Password Managers

A place to discuss everything else
User avatar
dfw_pilot
Site Admin
Posts: 2457
Joined: Sat Jan 28, 2017 3:19 pm
Location: DFW Metroplex
Grass Type: Bermuda
Lawn Size: 5,000 ft²
Mower: Sigh, back to rotary.
Contact:

Password Managers

Post by dfw_pilot » Mon Jun 25, 2018 8:46 pm

I wrote this elsewhere but wanted to post it here at TLF. It dovetails with Ware's post about World Password Day.

Password Managers

I want to give a shout out to using a password manager. Ye olde days of using junk passwords like “qeadzcwrsfxv1331” and “dadof3g8kids” just isn’t going to cut it in today’s online world, especially now that hackers use computers that can brute force guesses at 8 billion guesses per second. (Those two passwords mentioned were cracked in a matter of minutes)

Strong Passwords

A few years ago, I would have thought that dadof3g8kids would have been just fine. However, with today’s cracking programs like Hashcat, the assault is on. Crackers today have lots of weapons, like dictionary lists, rainbow tables, and more importantly, millions of cracked passwords to make better guesses. People who use their own simple systems like a decent base password and then add something to the front, like adding amzn in front of Jimmy1995!@ for their Amazon password are tempting fate. Worse, if Amazon sends out a notice that a password change is required, what will the new one be? “1-amznJimmy1995!@“? Good luck trying to remember that.

On the front end, most web sites will only allow a few login attempts before a user is locked out. These programs that make billions of guesses per second are not working on the front end. They are attacking the password file that was stolen from a web site (like Linkedn, HomeDepot, Target, RockYou) and then bombard it with guesses. Ars Technica got a hold of a password file that had 16,000 passwords in it, and even though it was hashed with MD5, three experts were able to grab most of the passwords in less than a day. One was able to get 90% of them in less than 24 hours.

My unsolicited advice is to spend a few hours and get setup with a password manager, to take your passwords from “letmein3” to: “2PcaP[Hhxhy8f#wTYQkWRe43Gt8”. With a password manager, you only have to remember your one, master password to open the system, and then it stores, saves, and automatically fills in your long, computer generated, RANDOM passwords into your browser when needed. I don’t know my TLF, Gmail, Amazon, Apple, Chase, or Wells Fargo passwords (well, I could look them up in the program) I just know my master password.

Defense

Using a password manager will help defend against three big threats today. 1) Password Reuse across multiple sites, 2) Generating strong passwords, and 3) Keeping passwords safe and organized.

Password reuse is probably the biggest problem people get into with passwords. They use a so-so password when they sign up for an account at CuteKittenVideos.com and then use the same password at Gmail or Amazon. The web admins at the kitten site don’t take security too seriously and only hash (obscure) the passwords with something like MD5 or SHA1, which are outdated algorithms to keep passwords hidden from plain text. When that password file gets stolen, all the cracked passwords get added to the list of known passwords and hackers go to town on other sites using the same credentials. Do yourself a huge favor and never use the same password across any site. You are asking for trouble if you do. A password manager will help with this.

Strong Passwords are hard to remember and even harder for humans to think of. We are creatures that are anything but random and do things like add capitalization to the first letter in a password and add numbers and symbols to the end of our passwords. Or, we add numbers to replace letters and use common words placed together in logical order (so we can remember it). We end up with junk passwords like “n3xtb1gth1ng” or “1368555av” that get cracked in a matter of minutes when data from a site is stolen. A password manager will prevent this, too. Generating a strong password is a breeze when using a manager.

Safe and organized, complicated passwords need to be handled with care. They need to be easily accessible, and synced across our devices. The more seamlessly they are integrated into our daily flow, the more likely they will be used. Strong passwords are useless if they aren’t put to use because they are in a complicated system that doesn’t work. Password managers will solve this.

Recommendation

I like and use 1Password but I know a lot of people like LastPass as well. Those would be my two recommendations as a place to start. Both work cross platform and cross device. Both also have options to access your data if you are away from your phone/computer and need to log into your bank, for example.

Master Password

The achilles heel of a manager would be the master password you select to secure it. If you read nothing else, read THIS on how to make a secure password. I use Diceware because it’s simple, random, easy to remember, and combines the ideas that link talks about. You roll a die five times and get a number, like 21114 which corresponds to a word on the Diceware list as: climb. Do that several times and you’ll have four or five truly random words that can be separated by spaces that make a very secure password that is easy to remember. "climb hull fjord wailful harpoon". Understanding this stuff is more about math than intuition and increased security comes from adding entropy to your password, not more characters. Adding a fifth word to a four word Diceware password adds much more entropy to a password than a few characters like %$#.

Today’s encryption for protecting passwords in password managers is stunningly good, like AES 128 and AES 256. With a strong master password with AES 256 encryption and all of today’s computing power combined, it would take around 6,000 times the age of the Universe to brute force into your manager. Software wise, you are safe. At this point, if a three letter government agency wants your data, a hammer to your family’s heads is faster and easier, but the point is the encryption, for now, is good. For hackers, it's much easier to simply ask you for your password than try to brute force attack their way into your system. Don't fall for phishing scams or leave your password manager unlocked while away from your computer. Certainly don't click on links from your e-mail account; go to the source website and log in from there.

MFA

I want to put a word out on securing your e-mail, especially with MFA (Multi Factor Authentication). You can read here about Matt Honan’s epic hack where he lost years worth of family pictures and lots of his digital life, all because he didn’t use MFA (he was and is a password manager user). If you secure any password at all with a manager, please do yourself a huge favor and protect your e-mail password. I would argue that it’s almost better to protect your (Gmail) account more than your bank account. Why? Because so many of your online accounts, banks or otherwise, use your e-mail in terrible password recovery methods. If you lose access to your e-mail via hacking, the attacker can reset almost anything else in your digital life, and then you are completely hosed. A strong password is a great step, but combined with MFA it's even better.

Gmail, and others, offer MFA where you need two things (the multi part) to log in: something you have, and something you know. The something you know is your password. The something you have would be a token with a code on it. This would be on your phone with TOTP protocol, like Google Authenticator, or built into programs like 1Password, or a text message code. You are probably familiar with TOTP because that’s what runs the six digit codes on the little tokens you get from a bank. With MFA enabled on your account, even if someone hacks your password, they don’t have the “something you have” the TOTP code on your phone, or the text message that is sent to your phone. So, when logging in, you are asked for your password and your code and you are ahead of 90% of everyone else in securing your account. In the case of Gmail and probably others, it only asks for your code when you log in from an untrusted computer (you aren’t in Romania today?) or every 30 days. The inconvenience factor is tiny, but the payoffs are huge. MFA truly works and is trusted by banks: think debit card plus pin number. The pin is only 4 digits, but without both the card and the pin, your money is safe. Here is a nice list of sites that use MFA to secure their access.


Tip

Finally, here is a (semi)pro tip on those stupid account security questions. Most of the answers to these questions about you can be found online. Your mother’s maiden name, high school mascot, first child’s name, etc. are terrible questions. With a password manager, the answers to all these questions for me are gibberish. We honeymooned in KDhRJWBbWmvGhoKiXhFY and my first car was a EoRBNemksMUZbckyxpyn. Password managers make this a snap and easily prevents someone from trying a reset based on simple information found on Google. Plus, it saves me trying to remember the inane answer of my favorite restaurant: was it Jimmy’s, jimmies, Jimmy . . . crap, I’m locked out.

Links

For further reading, information, and education:

Passwords under assault

Crackers make minced meat out of your passwords

Password Managers
The Bermuda Triangle | Sprayer Wand | Invest for Retirement | PWS
- A clear conscience is a great pillow -

User avatar
pennstater2005
Moderator
Posts: 4937
Joined: Mon Jul 17, 2017 6:16 am
Location: Western PA
Grass Type: Northern Mix
Lawn Size: 15,000 sq ft
Mower: Husqvarna YTH18K46

Re: Password Managers

Post by pennstater2005 » Mon Jun 25, 2018 9:13 pm

@dfw_pilot Which one would be easier to access when away from your computer or phone? I find that happens to me a fair amount.
"Perfection, like infinity, is unobtainable, even at places like Augusta. It's the journey toward the goal that holds all the fun, joy, and reward." - dfw_pilot

Lawn Fertilizer Calculator

Credit

User avatar
dfw_pilot
Site Admin
Posts: 2457
Joined: Sat Jan 28, 2017 3:19 pm
Location: DFW Metroplex
Grass Type: Bermuda
Lawn Size: 5,000 ft²
Mower: Sigh, back to rotary.
Contact:

Re: Password Managers

Post by dfw_pilot » Mon Jun 25, 2018 9:19 pm

1Password has a Dropbox option where you can login to your Dropbox account and access your passwords that way.

I think LastPass is web based, so it might be easier but @Ware could speak to that because he uses it.

Forgot to mention that 1Password also has a subscription plan that is accessible via the web. There are also other managers that are meant to go on a USB (or hack one yourself) that you could carry with you.
Last edited by dfw_pilot on Mon Jun 25, 2018 9:21 pm, edited 1 time in total.
The Bermuda Triangle | Sprayer Wand | Invest for Retirement | PWS
- A clear conscience is a great pillow -

User avatar
Ware
Site Admin
Posts: 8222
Joined: Fri Jan 27, 2017 10:56 pm
Location: Alma, Arkansas
Grass Type: Bermuda
Lawn Size: 7,500 sq ft
Mower: Toro GM1600
Contact:

Re: Password Managers

Post by Ware » Mon Jun 25, 2018 9:28 pm

Yes, LastPass is web based. I have only used it on my own/work computers, but I'm pretty sure you could log into your "Vault" from any computer. On my computers I use their browser extensions that let you autofill the username/password fields...

Image

User avatar
pennstater2005
Moderator
Posts: 4937
Joined: Mon Jul 17, 2017 6:16 am
Location: Western PA
Grass Type: Northern Mix
Lawn Size: 15,000 sq ft
Mower: Husqvarna YTH18K46

Re: Password Managers

Post by pennstater2005 » Mon Jun 25, 2018 9:46 pm

dfw_pilot wrote:
Mon Jun 25, 2018 9:19 pm
1Password has a Dropbox option where you can login to your Dropbox account and access your passwords that way.

I think LastPass is web based, so it might be easier but @Ware could speak to that because he uses it.

Forgot to mention that 1Password also has a subscription plan that is accessible via the web. There are also other managers that are meant to go on a USB (or hack one yourself) that you could carry with you.
I like the Dropbox option. I need to get into one of these password managers. I do use similar passwords for multiple websites which I shouldn't be doing. Safari has it's own password manager that prompts me every once in awhile to use it. I'm not sure how good it would be. And, again if I was on anything but one of my connected Apple devices I wouldn't be able to login.
"Perfection, like infinity, is unobtainable, even at places like Augusta. It's the journey toward the goal that holds all the fun, joy, and reward." - dfw_pilot

Lawn Fertilizer Calculator

Credit

User avatar
samjonester
Posts: 496
Joined: Sat May 12, 2018 9:11 pm
Location: Cherry Hill, New Jersey
Grass Type: F: Bermuda B: TTTF + KBG
Lawn Size: 8500
Mower: Honda HRR

Re: Password Managers

Post by samjonester » Mon Jun 25, 2018 10:23 pm

I use lastpass. It's got mobile support, browser extensions, and a website that you can log in on any machine with. 1password is a very strong choice as well. Just pick one and use it. You can't go wrong.

Outside of storing passwords, password managers make it super easy to generate strong passwords. This is more important than storing them in a vault IMO.

Your bank account is only as secure as the random junk site where you used the same login credentials. NEVER use the same credentials for multiple sites, because it's a complete crapshoot that every site you visit securely stores your credentials.

I'm a software consultant, so I know just how terrible security can be when people are allowed to make decisions that let them to "go faster".
Last edited by samjonester on Mon Jun 25, 2018 10:23 pm, edited 1 time in total.
2018 Backyard Reno:
90% TTTF - Rebounder, Firewall, LS1200, Houndog 8
10% KBG - Midnight, Award, Granite, Nuglade

Sam's NJ Bermuda Adventure
Let's see if I can make this wild bermuda lawn look good up north!

User avatar
pennstater2005
Moderator
Posts: 4937
Joined: Mon Jul 17, 2017 6:16 am
Location: Western PA
Grass Type: Northern Mix
Lawn Size: 15,000 sq ft
Mower: Husqvarna YTH18K46

Re: Password Managers

Post by pennstater2005 » Tue Jun 26, 2018 7:11 am

I need to do this. It seems a bit overwhelming. Honestly, I tried LastPass once and couldn't figure it out for mobile and ending up just losing the $12 a year or whatever it was.
"Perfection, like infinity, is unobtainable, even at places like Augusta. It's the journey toward the goal that holds all the fun, joy, and reward." - dfw_pilot

Lawn Fertilizer Calculator

Credit

User avatar
Richard Slater
Posts: 80
Joined: Fri Aug 25, 2017 10:45 am
Location: Brighton, United Kingdom
Grass Type: Cool Season: 1xPRG, 1xKBG
Lawn Size: 50m²
Mower: Bosch 38cm Reel Mower

Re: Password Managers

Post by Richard Slater » Tue Jun 26, 2018 7:18 am

I personally use KeePass formatted databases and various clients for iPhone, Android, Windows and Mac.

My rationale for doing this, much like simple origami, is two-fold:

1) KeePass gives me access to brute force resilient memory-hard algorithms such as Argon2.
2) I have many clients, and thus an obligation to maintain a security boundary between clients.

I also heavily use my YubiKey for MFA as it allows the cryptographic material to be stored away from my phone, it's physically attached to my keys.

User avatar
Ware
Site Admin
Posts: 8222
Joined: Fri Jan 27, 2017 10:56 pm
Location: Alma, Arkansas
Grass Type: Bermuda
Lawn Size: 7,500 sq ft
Mower: Toro GM1600
Contact:

Re: Password Managers

Post by Ware » Tue Jun 26, 2018 8:27 am

pennstater2005 wrote:
Tue Jun 26, 2018 7:11 am
...I tried LastPass once and couldn't figure it out for mobile and ending up just losing the $12 a year or whatever it was.
Mobile use was the most difficult part of my transition to LastPass. It was a little cumbersome to exit whatever browser/app I was using to go get the the password I needed from the LastPass app, but then I figured out they also have an extension for the mobile versions of Chrome and Safari. With Apple Touch ID enabled it works pretty well.


User avatar
pennstater2005
Moderator
Posts: 4937
Joined: Mon Jul 17, 2017 6:16 am
Location: Western PA
Grass Type: Northern Mix
Lawn Size: 15,000 sq ft
Mower: Husqvarna YTH18K46

Re: Password Managers

Post by pennstater2005 » Tue Jun 26, 2018 8:40 am

Ware wrote:
Tue Jun 26, 2018 8:27 am
pennstater2005 wrote:
Tue Jun 26, 2018 7:11 am
...I tried LastPass once and couldn't figure it out for mobile and ending up just losing the $12 a year or whatever it was.
Mobile use was the most difficult part of my transition to LastPass. It was a little cumbersome to exit whatever browser/app I was using to go get the the password I needed from the LastPass app, but then I figured out they also have an extension for the mobile versions of Chrome and Safari. With Apple Touch ID enabled it works pretty well.

Thanks! I’ll have to watch that later. I need to use a password manager. I have a fair amount of sensitive information on various websites and I have poor password protection currently.
"Perfection, like infinity, is unobtainable, even at places like Augusta. It's the journey toward the goal that holds all the fun, joy, and reward." - dfw_pilot

Lawn Fertilizer Calculator

Credit

User avatar
jonthepain
Posts: 306
Joined: Sat May 05, 2018 1:06 pm
Location: Raleigh NC
Grass Type: Zeon, Bermuda, Centipede
Lawn Size: 20k
Mower: 1984 Honda CB700SC
Contact:

Re: Password Managers

Post by jonthepain » Tue Jun 26, 2018 8:45 am

I've been using lastpass for a few years now. It's ok. I'd look around for a new one, but don't really have time to research and learn a new app

Certainly a whole hell of a lot better than no pword manager at all.

One plus is that I've had my 21 yr old memorize my master password, so if something happens to me, they can find all of my financial accounts etc and log in to them effortlessly.

User avatar
Ware
Site Admin
Posts: 8222
Joined: Fri Jan 27, 2017 10:56 pm
Location: Alma, Arkansas
Grass Type: Bermuda
Lawn Size: 7,500 sq ft
Mower: Toro GM1600
Contact:

Re: Password Managers

Post by Ware » Tue Jun 26, 2018 9:15 am

jonthepain wrote:
Tue Jun 26, 2018 8:45 am
One plus is that I've had my 21 yr old memorize my master password, so if something happens to me, they can find all of my financial accounts etc and log in to them effortlessly.
Another nice feature LastPass offers is they allow you to set up "People I Trust" that can access the account in the event of an emergency. When a trusted contact requests emergency access to your vault, they have to wait for the period of time you specify before being allowed access. During that time window, you can decline their request to access your vault. The wait time options are:

Immediately
3, 6, 12, 24, or 48 hours
3, 7, 14, 21, or 30 days

They also have a LastPass Family option where you can set up multiple users and share passwords for common accounts.

User avatar
jonthepain
Posts: 306
Joined: Sat May 05, 2018 1:06 pm
Location: Raleigh NC
Grass Type: Zeon, Bermuda, Centipede
Lawn Size: 20k
Mower: 1984 Honda CB700SC
Contact:

Re: Password Managers

Post by jonthepain » Tue Jun 26, 2018 2:35 pm

didn't know that, thx

IaHawk
Posts: 43
Joined: Sat Apr 28, 2018 9:38 pm
Location: Iowa
Grass Type: KBG and Perennial Rye
Lawn Size: 7500 sq ft
Mower: Honda HRR216K10VKAA

Re: Password Managers

Post by IaHawk » Tue Jun 26, 2018 10:20 pm

I use Lastpass but you can't go wrong with 1Password either. What you need to focus on is making sure you have a unique password for each account AND most importantly, setup MFA when possible. I work for an IT consulting firm and the number of account compromises we have seen this year due to user's getting their credentials phished (entered their username/password into a fake website) is skyrocketing. If they would have had MFA setup, the attackers would not have been able to access their account.

Just take a Saturday morning, get a cup of coffee and spend a few hours on it. You will feel so much better! And not trying to hijack a thread but I do the same for backups! I still have a external HD I backup to with Time Machine but I also use a cloud backup service... backblaze.com.

User avatar
Colonel K0rn
Posts: 2583
Joined: Tue Jul 04, 2017 1:48 am
Location: Rincon, GA (near Savannah)
Grass Type: Royal Bengal Bermuda
Lawn Size: 13k
Mower: Toro GM Flex 21
Contact:

Re: Password Managers

Post by Colonel K0rn » Wed Jun 27, 2018 12:15 am

Ware wrote:
Tue Jun 26, 2018 8:27 am
pennstater2005 wrote:
Tue Jun 26, 2018 7:11 am
...I tried LastPass once and couldn't figure it out for mobile and ending up just losing the $12 a year or whatever it was.
Mobile use was the most difficult part of my transition to LastPass. It was a little cumbersome to exit whatever browser/app I was using to go get the the password I needed from the LastPass app, but then I figured out they also have an extension for the mobile versions of Chrome and Safari. With Apple Touch ID enabled it works pretty well.

Thank you for posting this. The browser in the LastPass iOs app sucks, so I'm so glad that you posted this.

On an aside, I was actually talking to Ware about the fact that I was glad that he and @dfw_pilot made the thread a couple of months ago. I switched over, and it does take a while to add everything to LastPass, but feel much better knowing that I have a lot more of my accounts switched over (all the important ones).

I received an email 12 days ago from My Heritage where I had done some genealogy research for my family, and I created an account there last year. There was a breach in their security where over 92 MILLION user email addresses and hashed passwords were found offsite... not a small breach. But I was glad that I had already taken steps to secure my logins.

That being said, it's not a matter of "if" you'll have an account compromised, but "when". Take precautions.
I tend to edit because I forgot to put something in my post.
CK's 2017 Reno thread
CK's Lawn Journal

User avatar
Noclssgt
Posts: 69
Joined: Thu Apr 05, 2018 7:44 pm
Location: Cincinnati
Grass Type: Tall fescue
Lawn Size: .46 acre
Mower: Husq. yth22v42, Toro Recycler
Contact:

Re: Password Managers

Post by Noclssgt » Fri Jun 29, 2018 8:56 am

I too have been using lastpass for a few years, I also use duo for 2fa to keep the account safe.
Honestly, i have no idea what my passwords are because i rotate them out and have lastpass create new passwords for me (usually 15-18 characters). I started using it for creating VPN tunnel preshared keys as well...which makes it fun when the other side wants to exchange the key over the phone, l

User avatar
dfw_pilot
Site Admin
Posts: 2457
Joined: Sat Jan 28, 2017 3:19 pm
Location: DFW Metroplex
Grass Type: Bermuda
Lawn Size: 5,000 ft²
Mower: Sigh, back to rotary.
Contact:

Account Fraud

Post by dfw_pilot » Sat Dec 08, 2018 11:17 am

Bumping this thread back up to share some fraud incidents I've had the past few days.

I'm not sure I'm out of the woods yet. It started with PayPal alerting me of a fraudulent expense. Then I noticed a large charge to my credit card with Amazon. I tried to log into my Amazon account, and I couldn't because the password had been changed! PayPal, Amazon, and Chase are all investigating while I get a new credit card, and Chase has notified all three credit bureaus.

I use a password manager, and I have two-factor authentication turned on for PayPal, Amazon, Gmail, and Chase uses their own two-factor system. The point here, is to be extra vigilant, even when using strong passwords and multi-factor authentication, like TOTP.

Then I noticed that my Gmail account had been accessed. The sneaky hacker somehow gained access to my Gmail account. Even with a strong password and 2FA, they got in. What they did was set up several filters. They set these filters up to delete from my inbox anything from PayPal, Amazon, Target, and a few other places. This prevented me from immediately seeing any activity from those vendors. I noticed these filters, scanned my trash, and saw a bunch of unread e-mail in my trash from those companies. I feel violated. Here's a picture of my Google history inside my Gmail account that wasn't me. Look at what they were searching for:

Image

I don't share my passwords or click links in e-mail to get to sites like Gmail or Amazon, and I certainly don't enter my one time password (TOTP) into forms except the site I'm logging into. I travel a lot, and I wonder if I was exposed to a Man-In-The-Middle attack (MITM) at some point. Possibly a hotel or Starbucks WiFi? I'm still not sure. However, because I use a password manager, it was effortless to change passwords. I hope that's the end of it, but we'll see. I'm on pins and needles now. Every morning I wake up I wonder if I'll have more e-mail alerting me to account access or fraudulent spending.

So be careful out there, and check your spam/trash/filters in your e-mail account regularly. Change your passwords regularly, even if you use a password manager with strong passwords. This all hammers home the idea that your e-mail account needs to be as safe or safer than your bank account, because gaining access to that allows hackers to do a lot of damage across lots of accounts.

Finally, I'm waiting to hear from Amazon as to how my account password was changed. It's very possible that with access to my e-mail, it was changed easily. It's also possible the hacker simply called them on the phone and sounded legit. In the end, we do what we can, and trust technology and corporate policy to keep us safe. Beyond that, there isn't much else to do.
The Bermuda Triangle | Sprayer Wand | Invest for Retirement | PWS
- A clear conscience is a great pillow -

User avatar
pennstater2005
Moderator
Posts: 4937
Joined: Mon Jul 17, 2017 6:16 am
Location: Western PA
Grass Type: Northern Mix
Lawn Size: 15,000 sq ft
Mower: Husqvarna YTH18K46

Re: Password Managers

Post by pennstater2005 » Sat Dec 08, 2018 7:05 pm

@dfw_pilot That's pretty scary.
"Perfection, like infinity, is unobtainable, even at places like Augusta. It's the journey toward the goal that holds all the fun, joy, and reward." - dfw_pilot

Lawn Fertilizer Calculator

Credit

User avatar
g-man
Moderator
Posts: 8594
Joined: Wed Jun 14, 2017 10:32 pm
Location: Fishers, IN
Grass Type: Front: NoMix Back: Bewitched
Lawn Size: 5678
Mower: John Deere 220E

Re: Password Managers

Post by g-man » Thu Dec 13, 2018 7:06 pm


User avatar
dfw_pilot
Site Admin
Posts: 2457
Joined: Sat Jan 28, 2017 3:19 pm
Location: DFW Metroplex
Grass Type: Bermuda
Lawn Size: 5,000 ft²
Mower: Sigh, back to rotary.
Contact:

Re: Password Managers

Post by dfw_pilot » Thu Dec 13, 2018 8:19 pm

That is interesting. I’m going to look into using a USB key on my travel laptop. My “hack” occurred when I was asleep, but I have had a program that checked my Gmail each minute. I’ve since disabled it.
The Bermuda Triangle | Sprayer Wand | Invest for Retirement | PWS
- A clear conscience is a great pillow -

Post Reply