FREEWARE SPOTLIGHT By Deanna McElveen You have a password book. You know the one. That ruffled little book with the cover falling off and marked-out p
[See the full post at: No Crappy Passwords — Secure passwords, no password book]
![]() |
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
No Crappy Passwords — Secure passwords, no password book
Home » Forums » Newsletter and Homepage topics » No Crappy Passwords — Secure passwords, no password book
- This topic has 17 replies, 7 voices, and was last updated 4 months, 2 weeks ago.
AuthorTopicDeanna McElveen
AskWoody_MVPViewing 9 reply threadsAuthorReplies-
Bob Bell
GuestI think this is a reasonable alternative to password vaults, which I use regularly. I like that I don’t have to carry my password file around with me. However, just like my vault’s master password, doesn’t this mean that if my offset gets into the wrong hands, it could be used to create the same password that I used to secure my accounts, and then they can login as me?
-
db98445
AskWoody Lounger
-
Confucius
GuestBrian Perkinson
Guest-
Michael432
AskWoody_MVPWhen you have to change the password for an existing account, you would need to come up with a new nickname for the account. For example “capitalone” might morph into “capitaloneb”
Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com
Michael432
AskWoody_MVPIt is good that this software does not involve a browser extension. But …
- Recommending password software that only runs on Windows seems a bit off the mark these days.
- The term “offset” is not user friendly for non techies
- It is not able to limit the special characters that it creates. There are many places where certain special characters are not allowed.
- Trusting software with all your passwords. Are you kidding me?
- RTFM:” Version 10 will give different results for the same input due to a couple of changes under the hood if you have used a previous version.”
The software is somewhat similar to the formulas I wrote about here.
https://michaelhorowitz.com/BestPasswordAdvice.php
I think the formula system I wrote about is better, but reasonable people can disagree.Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com
4 users thanked author for this post.
-
db98445
AskWoody LoungerReally good suggestions. Linux and Windows binaries are included, but the source is also available and will run on anything with a TCL interpreter. “Offset” is explained in the readme, but I don’t think it’s really necessary anyway. The special characters .. I think an option to use only Base64 or (gasp) HexDec would be a good idea.
grandma78633
AskWoody PlusI have used a simple, small encrypted file program, Secret! by LinkeSoft for well over 25 years. This is a “shareware” program with an extremely reasonable one time price. This program creates an encrypted file on your computer and/or your phone (2 separate programs that sync). You remember ONE password for the file and can save all your passwords. Since the desktop and phone versions can be manually sync’d I am never without my passwords. I back this up to both a USB drive and iDrive cloud backup and it is super simple to restore or move to a new computer.
I just checked the website and notice they are only showing the Windows and Android versions although I have had the iOS version on my phone ever since I started wearing hearing aids that only connect to iOS – – maybe 10 years. I have contacted them to ask about this.
I assume from your article, that NoCrappyPasswords does not work/sync to iPhone, so I would have to have a different solution when using my phone??
-
Michael432
AskWoody_MVPSome people want no part of password synching. For some, privacy is the issue, for others the objection is that complicated things break more often than simple things. There is no one right answer.
Are you backing up just the encrypted password file or the software too? You need both.
And, can you export your passwords? If not, you are putting all your trust in the software. As an old techie, I learned long ago that was sub-optimal.
Not to be overly critical, your approach is better than most 🙂
Get up to speed on router security at RouterSecurity.org and Defensive Computing at DefensiveComputingChecklist.com
-
db98445
AskWoody LoungerI made a small sqlite front end once, still use it, that stores logins, passwords, and notes, it works pretty well, actually, the db is encrypted / decrypted using a simple call to openssl without any additional hashing or anything, so in the worst case, I can just read the thing using a sqlite browser. It gets backed up to a couple of cloud services. I’m like you, I don’t like these things attached to other utils. 🙂
-
bbearren
AskWoody MVPI have a password protected Excel spreadsheet for usernames and passwords, and it’s not named “Passwords”. I can easily randomize a password in the cell, then save it. I’ve never seen a need for an extra piece of software just for usernames and passwords.
Create a fresh drive image before making system changes/Windows updates, in case you need to start over!We all have our own reasons for doing the things that we do. We don't all have to do the same things.Joel Albert
GuestAM i missing something> As described, it’s super easy to create a good password. But the account doesn’t explain how the password is easily inserted at the desired site (bank, e.g.). I’m inferring the user is expected to invoke the short program, retrieve the password, copy it, then paste it into the site. That doesn’t sound reasonable.
If that’s correct, a free password mgr such as LastPass could generate an effective and unique pwd and much more quickly enter it into the site’s pwd field.
(FYI: There are many times when pwd’s are not remembered by the site though the user has made the choice to do so)
Help me understand this? thnks
-
db98445
AskWoody Lounger
Alex5723
AskWoody PlusI believe the point of the thing is to make it so that you don’t ever have to file anything, eliminating the possibility of the password manager being compromised.
-
opti1
AskWoody PlusThat is what passkeys (FIDO) brings.
The problem, at least for me, is how few sites (relatively speaking) support FIDO, like almost none of the ones that I most would want to support it do so. This comes up every time I see the Yubikeys go on sale somewhere and I go to https://2fa.directory/us/ to review their list.
If anyone knows of a better, more thorough, and\or more up to date list of sites that support FIDO\2FA I would love to hear about it. 🙂
grandma78633
AskWoody PlusI did check and was told there was not enough interest in the iOS version to continue to support it. It is saved in my iPhone Apps and will continue to work until there is a change in iOS that prevents it from working. I will pray that Auracast will be available in all hearing aids and phones by then and I will transition back to Android!!!
Mariana
GuestViewing 9 reply threads -

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
iOS/iPadOS 16.4 : Dim Epilepsy-Inducing Flashing Lights In Videos
by
Alex5723
29 minutes ago -
windows networking issues
by
jwhiz56
2 hours, 21 minutes ago -
Gordon Moore died at the age of 94
by
Alex5723
7 hours, 24 minutes ago -
New CISA tool detects hacking activity in Microsoft cloud services
by
Alex5723
22 hours, 54 minutes ago -
Laptop update from Mate 19.2 to 21.1
by
Slowpoke47
4 hours, 43 minutes ago -
Microsoft setting the ball for Windows 12 as it begins adding Cloud PC
by
Alex5723
1 hour, 50 minutes ago -
March KB5023696 patch removed but now I have a what’s next question
by
Moondoggy
20 hours, 42 minutes ago -
CCleaner’s Driver Updater – does it work?
by
Kathy Stevens
12 hours, 25 minutes ago -
Issue 2439: CentOS Stream 9: missing kernel security fixes
by
Alex5723
1 day, 21 hours ago -
Microsoft to throttle emails to online email if you are running old stuff
by
Susan Bradley
1 day, 14 hours ago -
fre-ac updates
by
Alex5723
1 day, 21 hours ago -
Windows 10 lost start up password
by
Kathy Stevens
1 day, 21 hours ago -
Windows 11 Insider Preview Build 22621.1470 and 22623.1470 released to BETA
by
joep517
1 day, 22 hours ago -
Windows 11 Insider Preview build 25324 released to Canary
by
joep517
23 hours, 59 minutes ago -
Windows 11 Insider Preview build 23419 released to DEV
by
joep517
2 days ago -
Dribble?
by
bbearren
2 days, 1 hour ago -
Allow defenderbootstrapper.exe to phone home?
by
TJ
4 hours, 4 minutes ago -
KB 5022836 will not install
by
Ken
2 hours, 2 minutes ago -
Windows 11 desktop for Windows 10 user
by
John Heaton
2 days, 1 hour ago -
GNOME 44 ‘Kuala Lumpur’ released
by
Alex5723
2 days, 21 hours ago -
Emotet adopts Microsoft OneNote attachments
by
Alex5723
2 days, 21 hours ago -
US : The Spy Law That Big Tech Wants to Limit
by
Alex5723
1 day, 17 hours ago -
Ferrari confirms customer data breached following ransomware attack
by
Alex5723
2 days, 22 hours ago -
Outlook bookmarks redirects to a different location, Help!
by
captainkrunchy
3 days ago -
Should I go to win11?
by
krism
1 day ago -
The Framework Laptop – Fully Modular
by
Matador
1 day ago -
Windows Snipping Tool is vulnerable to Acropalypse too.
by
Alex5723
3 hours, 17 minutes ago -
Pale Moon updates
by
Alex5723
3 days, 9 hours ago -
“Local Security Authority protection is off.” with persistent restart
by
Alex5723
2 days, 22 hours ago -
Self-encrypting drive setup on Linux
by
Ascaris
3 days, 10 hours ago
Recent blog posts
- Making Windows 11 on Arm less obnoxious
- The forums, and networking
- TPM 2.0, required by Windows 11, is hackable. Upgrade now?
- How to take advantage of the Photos app in Windows
- The sky is not falling
- Don’t want search?
- Special note for Samsung users (or Pixel users too!)
- Master Patch list as of March 15, 2023
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.