It's a good idea to get into the habit of refilling your clipboard with a random word from a Web page straight after you've pasted any secure info.
Just double click on "and" or "the" and copy it to overwrite whatever's in the clipboard.
I searched both windows and ubuntu clipboard functionality a while ago and as far as I know they only store the last entry you use, IIRC.
Topic: Remembering all of those passwords without sacrificing security - page 2. (Read 2614 times)
Bruteforce use a dictionary of words. So use a password with no words. example {#.#--#.#}_GLLo--->>69 {Mixture of Uppercase and lower case and symbols and numbers}
But as a previous poster said, if you get keylogged, NO password is strong enough. Or if you webcam is not covered, and your keystrokes streamed, via cam and logged, hmmm well you f$%^.
So cover those cams guys and girls.
But as a previous poster said, if you get keylogged, NO password is strong enough. Or if you webcam is not covered, and your keystrokes streamed, via cam and logged, hmmm well you f$%^.
So cover those cams guys and girls.
I'm curious about keylogging. What happens if you use a password manager? Like, does it just give hackers "CMD+V or CTRL+V"? Auto form filling?
My password generator is currently set for 23 characters. How long until somebody comes up with something to break that?
-W
If an attacker is able to install a keylogger then they would likely be able to get your encrypted file containing all of your passwords, so the attacker could simply keylog your password to decrypt your password, then use that to get all of your other passwords
LastPass also lets you backup all of your passwords into a csv file on your computer, should anything happen to the Web server.
I make a backup about once a month and store the csv into a password protected rar file, using a Sha256 hash as the password, then shredding the original csv file.
In the unlikely event that someone gets a copy of my rar csv backup good luck to them trying to brute force a sha256 password.
I make a backup about once a month and store the csv into a password protected rar file, using a Sha256 hash as the password, then shredding the original csv file.
In the unlikely event that someone gets a copy of my rar csv backup good luck to them trying to brute force a sha256 password.
I've been Lastpass user for nearly 3 years now. It costs me about $12/year but that's nothing to have peace of mind over my banking and shopping passwords.
I also use a YubiKey for multi factor authentication if I'm away from my own computer. That'll set you back another £25 but it's a neat little gadget.
I'm not saying don't use Keepass, or another free alternative. Just saying LastPass is really good too.
I also use a YubiKey for multi factor authentication if I'm away from my own computer. That'll set you back another £25 but it's a neat little gadget.
I'm not saying don't use Keepass, or another free alternative. Just saying LastPass is really good too.
Bruteforce use a dictionary of words. So use a password with no words. example {#.#--#.#}_GLLo--->>69 {Mixture of Uppercase and lower case and symbols and numbers}
But as a previous poster said, if you get keylogged, NO password is strong enough. Or if you webcam is not covered, and your keystrokes streamed, via cam and logged, hmmm well you f$%^.
So cover those cams guys and girls.
But as a previous poster said, if you get keylogged, NO password is strong enough. Or if you webcam is not covered, and your keystrokes streamed, via cam and logged, hmmm well you f$%^.
So cover those cams guys and girls.
I'm curious about keylogging. What happens if you use a password manager? Like, does it just give hackers "CMD+V or CTRL+V"? Auto form filling?
My password generator is currently set for 23 characters. How long until somebody comes up with something to break that?
-W
Bruteforce use a dictionary of words. So use a password with no words. example {#.#--#.#}_GLLo--->>69 {Mixture of Uppercase and lower case and symbols and numbers}
But as a previous poster said, if you get keylogged, NO password is strong enough. Or if you webcam is not covered, and your keystrokes streamed, via cam and logged, hmmm well you f$%^.
So cover those cams guys and girls.
But as a previous poster said, if you get keylogged, NO password is strong enough. Or if you webcam is not covered, and your keystrokes streamed, via cam and logged, hmmm well you f$%^.
So cover those cams guys and girls.
I'm curious about keylogging. What happens if you use a password manager? Like, does it just give hackers "CMD+V or CTRL+V"? Auto form filling?
My password generator is currently set for 23 characters. How long until somebody comes up with something to break that?
-W
Bruteforce use a dictionary of words. So use a password with no words. example {#.#--#.#}_GLLo--->>69 {Mixture of Uppercase and lower case and symbols and numbers}
But as a previous poster said, if you get keylogged, NO password is strong enough. Or if you webcam is not covered, and your keystrokes streamed, via cam and logged, hmmm well you f$%^.
So cover those cams guys and girls.
But as a previous poster said, if you get keylogged, NO password is strong enough. Or if you webcam is not covered, and your keystrokes streamed, via cam and logged, hmmm well you f$%^.
So cover those cams guys and girls.
I suggest cutting them to parts then encrypting them using a reversible algorithm (like base64) and memorizing the order of segments.
Best way:
Use Diceware to create a strong master password consisting of 6 or more random words. Keep a written copy in a safe place until it's memorized, then destroy it. Remember to keep your computer unplugged from the internet while you do this, and don't say the numbers or corresponding words out loud while rolling the dice.
Download Keepass on your devices (ports available for Windows, Linux, Android and ios). Unlike other password managers, Keepass is fully open source.
Use your Diceware password as your master Keepass password. Use it to generate long random passwords for everything you do online.
Keep multiple copies of your Keepass database file backed up. Using a cloud service for this is a no-brainer as the database file is useless unless someone knows your master password.
When you need a password simply open Keepass, type in your master password to unlock the database and copy/paste. Keepass has lots of neat features like 2-channel auto-type obfuscation to thwart keyloggers, clipboard auto-clear, and database auto-lock after a specified amount of time. There are dozens of options to customize it to your security comfort level.
Enjoy the extra sleep you get from having unbreakable passwords
Use Diceware to create a strong master password consisting of 6 or more random words. Keep a written copy in a safe place until it's memorized, then destroy it. Remember to keep your computer unplugged from the internet while you do this, and don't say the numbers or corresponding words out loud while rolling the dice.
Download Keepass on your devices (ports available for Windows, Linux, Android and ios). Unlike other password managers, Keepass is fully open source.
Use your Diceware password as your master Keepass password. Use it to generate long random passwords for everything you do online.
Keep multiple copies of your Keepass database file backed up. Using a cloud service for this is a no-brainer as the database file is useless unless someone knows your master password.
When you need a password simply open Keepass, type in your master password to unlock the database and copy/paste. Keepass has lots of neat features like 2-channel auto-type obfuscation to thwart keyloggers, clipboard auto-clear, and database auto-lock after a specified amount of time. There are dozens of options to customize it to your security comfort level.
Enjoy the extra sleep you get from having unbreakable passwords
Another alternative is passwordsafe https://www.schneier.com/passsafe.html
Made by the creator of twofish encryption algorithim. Been using for the last one year and it doesnt look like am going to stop anytime.
+1 for keepass.
It is free, user-friendly, open source, and you can make random strong passwords with it.
It is free, user-friendly, open source, and you can make random strong passwords with it.
If you lose your credentials to your keepass then you will lose your credentials to everything. If your keepass file somehow gets corrupted or otherwise inaccessible then you will lose access to everything.
Thats why its always good to backup the database from time to time on a cloud like MEGA
+1 for keepass.
It is free, user-friendly, open source, and you can make random strong passwords with it.
It is free, user-friendly, open source, and you can make random strong passwords with it.
If you lose your credentials to your keepass then you will lose your credentials to everything. If your keepass file somehow gets corrupted or otherwise inaccessible then you will lose access to everything.
+1 for keepass.
It is free, user-friendly, open source, and you can make random strong passwords with it.
It is free, user-friendly, open source, and you can make random strong passwords with it.
If you lose your credentials to your keepass then you will lose your credentials to everything. If your keepass file somehow gets corrupted or otherwise inaccessible then you will lose access to everything.
keepass +1
Strong password for you wallets too
Strong password for you wallets too
+1 for keepass.
It is free, user-friendly, open source, and you can make random strong passwords with it.
It is free, user-friendly, open source, and you can make random strong passwords with it.
Good password is strong and easy to remember.
Its a whole science, making passwords.
Its a whole science, making passwords.
Thank you, going to look into that it seems promising
This type of service is much better then making each password different with only miner differences.
The only issue is that you would have a central point of failure.
Thank you, going to look into that it seems promising
One issue with modifying a long base password like Guinness_ROCK@#!2014_01 is if you ever get keylogged, that password may be used as a base to guess other passwords. Many password cracking algos make extensive use of their dictionaries by transforming each character various ways. Using completely random passwords for each service is better -> Keepass.
The only way that one could brute force a web-based account is if the attacker had the hash of the password, in order which to obtain they would need to compromise the site
i use lastpass to generate secure password (more than 15 characters) and save it there for online account
so this is password manager for windows
i think i must store my password there instead write in notepad like i do now
too bad they don't accept bitcoin for donating options
so this is password manager for windows
i think i must store my password there instead write in notepad like i do now
too bad they don't accept bitcoin for donating options
Jump to: