Topic: Using LastPass as Bitcoing Users - Bad Idea? (Read 2790 times)
i wouldn't trust any third party with passwords. password managers will be the target of every hacking genius. you can't guarantee they'll be 100% for years on end. hardware wallet or if you don't want to do that then paper either paper wallet or passwords written down.
the better way is probably to store this particular sensible password on a piece of paper , stored in a safe place.
I also like this old idea. I actually have a little notebook which I keep somewhere but I just make sure that nobody can access it. Anyway, there are only two of us in my house and I am sure the other one does not know anything about the computer so I am 99% safe...except maybe if there can be a fire that can happen in my neighborhood then it can be a challenge lol. Having a good copy of our passwords is a good idea.
You could get a small fire safe and store it in there in case a fire were to occur. You'd probably also want to store it in a water proof bag or something to prevent possible water damage.
What's important is that your passwords aren't online as that could be prone to hacking, even a browser extension. If you can be bothered, holding your passwords offline and formatting them as previously described could be a very good idea if you keep backups. Ideally you could just hold them on a secondary low quality PC on which you don't go on the Internet, so that you're very unlikely to be compromised, and back them up when you add new ones.
the better way is probably to store this particular sensible password on a piece of paper , stored in a safe place.
I also like this old idea. I actually have a little notebook which I keep somewhere but I just make sure that nobody can access it. Anyway, there are only two of us in my house and I am sure the other one does not know anything about the computer so I am 99% safe...except maybe if there can be a fire that can happen in my neighborhood then it can be a challenge lol. Having a good copy of our passwords is a good idea.
You could get a small fire safe and store it in there in case a fire were to occur. You'd probably also want to store it in a water proof bag or something to prevent possible water damage.
the better way is probably to store this particular sensible password on a piece of paper , stored in a safe place.
I also like this old idea. I actually have a little notebook which I keep somewhere but I just make sure that nobody can access it. Anyway, there are only two of us in my house and I am sure the other one does not know anything about the computer so I am 99% safe...except maybe if there can be a fire that can happen in my neighborhood then it can be a challenge lol. Having a good copy of our passwords is a good idea.
I am against it as a Bitcoin user. If you are like me and have many exchanges like Yobit,Poloniex etc then I don't suggest it. Not that I am against it but I found the best way is to put all your passwords in a protected word document and then archive it with Winrar. Use a password with at least 20 characters including special characters Uppercase and Numbers which only make sense to you and store it in D: E: F: whatever your second partition is called. Also keep it in at least 2 usb-s one 3.0 speed, one 2.0 speed. I never lose a password this way even when I have to format my PC.
We have similar method mate. I used to have password manager as well before, but the issue I had is that if they breached your master password all your password will be comprised. That's why I backup all my password not in a word document, but in a excel file. Because excel file for me is easy to use because I can create separate tabs for different password in about any site I have an account to and put additional information in there like here in forum, my user profile link, my wallet address, my current signature campaign and password or rank is saved in a spreadsheet.
So is your excel sheet if it gets bruteforced right?
All your passwords are right there.
Also i've seen password managers where you could make different kinds of categories to store certain parts in, so even if someone cracked your master password, ( which is very unlikely if you even choose a moderately secure one ) you would still need different "submaster" keys for these passwords.
Also you encrypt your excel in a .zip / .rar ? Do you know how easily THAT can be bruteforced? Using these kinds of encryption methods are so 2009 man.
I am saying to keep all your password in a .doc document and encrypt it with strong password, then add it to . RAR file and encrypt it with an even stronger password.
@kolloh I would like you to show me a file I am willing to send you compressed with .RAR with only 25 characters and if you can brute force it in a month I will give you 0.02 BTC as reward. That is how sure I am it cannot be beaten the encryption of RAR files.
And here is a test link with a random password with more than 40 characters, compressed with Linux zip. Let's see how easy it is or it is not.
http://www.mediafire.com/file/ehht7zv5wt7whgb/Untitled_Document.zip
Edit: I am still letting the file for anyone to break it. I just found that only Truecrypt or Veracrypt offer true encryption but still I believe .rar and .zip are very difficult to break when the password is extremely long and contains a lot of special characters.
So 2 days have passed, where are the guys who told me I am so 2009
, I am waiting a break of my password in that zip document, should be easy since it's 2009 security. 
the better way is probably to store this particular sensible password on a piece of paper , stored in a safe place.
That could work for a few passwords, but when you have quite a number of passwords to keep track of, it becomes very inconvenient to store them on paper. It also makes it easy for people with physical access to steal all your passwords.
1. Make sure that paper copy is not the only one, make couple of them and store in different places.
2. "Encrypt" your passwords - for example don't write whole password but only some part of it and remember the rest.
Or use simple method to switch some numbers with letters and vice versa. It might suffice to mislead potential thief.
3. Make sure that piece of paper looks inconspicuous - make it look like ordinary note or scribble of some sort.
I am against it as a Bitcoin user. If you are like me and have many exchanges like Yobit,Poloniex etc then I don't suggest it. Not that I am against it but I found the best way is to put all your passwords in a protected word document and then archive it with Winrar. Use a password with at least 20 characters including special characters Uppercase and Numbers which only make sense to you and store it in D: E: F: whatever your second partition is called. Also keep it in at least 2 usb-s one 3.0 speed, one 2.0 speed. I never lose a password this way even when I have to format my PC.
We have similar method mate. I used to have password manager as well before, but the issue I had is that if they breached your master password all your password will be comprised. That's why I backup all my password not in a word document, but in a excel file. Because excel file for me is easy to use because I can create separate tabs for different password in about any site I have an account to and put additional information in there like here in forum, my user profile link, my wallet address, my current signature campaign and password or rank is saved in a spreadsheet.
So is your excel sheet if it gets bruteforced right?
All your passwords are right there.
Also i've seen password managers where you could make different kinds of categories to store certain parts in, so even if someone cracked your master password, ( which is very unlikely if you even choose a moderately secure one ) you would still need different "submaster" keys for these passwords.
Also you encrypt your excel in a .zip / .rar ? Do you know how easily THAT can be bruteforced? Using these kinds of encryption methods are so 2009 man.
I am saying to keep all your password in a .doc document and encrypt it with strong password, then add it to . RAR file and encrypt it with an even stronger password.
@kolloh I would like you to show me a file I am willing to send you compressed with .RAR with only 25 characters and if you can brute force it in a month I will give you 0.02 BTC as reward. That is how sure I am it cannot be beaten the encryption of RAR files.
And here is a test link with a random password with more than 40 characters, compressed with Linux zip. Let's see how easy it is or it is not.
http://www.mediafire.com/file/ehht7zv5wt7whgb/Untitled_Document.zip
Edit: I am still letting the file for anyone to break it. I just found that only Truecrypt or Veracrypt offer true encryption but still I believe .rar and .zip are very difficult to break when the password is extremely long and contains a lot of special characters.
the better way is probably to store this particular sensible password on a piece of paper , stored in a safe place.
That could work for a few passwords, but when you have quite a number of passwords to keep track of, it becomes very inconvenient to store them on paper. It also makes it easy for people with physical access to steal all your passwords.
If you have a Trezor, you can actually use it for a password manager as well. See https://trezor.io/passwords/ for more information.
the better way is probably to store this particular sensible password on a piece of paper , stored in a safe place.
I am against it as a Bitcoin user. If you are like me and have many exchanges like Yobit,Poloniex etc then I don't suggest it. Not that I am against it but I found the best way is to put all your passwords in a protected word document and then archive it with Winrar. Use a password with at least 20 characters including special characters Uppercase and Numbers which only make sense to you and store it in D: E: F: whatever your second partition is called. Also keep it in at least 2 usb-s one 3.0 speed, one 2.0 speed. I never lose a password this way even when I have to format my PC.
We have similar method mate. I used to have password manager as well before, but the issue I had is that if they breached your master password all your password will be comprised. That's why I backup all my password not in a word document, but in a excel file. Because excel file for me is easy to use because I can create separate tabs for different password in about any site I have an account to and put additional information in there like here in forum, my user profile link, my wallet address, my current signature campaign and password or rank is saved in a spreadsheet.
So is your excel sheet if it gets bruteforced right?
All your passwords are right there.
Also i've seen password managers where you could make different kinds of categories to store certain parts in, so even if someone cracked your master password, ( which is very unlikely if you even choose a moderately secure one ) you would still need different "submaster" keys for these passwords.
Also you encrypt your excel in a .zip / .rar ? Do you know how easily THAT can be bruteforced? Using these kinds of encryption methods are so 2009 man.
I am against it as a Bitcoin user. If you are like me and have many exchanges like Yobit,Poloniex etc then I don't suggest it. Not that I am against it but I found the best way is to put all your passwords in a protected word document and then archive it with Winrar. Use a password with at least 20 characters including special characters Uppercase and Numbers which only make sense to you and store it in D: E: F: whatever your second partition is called. Also keep it in at least 2 usb-s one 3.0 speed, one 2.0 speed. I never lose a password this way even when I have to format my PC.
We have similar method mate. I used to have password manager as well before, but the issue I had is that if they breached your master password all your password will be comprised. That's why I backup all my password not in a word document, but in a excel file. Because excel file for me is easy to use because I can create separate tabs for different password in about any site I have an account to and put additional information in there like here in forum, my user profile link, my wallet address, my current signature campaign and password or rank is saved in a spreadsheet.
A word or excel document is much less secure than most password managers. Passwords for Rar or Zip files are much easier to be cracked and lack anti-brute force protections. Additionally, these passwords are completely unencrypted while the document is open. Password Managers such as Keepass can encrypt while in memory and slow brute force attempts against your master password.
I am against it as a Bitcoin user. If you are like me and have many exchanges like Yobit,Poloniex etc then I don't suggest it. Not that I am against it but I found the best way is to put all your passwords in a protected word document and then archive it with Winrar. Use a password with at least 20 characters including special characters Uppercase and Numbers which only make sense to you and store it in D: E: F: whatever your second partition is called. Also keep it in at least 2 usb-s one 3.0 speed, one 2.0 speed. I never lose a password this way even when I have to format my PC.
We have similar method mate. I used to have password manager as well before, but the issue I had is that if they breached your master password all your password will be comprised. That's why I backup all my password not in a word document, but in a excel file. Because excel file for me is easy to use because I can create separate tabs for different password in about any site I have an account to and put additional information in there like here in forum, my user profile link, my wallet address, my current signature campaign and password or rank is saved in a spreadsheet.
I am against it as a Bitcoin user. If you are like me and have many exchanges like Yobit,Poloniex etc then I don't suggest it. Not that I am against it but I found the best way is to put all your passwords in a protected word document and then archive it with Winrar. Use a password with at least 20 characters including special characters Uppercase and Numbers which only make sense to you and store it in D: E: F: whatever your second partition is called. Also keep it in at least 2 usb-s one 3.0 speed, one 2.0 speed. I never lose a password this way even when I have to format my PC.
Came across this today:
https://www.theregister.co.uk/2017/03/21/lastpass_vulnerabilities/
How do U guys play it safe? A specific password manager (perhaps other than lastpass)?
Or any other methods?
This is important since now money is involved.
Thanks!
https://www.theregister.co.uk/2017/03/21/lastpass_vulnerabilities/
How do U guys play it safe? A specific password manager (perhaps other than lastpass)?
Or any other methods?
This is important since now money is involved.
Thanks!
i'm a keepass (keepassx) user myself... There are vulnerabilitys found from time to time, but at least, the encrypted password file isn't stored in the cloud...
+1 for Keepass. It's a local password manager so its only stored on your PC so it's less likely to be compromised. It also has an autotype feature that works without the need for a browser extension which tend to have the most security flaws. I've seen issues with the extensions for LastPass and 1Password as well recently so avoiding a browser plugin is probably a good idea.
Came across this today:
https://www.theregister.co.uk/2017/03/21/lastpass_vulnerabilities/
How do U guys play it safe? A specific password manager (perhaps other than lastpass)?
Or any other methods?
This is important since now money is involved.
Thanks!
https://www.theregister.co.uk/2017/03/21/lastpass_vulnerabilities/
How do U guys play it safe? A specific password manager (perhaps other than lastpass)?
Or any other methods?
This is important since now money is involved.
Thanks!
i'm a keepass (keepassx) user myself... There are vulnerabilitys found from time to time, but at least, the encrypted password file isn't stored in the cloud...
Came across this today:
https://www.theregister.co.uk/2017/03/21/lastpass_vulnerabilities/
How do U guys play it safe? A specific password manager (perhaps other than lastpass)?
Or any other methods?
This is important since now money is involved.
Thanks!
https://www.theregister.co.uk/2017/03/21/lastpass_vulnerabilities/
How do U guys play it safe? A specific password manager (perhaps other than lastpass)?
Or any other methods?
This is important since now money is involved.
Thanks!
Jump to: