Bitcoin Forum>Other>Meta
Pages:
Author

Topic: Should I change my password if it's like a brick wall? (Read 1448 times)

dsattler
legendary
Activity: 924
Merit: 1000
Should I change my password if it's like a brick wall?
May 31, 2015, 02:58:46 AM
#23
Quote from: DropsOfJupiter on May 30, 2015, 10:53:24 PM
Quote from: dsattler on May 30, 2015, 02:13:01 AM
Password-less logins with Clef: https://getclef.com
Nice! Biometric tech! Let's hope the adoption for this will grow quickly.

And this: https://www.cryptocoinsnews.com/long-passwords-cryptocurrency-emercoins-block-chain-supports-passwordless-authentication/

Quote
The developers of the altcoin EmerCoin (EMC) recently released the details of a new block chain technology, EMCSSL. The system provides passwordless logins and identity management via its block chain. The technology has been designed to solve many of the login and authentication issues that plague the Internet.
DropsOfJupiter
member
Activity: 113
Merit: 10
Re: Should I change my password if it's like a brick wall?
May 30, 2015, 10:53:24 PM
#22
Quote from: dsattler on May 30, 2015, 02:13:01 AM
Password-less logins with Clef: https://getclef.com
Nice! Biometric tech! Let's hope the adoption for this will grow quickly.
dsattler
legendary
Activity: 924
Merit: 1000
Re: Should I change my password if it's like a brick wall?
May 30, 2015, 02:13:01 AM
#21
Quote from: DropsOfJupiter on May 29, 2015, 10:57:35 PM
Quote from: Welsh on May 29, 2015, 08:39:04 PM
Quote from: DropsOfJupiter on May 29, 2015, 07:08:29 PM
OP, sorry for hijacking your thread, but I need some opinions.

I store my passwords in a text file (over three hundred passwords) in a non-OS drive on my PC.
I usually just copy paste when logging at any site, so I don't think I should worry about keyloggers, right?
My password is a random 8-15 characters alphanumeric+symbol combo, so that's pretty secure, right?
Trojans typical only focuses on OS drives, right?

Some keyloggers can read the information in your clipboard. If you want to reduce the effectiveness of some  of these keyloggers, you should probably opt in for using a password manager. Keepass has a Two Channel AutoType feature, which can avoid some problems with keyloggers, however not all. It's a much better approach than your current method.

Thank you Welsh.
One follow up question. How easy is it to compromise Keepass? Are there, and would there be, trojans capable of extracting data from Keepass, and does it communicate/send saved passwords to a server somewhere?
Sometimes I wish retinal scanning tech or something along that lines becomes widely adopted and we can completely dispense with passwords. Smiley

Password-less logins with Clef: https://getclef.com
DropsOfJupiter
member
Activity: 113
Merit: 10
Re: Should I change my password if it's like a brick wall?
May 29, 2015, 10:57:35 PM
#20
Quote from: Welsh on May 29, 2015, 08:39:04 PM
Quote from: DropsOfJupiter on May 29, 2015, 07:08:29 PM
OP, sorry for hijacking your thread, but I need some opinions.

I store my passwords in a text file (over three hundred passwords) in a non-OS drive on my PC.
I usually just copy paste when logging at any site, so I don't think I should worry about keyloggers, right?
My password is a random 8-15 characters alphanumeric+symbol combo, so that's pretty secure, right?
Trojans typical only focuses on OS drives, right?

Some keyloggers can read the information in your clipboard. If you want to reduce the effectiveness of some  of these keyloggers, you should probably opt in for using a password manager. Keepass has a Two Channel AutoType feature, which can avoid some problems with keyloggers, however not all. It's a much better approach than your current method.

Thank you Welsh.
One follow up question. How easy is it to compromise Keepass? Are there, and would there be, trojans capable of extracting data from Keepass, and does it communicate/send saved passwords to a server somewhere?
Sometimes I wish retinal scanning tech or something along that lines becomes widely adopted and we can completely dispense with passwords. Smiley
Welsh
staff
Activity: 3276
Merit: 4111
Re: Should I change my password if it's like a brick wall?
May 29, 2015, 08:39:04 PM
#19
Quote from: DropsOfJupiter on May 29, 2015, 07:08:29 PM
OP, sorry for hijacking your thread, but I need some opinions.

I store my passwords in a text file (over three hundred passwords) in a non-OS drive on my PC.
I usually just copy paste when logging at any site, so I don't think I should worry about keyloggers, right?
My password is a random 8-15 characters alphanumeric+symbol combo, so that's pretty secure, right?
Trojans typical only focuses on OS drives, right?

Some keyloggers can read the information in your clipboard. If you want to reduce the effectiveness of some  of these keyloggers, you should probably opt in for using a password manager. Keepass has a Two Channel AutoType feature, which can avoid some problems with keyloggers, however not all. It's a much better approach than your current method.
DropsOfJupiter
member
Activity: 113
Merit: 10
Re: Should I change my password if it's like a brick wall?
May 29, 2015, 07:08:29 PM
#18
OP, sorry for hijacking your thread, but I need some opinions.

I store my passwords in a text file (over three hundred passwords) in a non-OS drive on my PC.
I usually just copy paste when logging at any site, so I don't think I should worry about keyloggers, right?
My password is a random 8-15 characters alphanumeric+symbol combo, so that's pretty secure, right?
Trojans typical only focuses on OS drives, right?
teddy5145
hero member
Activity: 714
Merit: 528
Re: Should I change my password if it's like a brick wall?
May 29, 2015, 06:00:18 PM
#17
Quote from: dsattler on May 28, 2015, 02:28:58 AM
Quote from: expert4knowledge on May 28, 2015, 02:14:00 AM
Quote from: dogie on May 27, 2015, 06:40:49 PM
Get a password generator then you'll never have to remember or type it in. And can change it as often as you like with no consequences on your end.
Can you tell more details about the password generator you are taking about?

You could use the free password manager keepass2, it has a built-in password generator:
http://keepass.info
whoa thanks dude, never know this software exist before
finally i don't need to remember all of my password now  Grin
DiamondCardz
legendary
Activity: 1134
Merit: 1112
Re: Should I change my password if it's like a brick wall?
May 29, 2015, 05:23:40 PM
#16
You'll need to make sure to be careful of cheeky gecko squad members trying to DDoS your password, really you should be preparing your password security about 36-48 months before conception if you want any real chance of being able to have a secure password. Based on that, I think you have to change your password unfortunately.

In all seriousness in case someone tries to mug me for having a joke, no.
dsattler
legendary
Activity: 924
Merit: 1000
Re: Should I change my password if it's like a brick wall?
May 29, 2015, 02:04:40 PM
#15
Quote from: BadBear on May 29, 2015, 10:07:29 AM
Quote from: sdp on May 29, 2015, 09:58:11 AM
What if keypass goes down?  I added one of my passwords to a password manager site and then later I couldn't log in.  A trojan in your computer could read a passwords.txt file and then upload it to a command and control server.  If you put it into the browser, it really is the same problem.   Ultimately, a trojan could keylog your password in.  I had a ten character password and according to grc's password haystack's page that was two weeks of super computer hacking.  Now, considering everytime you add an interesting character you multiply the time it takes by the key space, one hundred should be more than enough.

I copied the 63 random ASCII printable characters at the password generator at www.grc.com and put it into the password haystack's page at the same domain and got this for a massive offline super computer scenario:

1.27 hundred thousand trillion trillion trillion trillion trillion trillion trillion trillion centuries



You should read up on the security on some of the password managers, it's pretty impressive, but nothing is perfect. The entire database is encrypted, typing the master password supports Secure Desktop, and the autotype functionality also fools most keyloggers with Two Channel AutoType. Also supports two factor with a master file, which can be on a USB stick or wherever else.

This.

And: don't forget that keepass is open source. You can fetch the source files, inspect the code and build your own keepass.exe!
Welsh
staff
Activity: 3276
Merit: 4111
Re: Should I change my password if it's like a brick wall?
May 29, 2015, 10:10:58 AM
#14
Quote from: sdp on May 29, 2015, 09:58:11 AM
What if keypass goes down? 
By default Keepass is kept locally.
BadBear
legendary
Activity: 1652
Merit: 1127
Re: Should I change my password if it's like a brick wall?
May 29, 2015, 10:07:29 AM
#13
Quote from: sdp on May 29, 2015, 09:58:11 AM
What if keypass goes down?  I added one of my passwords to a password manager site and then later I couldn't log in.  A trojan in your computer could read a passwords.txt file and then upload it to a command and control server.  If you put it into the browser, it really is the same problem.   Ultimately, a trojan could keylog your password in.  I had a ten character password and according to grc's password haystack's page that was two weeks of super computer hacking.  Now, considering everytime you add an interesting character you multiply the time it takes by the key space, one hundred should be more than enough.

I copied the 63 random ASCII printable characters at the password generator at www.grc.com and put it into the password haystack's page at the same domain and got this for a massive offline super computer scenario:

1.27 hundred thousand trillion trillion trillion trillion trillion trillion trillion trillion centuries



You should read up on the security on some of the password managers, it's pretty impressive, but nothing is perfect. The entire database is encrypted, typing the master password supports Secure Desktop, and the autotype functionality also fools most keyloggers with Two Channel AutoType. Also supports two factor with a master file, which can be on a USB stick or wherever else.
sdp
sr. member
Activity: 469
Merit: 281
Re: Should I change my password if it's like a brick wall?
May 29, 2015, 09:58:11 AM
#12
What if keypass goes down?  I added one of my passwords to a password manager site and then later I couldn't log in.  A trojan in your computer could read a passwords.txt file and then upload it to a command and control server.  If you put it into the browser, it really is the same problem.   Ultimately, a trojan could keylog your password in.  I had a ten character password and according to grc's password haystack's page that was two weeks of super computer hacking.  Now, considering everytime you add an interesting character you multiply the time it takes by the key space, one hundred should be more than enough.

I copied the 63 random ASCII printable characters at the password generator at www.grc.com and put it into the password haystack's page at the same domain and got this for a massive offline super computer scenario:

1.27 hundred thousand trillion trillion trillion trillion trillion trillion trillion trillion centuries

P.S.: The reason for changing frequently though is so in case your plain text password gets out, the attacker will lose control of your account as soon as you change your password.
dogie
legendary
Activity: 1666
Merit: 1183
dogiecoin.com
Re: Should I change my password if it's like a brick wall?
May 28, 2015, 03:02:24 AM
#11
Quote from: dsattler on May 28, 2015, 02:28:58 AM
Quote from: expert4knowledge on May 28, 2015, 02:14:00 AM
Quote from: dogie on May 27, 2015, 06:40:49 PM
Get a password generator then you'll never have to remember or type it in. And can change it as often as you like with no consequences on your end.
Can you tell more details about the password generator you are taking about?

You could use the free password manager keepass2, it has a built-in password generator:
http://keepass.info

Last pass is a good one as thery never store your master pass.
dsattler
legendary
Activity: 924
Merit: 1000
Re: Should I change my password if it's like a brick wall?
May 28, 2015, 02:28:58 AM
#10
Quote from: expert4knowledge on May 28, 2015, 02:14:00 AM
Quote from: dogie on May 27, 2015, 06:40:49 PM
Get a password generator then you'll never have to remember or type it in. And can change it as often as you like with no consequences on your end.
Can you tell more details about the password generator you are taking about?

You could use the free password manager keepass2, it has a built-in password generator:
http://keepass.info
expert4knowledge
hero member
Activity: 826
Merit: 1000
The All-in-One Cryptocurrency Exchange
Re: Should I change my password if it's like a brick wall?
May 28, 2015, 02:14:00 AM
#9
Quote from: dogie on May 27, 2015, 06:40:49 PM
Get a password generator then you'll never have to remember or type it in. And can change it as often as you like with no consequences on your end.
Can you tell more details about the password generator you are taking about?
dogie
legendary
Activity: 1666
Merit: 1183
dogiecoin.com
Re: Should I change my password if it's like a brick wall?
May 27, 2015, 06:40:49 PM
#8
Get a password generator then you'll never have to remember or type it in. And can change it as often as you like with no consequences on your end.
emelac
full member
Activity: 184
Merit: 100
Re: Should I change my password if it's like a brick wall?
May 27, 2015, 04:40:13 PM
#7
Quote from: BrickWall on May 27, 2015, 11:58:34 AM
My password is like a brick wall reinforced with steel bars. I have written it down manually and type it in manually every time I use it. It's over 100 characters long. Special characters, capitals letters and numbers are all included. Its a randomly generated password.

...

How did you ensure it's random? If you used software then it might not be properly random. You need to use dice or a random number generator to make it properly random.
botany
legendary
Activity: 1582
Merit: 1064
Re: Should I change my password if it's like a brick wall?
May 27, 2015, 12:27:53 PM
#6
Quote from: BrickWall on May 27, 2015, 11:58:34 AM
It's over 100 characters long. Special characters, capitals letters and numbers are all included. Its a randomly generated password.

Why?
If what you say is true, your password should be safe.

Code:
Estimated time (conservative) for an attacker to break randomly-constructed
bitcointalk.org passwords with current technology

s=second; m=minute; h=hour; d=day; y=year; ky=1000 years; My=1 million years

Password length  a-z  a-zA-Z  a-zA-Z0-9  
              8    0      3s        12s              2m
              9    0      2m        13m              3h
             10   8s      2h        13h             13d
             11   3m      5d        34d              1y
             12   1h    261d         3y            260y
             13   1d     37y       366y            22ky
             14  43d   1938y       22ky             1My
             15   1y   100ky        1My           160My
-------------------------------------------------------
         1 word  0
        2 words  0
        3 words  0
        4 words  3m
        5 words  19d
        6 words  405y
        7 words  3My
Athertle
sr. member
Activity: 252
Merit: 250
Go figure! | I'm nearing 1337 posts...
Re: Should I change my password if it's like a brick wall?
May 27, 2015, 12:19:03 PM
#5
Quote from: BrickWall on May 27, 2015, 11:58:34 AM
My password is like a brick wall reinforced with steel bars. I have written it down manually and type it in manually every time I use it. It's over 100 characters long. Special characters, capitals letters and numbers are all included. Its a randomly generated password.

Am I in risk of losing more data? my understanding they would need to still bruteforce the password because its not stored in plain text in the database. Which being realistic is almost impossible and would take hundreds of years.

Should I change my password?

Yes. Especially if you use the password for other sites as well.

Quote from: BrickWall on May 27, 2015, 11:58:34 AM
Which being realistic is almost impossible and would take hundreds of years.

Realistically speaking? It would take quadrillions on quadrillions of years for the average bruteforcer.
X7
legendary
Activity: 1162
Merit: 1009
Let he who is without sin cast the first stone
Re: Should I change my password if it's like a brick wall?
May 27, 2015, 12:03:32 PM
#4
Quote from: BrickWall on May 27, 2015, 11:58:34 AM
My password is like a brick wall reinforced with steel bars. I have written it down manually and type it in manually every time I use it. It's over 100 characters long. Special characters, capitals letters and numbers are all included. Its a randomly generated password.

Am I in risk of losing more data? my understanding they would need to still bruteforce the password because its not stored in plain text in the database. Which being realistic is almost impossible and would take hundreds of years.

Should I change my password?

Username checks out
Pages:
Bitcoin Forum>Other>Meta
Jump to: