Pages:
Author

Topic: Should I change my password if it's like a brick wall? (Read 1486 times)

legendary
Activity: 924
Merit: 1000
Password-less logins with Clef: https://getclef.com
Nice! Biometric tech! Let's hope the adoption for this will grow quickly.

And this: https://www.cryptocoinsnews.com/long-passwords-cryptocurrency-emercoins-block-chain-supports-passwordless-authentication/

Quote
The developers of the altcoin EmerCoin (EMC) recently released the details of a new block chain technology, EMCSSL. The system provides passwordless logins and identity management via its block chain. The technology has been designed to solve many of the login and authentication issues that plague the Internet.
member
Activity: 113
Merit: 10
Password-less logins with Clef: https://getclef.com
Nice! Biometric tech! Let's hope the adoption for this will grow quickly.
legendary
Activity: 924
Merit: 1000
OP, sorry for hijacking your thread, but I need some opinions.

I store my passwords in a text file (over three hundred passwords) in a non-OS drive on my PC.
I usually just copy paste when logging at any site, so I don't think I should worry about keyloggers, right?
My password is a random 8-15 characters alphanumeric+symbol combo, so that's pretty secure, right?
Trojans typical only focuses on OS drives, right?

Some keyloggers can read the information in your clipboard. If you want to reduce the effectiveness of some  of these keyloggers, you should probably opt in for using a password manager. Keepass has a Two Channel AutoType feature, which can avoid some problems with keyloggers, however not all. It's a much better approach than your current method.

Thank you Welsh.
One follow up question. How easy is it to compromise Keepass? Are there, and would there be, trojans capable of extracting data from Keepass, and does it communicate/send saved passwords to a server somewhere?
Sometimes I wish retinal scanning tech or something along that lines becomes widely adopted and we can completely dispense with passwords. Smiley

Password-less logins with Clef: https://getclef.com
member
Activity: 113
Merit: 10
OP, sorry for hijacking your thread, but I need some opinions.

I store my passwords in a text file (over three hundred passwords) in a non-OS drive on my PC.
I usually just copy paste when logging at any site, so I don't think I should worry about keyloggers, right?
My password is a random 8-15 characters alphanumeric+symbol combo, so that's pretty secure, right?
Trojans typical only focuses on OS drives, right?

Some keyloggers can read the information in your clipboard. If you want to reduce the effectiveness of some  of these keyloggers, you should probably opt in for using a password manager. Keepass has a Two Channel AutoType feature, which can avoid some problems with keyloggers, however not all. It's a much better approach than your current method.

Thank you Welsh.
One follow up question. How easy is it to compromise Keepass? Are there, and would there be, trojans capable of extracting data from Keepass, and does it communicate/send saved passwords to a server somewhere?
Sometimes I wish retinal scanning tech or something along that lines becomes widely adopted and we can completely dispense with passwords. Smiley
staff
Activity: 3304
Merit: 4115
OP, sorry for hijacking your thread, but I need some opinions.

I store my passwords in a text file (over three hundred passwords) in a non-OS drive on my PC.
I usually just copy paste when logging at any site, so I don't think I should worry about keyloggers, right?
My password is a random 8-15 characters alphanumeric+symbol combo, so that's pretty secure, right?
Trojans typical only focuses on OS drives, right?

Some keyloggers can read the information in your clipboard. If you want to reduce the effectiveness of some  of these keyloggers, you should probably opt in for using a password manager. Keepass has a Two Channel AutoType feature, which can avoid some problems with keyloggers, however not all. It's a much better approach than your current method.
member
Activity: 113
Merit: 10
OP, sorry for hijacking your thread, but I need some opinions.

I store my passwords in a text file (over three hundred passwords) in a non-OS drive on my PC.
I usually just copy paste when logging at any site, so I don't think I should worry about keyloggers, right?
My password is a random 8-15 characters alphanumeric+symbol combo, so that's pretty secure, right?
Trojans typical only focuses on OS drives, right?
hero member
Activity: 714
Merit: 528
Get a password generator then you'll never have to remember or type it in. And can change it as often as you like with no consequences on your end.
Can you tell more details about the password generator you are taking about?

You could use the free password manager keepass2, it has a built-in password generator:
http://keepass.info
whoa thanks dude, never know this software exist before
finally i don't need to remember all of my password now  Grin
legendary
Activity: 1134
Merit: 1118
You'll need to make sure to be careful of cheeky gecko squad members trying to DDoS your password, really you should be preparing your password security about 36-48 months before conception if you want any real chance of being able to have a secure password. Based on that, I think you have to change your password unfortunately.

In all seriousness in case someone tries to mug me for having a joke, no.
legendary
Activity: 924
Merit: 1000
What if keypass goes down?  I added one of my passwords to a password manager site and then later I couldn't log in.  A trojan in your computer could read a passwords.txt file and then upload it to a command and control server.  If you put it into the browser, it really is the same problem.   Ultimately, a trojan could keylog your password in.  I had a ten character password and according to grc's password haystack's page that was two weeks of super computer hacking.  Now, considering everytime you add an interesting character you multiply the time it takes by the key space, one hundred should be more than enough.

I copied the 63 random ASCII printable characters at the password generator at www.grc.com and put it into the password haystack's page at the same domain and got this for a massive offline super computer scenario:

1.27 hundred thousand trillion trillion trillion trillion trillion trillion trillion trillion centuries



You should read up on the security on some of the password managers, it's pretty impressive, but nothing is perfect. The entire database is encrypted, typing the master password supports Secure Desktop, and the autotype functionality also fools most keyloggers with Two Channel AutoType. Also supports two factor with a master file, which can be on a USB stick or wherever else.

This.

And: don't forget that keepass is open source. You can fetch the source files, inspect the code and build your own keepass.exe!
staff
Activity: 3304
Merit: 4115
What if keypass goes down? 
By default Keepass is kept locally.
legendary
Activity: 1652
Merit: 1128
What if keypass goes down?  I added one of my passwords to a password manager site and then later I couldn't log in.  A trojan in your computer could read a passwords.txt file and then upload it to a command and control server.  If you put it into the browser, it really is the same problem.   Ultimately, a trojan could keylog your password in.  I had a ten character password and according to grc's password haystack's page that was two weeks of super computer hacking.  Now, considering everytime you add an interesting character you multiply the time it takes by the key space, one hundred should be more than enough.

I copied the 63 random ASCII printable characters at the password generator at www.grc.com and put it into the password haystack's page at the same domain and got this for a massive offline super computer scenario:

1.27 hundred thousand trillion trillion trillion trillion trillion trillion trillion trillion centuries



You should read up on the security on some of the password managers, it's pretty impressive, but nothing is perfect. The entire database is encrypted, typing the master password supports Secure Desktop, and the autotype functionality also fools most keyloggers with Two Channel AutoType. Also supports two factor with a master file, which can be on a USB stick or wherever else.
sdp
sr. member
Activity: 469
Merit: 281
What if keypass goes down?  I added one of my passwords to a password manager site and then later I couldn't log in.  A trojan in your computer could read a passwords.txt file and then upload it to a command and control server.  If you put it into the browser, it really is the same problem.   Ultimately, a trojan could keylog your password in.  I had a ten character password and according to grc's password haystack's page that was two weeks of super computer hacking.  Now, considering everytime you add an interesting character you multiply the time it takes by the key space, one hundred should be more than enough.

I copied the 63 random ASCII printable characters at the password generator at www.grc.com and put it into the password haystack's page at the same domain and got this for a massive offline super computer scenario:

1.27 hundred thousand trillion trillion trillion trillion trillion trillion trillion trillion centuries

P.S.: The reason for changing frequently though is so in case your plain text password gets out, the attacker will lose control of your account as soon as you change your password.
legendary
Activity: 1666
Merit: 1185
dogiecoin.com
Get a password generator then you'll never have to remember or type it in. And can change it as often as you like with no consequences on your end.
Can you tell more details about the password generator you are taking about?

You could use the free password manager keepass2, it has a built-in password generator:
http://keepass.info

Last pass is a good one as thery never store your master pass.
legendary
Activity: 924
Merit: 1000
Get a password generator then you'll never have to remember or type it in. And can change it as often as you like with no consequences on your end.
Can you tell more details about the password generator you are taking about?

You could use the free password manager keepass2, it has a built-in password generator:
http://keepass.info
hero member
Activity: 826
Merit: 1000
The All-in-One Cryptocurrency Exchange
Get a password generator then you'll never have to remember or type it in. And can change it as often as you like with no consequences on your end.
Can you tell more details about the password generator you are taking about?
legendary
Activity: 1666
Merit: 1185
dogiecoin.com
Get a password generator then you'll never have to remember or type it in. And can change it as often as you like with no consequences on your end.
full member
Activity: 184
Merit: 100
My password is like a brick wall reinforced with steel bars. I have written it down manually and type it in manually every time I use it. It's over 100 characters long. Special characters, capitals letters and numbers are all included. Its a randomly generated password.

...

How did you ensure it's random? If you used software then it might not be properly random. You need to use dice or a random number generator to make it properly random.
legendary
Activity: 1582
Merit: 1064
It's over 100 characters long. Special characters, capitals letters and numbers are all included. Its a randomly generated password.

Why?
If what you say is true, your password should be safe.

Code:
Estimated time (conservative) for an attacker to break randomly-constructed
bitcointalk.org passwords with current technology

s=second; m=minute; h=hour; d=day; y=year; ky=1000 years; My=1 million years

Password length  a-z  a-zA-Z  a-zA-Z0-9 
              8    0      3s        12s              2m
              9    0      2m        13m              3h
             10   8s      2h        13h             13d
             11   3m      5d        34d              1y
             12   1h    261d         3y            260y
             13   1d     37y       366y            22ky
             14  43d   1938y       22ky             1My
             15   1y   100ky        1My           160My
-------------------------------------------------------
         1 word  0
        2 words  0
        3 words  0
        4 words  3m
        5 words  19d
        6 words  405y
        7 words  3My
sr. member
Activity: 252
Merit: 250
Go figure! | I'm nearing 1337 posts...
My password is like a brick wall reinforced with steel bars. I have written it down manually and type it in manually every time I use it. It's over 100 characters long. Special characters, capitals letters and numbers are all included. Its a randomly generated password.

Am I in risk of losing more data? my understanding they would need to still bruteforce the password because its not stored in plain text in the database. Which being realistic is almost impossible and would take hundreds of years.

Should I change my password?

Yes. Especially if you use the password for other sites as well.

Which being realistic is almost impossible and would take hundreds of years.

Realistically speaking? It would take quadrillions on quadrillions of years for the average bruteforcer.
X7
legendary
Activity: 1162
Merit: 1009
Let he who is without sin cast the first stone
My password is like a brick wall reinforced with steel bars. I have written it down manually and type it in manually every time I use it. It's over 100 characters long. Special characters, capitals letters and numbers are all included. Its a randomly generated password.

Am I in risk of losing more data? my understanding they would need to still bruteforce the password because its not stored in plain text in the database. Which being realistic is almost impossible and would take hundreds of years.

Should I change my password?

Username checks out
Pages:
Jump to: