FREEWARE SPOTLIGHT By Deanna McElveen You have a password book. You know the one. That ruffled little book with the cover falling off and marked-out p
[See the full post at: No Crappy Passwords — Secure passwords, no password book]
![]() |
There are isolated problems with current patches, but they are well-known and documented on this site. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
No Crappy Passwords — Secure passwords, no password book
Home » Forums » Newsletter and Homepage topics » No Crappy Passwords — Secure passwords, no password book
- This topic has 17 replies, 7 voices, and was last updated 4 months, 3 weeks ago.
AuthorTopicDeanna McElveen
AskWoody_MVPViewing 9 reply threadsAuthorReplies-
Bob Bell
GuestI think this is a reasonable alternative to password vaults, which I use regularly. I like that I don’t have to carry my password file around with me. However, just like my vault’s master password, doesn’t this mean that if my offset gets into the wrong hands, it could be used to create the same password that I used to secure my accounts, and then they can login as me?
-
db98445
AskWoody Lounger
-
Confucius
GuestBrian Perkinson
Guest-
Michael432
AskWoody_MVPWhen you have to change the password for an existing account, you would need to come up with a new nickname for the account. For example “capitalone” might morph into “capitaloneb”
Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com
Michael432
AskWoody_MVPIt is good that this software does not involve a browser extension. But …
- Recommending password software that only runs on Windows seems a bit off the mark these days.
- The term “offset” is not user friendly for non techies
- It is not able to limit the special characters that it creates. There are many places where certain special characters are not allowed.
- Trusting software with all your passwords. Are you kidding me?
- RTFM:” Version 10 will give different results for the same input due to a couple of changes under the hood if you have used a previous version.”
The software is somewhat similar to the formulas I wrote about here.
https://michaelhorowitz.com/BestPasswordAdvice.php
I think the formula system I wrote about is better, but reasonable people can disagree.Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com
4 users thanked author for this post.
-
db98445
AskWoody LoungerReally good suggestions. Linux and Windows binaries are included, but the source is also available and will run on anything with a TCL interpreter. “Offset” is explained in the readme, but I don’t think it’s really necessary anyway. The special characters .. I think an option to use only Base64 or (gasp) HexDec would be a good idea.
grandma78633
AskWoody PlusI have used a simple, small encrypted file program, Secret! by LinkeSoft for well over 25 years. This is a “shareware” program with an extremely reasonable one time price. This program creates an encrypted file on your computer and/or your phone (2 separate programs that sync). You remember ONE password for the file and can save all your passwords. Since the desktop and phone versions can be manually sync’d I am never without my passwords. I back this up to both a USB drive and iDrive cloud backup and it is super simple to restore or move to a new computer.
I just checked the website and notice they are only showing the Windows and Android versions although I have had the iOS version on my phone ever since I started wearing hearing aids that only connect to iOS – – maybe 10 years. I have contacted them to ask about this.
I assume from your article, that NoCrappyPasswords does not work/sync to iPhone, so I would have to have a different solution when using my phone??
-
Michael432
AskWoody_MVPSome people want no part of password synching. For some, privacy is the issue, for others the objection is that complicated things break more often than simple things. There is no one right answer.
Are you backing up just the encrypted password file or the software too? You need both.
And, can you export your passwords? If not, you are putting all your trust in the software. As an old techie, I learned long ago that was sub-optimal.
Not to be overly critical, your approach is better than most 🙂
Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com
-
db98445
AskWoody LoungerI made a small sqlite front end once, still use it, that stores logins, passwords, and notes, it works pretty well, actually, the db is encrypted / decrypted using a simple call to openssl without any additional hashing or anything, so in the worst case, I can just read the thing using a sqlite browser. It gets backed up to a couple of cloud services. I’m like you, I don’t like these things attached to other utils. 🙂
-
bbearren
AskWoody MVPI have a password protected Excel spreadsheet for usernames and passwords, and it’s not named “Passwords”. I can easily randomize a password in the cell, then save it. I’ve never seen a need for an extra piece of software just for usernames and passwords.
Create a fresh drive image before making system changes/Windows updates, in case you need to start over!We all have our own reasons for doing the things that we do. We don't all have to do the same things.Joel Albert
GuestAM i missing something> As described, it’s super easy to create a good password. But the account doesn’t explain how the password is easily inserted at the desired site (bank, e.g.). I’m inferring the user is expected to invoke the short program, retrieve the password, copy it, then paste it into the site. That doesn’t sound reasonable.
If that’s correct, a free password mgr such as LastPass could generate an effective and unique pwd and much more quickly enter it into the site’s pwd field.
(FYI: There are many times when pwd’s are not remembered by the site though the user has made the choice to do so)
Help me understand this? thnks
-
db98445
AskWoody Lounger
Alex5723
AskWoody PlusI believe the point of the thing is to make it so that you don’t ever have to file anything, eliminating the possibility of the password manager being compromised.
-
opti1
AskWoody PlusThat is what passkeys (FIDO) brings.
The problem, at least for me, is how few sites (relatively speaking) support FIDO, like almost none of the ones that I most would want to support it do so. This comes up every time I see the Yubikeys go on sale somewhere and I go to https://2fa.directory/us/ to review their list.
If anyone knows of a better, more thorough, and\or more up to date list of sites that support FIDO\2FA I would love to hear about it. 🙂
grandma78633
AskWoody PlusI did check and was told there was not enough interest in the iOS version to continue to support it. It is saved in my iPhone Apps and will continue to work until there is a change in iOS that prevents it from working. I will pray that Auracast will be available in all hearing aids and phones by then and I will transition back to Android!!!
Mariana
GuestViewing 9 reply threads -

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
Refurbished HP ProBook
by
Kathy Stevens
28 minutes ago -
Microsoft PC Manager (beta) updates
by
Alex5723
10 minutes ago -
Ubuntu Cinnamon becomes an official flavor, making Linux Mint obsolete
by
Alex5723
4 hours, 22 minutes ago -
HDMI KVM switch for DP
by
freelab23
12 hours, 7 minutes ago -
My Experience with Win 11 ver 22H2
by
agoldhammer
18 hours, 32 minutes ago -
Email from Mail on my iPhone to Gmail address failed
by
DrRon
21 minutes ago -
Can’t Update Win 10 past 21H2
by
cmndo97
20 hours, 38 minutes ago -
Revo Uninstaller (freeware) Updates
by
Microfix
13 hours, 7 minutes ago -
The Third deployment phase for CVE-2022-37967 starts April 11, 2023
by
Alex5723
21 hours, 6 minutes ago -
Firefox to support Windows 7 and 8 systems well into 2024 at least
by
Alex5723
5 hours, 35 minutes ago -
Microsoft 365 Personal – Repeated Free Two Month Extensions
by
BarryEB
23 hours, 13 minutes ago -
KB5023702 for Server 2019 – Defer as of MPL March 27
by
Aviel
4 hours, 36 minutes ago -
eSIM out, iSIM in?
by
Alex5723
1 day, 6 hours ago -
MS-DEFCON 4: Win11 22H2 not ready for prime time
by
Susan Bradley
13 minutes ago -
Email from Mail on my iPhone to Gmail address failed
by
DrRon
1 day, 8 hours ago -
Microsoft Edge Remover
by
Alex5723
19 hours, 48 minutes ago -
Windows Desktop refreshes repeatedly every few seconds
by
JimT777
4 hours, 4 minutes ago -
Apple zero days fixed today
by
Susan Bradley
1 day, 4 hours ago -
W10 22H2 Desktop rogue icon won’t allow me to rename, delete, or replace it
by
lanshark
2 hours, 18 minutes ago -
Footnote separators not deleting
by
Ursula
1 day, 17 hours ago -
Should I Go Beyond Version 21H2
by
kstephens43
9 hours, 24 minutes ago -
MacStealer: New macOS-based Stealer Malware Identified
by
Alex5723
1 day, 16 hours ago -
PowerShell – Testers Needed
by
RetiredGeek
12 hours, 7 minutes ago -
Audio from www.whenradiowas.com stops playing after 7-20 minutes
by
David Pressman
1 day, 1 hour ago -
KB4023057: Update for Windows Update Service components
by
RetiredGeek
20 hours, 13 minutes ago -
win 12 as BORG?
by
krism
1 day, 17 hours ago -
Windows 11 — should I stay on Windows 10?
by
DDR
20 hours, 23 minutes ago -
Did I really install PaintShop Pro?
by
Mike Ray
1 day, 16 hours ago -
You’re fired if you don’t know how to use GPT-4
by
B. Livingston
13 hours, 31 minutes ago -
Microsoft 365 Copilot announced
by
Will Fastie
1 day, 2 hours ago
Recent blog posts
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.