Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Best way of keeping track of passwords?
New Posts  All Forums:Forum Nav:

Best way of keeping track of passwords? - Page 9

Poll Results: Which Manager do you use?

This is a multiple choice poll
  • 4% of voters (1)
    I voted for more than one Password Manager
  • 41% of voters (10)
    I have more than 15 accounts that use Passwords
  • 0% of voters (0)
    I have less than 15 accounts that use Passwords
  • 41% of voters (10)
    I use LastPass
  • 16% of voters (4)
    I use KeePass
  • 0% of voters (0)
    I use RoboForm
  • 4% of voters (1)
    I use DashLane
  • 0% of voters (0)
    I use DirectPass
  • 4% of voters (1)
    I use both LastPass and KeePass
  • 4% of voters (1)
    I use a Physical and/or Digital documents that needs decryption using a Cipher.
  • 12% of voters (3)
    I use an Algorithm similar to what Plan9 and others have suggested ( Post #9 for Plan9 )
  • 12% of voters (3)
    I Remember each unique password mentally
  • 12% of voters (3)
    Other(s) please specify
24 Total Votes  
post #81 of 128
Quote:
Originally Posted by Dctr View Post

I'm just wondering how secure a password like that would be? How hard it would be to crack?

I always tought that it was very easy to crack. Sure it has A LOT OF characters... but when the hacker "calculates" a number (e.g. 5) it means ALL the 5's in that password are detected.

E.G: 452127895352175859835649755253267875532659754213569858754578865322154787865322154

So when you have one 5, you got them all...

So yeah it's still a task to crack it, but it's not that each number from left to right has to be decoded seperatly...
   
Main Laptop
(13 items)
 
CPUMotherboardGraphicsRAM
i7 2600k 3.4GHz @ 5.2GHz ASUS P8P67 Deluxe (B3) SLi ASUS GTX780Ti DC2OC 16GB (4x 4GB) Vengeance 1866MHz @ 2133MHz 
Hard DriveHard DriveHard DriveHard Drive
C: Crucial MX200 250GB D: Caviar Black 2TB E: Spinpoint 750GB F: Raptor 150GB (Ubuntu 12.04 Dual Boot) 
Optical DriveCoolingOSMonitor
ASUS BD Thermalright Silver Arrow Windows 7 Ultimate 64-bit Asus PB278Q 2560x1440p 
KeyboardPowerCaseMouse
Logitech G11 Corsair 1kW Antec 1200 Logitech G600 
Mouse PadAudio
A4 paper :D Logitech Z-5500 
CPUMotherboardGraphicsRAM
Q9450 (2.6GHz to 3.8GHz) ASUS 780i Striker II Formula ASUS GTX 470 8Gb (4x2Gb) Dominators 1066MHz DDR2 
Hard DriveOptical DriveOSMonitor
C: Crucial M4 256GB D: 1x Raptor 150Gb & E: + F... ASUS DVD + DVD(RW) Windows 7 Ultimate 64-bit ASUS 26" 1080p 
KeyboardPowerCaseMouse
Logitech Corsair 750W Antec 300 Logitech G5 
Mouse PadAudio
A4 paper :D ASUS Cine5 
CPUMotherboardGraphicsRAM
Intel i7 something something ASUS N750JV nVidia 750M 2x 4GB DDR3 1600 Kingston 
Hard DriveOptical DriveOSMonitor
C: Crucial MX200 mSATA 250GB + D: WD 1TB 5k4 E:... DVD-RAM DL C: Windows 7 64-bit, E: Linux Elementary OS Luna 17" 1080p 
Mouse
ASUS Optical USB 
  hide details  
Reply
   
Main Laptop
(13 items)
 
CPUMotherboardGraphicsRAM
i7 2600k 3.4GHz @ 5.2GHz ASUS P8P67 Deluxe (B3) SLi ASUS GTX780Ti DC2OC 16GB (4x 4GB) Vengeance 1866MHz @ 2133MHz 
Hard DriveHard DriveHard DriveHard Drive
C: Crucial MX200 250GB D: Caviar Black 2TB E: Spinpoint 750GB F: Raptor 150GB (Ubuntu 12.04 Dual Boot) 
Optical DriveCoolingOSMonitor
ASUS BD Thermalright Silver Arrow Windows 7 Ultimate 64-bit Asus PB278Q 2560x1440p 
KeyboardPowerCaseMouse
Logitech G11 Corsair 1kW Antec 1200 Logitech G600 
Mouse PadAudio
A4 paper :D Logitech Z-5500 
CPUMotherboardGraphicsRAM
Q9450 (2.6GHz to 3.8GHz) ASUS 780i Striker II Formula ASUS GTX 470 8Gb (4x2Gb) Dominators 1066MHz DDR2 
Hard DriveOptical DriveOSMonitor
C: Crucial M4 256GB D: 1x Raptor 150Gb & E: + F... ASUS DVD + DVD(RW) Windows 7 Ultimate 64-bit ASUS 26" 1080p 
KeyboardPowerCaseMouse
Logitech Corsair 750W Antec 300 Logitech G5 
Mouse PadAudio
A4 paper :D ASUS Cine5 
CPUMotherboardGraphicsRAM
Intel i7 something something ASUS N750JV nVidia 750M 2x 4GB DDR3 1600 Kingston 
Hard DriveOptical DriveOSMonitor
C: Crucial MX200 mSATA 250GB + D: WD 1TB 5k4 E:... DVD-RAM DL C: Windows 7 64-bit, E: Linux Elementary OS Luna 17" 1080p 
Mouse
ASUS Optical USB 
  hide details  
Reply
post #82 of 128
Quote:
Originally Posted by ASUSfreak View Post

I always tought that it was very easy to crack. Sure it has A LOT OF characters... but when the hacker "calculates" a number (e.g. 5) it means ALL the 5's in that password are detected.

E.G: 452127895352175859835649755253267875532659754213569858754578865322154787865322154

So when you have one 5, you got them all...

So yeah it's still a task to crack it, but it's not that each number from left to right has to be decoded seperatly...
That was a password generated by LastPass. I thought it would be much more secure.
My Rig
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 3570k Asus P8Z77-M Galaxy GTX 670 2GB GC Corsair 8GB DDR3 1600mhz 
Hard DriveOptical DriveCoolingOS
Seagate Barracuda 2TB Samsung SH-224BB Coolermaster Hyper 212 EVO Windows 7 64-bit 
MonitorKeyboardPowerCase
BenQ XL2420T Coolermaster Quickfire Pro Cherry Blue Mechanic... Antec HCG 520W Modular Power Supply Fractal Design Define XL R2 Black Pearl 
MouseMouse PadAudioAudio
Logitech G600 SteelSeries Qck Audio Technica ATH-AD700 Graham Slee Voyager Amplifier 
Audio
Asus Xonar Essence ST 
  hide details  
Reply
My Rig
(17 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 3570k Asus P8Z77-M Galaxy GTX 670 2GB GC Corsair 8GB DDR3 1600mhz 
Hard DriveOptical DriveCoolingOS
Seagate Barracuda 2TB Samsung SH-224BB Coolermaster Hyper 212 EVO Windows 7 64-bit 
MonitorKeyboardPowerCase
BenQ XL2420T Coolermaster Quickfire Pro Cherry Blue Mechanic... Antec HCG 520W Modular Power Supply Fractal Design Define XL R2 Black Pearl 
MouseMouse PadAudioAudio
Logitech G600 SteelSeries Qck Audio Technica ATH-AD700 Graham Slee Voyager Amplifier 
Audio
Asus Xonar Essence ST 
  hide details  
Reply
post #83 of 128
Quote:
Originally Posted by ASUSfreak View Post

So when you have one 5, you got them all...

So yeah it's still a task to crack it, but it's not that each number from left to right has to be decoded seperatly...

This is not War Games. You can't know that you've got all the 5s until you've got the whole password.
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E Gigabyte GTX 970 (GV-N970IX-4GD) 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E Gigabyte GTX 970 (GV-N970IX-4GD) 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
post #84 of 128
Quote:
Originally Posted by ASUSfreak View Post

I always tought that it was very easy to crack. Sure it has A LOT OF characters... but when the hacker "calculates" a number (e.g. 5) it means ALL the 5's in that password are detected.

E.G: 452127895352175859835649755253267875532659754213569858754578865322154787865322154

So when you have one 5, you got them all...

So yeah it's still a task to crack it, but it's not that each number from left to right has to be decoded seperatly...

wut. This is not how it works at all. Also for reference here is a randomly generated 16-character password from LastPass: u6hgH#^Z@TH@k#yt
Quote:
Originally Posted by randomizer View Post

This is not War Games. You can't know that you've got all the 5s until you've got the whole password.

Exactly. When brute-forcing a password there's only a 'yes, that's correct' or 'no, that's incorrect' result, there is no in-between 'yeah, you got some of it right' like you see in films. Besides brute-forcing a site with good security introduces a subtle time-delay between failed attempts, so for a bad guy trying to guess a password the delay makes it near impossible to crack, than say if it were an offline hashed/salted database with no delay between attempts.

Of course as we've seen before many sites have poor security practices in place, and it may be easier for an attacker to gain access other ways, such as going through account recovery methods, social engineering, etc.
post #85 of 128
Quote:
Originally Posted by Coreda View Post

Of course as we've seen before many sites have poor security practices in place, and it may be easier for an attacker to gain access other ways, such as going through account recovery methods, social engineering, etc.

Like the secret questions and answers which can be found on someone's Facebook account. Why bother cracking a password when you just need the name of the person's pet? thumb.gif Sadly even financial institutions continue to use this password bypass feature.
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E Gigabyte GTX 970 (GV-N970IX-4GD) 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E Gigabyte GTX 970 (GV-N970IX-4GD) 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
post #86 of 128
Quote:
Originally Posted by ASUSfreak View Post

I always tought that it was very easy to crack. Sure it has A LOT OF characters... but when the hacker "calculates" a number (e.g. 5) it means ALL the 5's in that password are detected.

E.G: 452127895352175859835649755253267875532659754213569858754578865322154787865322154

So when you have one 5, you got them all...

So yeah it's still a task to crack it, but it's not that each number from left to right has to be decoded seperatly...

Passwords are hashed. teaching.gif

What you described is absolutely not how things works.

The password "452127895352175859835649755253267875532659754213569858754578865322154787865322154" is never stored by the service (if they are following best-practices).

Instead, the company applies a crpyto hash to generate a hash value. Using 1 round of SHA-256, it would be: 2a5f52b52284fa19fc54e732a91dceaa47b9edcee1bc3d9570d5954238c6802b

The company stores this value. So the company does not know your password, but they do know it's hash is equal to the value above.

Crypto hashes are one-way functions. You change 1 character and it completely changes the resulting hash. (If you can prove that there is a pattern, you would win a Field Medal and/or NSA would hire you for a $10M+).
Edited by DuckieHo - 4/24/14 at 10:31pm
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #87 of 128
Quote:
Originally Posted by randomizer View Post

Like the secret questions and answers which can be found on someone's Facebook account. Why bother cracking a password when you just need the name of the person's pet? thumb.gif Sadly even financial institutions continue to use this password bypass feature.

I've raged about those features existing on online banking sites on many an occasion.
post #88 of 128
Quote:
Originally Posted by Plan9 View Post

I've raged about those features existing on online banking sites on many an occasion.

Actually, if you're using it right.... you're using it wrong. tongue.gif


So when they ask you "What's your mother's maiden name?" There's no reason to provide an unrelated answer such as "Stargate".
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #89 of 128
Quote:
Originally Posted by DuckieHo View Post

Actually, if you're using it right.... you're using it wrong. tongue.gif


So when they ask you "What's your mother's maiden name?" There's no reason to provide an unrelated answer such as "Stargate".

I randomly mash the keyboard. I'd rather be locked out entirely than leave back doors open to my bank account.
post #90 of 128
I just use the password generator in LastPass, for the question too if the option to specify a custom question exists. I keep these recorded as secure notes in my account.
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E Gigabyte GTX 970 (GV-N970IX-4GD) 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 920 D0 MSI X58 Pro-E Gigabyte GTX 970 (GV-N970IX-4GD) 3x2GB G.Skill DDR3-1333 9-9-9-24 
Hard DriveHard DriveOptical DriveOS
840 Pro Caviar Black LG BD-ROM Windows 8.1 Pro x64 
MonitorMonitorKeyboardPower
Dell U2713HM Dell U2311H Turbo-Trak (Google it :D) Corsair HX-520 
CaseMouseMouse PadAudio
CM690 Mionix Avior 7000 Everglide Titan AKG K 242 HD 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Best way of keeping track of passwords?