Pages:
Author

Topic: [GUIDE] How to Create a Strong/Secure Password - page 3. (Read 2930 times)

jr. member
Activity: 187
Merit: 3
Just use a password generator and for example Last Pass to remember all the login and passwords.
It is the safest option.
legendary
Activity: 2324
Merit: 1604
hmph..
Suggestion formulas to create passwords easy to remember

1. last/first 2-3 character of fave goods near you and write with capslock (ball, chair, laptop, etc)
2. last/first 2 digits year for a memorial moment (graduation, resigned, etc)
3. Symbol (choose your favorites)
6. Number of your favorites players on football (caps/low)
7. initial of your fave players
8. end with two symbols (different symbol)
9. another initial for players mix low and caps lock

Example:
Goods: Ball, memorial years: 1991, Fave symbols: %, Fave players number: 03, Initial: mdn (for Paolo Maldini), another 2 symbols: !, another initial, pOl

Passwords you can create like this:
BAL91%03mdn!&pOl

I hope it will be work for you guys. because it works for me  Grin
legendary
Activity: 2506
Merit: 1394
Having a password generator or a password application is not a safe option for anyone to have.
The good thing on using some password application is the management. Like how you manage your passwords, especially you have multiple accounts on a different website and you are required to log in most of the time. Using password managers helps you to organize your different account  and I find it also safe since some password managers have their 'master key' or password for the password database or before you can open the application, one example is KeePass.

If you have Notepad++ (Most people have that program pre-installed in their computer) you should just mash long keywords on your keyboard so you could copy and paste whatever you wrote on there and use that as your password for your Bitcoin or Altcoin wallet. Save that file then encrypt it.

You should always encrypt all of your password files inside of a .rar file or something similar to it.
This is good way also since it is encrypted, but I find it not convenient, since it's just a normal txt file and once you already decrypred the file and open the txt file, it will show all your all plain passwords w/out masked then it is prone to Shoulder surfing.
sr. member
Activity: 364
Merit: 252
CryptoTalk.Org - Get Paid for every Post!
Hello everyone, I found another alternative for KeePass Password manager.

Password Safe
They are also look a like KeePass.
Open-source software and totally FREE also.


Password Safe has also for android phones PasswdSafe - Password Safe and also available in appstore pwSafe - Password Safe Just visit their website for more information.
Having a password generator or a password application is not a safe option for anyone to have. If you have Notepad++ (Most people have that program pre-installed in their computer) you should just mash long keywords on your keyboard so you could copy and paste whatever you wrote on there and use that as your password for your Bitcoin or Altcoin wallet. Save that file then encrypt it.

You should always encrypt all of your password files inside of a .rar file or something similar to it.
legendary
Activity: 2506
Merit: 1394
Hello everyone, I found another alternative for KeePass Password manager.

Password Safe
They are also look a like KeePass.
Open-source software and totally FREE also.


Password Safe has also for android phones PasswdSafe - Password Safe and also available in appstore pwSafe 2 - Password Safe Just visit their website for more information.
legendary
Activity: 2506
Merit: 1394
Interesting video on how password managers work, wanted to share: https://www.youtube.com/watch?v=w68BBPDAWr8
Thanks for the video, I watched it and he really explained it well detail by detail. Also heard that he told that using a password manager is not quite risky at all.
full member
Activity: 168
Merit: 214
WhoTookMyCrypto.com
Interesting video on how password managers work, wanted to share: https://www.youtube.com/watch?v=w68BBPDAWr8
legendary
Activity: 2506
Merit: 1394
Just to add to what is already here, another alternative password manager to generate and store passwords is Lastpass
Thanks for the additional, but I found this password manager is not open-sourced software and they have pricing, which you can avail their premium products. For me, I don't want to pay for this kind of software, it's just password manager, there is a lot of other software which is totally free and open source.
member
Activity: 893
Merit: 43
Random coins :)
Great guide!

Just to add to what is already here, another alternative password manager to generate and store passwords is Lastpass which also has several advantages over existing password managers,for example:
  • Its available on PC and mobile platforms with support of most of the popular browsers on Mac,Windows,Linux and (Android + iOS)
  • easily syncs your data on different platforms
  • Multi factor authentication for that extra layer of security
  • better user interface
legendary
Activity: 4354
Merit: 3614
what is this "brake pedal" you speak of?

    Quote
    You can't store already existing passwords / private keys / etc.[/li][/list]
    the whole point is not storing them but creating them on the fly.

    But you still can't add other sensitive information which you want to be stored inside there.
    If i want to store my private key to a specific address there.. i can't. Obviously i do not want to create a new one in this scenario.. i want to save a specific one saved there.
    This works in standard password managers, but not in a HD one.


    In the end, if you need to update the backup file, you only have disadvantages - and no advantages - using a HD password manager compared to a 'normal' one.

    while it may be inconvenient, i find standard password managers such as keepass better for me as i can print out the list on paper, plus store other related things (urls, challenge answer used, notes, whatever) in it. then the list can be copied and stored in different secure locations.


    multiple copies of keepass can be used for the various things with varying levels of security.. banking in one, logins on another, whatever on a third.

    EDIT: the quote nesting is probably pretty messed up, my apologies.
    legendary
    Activity: 1624
    Merit: 2481
      the only complication that i can think of is that unlike private keys (HD wallets) in a password manager you have no way of knowing how many passwords you have used because there is no "public key" and "blockchain" to check which one was used. which can be solved if you keep a backup on the cloud only from the "paths" like this:
      bitcointalk.org -> path=m/1/3
      google.com -> path=m/2/5
      ...
      the first number can be the "account" for different websites and the second number is the number of passwords you have already used like when changing the password every now and then you create the next one.
      of course there is the additional risk of not being careful and creating the same thing twice.


      This would make it necessary to keep the backup up-to-date with the latest 'version' of your HD password manager file.
      Which.. destroys the purpose one want to use a HD password manager (to not having to update all backups after changing / updating a password).



      Quote
      Different password policies for each site
      easily solvable by treating the derived bytes as the fixed entropy used to derive a password from. or simply use a certain encoding that only gives you the allowed characters! for example if it doesn't allow symbols then use base-62 (10 num + 2*26 letter (lower+upper)!


      Quote
      Password revocation
      then you derive the next one. m/1/3+1=m/1/4

      Again, both of these approaches need you to update your backup file regularly after changes.
      If you need to do this, you don't have a reason to use a HD password manager.

      The whole sense of a HD password manager is to have 1 backup file generated, and not having to update it anymore.
      Without this advantage, there is no good reason to use a HD manager instead of a standard password manager.



      Quote
      You can't store already existing passwords / private keys / etc.[/li][/list]
      the whole point is not storing them but creating them on the fly.

      But you still can't add other sensitive information which you want to be stored inside there.
      If i want to store my private key to a specific address there.. i can't. Obviously i do not want to create a new one in this scenario.. i want to save a specific one saved there.
      This works in standard password managers, but not in a HD one.


      In the end, if you need to update the backup file, you only have disadvantages - and no advantages - using a HD password manager compared to a 'normal' one.
      hero member
      Activity: 2268
      Merit: 669
      Bitcoin Casino Est. 2013
      More additional tips to keep your password safe. Always check the computer if there is any applications that is installed on the computer like keylogger applications. You can also check the task manager if there is a program that is running. Some keylogger doesn't show in installed program and it is hidden.
      sr. member
      Activity: 742
      Merit: 395
      I am alive but in hibernation.
      Additional tip to keep your password safe:

      Be aware of your surroundings. When you are entering your password , make sure you are not getting Shoulder surfed.
      legendary
      Activity: 2506
      Merit: 1394
      Android Version:
      KeePassDroid
      I just found an android version for password manager/password generator which is also open-source and you can use it offline.
      The good thing here you can import your database file from your KeePass in windows. They are almost the same.

      Read/write support for .kdb and KeePass 1.x.
      Read/write support for .kdbx and KeePass 2.x.


      I just added an Android version of KeePass in the OP. Although the KeePass from windows is not the same developer with KeePassDroid from Android, both are still open-sourced projects and they are almost the same.
      legendary
      Activity: 3472
      Merit: 10611
      Deterministic password manager can't really work for all sites like usual manager do.
      There are quite a few problems with deterministic password manager:
      the only complication that i can think of is that unlike private keys (HD wallets) in a password manager you have no way of knowing how many passwords you have used because there is no "public key" and "blockchain" to check which one was used. which can be solved if you keep a backup on the cloud only from the "paths" like this:
      bitcointalk.org -> path=m/1/3
      google.com -> path=m/2/5
      ...
      the first number can be the "account" for different websites and the second number is the number of passwords you have already used like when changing the password every now and then you create the next one.
      of course there is the additional risk of not being careful and creating the same thing twice.

      Quote
      Different password policies for each site
      easily solvable by treating the derived bytes as the fixed entropy used to derive a password from. or simply use a certain encoding that only gives you the allowed characters! for example if it doesn't allow symbols then use base-62 (10 num + 2*26 letter (lower+upper)!

      Quote
      Password revocation
      then you derive the next one. m/1/3+1=m/1/4

      Quote
      You can't store already existing passwords / private keys / etc.[/li][/list]
      the whole point is not storing them but creating them on the fly.

      these two are the biggest concerns though:
      Quote
      You can’t store randomly selected answers to security questions in such a vault.
      Exposure of the master password alone exposes all of your site passwords
      full member
      Activity: 924
      Merit: 221
      Password is very important but mind you that this.could be one of.the reason why one could not access the account for password was forgotten due some.facts that you made it difficult for.you to remember. It is easy to talk about saving password on notes like digital notepad but it will defeat its purpose if note pad will be compromise.

      So, I recommend to just use one strong password to all of the accounts for sure one will never going to lose his/her account having one strong password.
      hero member
      Activity: 2366
      Merit: 838
      Why not? Especially if you can secure your accounts with 2FA, for accounts on cloud storage platforms, simultaneously with email confirmations, and email has its 2FA security, too. Only using offline might lead to bad things in worst cases, such as your house got fired, and burnt into ashes.
      I would never store anything crypto related on cloud storage.  You never know who will have access to those files and they will be a much larger target for hackers.  I keep everything offline
      Surely right, mate. I do the same like you, I never use same passwords for all my accounts on different sites.
      Quote
      I have a different password for every single website/service/wallet I use.
      legendary
      Activity: 2268
      Merit: 18711
      the example here may be strong but most people are not going to create strong passwords like that.
      No, but they should. We shouldn't be tailoring or dumbing down good practice to fit people's behaviour; rather, they should be tailoring their behaviour to be in line with good practice.

      Alternatively, we could use a full bible verse
      Better not to use a phrase that appears in popular literature, songs, movies, etc. Also, you would have to remember exactly which version of the Bible, and which edition of that version, you had used, because there are hundreds with very subtle differences.
      hero member
      Activity: 1120
      Merit: 554
      I stored my keys or passwords as a mixture between online and offline methods. However, I always choose the most reliable cloud storage providers or softwares to store my keys or passwords. For offline storage, I usually store them in as safest places as I can, that are water-, fire-resistant.
      In my opinion, I don't think we should choose only one method, online or offline, because as you wrote, each of them has its pros  and cons.

      I would never store anything crypto related on cloud storage.  You never know who will have access to those files and they will be a much larger target for hackers.  I keep everything offline and I have a different password for every single website/service/wallet I use.
      legendary
      Activity: 1624
      Merit: 2481
      how about a deterministic password manager?
      i don't really know if such thing exists but the basic idea of it is similar to BIP32. you have an entropy that you back up and then each time you need a new password, you derive that password from that entropy by incrementing your step.

      Deterministic password manager can't really work for all sites like usual manager do.
      There are quite a few problems with deterministic password manager:
      • Different password policies for each site
      • Password revocation
      • You can't store already existing passwords / private keys / etc.

      For a more detailed (about 5 minute-)read, look here: https://tonyarcieri.com/4-fatal-flaws-in-deterministic-password-managers
      Pages:
      Jump to: