He mentions password managers in the video but doesn't go into specifics about them. Does anyone have suggestions for the most trustworthy password managers out there?
Can't help but feel like googling this question wouldn't result in anything spectacular.
[QUOTE=Artix3;50750818]He mentions password managers in the video but doesn't go into specifics about them. Does anyone have suggestions for the most trustworthy password managers out there?
Can't help but feel like googling this question wouldn't result in anything spectacular.[/QUOTE]
I use KeePassX, works pretty great. I hear Lastpass is also great.
[QUOTE=Artix3;50750818]He mentions password managers in the video but doesn't go into specifics about them. Does anyone have suggestions for the most trustworthy password managers out there?
Can't help but feel like googling this question wouldn't result in anything spectacular.[/QUOTE]
Keepass and lastpass are the two major ones.
KeePass is 100% free and opensource but has a very basic ui
Lastpass has a better UI and has a 12$/year premium subscription for more features ft. syncing across multiple devices.
[QUOTE=Jelman;50751050]Lastpass has a better UI and has a 12$/year premium subscription for more features ft. syncing across multiple devices.[/QUOTE]
Jokes on them, I have my keydb in my dropbox :v:
Question for people who use password managers: what do you do if you need to login to an account from a computer you don't have control over e.g. a friend's PC, work PC, etc.
[QUOTE=Trumple;50751201]Question for people who use password managers: what do you do if you need to login to an account from a computer you don't have control over e.g. a friend's PC, work PC, etc.[/QUOTE]
Download the password manager and the ~8kb file with passwords and log in.
[editline]21st July 2016[/editline]
Most of the time I just type them out using my phone or computer to see the password
[QUOTE=gokiyono;50751208]Download the password manager and the ~8kb file with passwords and log in.
[editline]21st July 2016[/editline]
Most of the time I just type them out using my phone or computer to see the password[/QUOTE]
That sounds like a pain
[QUOTE=Trumple;50751235]That sounds like a pain[/QUOTE]
The price you pay for security.
I had my email's password be the same as one used on a forum that got hacked.
Russians got in and changed a few things, although thankfully i caught it quick and booted them out.
Being lazy with passwords is an easy way to get fucked over
[QUOTE=Artix3;50750818]He mentions password managers in the video but doesn't go into specifics about them. Does anyone have suggestions for the most trustworthy password managers out there?
Can't help but feel like googling this question wouldn't result in anything spectacular.[/QUOTE]
I use KeePassX, like others in this thread. I keep the database on my Dropbox, which allows me to sync it between all of my devices, and I encrypt it using a password and a keyfile, which is kept not on Dropbox. It's cross-platform and everything so it works absolutely fine on Linux, Windows, Android, you name it.
I used to use Lastpass which I believe is still totally secure, but it was bought out by LogMeIn and I have no idea what changes they will make behind the scenes at a later date to make it more or less secure, so I decided to jump ship. You get cool features there like more 2FA solutions and cloud syncing.
[editline]21st July 2016[/editline]
When generating passwords I need to remember, I use this:
[url]http://world.std.com/~reinhold/diceware.html[/url]
Then I use dice yet again to randomly select random words and random characters in those words, and then swap those with a random character. I believe this to make very secure passwords. Even if somebody knows the word list I'm using, they're going to have a very hard time guessing the password, because:
[quote]If someone knows that I am using Diceware, can't they just use the word list to search for my passphrase?
The Diceware method is secure even if an attacker knows that you used Diceware to pick your passphrase, knows how many words are in your passphrase and knows the word list you used. The security of Diceware comes from the huge number of combinations that an attacker must search through even with that knowledge . The Diceware word list contains 7776 words, so if you pick a five-word passphrase, there are 7776 x 7776 x 7776 x 7776 x 7776 combinations. That is over 2**64 (2 to the 64 power or 2.6 X 10**19) possibilities. A six word Diceware passphrase confronts an attacker with 2**77 (2 X 10**23) combinations; seven words 2**90 (1.5 X 10**27).[/quote]
and on top of that, they will need to account for the totally random characters I substituted with no way to deduce which characters I swapped for what.
[editline]21st July 2016[/editline]
Also I admit I break a big rule: I reuse certain passwords. I have a common "I don't give a shit" password that I use for bullshit that isn't important, like random websites I stumble across and need to make an account to see a stupid download link or whatever. None of these are ever shared with important accounts so if those passwords get compromised it really matters little because it's only for throwaway accounts to dumb sites.
Use the correct horse battery approach and translate all words in different languages.
[QUOTE=Trumple;50751235]That sounds like a pain[/QUOTE]
Just copying it isn't that much of a pain. (And even installing the program wouldn't either. Plus I could just have it on a USB drive.)
One of the passwords I use (for a more obscure site) is this one: [I],hNNQ#;6)}%l*`OiT(b+`bIuC[/I], which isn't really that hard to type from my phone or something.
Though I've probably only done this once, normally I wouldn't be too keen on logging in on someone else's computer. And I would have KeePassX on a work computer anyways
[QUOTE=Artix3;50750818]He mentions password managers in the video but doesn't go into specifics about them. Does anyone have suggestions for the most trustworthy password managers out there?
Can't help but feel like googling this question wouldn't result in anything spectacular.[/QUOTE]
[URL="http://keepass.info/"]KeePass[/URL] is the standard for self contained mangers and is about the safest you can get and still have a manger. It's always worth it to have a copy as a backup in nothing else.
[URL="https://lastpass.com/"]LastPass[/URL] is for ease of use and comfort with built in functionality for browsers, it will automatically fill in usernames and passwords for you and/or save them per site as new ones are made. Also comes with a built in random password generator and supports up to 100 characters, which is more than enough if you're using all available character types. It's been a long time since I've looked, so I'm not certain about KeePass, but you can also export and then important all of your information from LastPass [I]into[/I] KeePass, which is nifty. It also has a desktop version that can act self contained if you want it to, although you'd be better off exporting and importing into KeePass at that point. You're not likely to use any of the paid features as everything important is free already.
As for security concerns about LP (since it's being accessed online), [URL="https://facepunch.com/showthread.php?t=1471132&p=47972965&viewfull=1#post47972965"]refer to this post on the matter[/URL].
I use both because they serve different functions. And manually slogging through the thousands of usernames and passwords I've put in KeePass is too much of a bitch every time I want to go on the internet—LastPass for the internet, KeePass for a backup and when I want to keep something extra secure.
[QUOTE=kaskade700;50751406]Use the correct horse battery approach and translate all words in different languages.[/QUOTE]
wouldn't it be safer to translate only one word into another language?
[QUOTE=Mining Bill;50751764]wouldn't it be safer to translate only one word into another language?[/QUOTE]
Translate all words into different languages.
Easiest method IMO is pick a song you know, select a long verse of lyrics from the song, and then use the first letter of every word. Like NGTGYUNGTLYDNGTRAAHY
Very easy to remember, is complete gibberish, and makes an exceedingly long password. For extra security you could always put a symbol of your choice at some random iteration as well just to make sure somebody can't just run some sort of lyric-searching algorithm (if you're really paranoid about cracking)
[QUOTE=gokiyono;50750824]I use KeePassX, works pretty great. I hear Lastpass is also great.[/QUOTE]
[QUOTE=Jelman;50751050]Keepass and lastpass are the two major ones.
KeePass is 100% free and opensource but has a very basic ui
Lastpass has a better UI and has a 12$/year premium subscription for more features ft. syncing across multiple devices.[/QUOTE]
[QUOTE=SGTNAPALM;50751262]I use KeePassX, like others in this thread. I keep the database on my Dropbox, which allows me to sync it between all of my devices, and I encrypt it using a password and a keyfile, which is kept not on Dropbox. It's cross-platform and everything so it works absolutely fine on Linux, Windows, Android, you name it.[/QUOTE]
[QUOTE=Axznma;50751597][URL="http://keepass.info/"]KeePass[/URL] is the standard for self contained mangers and is about the safest you can get and still have a manger. It's always worth it to have a copy as a backup in nothing else.[/QUOTE]
Wow, didn't expect so many responses. I'll probably take a look at KeePassX, thanks for the advice!
Sorry, you need to Log In to post a reply to this thread.
