Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Best way of keeping track of passwords?
New Posts  All Forums:Forum Nav:

Best way of keeping track of passwords? - Page 6

Poll Results: Which Manager do you use?

This is a multiple choice poll
  • 4% of voters (1)
    I voted for more than one Password Manager
  • 41% of voters (10)
    I have more than 15 accounts that use Passwords
  • 0% of voters (0)
    I have less than 15 accounts that use Passwords
  • 41% of voters (10)
    I use LastPass
  • 16% of voters (4)
    I use KeePass
  • 0% of voters (0)
    I use RoboForm
  • 4% of voters (1)
    I use DashLane
  • 0% of voters (0)
    I use DirectPass
  • 4% of voters (1)
    I use both LastPass and KeePass
  • 4% of voters (1)
    I use a Physical and/or Digital documents that needs decryption using a Cipher.
  • 12% of voters (3)
    I use an Algorithm similar to what Plan9 and others have suggested ( Post #9 for Plan9 )
  • 12% of voters (3)
    I Remember each unique password mentally
  • 12% of voters (3)
    Other(s) please specify
24 Total Votes  
post #51 of 128
You can disable the multi factor part if needed provided you can access your email account that is tied to LastPass.

I use an address that isn't used for anything else and has no connection to my online or RL info with a reasonably secure password.
post #52 of 128
My email account uses a random and unknown password as well. If I forget my master password I might as well go off the grid.
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E Gigabyte GTX 970 (GV-N970IX-4GD) 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E Gigabyte GTX 970 (GV-N970IX-4GD) 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
post #53 of 128
Quote:
Originally Posted by nooboc2012 View Post

Speaking of paper. Why is that not a viable solution? You remember only one password for your main email and write the passwords down for your remaining 19 online accounts. You could even apply a caesar cipher or some other basic cipher on the passwords when writing them down if your really concerned about security. If you lose it then you do what you would do if you lost your credit card and reset all your passwords. Fold the piece of paper or place it in your wallet in such a way that you would be able to tell if someone had handled it.

Profit? No?
If you have 20 passwords in your wallet.... How will you know which password is for which account?

What happens if you lose the a paper, it gets wet, or wears out.... you have to go reset PWs.

Is that more secure than a mathematically-secure file on a USB drive?


Quote:
Originally Posted by ASUSfreak View Post

I must say it sure looks hard to remember which is L33T and which is capital with this THIS IS A TEST sentence tongue.gif Mine is 21 characters long but is WAY easier to remember redface.gif
Can you explain 1) and 2) better for me? (I don't understand it correct as I'm Dutch speaking.....)
3) CRAP... and I tought my password would be way more safe now...

Oh well it's probably harder to crack than my previous password which only had 7 letters and 1 number tongue.gif
And when I tested it here: http://www.passwordmeter.com/
It showed me this:

1) Crackers are loading in Wikipedia, books, poems, websites, etc to build databases. This includes non-English data as well. Basically, sentences written and published online somewhere can and will feed cracking engines.
2) Combining or inserting semi-random words do not work all that great since it's based off of patterns. For example... "Password123" is almost as easy to crack as "Password"


Assuming a character space of 62 (a-z,A-Z,0-9)....those password testers just do 62^(len of PW). This is stupid. It ignores the fact that people use patterns of passwords.

"THISISMYPASSWORD" is absolutely less secure than "3C2MuWn90flt".


Quote:
Originally Posted by LtStinger View Post

I don't personally do it, but I kind of like the email idea.

Randomly generate passwords however you desire, and remember one password for your email account. (Make sure it's secure.)

Then if you need a password, log into your email. Unless we think that gmail has some kind of security issue, which as far as I know...they don't.

I just use the browser method with a master key. Seems to work fine for me until I have to reformat and forget to back them up. Then I spend the next 3 weeks cussing every website and resetting passwords rolleyes.gif
Even better.... why not just create a encrypted database file? Just remember the password to unlock the file. How you share it then doesn't really matter.... email, USB, DropBox, etc. This is how many password keepers work already.

Browser method links you to the browser though. Something like LastPass has plugins for most browsers (including mobile!).
Quote:
Originally Posted by Bitemarks and bloodstains View Post

It seems FireFox uses triple DES for encrypting which is pretty good, however you are still limited to a single factor of authentication (your master password).

Using a password manager that allows multi factor authentication (such as LastPass with a YubiKey) is much better.
What key length? Triple DES is weaken by being susceptible to Meet-In-The-Middle attacks.

Quote:
Originally Posted by Maximization View Post

memory in your brain
Can you remember 12+ 16 randomly generated passwords?
Edited by DuckieHo - 4/23/14 at 9:03am
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #54 of 128
I'm a KeePass user. I hate having add-ons in my browser. biggrin.gif
post #55 of 128
Quote:
Originally Posted by Bitemarks and bloodstains View Post

You can disable the multi factor part if needed provided you can access your email account that is tied to LastPass.

I use an address that isn't used for anything else and has no connection to my online or RL info with a reasonably secure password.

Yeah, but my point is you cannot login to disable two factor if your phone is missing.

Don't get me wrong, I have no qualms with two factor auth nor key stores, but some people talk about them as if they're a silver bullet. The problem is that leads to complacency which is the greatest weakness in any secure process.

edited: spelling
Edited by Plan9 - 4/23/14 at 7:50am
post #56 of 128
Firefox built-in password manager with addition to KeePass 2.x

Just be sure to keep your computer secure and don't install malicios add-on or some other thing that will grab the saved Firefox passwords. And don't enable sync in Firefox.
     
CPUMotherboardGraphicsRAM
Pentium 4 2.0GHz @ 2.16Ghz SL5SZ ABIT TH7-RAID Triplex Millenium Silver GeForce4 Ti4600 128MB ... 768MB RD-RAM 
Hard DriveOptical DriveCoolingOS
120GB 7200RPM IBM 120GXP IC35L120AVVA07-0 in RA... Plextor PX-708A Intel Stock cooler Socket 423 with ABIT Custom ... Windows XP Professional SP3 
MonitorKeyboardPowerCase
LG Flatron F700P 4World Acessories PS2 keyboard Enermax EG465AX-VE(G) 465W ATX 12V Ver. 1.2 PSU Noname gray-silver case 
MouseMouse PadAudio
Logitech USB First/Pilot Wheel Mouse M-BE58 Smooth wooden desk surface Avance ALC200 audio chip 
CPUMotherboardGraphicsRAM
Core 2 Duo E8600 DFI LANParty UT P45-T3RS (dead) XFX HD5850 Black Edition 1GB Mushkin Redline 996805 8GB (4x2GB) DDR3-1600 
Hard DriveOptical DriveCoolingOS
Western Digital Velociraptor 1TB WD1000DHTZ Plextor PX-891SA Cooler Master Hyper-Z 600 Windows 7 Ultimate x64 SP1 
MonitorKeyboardPowerCase
LG Flatron F700P Genius KB-G235 Chieftec CF-700-14CS 700W Compucase 6A21 White 
MouseMouse Pad
A4Tech x7 ASUS Leather mouse pad 
CPUMotherboardGraphicsRAM
Pentium4 3.0Ghz ABIT IS-20 Integrated Intel Extreme Graphics 2 1GB DDR400 Elixir M2U51264DS8HC3G-5T @ 2.5-3-2-5 
Hard DriveOptical DriveCoolingOS
80GB IDE Western Digital WD800JB-00FMA0 LiteOn Intel Stock cooler (with copper core) for Socke... Windows XP Professional SP3 
MonitorOther
Remote Desktop SONY MPF920 3,5" 1.44MB Floppy drive 
  hide details  
Reply
     
CPUMotherboardGraphicsRAM
Pentium 4 2.0GHz @ 2.16Ghz SL5SZ ABIT TH7-RAID Triplex Millenium Silver GeForce4 Ti4600 128MB ... 768MB RD-RAM 
Hard DriveOptical DriveCoolingOS
120GB 7200RPM IBM 120GXP IC35L120AVVA07-0 in RA... Plextor PX-708A Intel Stock cooler Socket 423 with ABIT Custom ... Windows XP Professional SP3 
MonitorKeyboardPowerCase
LG Flatron F700P 4World Acessories PS2 keyboard Enermax EG465AX-VE(G) 465W ATX 12V Ver. 1.2 PSU Noname gray-silver case 
MouseMouse PadAudio
Logitech USB First/Pilot Wheel Mouse M-BE58 Smooth wooden desk surface Avance ALC200 audio chip 
CPUMotherboardGraphicsRAM
Core 2 Duo E8600 DFI LANParty UT P45-T3RS (dead) XFX HD5850 Black Edition 1GB Mushkin Redline 996805 8GB (4x2GB) DDR3-1600 
Hard DriveOptical DriveCoolingOS
Western Digital Velociraptor 1TB WD1000DHTZ Plextor PX-891SA Cooler Master Hyper-Z 600 Windows 7 Ultimate x64 SP1 
MonitorKeyboardPowerCase
LG Flatron F700P Genius KB-G235 Chieftec CF-700-14CS 700W Compucase 6A21 White 
MouseMouse Pad
A4Tech x7 ASUS Leather mouse pad 
CPUMotherboardGraphicsRAM
Pentium4 3.0Ghz ABIT IS-20 Integrated Intel Extreme Graphics 2 1GB DDR400 Elixir M2U51264DS8HC3G-5T @ 2.5-3-2-5 
Hard DriveOptical DriveCoolingOS
80GB IDE Western Digital WD800JB-00FMA0 LiteOn Intel Stock cooler (with copper core) for Socke... Windows XP Professional SP3 
MonitorOther
Remote Desktop SONY MPF920 3,5" 1.44MB Floppy drive 
  hide details  
Reply
post #57 of 128
Quote:
Originally Posted by ASUSfreak View Post

Can you explain 1) and 2) better for me? (I don't understand it correct as I'm Dutch speaking.....)
What it means is that things designed to crack passwords take what you have done in mind and built a database of passwords with permutations for passphrases such as "This is a test" (from your example).

The only thing I really learned from my info sec class is that there is no "perfect security." There are, however, ways, methods, and best practices to provide some degree of assurance that you will be okay. Every single method mentioned in this thread is attack-able, but some will take considerably more effort than others to do so.

For me, I store my passwords on a USB for now. It is a fairly weak system, but I have been using this as an interim method while I research how to best protect myself. This thread has given me some ideas and I want to thank everyone in this thread for that!
    
CPUMotherboardGraphicsRAM
AMD Ryzen 5 1600 ASRock AB350 mini ITX Sapphire R9 290X Team T-Force Dark 
Hard DriveHard DriveCoolingKeyboard
Plextor M3 M4 Custom water cooling KB talking Race II 
PowerCaseMouseMouse Pad
Corsair HX 750 NZXT H440 Zowie eVo CL Ratpadz 
AudioAudioAudio
Aune T1 Sennheiser HD598 Beyerdyanamic DT990 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
AMD Ryzen 5 1600 ASRock AB350 mini ITX Sapphire R9 290X Team T-Force Dark 
Hard DriveHard DriveCoolingKeyboard
Plextor M3 M4 Custom water cooling KB talking Race II 
PowerCaseMouseMouse Pad
Corsair HX 750 NZXT H440 Zowie eVo CL Ratpadz 
AudioAudioAudio
Aune T1 Sennheiser HD598 Beyerdyanamic DT990 
  hide details  
Reply
post #58 of 128
Quote:
Originally Posted by debuchan View Post

For me, I store my passwords on a USB for now. It is a fairly weak system, but I have been using this as an interim method while I research how to best protect myself. This thread has given me some ideas and I want to thank everyone in this thread for that!

Why not use an encrypted file on the USB drive along with an encryption program?
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #59 of 128
Just out of curiosity, how secure is a generated password like this?: 94687625534462984797328V46^84488734587492748734786987532872494954828873y7885242543427447648776896396
My Rig
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 3570k Asus P8Z77-M Galaxy GTX 670 2GB GC Corsair 8GB DDR3 1600mhz 
Hard DriveOptical DriveCoolingOS
Seagate Barracuda 2TB Samsung SH-224BB Coolermaster Hyper 212 EVO Windows 7 64-bit 
MonitorKeyboardPowerCase
BenQ XL2420T Coolermaster Quickfire Pro Cherry Blue Mechanic... Antec HCG 520W Modular Power Supply Fractal Design Define XL R2 Black Pearl 
MouseMouse PadAudioAudio
Logitech G600 SteelSeries Qck Audio Technica ATH-AD700 Graham Slee Voyager Amplifier 
Audio
Asus Xonar Essence ST 
  hide details  
Reply
My Rig
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 3570k Asus P8Z77-M Galaxy GTX 670 2GB GC Corsair 8GB DDR3 1600mhz 
Hard DriveOptical DriveCoolingOS
Seagate Barracuda 2TB Samsung SH-224BB Coolermaster Hyper 212 EVO Windows 7 64-bit 
MonitorKeyboardPowerCase
BenQ XL2420T Coolermaster Quickfire Pro Cherry Blue Mechanic... Antec HCG 520W Modular Power Supply Fractal Design Define XL R2 Black Pearl 
MouseMouse PadAudioAudio
Logitech G600 SteelSeries Qck Audio Technica ATH-AD700 Graham Slee Voyager Amplifier 
Audio
Asus Xonar Essence ST 
  hide details  
Reply
post #60 of 128
Quote:
Originally Posted by Dctr View Post

Just out of curiosity, how secure is a generated password like this?: 94687625534462984797328V46^84488734587492748734786987532872494954828873y7885242543427447648776896396

What are the rules?

For example, some websites truncate the first dozen or so characters in the password.

I see one special character, one lower case, and one upper case. So is the character space ASCII 33-126?
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Best way of keeping track of passwords?