How do you guys come up with your passwords? It's hard as fuck memorizing all my different passwords. I literally have a notebook for them all.
come up with a reasonable heuristic.
I take a phrase that includes the name of the service (so for example: "my password for gmail is just this!") and take the first and last characters from each word, yielding
every service has a subtly different password. Your sentence can have numbers if you want, and you can choose different letters if you want (like the median character, or the average of the first and last of each word, or whatever).
putting everything in a service like keypass just makes me uncomfortable. it's too much value in one basket.
you don't need 500 super long passwords
just have 2 or 3 for accounts that aren't important, and then save the really long complex ones for your email and what not.
also use a sentence as your password, then randomly put 1337 speak in certain spots.
with those combined you can easily get a 60+ character password that is pretty easy to remember.
Local is always based. Backup your password database, and it'll be fine famfam. You can even print it out and put it in a safe or something.
Also setup 2FA wherever possible.
the point is that it's a single point of failure. while memorizing your passwords carries a cost, it's negligible if you use a heuristic because you can generate it easily. and the "single point of failure" risk associated with memorizing your heuristic isn't a big deal because that single point of failure (your brain) happens to be a lynchpin for lots of things in your life
>don't want to bother with that crud
I find it amazing that you've managed to frame this in such a way that installing and relying on software to keep your passwords (software that doesn't even automate the rotating of those passwords for mainstream services, from what I can tell) is the less crud-filled option.
Best case, it generates some arbitrary text that you can't possibly remember, and now you have to hope that every device you ever use supports the transfer of that string from your database to that platform (or alternatively, you can enter it manually, which is absurd).
do lastpass or keepass access services to change passwords when you ask it to or something like that?
using unique passwords is hardly an issue. the issues that have come up for us in the past 5-10 years have always been a leak of the passwords that a site uses. in a case like that, i would want lastpass or whoever to get notified that there's been a breach of facebook or gmail or whatever, and automatically cycle that password.
or at the very least, have a button that i can hit that would cycle all the passwords that the service/software is familiar with.
I have too many accounts to worry about generating and retaining the passwords in my head
And yeah, what device could I possibly get that doesn't have a port?
I prefer to use tools to facilitate my life and not worry about keeping 100+ unique passwords in my head
I have 5 separate sheets of laminated paper labelled A-E, each with 20 words on them, and a 20 sided die.
Every time I need a new password I choose a paper and roll the dice 4 times. The words chosen will then become my password. I would note it in my notebook as for example "A-12-1-20-4".
Eventually I'll be able to memorize the passwords I use the most often and for those I don't use too often at least nobody would be able to read it without first finding all my materials (which I keep in a lockbox).
16char highly random (but memorized) password, followed by something based on the name of the service, but hash it locally so the only place my actual password is stored is my head, and the site just gets a meaningless hash that's been converted to base64 and truncated
>Site's pwdb gets leaked in plaintext
>I'm completely fine
It's vulnerable to local compromise, but so is everything.
yeah. assuming that you have access to this database in the first place, imagine typing a 20-character password into a device like a tablet. Consider that the 20 character password should (in principle) vary between letters, numbers, and punctuation, so you're going to be toggling between those the whole time.
there's nothing you can do about that, but checking your reference source (presumably a mobile phone) to retain 3-4 characters in memory as you switch back to the new device to enter the password means 5-7 "trips" of going back to your phone to see what the next substring is.
You can claim that you memorize 7+ characters, but research in human-computer interaction has suggested that people tend to remember something like 5 plus or minus 2 elements clearly. Take into account that you don't want to risk having fucked up a character and having to re-enter the whole fucking thing, and most people will only commit ~3-4 characters to memory (maybe less).
this is absurd. if you have a phrase that you remember intuitively (a phrase like "I came up with this Facebook password in 2015 and it still works.") then you can come up with a password longer than 20 characters, providing punctuation, numbers, and varied capitalization, and requires no special database or software for you to remember.
and to be clear, the output for the example password phrase I offered would beIceupwhtsFkpdin25aditslws.
which might take some "thinking" as you work out what the first and last characters of each word are, but fundamentally the source password is the phrase and the algorithm, both of which are easily memorizable.
>why the fuck would you ever do that
Using a passphrase, you mean?
>all you guys must be fucking retarded if you can't follow that
What do you mean? That seems contradictory to your previous question.
>and have 3-4 passwords like that for everything
Except that we don't, we have our generated ones in our vaults.
I'm having difficulty following you.
This is retarded.
Dictionary attacks can easily find your password by combining words. which is rather easy if the reward is good.
Best solution is to use full sentences with two or three random number/capitalizations/special chars
Easy to remember, hard to bruteforce, reminds you of who you are everyday.
master passwords with lowercase/uppercases/numbers/symbols - 16characters
often used ones, with only lowercase/numbers - 12/S6 characters
I change both every 3month, and just memorize them, the first 2 weeks, I make sure I always have the list of passwords printed in my pocket/wallet.
for everything else I use something like >>52861804
i go with the cutesy nickname of an ex who tried to start a rumor that i raped her.
also i throw in the word "fuck" to my passwords usually because people are just plain less inclined to guess a no-no word.
with every website requiring different password rules, i think its safe to say that if someone guesses my safesex69, then they still dont know about my afeex420, but its still close enough for me to call it the same password.
I somehow remember all my passwords. Sometimes I use my middle name plus numbers and symbols, sometimes "Masterexploder" plus numbers and symbols.
My wifi's password is my grandma's name and the year she was born.
yeah noone's going to 'guess' your password unless it's personally identifiable information, or really really simple
anything past that is immediately in the realm of hybrid dictionary/bruteforcing attacks, which don't care about how taboo your language is, only how commonly it's used
>which don't care about how taboo your language is, only how commonly it
by your own logic, using taboo language is a good idea because it's not commonly used.
Which by extension, means that bruteforcing actually does care about how taboo your words may be.
I use the same password for everything and then I append an obscure unique prefix to the start based on what the password is for
For example if my base password was $hartFartlol12345 and the password was for newegg, I'd look to the top of the columns on my keyboard for the symbols above E G G, translate it to #%% and prefix my password like #%%$hartFartlol12345
I write them down physically on one piece of paper and never let it leave my person.
I use a standard password followed by a delimiter followed by something memorable about the site I'm logging into.
For twitter for instance.
For Pandora for another instance.
Obviously my standard beginning portion is more complicated but yeah. Standard opening, delimiter, and something about the site.
you would like to know top 20 most commonly used formulas for making passwords, wouldn't you?
take your name, lets say Sad Pepe, and just add(1234567) 7654321 so its
KeePass or LastPass? I'm illiterate in term of security and I don't know which one to choose.
Also, did you guys literally changed all you passwords after knowing KeePass/LastPass(the ones that you had before knowing the program)?
I use tier passwords. I don't matter and I don't interest anyone. Therefore I can use one passwords for servies of similar importance.
I have unique passwords for Google, Facebook, Microsoft (hotmail) and a few others. But for most simple logons I have a general password. Those services usually have different logon names, but some use the same. They are unrelated to eachother mostly, so even if my password for that group of services leaks, chances most of my accounts are safe.
I have been thinking of renewing all of my passwords and dividing them further into tiers so I could remember them better. I usually use a form of one capital, four numbers twice.
I have two ways of generating a password
1. alternating groups of three like
aDe 135 Bjk 269 dEJ 156 $DG
Usually they are longer than the example. They are stored in a password-safe protected by a master password. Should I forget one. But usually they are easy to remember with a bit of training. Use them work related.
2. The other is quiet old cryptography
Just create an easy to remember sentence like:
the hare is running across the cornfield
Create or have a table like this
a = 01
add the respective number after the letter and you get
t20h08e05 h08a01r18e05 i09s19 r18u21n14n14i09n14g07 a01c03r18o15s19s19 t20h08e05 c03o15r18n14f06i09e05l12d04
then eliminate the empty spaces by filling them with $ you get
I admit it is a complicated extremely nerdy way to create a password but I have a script doing it for me.
Use this method only where security is extremely necessary.
To my knowledge nobody ever hacked my accounts ore one of my computers rooters etc.
And remember the autologin feature