Pages:
Author

Topic: Remembering all of those passwords without sacrificing security - page 2. (Read 2617 times)

sr. member
Activity: 294
Merit: 250
It's a good idea to get into the habit of refilling your clipboard with a random word from a Web page straight after you've pasted any secure info.

Just double click on "and" or "the" and copy it to overwrite whatever's in the clipboard.

I searched both windows and ubuntu clipboard functionality a while ago and as far as I know they only store the last entry you use, IIRC.

sr. member
Activity: 266
Merit: 250
Bruteforce use a dictionary of words. So use a password with no words. example {#.#--#.#}_GLLo--->>69 {Mixture of Uppercase and lower case and symbols and numbers}

But as a previous poster said, if you get keylogged, NO password is strong enough. Or if you webcam is not covered, and your keystrokes streamed, via cam and logged, hmmm well you f$%^.

So cover those cams guys and girls.  Grin

I'm curious about keylogging. What happens if you use a password manager? Like, does it just give hackers "CMD+V or CTRL+V"? Auto form filling?

My password generator is currently set for 23 characters. How long until somebody comes up with something to break that?

-W
In theory an attacker could see what is in your clipboard at that moment in time, and your previous clipboards would likely remain accessible for some amount of time (until the memory is overwritten).

If an attacker is able to install a keylogger then they would likely be able to get your encrypted file containing all of your passwords, so the attacker could simply keylog your password to decrypt your password, then use that to get all of your other passwords
sr. member
Activity: 294
Merit: 250
LastPass also lets you backup all of your passwords into a csv file on your computer, should anything happen to the Web server.

I make a backup about once a month and store the csv into a password protected rar file, using a Sha256 hash as the password, then shredding the original csv file.

In the unlikely event that someone gets a copy of my rar csv backup good luck to them trying to brute force a sha256 password.

sr. member
Activity: 294
Merit: 250
I've been Lastpass user for nearly 3 years now. It costs me about $12/year but that's nothing to have peace of mind over my banking and shopping passwords.

I also use a YubiKey for multi factor authentication if I'm away from my own computer. That'll set you back another £25 but it's a neat little gadget.

I'm not saying don't use Keepass, or another free alternative. Just saying LastPass is really good too.

legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Bruteforce use a dictionary of words. So use a password with no words. example {#.#--#.#}_GLLo--->>69 {Mixture of Uppercase and lower case and symbols and numbers}

But as a previous poster said, if you get keylogged, NO password is strong enough. Or if you webcam is not covered, and your keystrokes streamed, via cam and logged, hmmm well you f$%^.

So cover those cams guys and girls.  Grin

I'm curious about keylogging. What happens if you use a password manager? Like, does it just give hackers "CMD+V or CTRL+V"? Auto form filling?

My password generator is currently set for 23 characters. How long until somebody comes up with something to break that?

-W


It can be possible for hackers to steal your passwords by infecting your computer. Some keyloggers can reveal your clipboard history. Your password should be secure enough for a long time, an even long time if you include nonstandard characters like (#?$&!). Your password should not be a common word which most people can think of.
newbie
Activity: 11
Merit: 0
Bruteforce use a dictionary of words. So use a password with no words. example {#.#--#.#}_GLLo--->>69 {Mixture of Uppercase and lower case and symbols and numbers}

But as a previous poster said, if you get keylogged, NO password is strong enough. Or if you webcam is not covered, and your keystrokes streamed, via cam and logged, hmmm well you f$%^.

So cover those cams guys and girls.  Grin

I'm curious about keylogging. What happens if you use a password manager? Like, does it just give hackers "CMD+V or CTRL+V"? Auto form filling?

My password generator is currently set for 23 characters. How long until somebody comes up with something to break that?

-W

legendary
Activity: 1904
Merit: 1074
Bruteforce use a dictionary of words. So use a password with no words. example {#.#--#.#}_GLLo--->>69 {Mixture of Uppercase and lower case and symbols and numbers}

But as a previous poster said, if you get keylogged, NO password is strong enough. Or if you webcam is not covered, and your keystrokes streamed, via cam and logged, hmmm well you f$%^.

So cover those cams guys and girls.  Grin
newbie
Activity: 56
Merit: 0
I suggest cutting them to parts then encrypting them using a reversible algorithm (like base64) and memorizing the order of segments.
hero member
Activity: 924
Merit: 1000
Best way:

Use Diceware to create a strong master password consisting of 6 or more random words. Keep a written copy in a safe place until it's memorized, then destroy it. Remember to keep your computer unplugged from the internet while you do this, and don't say the numbers or corresponding words out loud while rolling the dice.

Download Keepass on your devices (ports available for Windows, Linux, Android and ios). Unlike other password managers, Keepass is fully open source.

Use your Diceware password as your master Keepass password. Use it to generate long random passwords for everything you do online.

Keep multiple copies of your Keepass database file backed up. Using a cloud service for this is a no-brainer as the database file is useless unless someone knows your master password.

When you need a password simply open Keepass, type in your master password to unlock the database and copy/paste. Keepass has lots of neat features like 2-channel auto-type obfuscation to thwart keyloggers, clipboard auto-clear, and database auto-lock after a specified amount of time. There are dozens of options to customize it to your security comfort level.

Enjoy the extra sleep you get from having unbreakable passwords Smiley
sr. member
Activity: 350
Merit: 250
Decentralized thinking
http://keepass.info/

Keepass is your friend  Cheesy

Another alternative is passwordsafe https://www.schneier.com/passsafe.html

Made by the creator of twofish encryption algorithim. Been using for the last one year and it doesnt look like am going to stop anytime.

+1 for keepass.
It is free, user-friendly, open source, and you can make random strong passwords with it. Smiley

If you lose your credentials to your keepass then you will lose your credentials to everything. If your keepass file somehow gets corrupted or otherwise inaccessible then you will lose access to everything.

You can always write all your password down on a piece of paper and place it somewhere which is secure.

Thats why its always good to backup the database from time to time on a cloud like MEGA
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
+1 for keepass.
It is free, user-friendly, open source, and you can make random strong passwords with it. Smiley

If you lose your credentials to your keepass then you will lose your credentials to everything. If your keepass file somehow gets corrupted or otherwise inaccessible then you will lose access to everything.

You can always write all your password down on a piece of paper and place it somewhere which is secure.
sr. member
Activity: 644
Merit: 260
+1 for keepass.
It is free, user-friendly, open source, and you can make random strong passwords with it. Smiley

If you lose your credentials to your keepass then you will lose your credentials to everything. If your keepass file somehow gets corrupted or otherwise inaccessible then you will lose access to everything.
sr. member
Activity: 476
Merit: 251
keepass +1

Strong password for you wallets too
legendary
Activity: 1120
Merit: 1000
+1 for keepass.
It is free, user-friendly, open source, and you can make random strong passwords with it. Smiley
legendary
Activity: 2296
Merit: 1014
Good password is strong and easy to remember.
Its a whole science, making passwords.
sr. member
Activity: 266
Merit: 250
http://keepass.info/

Keepass is your friend  Cheesy
Thank you, going to look into that it seems promising Smiley

This type of service is much better then making each password different with only miner differences.

The only issue is that you would have a central point of failure.
sr. member
Activity: 434
Merit: 250
http://keepass.info/

Keepass is your friend  Cheesy
Thank you, going to look into that it seems promising Smiley
legendary
Activity: 1102
Merit: 1014
One issue with modifying a long base password like Guinness_ROCK@#!2014_01 is if you ever get keylogged, that password may be used as a base to guess other passwords. Many password cracking algos make extensive use of their dictionaries by transforming each character various ways. Using completely random passwords for each service is better -> Keepass.
sr. member
Activity: 266
Merit: 250
The only way that one could brute force a web-based account is if the attacker had the hash of the password, in order which to obtain they would need to compromise the site
sr. member
Activity: 476
Merit: 250
i use lastpass to generate secure password (more than 15 characters) and save it there for online account

http://keepass.info/

Keepass is your friend  Cheesy
so this is password manager for windows
i think i must store my password there instead write in notepad like i do now
too bad they don't accept bitcoin for donating options Grin
Pages:
Jump to: