice versa too, if for any reason you need a set of numbers as a mnemonic key to remember a word or phrase. There’s no hard or fast rule in how words are formed using this technique, just whatever works for you (and in your head).

Secondly, to my keychain proper, my template is the Lord’s Prayer in Aramaic; in my case I pick out the consonants in each line and weave them with numbers (using the Acrostic technique). I also interlace the cyrillic alphabet with the latin one (thus the latin “v” and “h” is also the russian “b” and “x”) Large and small caps are arbitrary and make sense only to me. Thus one password would be formed using one line of the prayer.

for example, the first 2 lines :

Abwoun deveshmaya = a6ndvW3Y

nith kada shimmukh = 2tk1Wm3X

Note: try NOT to make the alphanumeric sequence into a regular pattern. Most important is that the password is memorable to yourself only.

The beauty of this keychain is that I can always make different permutations of each line. This is handy as my company’s software platforms (there’s a bunch of them) requires a password change every 3 months (there’s a level 1 and level 2 acess)

Hey, do banks in America use CICSH screens?

My next keychains would be the same prayer in Old English and Irish.

Why the Lord’s Prayer? I find that learning the words in different language forces one to mean what you say when you’re trying to pick at the words. If you spend time pondering on the words, that’s still meditation. That, and it also reinforces your learning in that target language. 2-in-1 objectives met.