Basically I need a good way to enter a password without getting compromised in any way.

I wanna get a usb stick, and somehow scramble a text in a text document so I just can copy past from it.

It should look like this: XXXXXXXX, i.e the password shouldnt be visible, in this way key loggers cant catch me because of copy and paste and I would also be safe for programs that make screen captures if that even exists.

Is it correct that in this way you would need to physically have my usb stick to get acces to my password? Is this even possible? Or any better solutions?

I use a password manager program that stores all logins and password but I still have to enter a master password everyime and there is where my concern is.

Thoughts?

http://keepass.info/

Your idea is great, besides the fact that it wouldn't work for very obvious reasons. Keepass does exactly what you described and theres no more secure way. You can use a USB stick with a master file on it, so you can only access your passwords when the stick is physically plugged in etc ... no need for a master password in this case.

Thanks for answer. ATM I use 1password and am super happy with it because its compatible with iphone, ipad etc and its super easy to use, you can sync between devices with dropbox and so on.

So with this keepass, can you use any usb stick, or is it a special one? If its not a special one wouldnt that work with my program 1password?

Ok so I looked up keepass and even though it seems more secure I still dont wanna swith, love my program to much. And tbh im overly paranoid, for anyone to get acces to my passwords they need to physically have acces to my computer. Or when I think about it I guess there is viruses and stuf that can control your computer? So if they have that and have gotten my password with a keylogger I woould be ****ed, but the chance for this seems ridiculously low though right?

I would just love a second layer security. Surely it must be possible to scramble a simple text so pineapple looks like xxxxxxxxx for the eye but when copy paste it translates to pineapple again? Becuase then the keylogger aspect of it all disappears.

In this way for my passwords to be compromised they would need physical contact with my computer (or virus that controls my computer), my USB stick and also the password I will set on the USB stick (Guess thats possible?)

Would appreciate some help so so much.

If you really want extra layer of security, take a look at this:

https://www.ironkey.com/personal

I've heard good things about this product (but I have no personal experience with it). And it's not cheap...

Thanks, that looks awesome. Deff gettting that one if I can work this thing out with the text scrambling to have stored on the stick.

Just wanted to say thanks for this again, read up about it and such an awesome product, meets all my needs, I dont even need my original password manager program with this and its way way way more secure

+1..

That thing looks awesome, especially this part:

What about some type of biometric device?

Keyloggers should easily have access to the clipboard, so copy / paste won't really help you there. Truecrypt will let you encrypt files based on a keyfile, I wonder if your 1password program will let you use keyfiles instead of a password?

https://www.ironkey.com/personal

I'm definitely not paying 300$ (basic 32gb model) for a USB 2.0 stick.

I'd rather get an USB 3.0 with the same capacity, a hidden truecrypt volume with an keepass masterfile on it, and an usb fingerprint scanner for a third of the price, but with higher speed and not being limited to only windows.

Being able to track any USB stick and delete all of it's data remotely is pretty awesome, but they won't tell me the price for it online and it's more of a james bond gadget really.

What about this:
http://www.amazon.com/APC-BIOPOD-Bio.../dp/B0001V2N62

Ridiculously easy to crack consumer-level biometrics devices; leave that part out.

wellju is correct. Use TrueCrypt + Keepass.

Thx for tips guys but already got the iron key and couldnt be happier.

And about the price, as I will just use this purely for password management and maybe secure web surfing I just need a 1GB personal which costs around 120$ maybe.

Im not good at computers so correct me if im wrong, but because everything runs on the stick itself and nothing runs on the computer itself, then keyloggers you might have on your computer could not acces the copy paste function on the stick?

EDIT: But then again, someone would have to physically steal my ironkey from me to gain acces to anything :P

Yes, you are wrong.

ah ok Maybe then I just abbondond 1password and go with keepass and use a keyfile on my new usb stick and also a master password as extra security. That should be the safest then?

Btw, why is the keypass so safe? I mean if you use booth master password and also a key file they need to physically steal your usb stick right?

But wouldnt Ironkey, which has password program built in work as good?

No, the clipboard is a part of the windows OS and everything you copy and/or paste goes trough said clipboard. It doesn't matter which physical source the data comes from.

The rob you for the key thing is not as funny as it might sound at the first place. With a hidden truecrypt volume, no one would ever have to know that there's such a stick and therefore can't try to abuse that.

If you take a closer look into keepass and truecrypt you'll find out that aorn there's no more secure end-user solution.

http://keepass.info/help/v2/autotype_obfuscation.html
http://keepass.info/help/base/security.html#secdesktop

http://www.truecrypt.org/hiddenvolume

You can even incorporate a 30$ usb fingerprint scanner into your security measurements if you enjoy gadgets.

A way better investment still would be a good hardware router and a guy to set it up and make it secure.

A hidden volume has to be unhidden to use the password file, so it's vulnerable to getting stolen by a malicious program, same as a password file on a usb drive is.

However if you made the password file admin read rights only, and you ran your password program with administrative rights then a malicious program wouldn't be able to steal it unless it also had admin rights. At least if I assume that windows 7 permissions work correctly.

unhidden != unencrypted

The password file is encrypted, but you type your main password into the password program to allow it to access all the passwords inside. So a keylogger can get your master password and grab the encrypted file.

I fully ack with you, especially about the admin rights, but even without bothering with that or more likely not knowing that, keepass is very secure against any keylogger and it won't work as easy as you described.

There's only so much malicious software can do. I'm pretty certain no hack exists that can spread randomly, gets not detected, does notice the unhidden volume and then bypasses keepass (the pw is encrypted in your memory as well thx to keepass) and finally does send it out.

There's definitely a way to do that, but not with some random trojan you catch on a porn site. You would need direct access (even remotely) on that machine, and then again ... have fun finding the hidden volume you don't know about.

Is keepass better than password safe (pwsafe.org)?

And I guess you couldnt do a hidden truecrypt volume on a usb stick?

Of course you can.


keepass 120k downloads a week on sourceforge
pwsafe 8k