Help, I lost my saved passwords!

Discussion in 'Mac Apps and Mac App Store' started by roisin and mac, Apr 26, 2013.

  1. roisin and mac macrumors 6502

    Joined:
    Feb 3, 2008
    #1
    Okay, I need help, badly. A forum I use a lot (reputable site) has been having some security issues apparently, and recommended members clear cache and temporary files and reset browsers so everything is working smoothly when they go back online. I did Reset Safari, but all the boxes were ticked including the one that said 'Remove saved names and passwords'. I left this ticked because I thought it meant the passwords would be gone JUST from safari, and would remain in my Keychains, but they didn't! OMG, they are totally gone, all but a small handful (a couple of dozen vs about 200 entries I remember having before).

    The reason why I had so many is I'm in the middle of a BIG project reorganizing my entire online presence for lack of a better word, all my IDs, site memberships, passwords, the lot, some going as far back as 2003 or something, and I was transferring the details from all the notebooks or index cards etc where I would write these down as I created the accounts onto the keychain access app so I'd have a good record all in one place of everywhere I'm a member. Now all this is gone, and I'm in major panic mode!

    I have no idea what to do to bring these back, or heck even if I can. Please help - I am seriously at a loss. I know I should not have tossed the hard copy notes bfore being done with the project, I am not normally so irresponsible - in fact usually I'm so over-cautious about that kind of thing that I end up keeping notes for ages after I'm done with them, taking up room in my files that I honestly need for newer things! That's why this time I told myself nothing terrible would happen by letting go a little bit. It's just my luck that something HAD to happen on the one occasion I decided it was okay to let go after triple-checking and don't bother with more :(:( don't know what to do...the thought that there could be accounts out there I can't even remember is freaking me out so bad...I don't know if it helps but I have Time Machine.

    I would say I'm sending virtual cookies as a thank-you if you help but honestly, this is worth way more than cookies to me. I'd do your laundry for a year or something! God, I hope I can sort this out.
     
  2. flynz4, Apr 26, 2013
    Last edited: Apr 26, 2013

    flynz4 macrumors 68040

    Joined:
    Aug 9, 2009
    Location:
    Portland, OR
    #2
    Have you tried restoring from backup? Your keychain was likely ~/library/keychains/login.keychain

    Just go into Time Machine and restore it.

    I would also STRONGLY recommend that you use 1Password or equivalent when you continue your project.

    If for some reason that you cannot continue... then you will have to go into each one at a time, reset your password, etc. If you do that... I also strongly recommend that you clear any password reset questions (ex: mothers maiden name) and answer all with unique auto generated passwords.

    I always use unique passwords for very site... never re-using any. They are all auto-generated and quite complex... for example, a typical password or password reset question might be: jLWCNiF7NL7GaQJvviTVmWTq

    /Jim
     
  3. flynz4 macrumors 68040

    Joined:
    Aug 9, 2009
    Location:
    Portland, OR
  4. Fishrrman, Apr 28, 2013
    Last edited: Apr 28, 2013

    Fishrrman macrumors G3

    Joined:
    Feb 20, 2009
    #4
    "I was transferring the details from all the notebooks or index cards etc where I would write these down as I created the accounts onto the keychain access app so I'd have a good record all in one place of everywhere I'm a member. Now all this is gone, and I'm in major panic mode!"

    This is why you write down your username and password info to "hard copy" when you CREATE them. Then store the records somewhere safe. And if there are any "security questions" involved, you'd better record those as well, EXACTLY as first entered.

    You might also create a file-based record of all usernames and passwords, so long as that file can be sufficiently hidden from others. Perhaps saved as an encrypted disk image, or a less-secure option might be to make the file invisible. This will keep out all but the most savvy.

    As an aside, I have a friend who, when he records his passwords in writing, writes them down _in Morse code_ !!
     
  5. flynz4 macrumors 68040

    Joined:
    Aug 9, 2009
    Location:
    Portland, OR
    #5
    Is this somehow supposed to make it more secure?

    /Jim
     
  6. roisin and mac thread starter macrumors 6502

    Joined:
    Feb 3, 2008
    #6
    Thanks a lot for your input, and for your concern in following up on it - I really appreciate both.

    I tried to do the restore in the way you describe, but I still end up with the same list of passwords - the reduced list. I also seem to be lacking any backups from around the time I did this job of moving passwords from all the bits 'o' paper to the Keychain Access utility - my last backup before Saturday was March 8. That's odd because I remember it being plugged in more recently than that for a long stretch of time, but the last few weeks have been pretty rough and filled with a lot of distraction-inducing events so now I'm thinking it was plugged in wonky and I never noticed it :(

    It seems likely that the data I'd fed to KA and then tossed the hard copy is now lost. The main thing for me wasn't the actual log-in details, it was more that the Passwords tab of my KA could be used as a sort of master list of all the sites where I've ever created an account. If I've forgotten my password, there's always password retrieval, and many sites even have it for usernames - all you need is the email address which I'm not likely to forget obviously.

    But without the master list of sites where I'm a member, it's tricky because it means there are sites out there that I don't remember, which could turn into a problem if I want to reuse usernames. I'm not worried about being locked out of sites I frequent all the time like my email or a couple of favorite special-interests forums, even if I don't remember the passwords to them, just about sites I'm a member of, sort-of without even knowing I am.

    I know, I know, it's a remote possibility, but I'm still worried because I like to be really organized and have all my ducks not just in a row, but arranged by height and chronological order of birth :p So missing that kind of information makes me pretty antsy. I've thought of a couple ways I can manually find some of that list, like by doing a search for account registration/password reset emails in my Mail.app, but that's about it. If you have any other ideas though, I would love to hear them!

    It sucks because for over five years that I've been running Time Machine I was so careful about backups, even going so far as to baby the actual, physical hard drive as someone or other told me the kind I'd bought (WD passport) was a bit fragile, and the ONE time I really need it had to be when everything was upside down and I c0cked up the backup. I guess this is why people pay top dollar for wireless backup. I wish I had even if it meant having to walk everywhere for a year to afford it!

    But that's exactly what I did. I thought quoting something implies one actually bothered to read it first, but maybe I was wrong.
     
  7. flynz4, Apr 29, 2013
    Last edited: Apr 29, 2013

    flynz4 macrumors 68040

    Joined:
    Aug 9, 2009
    Location:
    Portland, OR
    #7
    My recommendation is that you start fresh... and this time use an actual password program. Keychain Access is just "too raw".

    The biggest concern is if there are unused sites where you have stored financial information and/or information that can be used to commit identity theft... AND... if you had been re-using passwords. For those... you are just going to need to remember them. Also... make sure that you never re-use any of those passwords that you previously used on any of these sites.

    Going forward make sure that you use a unique and randomly generated password for every site. You need to make sure that if there is ever a breach at any site... then that breach is stopped and cannot propagate. Also make sure that you use unique and auto-generated responses to every question. For birthdays... make up a different random birthday for every site. Then store all that information in a password vault.

    In addition to your method of scanning emails... some sites will send periodic reminders... for example on your birthday. Monitor those emails for the next year and you will likely pick up a few more.

    Next... you need to fix your backup situation. There are lots of threads here to monitor.

    I'm really sorry about your predicament... but you can work through most of it over time with a lot of effort.

    /Jim
     
  8. roisin and mac thread starter macrumors 6502

    Joined:
    Feb 3, 2008
    #8
    wow, 'most of it', 'over time' and 'with a lot of effort', eh? Oh man, that doesn't sound too hopeful :-/ (but thanks again for the sympathy...someone else might have jumped at the chance to feel superior by putting someone else down, so the fact you didn't says a lot of good things about you :)

    Ok, I haven't been reusing passwords - so that's one bit of good news *phew*.

    For the financial information, I almost always use paypal and I changed the password there - I change it periodically anyway. I think the chances are low that there is a site out there where I not only bought something, but also didn't use paypal AND it was using card details that are still valid (ie not an old card that has expired). Do you think I still need to worry even if it was with an expired card or with paypal? I only mention this because it would be rather a problem for me - excluding basic groceries/supermarket goods, I buy about 90% of what I need online and have been doing so for the past five years (shopping online since at least 2005). So that works out to a LOT of stores to try and remember!

    About the identity theft, I've heard just about anything can be used that you've put down or even just posted. I always give out only the minimum amount of identifying details required every time I register, so for instance if they ask for a phone number but it's an optional field, I don't give them a phone number. And I only give my real name when I am buying something, I don't go around creating accounts under my real name left and right (even then it's not where it's publically visible). Beyond that, and given I don't have a sensitive position of major decision-making or handling large sums or sensitive data, do I need to worry that much? I mean, my tendency is definitely to worry, I'm just wondering if I really need to :p

    About using random-generated passwords from now on, yes, that is part of the goal in this reorganization I am trying to do. The reason I didn't start with that is I was working under the generally valid principle that you organize first, THEN implement new solutions, because implementing new solutions in a disorganized body of data/institution/whatever is not only doomed to fail, but bound to create more complications and disorganization. I just wish I'd started by compiling an actual list of all the accounts - even an old-school handwritten one! I guess I thought I'd kill two birds with one stone by entering them into KA.

    Thanks for the idea about the reminders! I will definitely be on the lookout for those, although I'm not too hopeful on birthday emails because as I said I generally don't give a birthday unless I absolutely have to. BUT this gave me another idea: newsletters. I get a ton, and I've been meaning to do a big unsubscribing purge, but I didn't get around to it so this could be a good way to catch a few more I may have missed!
     
  9. 2012Tony2012 macrumors 6502a

    2012Tony2012

    Joined:
    Dec 2, 2012
    #9
    My heart aches for you, I have complete empathy for you, however, it seems they are lost and you may need to live and learn from it.

    Every single password I use for anything is stored in an App called Moxier Wallet and I have created multiple encrypted backups of the Moxier Wallet database onto different mediums, even storing a copy off site.. May I suggest you do the same.

    God bless.
     
  10. flynz4 macrumors 68040

    Joined:
    Aug 9, 2009
    Location:
    Portland, OR
    #10
    It sounds like you were fairly prudent, and have your head screwed on straight. I think you have little to worry about... just plug forward even though you need to re-do a lot of work.

    /Jim
     
  11. roisin and mac thread starter macrumors 6502

    Joined:
    Feb 3, 2008
    #11
    OMG, thanks! I do feel a bit more sanguine now with a few days between me and the crisis, especially since I've been remembering lots and lots of the websites where I'd created accounts, amazingly enough! I'm actually really surprised. I even recalled the name of a site where I bought some bangle bracelets back in like, 2006 or '07! Crazy :)

    I don't mind a lot of work, it's okay, I knew it was gonna be a whale of a project right from the get go. I just wish I'd been more patient and waited to get started on it only when I was totally sure I'd be able to sit down and work on it with no interruptions until I was done. And that I'd kept a running list. Next time I even touch the password stuff, I will be sure to do both. And Tony, thanks for the Moxier Wallet recommendation; it sounds like a great alternative to 1Password

    Thanks for the support you guys! It honestly made a big difference. Sometimes with areas where you know a little but it's all patchy and uneven, having someone boost your confidence is more than half the battle :eek: :apple:

    As a token of my appreciation here's a photo of a cat's feet seen through a scanner - hope it makes you laugh :) I would send you cookies but aside from not knowing your addresses I also can't bake so much as a frozen pizza, so that would be a non-starter :p
     
  12. roisin and mac thread starter macrumors 6502

    Joined:
    Feb 3, 2008
    #13
    no problem :)
     

Share This Page