Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Best way of keeping track of passwords?
New Posts  All Forums:Forum Nav:

Best way of keeping track of passwords? - Page 7

Poll Results: Which Manager do you use?

This is a multiple choice poll
  • 4% of voters (1)
    I voted for more than one Password Manager
  • 41% of voters (10)
    I have more than 15 accounts that use Passwords
  • 0% of voters (0)
    I have less than 15 accounts that use Passwords
  • 41% of voters (10)
    I use LastPass
  • 16% of voters (4)
    I use KeePass
  • 0% of voters (0)
    I use RoboForm
  • 4% of voters (1)
    I use DashLane
  • 0% of voters (0)
    I use DirectPass
  • 4% of voters (1)
    I use both LastPass and KeePass
  • 4% of voters (1)
    I use a Physical and/or Digital documents that needs decryption using a Cipher.
  • 12% of voters (3)
    I use an Algorithm similar to what Plan9 and others have suggested ( Post #9 for Plan9 )
  • 12% of voters (3)
    I Remember each unique password mentally
  • 12% of voters (3)
    Other(s) please specify
24 Total Votes  
post #61 of 128
Quote:
Originally Posted by DuckieHo View Post

Even better.... why not just create a encrypted database file? Just remember the password to unlock the file. How you share it then doesn't really matter.... email, USB, DropBox, etc. This is how many password keepers work already.

The trouble with Dropbox is that you need to remember both the master password and the dropbox password.
Quote:
Originally Posted by DuckieHo View Post

For example, some websites truncate the first dozen or so characters in the password.
Sometimes without telling you.

One of stupidest systems I've seen was a banking site that allowed you to create longer passwords than you were allowed to log in with.
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E Gigabyte GTX 970 (GV-N970IX-4GD) 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E Gigabyte GTX 970 (GV-N970IX-4GD) 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
post #62 of 128
If you can't remember which password corresponds to which service you could write the service name next to the password or on a separate piece of paper. Maybe shift the corresponding service a couple of lines up or down to further make it more difficult to guess.

I think in the end people underestimate their memory. It's my opinion that most people are just lazy and believe they can't remember 20 passwords? I know I'm in that group, I just can't be bothered investing the time to remember the passwords. But, if I could rote learn entire biology and chemistry classes in high school, surely I can use the same technique to remember 20 phrases? For all I know it is possible but as I've never been bothered I can't know that it's outside my ability. (and if 20 seems excessive, surely you can remember the order of 20 service names, gmail, facebook, twitter, ..., OCN)
Bandaids
(15 items)
 
  
MotherboardGraphicsHard DriveOptical Drive
Asrock Z77 Extreme 6 GTX 580 WD 10EALX ASUS DRW 
CoolingOSMonitorMonitor
Havik 140 Windows 7 Ultimate ASUS VH228T Toshiba 32RV600A 
MonitorKeyboardPowerCase
Compaq S2021a Microsoft Wired Keyboard 600 Aero Cool Strike X 1100w Asus Antec 
MouseMouse PadAudio
Logitech MX518 Mionix Ensis 320 Creative 2.1 
  hide details  
Reply
Bandaids
(15 items)
 
  
MotherboardGraphicsHard DriveOptical Drive
Asrock Z77 Extreme 6 GTX 580 WD 10EALX ASUS DRW 
CoolingOSMonitorMonitor
Havik 140 Windows 7 Ultimate ASUS VH228T Toshiba 32RV600A 
MonitorKeyboardPowerCase
Compaq S2021a Microsoft Wired Keyboard 600 Aero Cool Strike X 1100w Asus Antec 
MouseMouse PadAudio
Logitech MX518 Mionix Ensis 320 Creative 2.1 
  hide details  
Reply
post #63 of 128
Quote:
Originally Posted by nooboc2012 View Post

If you can't remember which password corresponds to which service you could write the service name next to the password or on a separate piece of paper. Maybe shift the corresponding service a couple of lines up or down to further make it more difficult to guess.
...yes, still vastly weaker than something that is mathematically secure.

Quote:
Originally Posted by nooboc2012 View Post

I think in the end people underestimate their memory. It's my opinion that most people are just lazy and believe they can't remember 20 passwords? I know I'm in that group, I just can't be bothered investing the time to remember the passwords. But, if I could rote learn entire biology and chemistry classes in high school, surely I can use the same technique to remember 20 phrases? For all I know it is possible but as I've never been bothered I can't know that it's outside my ability. (and if 20 seems excessive, surely you can remember the order of 20 service names, gmail, facebook, twitter, ..., OCN)
I don't think you understand that part about "randomly generated".... As already demonstrated, passphrases do not work anymore.

Here's a list of 10 randomly generated 16 character passwords. Can you remember them all?
IlbM1DNLuugRkfkf
OTKEA6SmEvmOKpkx
R412JMHMycixw7m0
KlE4r6EzkIVdOut9
HtFaVynTFYbUvWzm
EEIKB7pzM29bwtcJ
k6lWOeTZUbh7aalO
DbXyjCZw8h7Gaii2
mXK09hNSxzP5XvQw
oUaoWQLAd41MuJiQ


You are a database developer? How many passwords to systems and applications do you have? Surely you have some background in best-practices of encryption and security?
Edited by DuckieHo - 4/23/14 at 9:08pm
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #64 of 128
Only 20? While I certainly don't use the majority of them regularly (if at all these days), my LastPass account has about 180 random passwords.
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E Gigabyte GTX 970 (GV-N970IX-4GD) 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E Gigabyte GTX 970 (GV-N970IX-4GD) 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
post #65 of 128
Quote:
Originally Posted by DuckieHo View Post

I don't think you understand that part about "randomly generated".... As already demonstrated, passphrases do not work anymore.
That's not strictly true.

A pass phrase of 6 words still has more entropy than a 12 character randomly generated password from a 70 character pool (upper/lower case, numbers and 8 symbols)
Code:
$ calc "17000^6"
        24137569000000000000000000
$ calc "70^12"
        13841287201000000000000

That's using a relatively small dictionary of just 17000 words too (approx the amount of English words in common use). Once you start adding non-English, uncommon words and l33t spk, that dictionary will grow exponentially.

The problem with pass phrases are that you'd need a unique on for each web site, and then remembering all of them might require a password store anyway.

As for the dictionary attacks you mentioned earlier, those are generally used to crack shorter passwords (maybe only 2 or 3 words, usually less) rather than lengthy pass phrases. And those dictionaries contain common passwords. So like with randomly generated passwords, the key to a secure pass phrase is length.

As for sites cropping password strings, I've not heard of any that do this, but it wouldn't surprise me at all. It's retarded enough that a lot of sites have an upper character limit on passwords - silently cropping the string seems almost to be expected from those kinds of idiots.
post #66 of 128
Quote:
Originally Posted by DuckieHo View Post

What are the rules?

For example, some websites truncate the first dozen or so characters in the password.

I see one special character, one lower case, and one upper case. So is the character space ASCII 33-126?
I'm just wondering how secure a password like that would be? How hard it would be to crack?
Edited by Dctr - 4/24/14 at 12:20am
My Rig
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 3570k Asus P8Z77-M Galaxy GTX 670 2GB GC Corsair 8GB DDR3 1600mhz 
Hard DriveOptical DriveCoolingOS
Seagate Barracuda 2TB Samsung SH-224BB Coolermaster Hyper 212 EVO Windows 7 64-bit 
MonitorKeyboardPowerCase
BenQ XL2420T Coolermaster Quickfire Pro Cherry Blue Mechanic... Antec HCG 520W Modular Power Supply Fractal Design Define XL R2 Black Pearl 
MouseMouse PadAudioAudio
Logitech G600 SteelSeries Qck Audio Technica ATH-AD700 Graham Slee Voyager Amplifier 
Audio
Asus Xonar Essence ST 
  hide details  
Reply
My Rig
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 3570k Asus P8Z77-M Galaxy GTX 670 2GB GC Corsair 8GB DDR3 1600mhz 
Hard DriveOptical DriveCoolingOS
Seagate Barracuda 2TB Samsung SH-224BB Coolermaster Hyper 212 EVO Windows 7 64-bit 
MonitorKeyboardPowerCase
BenQ XL2420T Coolermaster Quickfire Pro Cherry Blue Mechanic... Antec HCG 520W Modular Power Supply Fractal Design Define XL R2 Black Pearl 
MouseMouse PadAudioAudio
Logitech G600 SteelSeries Qck Audio Technica ATH-AD700 Graham Slee Voyager Amplifier 
Audio
Asus Xonar Essence ST 
  hide details  
Reply
post #67 of 128
Quote:
Originally Posted by Dctr View Post

I'm just wondering how secure a password like that would be? How hard it would be to crack?

DuckieHo's point is that it's not a straightforward question to ask. There are various different attacks which are used to crack passwords and those different attacks can also be fine tuned to target different expected password formats.

Your password does have strength with it's length (I'm a poet and I know it), which is one of the most important aspects of generating a password, but unfortunately you're relying on it's length and if any sites have a < 20 char limit (which, depressingly, is pretty common) then you'll find your password is just a sequence of numeric characters - which isn't very secure.
post #68 of 128
Upper password limits are truly bizarre. The only time length could be problematic is if the passwords are stored in cleartext, which might cause truncation. Truncation is the least of anyone's concerns in that scenario though.
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E Gigabyte GTX 970 (GV-N970IX-4GD) 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E Gigabyte GTX 970 (GV-N970IX-4GD) 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
post #69 of 128
Quote:
Originally Posted by randomizer View Post

The only time length could be problematic is if the passwords are stored in cleartext, which might cause truncation.

I'm not really sure what you mean there. would you mind elaborating?
post #70 of 128
Quote:
Originally Posted by Plan9 View Post

I'm not really sure what you mean there. would you mind elaborating?

I don't know of any DBMS that allows storing strings of unlimited length, so presuming that a limit is in place a cleartext password that exceeds that limit will either be truncated or will cause the transaction to fail. Hashes are always a fixed length so there's no need to place arbitrary limits on password length if you're not storing the password.
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E Gigabyte GTX 970 (GV-N970IX-4GD) 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E Gigabyte GTX 970 (GV-N970IX-4GD) 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Best way of keeping track of passwords?