Pages:
Author

Topic: How do you store your passwords? (Read 2754 times)

legendary
Activity: 1232
Merit: 1195
January 15, 2014, 11:29:18 AM
#47
Your strategy concerns me. I think you are in danger of obfuscating your password from yourself via an overly complex system. You need ONE strong password and effective file isolation, but changing file types etc its asking for trouble 6 months from now.
+1
Some of you guys are realy doing do much. As somebody said before 99% of btc theft happens through malware or online wallets. If you just keep your wallet ofline and your password on some kind of external drive you're 100% safe. If you want to increase the security don't store the password just hints (for instance dog+gf+drink). Even if you somehow lose the drive, its founder won't have your addresses so he can't use it.
Why would someone encrypt the password 3 times or use file renaming and hide it among common files if he has to use it for transactions anyway and that's when it usually leaks.

I agree for the most part but I don't think you can say you're 100% safe. I wouldn't even keep it on a usb. Just make sure you don't forget it or store it somewhere else that isn't obvious. Using dog+gf+drink your friends and family will know this, and I'm sure somebody could find out this info if they were smart enough.

So what's your favourite drink? Cheesy.
If you can't trust your closest family you're probably screwed anyway. I bet they could find other ways to rob you than just trying to break into your bitcoin wallet. Dog+gf+drink was just an example you can make it much longer and more difficult, including a date that was important for you or your gf's bra size Cheesy
And my favourite drink is beer, no particular brand I like tasting different ones.

Well friends and family can become enemies pretty quick once there's large amounts of money involved. If that 10 BTC on your USB becomes worth $10 million  you might see a different side to people. Money can corrupt anyone ,even the most trustworthy and loyal of people. There's always friends of friends you have to worry about too. I reckon if one of them tells somebody else about you and how you struck it rich on Bitcoins and they're all on a usb stick and you have the password on another, then possible badtimes. But I think we're getting too deep into this now lol.
hero member
Activity: 658
Merit: 500
Small Red and Bad
January 15, 2014, 11:17:54 AM
#46
Your strategy concerns me. I think you are in danger of obfuscating your password from yourself via an overly complex system. You need ONE strong password and effective file isolation, but changing file types etc its asking for trouble 6 months from now.
+1
Some of you guys are realy doing do much. As somebody said before 99% of btc theft happens through malware or online wallets. If you just keep your wallet ofline and your password on some kind of external drive you're 100% safe. If you want to increase the security don't store the password just hints (for instance dog+gf+drink). Even if you somehow lose the drive, its founder won't have your addresses so he can't use it.
Why would someone encrypt the password 3 times or use file renaming and hide it among common files if he has to use it for transactions anyway and that's when it usually leaks.

I agree for the most part but I don't think you can say you're 100% safe. I wouldn't even keep it on a usb. Just make sure you don't forget it or store it somewhere else that isn't obvious. Using dog+gf+drink your friends and family will know this, and I'm sure somebody could find out this info if they were smart enough.

So what's your favourite drink? Cheesy.
If you can't trust your closest family you're probably screwed anyway. I bet they could find other ways to rob you than just trying to break into your bitcoin wallet. Dog+gf+drink was just an example you can make it much longer and more difficult, including a date that was important for you or your gf's bra size Cheesy
And my favourite drink is beer, no particular brand I like tasting different ones.
legendary
Activity: 1232
Merit: 1195
January 15, 2014, 10:54:21 AM
#45
Your strategy concerns me. I think you are in danger of obfuscating your password from yourself via an overly complex system. You need ONE strong password and effective file isolation, but changing file types etc its asking for trouble 6 months from now.
+1
Some of you guys are realy doing do much. As somebody said before 99% of btc theft happens through malware or online wallets. If you just keep your wallet ofline and your password on some kind of external drive you're 100% safe. If you want to increase the security don't store the password just hints (for instance dog+gf+drink). Even if you somehow lose the drive, its founder won't have your addresses so he can't use it.
Why would someone encrypt the password 3 times or use file renaming and hide it among common files if he has to use it for transactions anyway and that's when it usually leaks.

I agree for the most part but I don't think you can say you're 100% safe. I wouldn't even keep it on a usb. Just make sure you don't forget it or store it somewhere else that isn't obvious. Using dog+gf+drink your friends and family will know this, and I'm sure somebody could find out this info if they were smart enough.

So what's your favourite drink? Cheesy.
hero member
Activity: 658
Merit: 500
Small Red and Bad
January 15, 2014, 10:45:19 AM
#44
Your strategy concerns me. I think you are in danger of obfuscating your password from yourself via an overly complex system. You need ONE strong password and effective file isolation, but changing file types etc its asking for trouble 6 months from now.
+1
Some of you guys are realy doing do much. As somebody said before 99% of btc theft happens through malware or online wallets. If you just keep your wallet ofline and your password on some kind of external drive you're 100% safe. If you want to increase the security don't store the password just hints (for instance dog+gf+drink). Even if you somehow lose the drive, its founder won't have your addresses so he can't use it.
Why would someone encrypt the password 3 times or use file renaming and hide it among common files if he has to use it for transactions anyway and that's when it usually leaks.
donator
Activity: 686
Merit: 519
It's for the children!
January 15, 2014, 10:18:33 AM
#43
I am considering the following method:


1. memorable phrase

[i'll suck cock for bitcoin]

2. SHA-256 hash of memorable phrase

[904cc478b74282c130faaac1c205f19fa618e353a3e98c2a12b96192307b8825]

3. First 6 characters of hash output, dot, significant date

[904cc4.20140115]

4. SHA-256 hash again

[70ce70b2a9e41f3b16f817ed5d604a388db995ae5d85da77e54ccd0f012e827c]

5. That hash output, dot, significant person

[70ce70b2a9e41f3b16f817ed5d604a388db995ae5d85da77e54ccd0f012e827c.andreasantonop]

6. Hash again for final password

[f3e03c29384847dbbb88ec6d3b9420edee46159c2c4452b84f032057884f0e17]



Relatively simple to remember, impossible(?) to crack by brute force, and no need to write it down. What do you think?





You must not have as many passwords as I do.

Also WTF.
sr. member
Activity: 266
Merit: 250
January 15, 2014, 04:25:01 AM
#42
I am considering the following method:


1. memorable phrase

[i'll suck cock for bitcoin]

2. SHA-256 hash of memorable phrase

[904cc478b74282c130faaac1c205f19fa618e353a3e98c2a12b96192307b8825]

3. First 6 characters of hash output, dot, significant date

[904cc4.20140115]

4. SHA-256 hash again

[70ce70b2a9e41f3b16f817ed5d604a388db995ae5d85da77e54ccd0f012e827c]

5. That hash output, dot, significant person

[70ce70b2a9e41f3b16f817ed5d604a388db995ae5d85da77e54ccd0f012e827c.andreasantonop]

6. Hash again for final password

[f3e03c29384847dbbb88ec6d3b9420edee46159c2c4452b84f032057884f0e17]



Relatively simple to remember, impossible(?) to crack by brute force, and no need to write it down. What do you think?



full member
Activity: 234
Merit: 105
January 15, 2014, 01:04:16 AM
#41
Your strategy concerns me. I think you are in danger of obfuscating your password from yourself via an overly complex system. You need ONE strong password and effective file isolation, but changing file types etc its asking for trouble 6 months from now.
sr. member
Activity: 371
Merit: 250
January 15, 2014, 12:18:32 AM
#40
Complex passwords are a bit of a joke imo. Anything more than a few characters becomes impossible to crack if there are lockouts after "x" failed login attempts. And as someone pointed out, 99.9999% of password cracks are from sniffing the password, which means it doesn't matter how long it is. The apps that I would be most suspicious about collecting your data and especially logging keystrokes are firewalls and antivirus/antimalware - we all just seem to trust them without any real good reason. I like the way Kryptokit allows an onscreen virtual keyboard. Pen and paper is still the best option.

Funny, I've been testing lastpass for the past day and now it only gives me grief on one site. You guessed it: bitcointalk.org. It will not let me login from chrome. every other browser and on my phone are all ok. Wonder what's going on there? Probably some malware or the nsa. I love the functionality of lastpass. Hopefully the security is ok too.
member
Activity: 84
Merit: 10
January 15, 2014, 12:02:14 AM
#39
I use multiples of pi to 5 digits, and insert them periodically into a different spot inside my passwords, and keep a log of the way I do it as a system.
hero member
Activity: 767
Merit: 500
newbie
Activity: 39
Merit: 0
January 14, 2014, 05:53:19 PM
#37
Keepass, the only password manager I trust.  Lastpass and the like just give my a bad vibe, gotta be online to use them.

My primary .kdb file is sync'd across all my devices/pcs using a 2FA google drive.
newbie
Activity: 42
Merit: 0
January 14, 2014, 05:52:20 PM
#36
I just keep them on pendrive in an ordinary txt file. I don't use all this sneaky renaming, noone touches my stuff anyway  Cheesy
Lol that's the same way I am! They would have to scan through all the porn anyways (totally kidding)
donator
Activity: 686
Merit: 519
It's for the children!
January 14, 2014, 05:49:51 PM
#35
I have found that the letter "a" lowercase, by itself is a very easy password to remember.

Once a website's database is hacked or for those that store in plaintext all of your complex passwords are just as easy to grab Smiley
legendary
Activity: 1456
Merit: 1001
This is the land of wolves now & you're not a wolf
January 14, 2014, 05:46:00 PM
#34
1password works pretty well as well
legendary
Activity: 1988
Merit: 1012
Beyond Imagination
January 14, 2014, 04:39:33 PM
#33
One of the nice method I heard about, not tried yet:

Remember the number of a block and select a transaction that include multiple receiving adresses. Remember a special string in this transaction

For example: Select the first transaction with 12+ receiving adresses in this block, and compose a 12 letters string using the first letter of the first receiving adress, second letter of second receiving adress, third letter of third receiving adress, etc... As long as blockchain lives, the password is safe, and it is enough random  Wink
donator
Activity: 452
Merit: 252
January 14, 2014, 11:39:42 AM
#32
Even booting from a cd?

depends on the source of your CD .iso, it's definitely possible (although highly improbable) that you could download a dirty .iso from a backdoored or bitsquatted download page, you wouldn't even notice the ~2mb required for an attacker to have complete access to your computer.
legendary
Activity: 3066
Merit: 1147
The revolution will be monetized!
January 14, 2014, 11:37:56 AM
#31
My password(s) is a 256 bit hash of several answers to very personal questions. Basically a puzzle that you have to solve in certain order.

Yes, it's a big hassle to retrieve it. On the other hand, yes it's a big hassle to retrieve it.  Grin

lol, big paswords wont matter if you've got a keylogger though  Cheesy.

If you're incompetent enough to have a keylogger on your system and not understand why you should be regularly scrubbing your "run on start" programs (hijackthis! generally is my tool of choice) then you have bigger issues than keyloggers I reckon.

That's true. I prefer to use linux anyway.

Just because you're using linux doesn't mean your keylogger proof https://code.google.com/p/logkeys/

Even booting from a cd?
I think your good with a live CD. Unless it included a keylogger, which is unlikely.
legendary
Activity: 1232
Merit: 1195
January 14, 2014, 11:34:31 AM
#30
My password(s) is a 256 bit hash of several answers to very personal questions. Basically a puzzle that you have to solve in certain order.

Yes, it's a big hassle to retrieve it. On the other hand, yes it's a big hassle to retrieve it.  Grin

lol, big paswords wont matter if you've got a keylogger though  Cheesy.

If you're incompetent enough to have a keylogger on your system and not understand why you should be regularly scrubbing your "run on start" programs (hijackthis! generally is my tool of choice) then you have bigger issues than keyloggers I reckon.

That's true. I prefer to use linux anyway.

Just because you're using linux doesn't mean your keylogger proof https://code.google.com/p/logkeys/

Even booting from a cd?
member
Activity: 144
Merit: 38
January 14, 2014, 11:33:04 AM
#29
- pfsense firewall
- main wallet is on fully encrypted ubuntu pc, wallet again encrypted
- password storage is in text file within triple encrypted truecrypt container
donator
Activity: 452
Merit: 252
January 14, 2014, 11:27:22 AM
#28
My password(s) is a 256 bit hash of several answers to very personal questions. Basically a puzzle that you have to solve in certain order.

Yes, it's a big hassle to retrieve it. On the other hand, yes it's a big hassle to retrieve it.  Grin

lol, big paswords wont matter if you've got a keylogger though  Cheesy.

If you're incompetent enough to have a keylogger on your system and not understand why you should be regularly scrubbing your "run on start" programs (hijackthis! generally is my tool of choice) then you have bigger issues than keyloggers I reckon.

That's true. I prefer to use linux anyway.

Just because you're using linux doesn't mean your keylogger proof https://code.google.com/p/logkeys/
Pages:
Jump to: