Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Keeping your home network secure & help with secure passwords.
New Posts  All Forums:Forum Nav:

Keeping your home network secure & help with secure passwords.

post #1 of 24
Thread Starter 
Hi guys,

Recently I have moved to a new spot. My home network has always been controlled by my father. I'm finally in control of all the internet security etc.. and it's got me thinking about secure passwords.

Up until now, I've been using made up passwords, recently somehow my bank details were compromised and some money was electronically stolen out of my account. I know there are a myriad of ways they can do this but I have decided to change the way I manage passwords at home.

I'm comfortable saying that I no longer remember any of my passwords. I use a strong password generator with symbols, upper & lower case letters, numbers etc.. up to 16 characters long and use different passwords for every site.

Is there a better way to come up with passwords? I used the diceware system in the past, but found this to be easier and less time consuming, also have checked these passwords with various password checkers that rate the password as excellent.

I'm not asking about the safety rating of " forgetting " the passwords, because I have them stored offline in a location that is not on my home network, at the moment, most of my regularly accessed sites are on " remember me". I'm simply asking how adequate this method is of keeping all my passwords seperate and my home safe & secure.

Thanks guys smile.gif
post #2 of 24

I use the XKCD password generator quite often. It puts four random words together with spaces in between to make an easy to remember, but extremely long and almost impenetrable password. You can add a couple of symbols around the place to make it even stronger too.

 

E.G. when I went on the page the password "anyway truck eager major" was there, which is an easy to remember, but 24 character long password.

 

Hope this helps.

post #3 of 24
Thread Starter 
Quote:
Originally Posted by Tagkaman View Post

I use the XKCD password generator quite often. It puts four random words together with spaces in between to make an easy to remember, but extremely long and almost impenetrable password. You can add a couple of symbols around the place to make it even stronger too.

E.G. when I went on the page the password "anyway truck eager major" 
was there, which is an easy to remember, but 24 character long password.


Hope this helps.

Hmm that looks very interesting, thank you! The problem would be for me there some services don;t allow passwords that long. Definitely useful information. If you don't mind my asking, do you use a pssword manager service or store them in another area? I've grown a bit suspicious and untrusting of password managers as of late
post #4 of 24

I don't really use a password manager, but I have a page *somewhere in my house* with clues to all my passwords.

post #5 of 24
Quote:
Originally Posted by CurtTerror View Post

Hmm that looks very interesting, thank you! The problem would be for me there some services don;t allow passwords that long. Definitely useful information. If you don't mind my asking, do you use a pssword manager service or store them in another area? I've grown a bit suspicious and untrusting of password managers as of late

Why are you suspicious of password managers?

Its pretty simple, if you trust your passwords to be stored securely encrypted online, use Lastpass. If you distrust the cloud, use Keepass.

Personally I use Lastpass, however my email, bank and paypal are not stored in the password manager, I have those memorized.

My biggest security risk is loosing my laptop, and then lastpass not logging out. You can manually set the amount of times you want your file encrypted, so that if Lastpass server gets hacked, its logistically impossible that your file is decrypted.
Edited by .:hybrid:. - 3/1/13 at 2:16am
Webcrawler
(17 items)
 
  
CPUMotherboardGraphicsRAM
i5 3570k ASRock Z75 Pro3 Sapphire 7870 XT Boost Corsair Vengeance, DDR3 1600Mhz 
Hard DriveHard DriveOSMonitor
SpinPoint F1 1TB 64GB M4 SSD Windows 8.1 SyncMaster P2050 
MonitorKeyboardPowerMouse
Dell U2312HM Sidewinder X4 Be Quiet! Pure Power CM L8 430w Zowie FK 
AudioAudio
Xonar DG Sennheiser HD 555 
  hide details  
Reply
Webcrawler
(17 items)
 
  
CPUMotherboardGraphicsRAM
i5 3570k ASRock Z75 Pro3 Sapphire 7870 XT Boost Corsair Vengeance, DDR3 1600Mhz 
Hard DriveHard DriveOSMonitor
SpinPoint F1 1TB 64GB M4 SSD Windows 8.1 SyncMaster P2050 
MonitorKeyboardPowerMouse
Dell U2312HM Sidewinder X4 Be Quiet! Pure Power CM L8 430w Zowie FK 
AudioAudio
Xonar DG Sennheiser HD 555 
  hide details  
Reply
post #6 of 24
Thread Starter 
Quote:
Originally Posted by .:hybrid:. View Post

Why are you suspicious of password managers?

Its pretty simple, if you trust your passwords to be stored securely encrypted online, use Lastpass. If you distrust the cloud, use Keepass.

Personally I use Lastpass, however my email, bank and paypal are not stored in the password manager, I have those memorized.

My biggest security risk is loosing my laptop, and then lastpass not logging out. You can manually set the amount of times you want your file encrypted, so that if Lastpass server gets hacked, its logistically impossible that your file is decrypted.

I suppose suspicious is the wrong word, I'm actually considering going back to a password manager.

I was looking at using LastPass as I used 1password before but it seems to be more prominent on the mac and I thought I'd try something different. Does Lastpass have the same sort of feautures, including a password generator etc...?

Yea, okay thanks man, I'll have a look. Do you use a password generator in lastpass to get passwords or what? is it secure?

Cheers
post #7 of 24
I use the password generator in Lastpass, but the real strength of course comes from the fact that each password is unique.

As for secureness, http://helpdesk.lastpass.com/security-options/password-iterations-pbkdf2/

Realistically there is no current way to bruteforce the file in a reasonable timeframe.
Edited by .:hybrid:. - 3/1/13 at 6:04am
Webcrawler
(17 items)
 
  
CPUMotherboardGraphicsRAM
i5 3570k ASRock Z75 Pro3 Sapphire 7870 XT Boost Corsair Vengeance, DDR3 1600Mhz 
Hard DriveHard DriveOSMonitor
SpinPoint F1 1TB 64GB M4 SSD Windows 8.1 SyncMaster P2050 
MonitorKeyboardPowerMouse
Dell U2312HM Sidewinder X4 Be Quiet! Pure Power CM L8 430w Zowie FK 
AudioAudio
Xonar DG Sennheiser HD 555 
  hide details  
Reply
Webcrawler
(17 items)
 
  
CPUMotherboardGraphicsRAM
i5 3570k ASRock Z75 Pro3 Sapphire 7870 XT Boost Corsair Vengeance, DDR3 1600Mhz 
Hard DriveHard DriveOSMonitor
SpinPoint F1 1TB 64GB M4 SSD Windows 8.1 SyncMaster P2050 
MonitorKeyboardPowerMouse
Dell U2312HM Sidewinder X4 Be Quiet! Pure Power CM L8 430w Zowie FK 
AudioAudio
Xonar DG Sennheiser HD 555 
  hide details  
Reply
post #8 of 24
My passwords are never cracked because I change them so often, lowlife's Dsod'ing and port scanning is the real problem with the way so many games have always online features now. In the end who cares about remembering passwords if you remember your secret questions.
Computer
(5 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k @ 4.7ghz MAXIMUS IV GENE-Z/GEN3 AMD Radeon HD 7970 1150/1600 G.Skill 2133 
RAM
G.Skill 2133 
  hide details  
Reply
Computer
(5 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 2500k @ 4.7ghz MAXIMUS IV GENE-Z/GEN3 AMD Radeon HD 7970 1150/1600 G.Skill 2133 
RAM
G.Skill 2133 
  hide details  
Reply
post #9 of 24
Quote:
Originally Posted by Tagkaman View Post

I use the XKCD password generator quite often. It puts four random words together with spaces in between to make an easy to remember, but extremely long and almost impenetrable password. You can add a couple of symbols around the place to make it even stronger too.

E.G. when I went on the page the password "anyway truck eager major" 
was there, which is an easy to remember, but 24 character long password.


Hope this helps.

That's less secure than the method he's already using as modern attacks use advanced dictionary cycles to crack passphrases. These dictionaries even take l33t / txt spk, memes and foreign words into account.

The only secure way to use memorable passwords is to have a generator that produces a base64 hash (the encoding doesn't really matter greatly, even just MD5 will do the trick) of the site name and a common passphrase. Thus you only have to remember one passphrase but each and every site will have a 16+ character long mix of 64 symbols. All you need is access to the generator (plenty of them online) and as your password is created each time on the fly, you're not even storing your passwords (so you don't have to worry about loosing your bit of paper, your PC being reformatted or password wallets being insecure).
post #10 of 24
You shouldn't even be using real words in your passwords. The best way to do it is to think of a phrase, for example "The very first car I owned was a 1998 Chevy Malibu". You then take the first letter of each word, so we have "T V F C I O W A C M". Then all you have to do is substitue in some numbers and symbols, and vary the capitalization (and I'll add on the car year for more numbers), so how about: tvFci0W@98cM. That's a pretty secure password because there are no dictionary words, but it's easy to remember because the phrase is personal to you and not randomly generated.
Main Rig
(17 items)
 
 
Untangle Box
(11 items)
 
CPUMotherboardGraphicsRAM
AMD Phenom II X4 965 ASUS Sabertooth 990FX XFX Radeon HD 6870 Corsair Vengeance 
Hard DriveHard DriveHard DriveOptical Drive
Crucial M4 SSD Old Laptop HDD Old Laptop HDD ASUS Blu-ray Burner 
CoolingOSMonitorMonitor
Corsair H80 Windows 8.1 ASUS VS228H Dell 17" 
KeyboardPowerCaseMouse
Cooler Master Storm Quickfire TK Corsair TX750M Corsair Obsidian 650D Logitech G400 
Audio
Logitech S-220 
CPUMotherboardGraphicsRAM
Athlon X2 250 ASUS M5A97 VisionTek Radeon HD 5850 Crucial 
RAMRAMHard DriveHard Drive
Crucial Balistix Sport Corsair Vengeance Seagate Barracuda Seagate 2.5" 
Optical DriveCoolingOSMonitor
LG DVD burner Cooler Master Hyper-212 Windows Hyper-V Server 2012 ASUS VH192D 
KeyboardPowerCaseMouse
Microsoft KB Rosewill Stallion Rosewill Challenger Logitech 
CPUMotherboardRAMHard Drive
Core2 Duo e4500 ASRock G41M-S3 Crucial Ballistix Sport Crucial V4 32GB SSD 
CoolingOSPowerCase
Rosewill RCX-Z90-AL Untangle Dell PSU Rosewill FBM-01 
  hide details  
Reply
Main Rig
(17 items)
 
 
Untangle Box
(11 items)
 
CPUMotherboardGraphicsRAM
AMD Phenom II X4 965 ASUS Sabertooth 990FX XFX Radeon HD 6870 Corsair Vengeance 
Hard DriveHard DriveHard DriveOptical Drive
Crucial M4 SSD Old Laptop HDD Old Laptop HDD ASUS Blu-ray Burner 
CoolingOSMonitorMonitor
Corsair H80 Windows 8.1 ASUS VS228H Dell 17" 
KeyboardPowerCaseMouse
Cooler Master Storm Quickfire TK Corsair TX750M Corsair Obsidian 650D Logitech G400 
Audio
Logitech S-220 
CPUMotherboardGraphicsRAM
Athlon X2 250 ASUS M5A97 VisionTek Radeon HD 5850 Crucial 
RAMRAMHard DriveHard Drive
Crucial Balistix Sport Corsair Vengeance Seagate Barracuda Seagate 2.5" 
Optical DriveCoolingOSMonitor
LG DVD burner Cooler Master Hyper-212 Windows Hyper-V Server 2012 ASUS VH192D 
KeyboardPowerCaseMouse
Microsoft KB Rosewill Stallion Rosewill Challenger Logitech 
CPUMotherboardRAMHard Drive
Core2 Duo e4500 ASRock G41M-S3 Crucial Ballistix Sport Crucial V4 32GB SSD 
CoolingOSPowerCase
Rosewill RCX-Z90-AL Untangle Dell PSU Rosewill FBM-01 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Keeping your home network secure & help with secure passwords.