Originally Posted by nooboc2012
Speaking of paper. Why is that not a viable solution? You remember only one password for your main email and write the passwords down for your remaining 19 online accounts. You could even apply a caesar cipher or some other basic cipher on the passwords when writing them down if your really concerned about security. If you lose it then you do what you would do if you lost your credit card and reset all your passwords. Fold the piece of paper or place it in your wallet in such a way that you would be able to tell if someone had handled it.
If you have 20 passwords in your wallet.... How will you know which password is for which account?
What happens if you lose the a paper, it gets wet, or wears out.... you have to go reset PWs.
Is that more secure than a mathematically
-secure file on a USB drive?
Originally Posted by ASUSfreak
I must say it sure looks hard to remember which is L33T and which is capital with this THIS IS A TEST sentence
Mine is 21 characters long but is WAY easier to remember
Can you explain 1) and 2) better for me? (I don't understand it correct as I'm Dutch speaking.....)
3) CRAP... and I tought my password would be way more safe now...
Oh well it's probably harder to crack than my previous password which only had 7 letters and 1 number
And when I tested it here: http://www.passwordmeter.com/
It showed me this:
1) Crackers are loading in Wikipedia, books, poems, websites, etc to build databases. This includes non-English data as well. Basically, sentences written and published online somewhere can and will feed cracking engines.
2) Combining or inserting semi-random words do not work all that great since it's based off of patterns. For example... "Password123" is almost as easy to crack as "Password"
Assuming a character space of 62 (a-z,A-Z,0-9)....those password testers just do 62^(len of PW). This is stupid. It ignores the fact that people use patterns of passwords.
"THISISMYPASSWORD" is absolutely less secure than "3C2MuWn90flt".
Originally Posted by LtStinger
I don't personally do it, but I kind of like the email idea.
Randomly generate passwords however you desire, and remember one password for your email account. (Make sure it's secure.)
Then if you need a password, log into your email. Unless we think that gmail has some kind of security issue, which as far as I know...they don't.
I just use the browser method with a master key. Seems to work fine for me until I have to reformat and forget to back them up. Then I spend the next 3 weeks cussing every website and resetting passwords
Even better.... why not just create a encrypted database file? Just remember the password to unlock the file. How you share it then doesn't really matter.... email, USB, DropBox, etc. This is how many password keepers work already.
Browser method links you to the browser though. Something like LastPass has plugins for most browsers (including mobile!).
Originally Posted by Bitemarks and bloodstains
It seems FireFox uses triple DES
for encrypting which is pretty good, however you are still limited to a single factor of authentication (your master password).
Using a password manager that allows multi factor authentication (such as LastPass with a YubiKey) is much better.
What key length? Triple DES is weaken by being susceptible to Meet-In-The-Middle attacks.
Originally Posted by Maximization
memory in your brain
Can you remember 12+ 16 randomly
generated passwords?Edited by DuckieHo - 4/23/14 at 9:03am