How do you guys come up with your passwords? It's hard as

I just use "battery horse staple" for everything.

Lastpass

Make a sentence and change some letters to numbers/symbols.

KEEP ASS

come up with a reasonable heuristic.

I take a phrase that includes the name of the service (so for example: "my password for gmail is just this!") and take the first and last characters from each word, yielding
mypdfrglisjtts!

every service has a subtly different password. Your sentence can have numbers if you want, and you can choose different letters if you want (like the median character, or the average of the first and last of each word, or whatever).

putting everything in a service like keypass just makes me uncomfortable. it's too much value in one basket.

>>52861642
you don't need 500 super long passwords
just have 2 or 3 for accounts that aren't important, and then save the really long complex ones for your email and what not.
also use a sentence as your password, then randomly put 1337 speak in certain spots.
with those combined you can easily get a 60+ character password that is pretty easy to remember.

File: password_strength.png (91KB, 740x601px) Image search: [Google]

91KB, 740x601px

>this

>>52861804
>floss
>service

Local is always based. Backup your password database, and it'll be fine famfam. You can even print it out and put it in a safe or something.

Also setup 2FA wherever possible.

>>52861838
the point is that it's a single point of failure. while memorizing your passwords carries a cost, it's negligible if you use a heuristic because you can generate it easily. and the "single point of failure" risk associated with memorizing your heuristic isn't a big deal because that single point of failure (your brain) happens to be a lynchpin for lots of things in your life

>>52861838
>famfam
Give us more advice, person who uses millennial slang.

>>52861882
Eh, don't want to bother with that crud.

But whatever, keep at it I guess.

>>52861885
Sorry to trigger your sensibilities.

randomwordRANDOMWORDrandomword13579!

I use that format. Examples:
> pumpkinPANZERhardwood13579!
> happyGORRILAsaturn2468!
> wildernessMAILMANgilmore9753!

http://www.minorplanetcenter.net/iau/lists/MPNames.html

I went here and found 2 random words then added some numbers on the end for one of my passwords

>>52861891
>don't want to bother with that crud

I find it amazing that you've managed to frame this in such a way that installing and relying on software to keep your passwords (software that doesn't even automate the rotating of those passwords for mainstream services, from what I can tell) is the less crud-filled option.

Best case, it generates some arbitrary text that you can't possibly remember, and now you have to hope that every device you ever use supports the transfer of that string from your database to that platform (or alternatively, you can enter it manually, which is absurd).

I take a base from passwords from computer games then hash it up a bit. That way if i ever forget a password to a site, all i need to do is replay Deus Ex to remember my base.

>>52861642
It's not that hard. For something like gmail, you can use "Hey, G-mail! Why don't you let me in?" or some shit.
My facebook is "Hawaiian pizza and 1 coke please!"

>>52861642
use something like lastpass
I have the primary password but generate long random passwords for everything managed by it

do lastpass or keepass access services to change passwords when you ask it to or something like that?

using unique passwords is hardly an issue. the issues that have come up for us in the past 5-10 years have always been a leak of the passwords that a site uses. in a case like that, i would want lastpass or whoever to get notified that there's been a breach of facebook or gmail or whatever, and automatically cycle that password.

or at the very least, have a button that i can hit that would cycle all the passwords that the service/software is familiar with.

>>52861936
I have too many accounts to worry about generating and retaining the passwords in my head
And yeah, what device could I possibly get that doesn't have a port?

I prefer to use tools to facilitate my life and not worry about keeping 100+ unique passwords in my head

My passwords look like really awkward Java functions

>>52861936
>typing 20 characters is now considered absurd

>>52861739
I too read xkcd

I have 5 separate sheets of laminated paper labelled A-E, each with 20 words on them, and a 20 sided die.

Every time I need a new password I choose a paper and roll the dice 4 times. The words chosen will then become my password. I would note it in my notebook as for example "A-12-1-20-4".
Eventually I'll be able to memorize the passwords I use the most often and for those I don't use too often at least nobody would be able to read it without first finding all my materials (which I keep in a lockbox).

>>52861642
16char highly random (but memorized) password, followed by something based on the name of the service, but hash it locally so the only place my actual password is stored is my head, and the site just gets a meaningless hash that's been converted to base64 and truncated
>Site's pwdb gets leaked in plaintext
>I'm completely fine

It's vulnerable to local compromise, but so is everything.

>>52861642
using patterns like this 9654178523ujkl*ujkl

>>52861819
Only for passwords you need to remember, such as you master password to unlock your password manager vault. Use your password manager's generator for your actual passwords.

>>52862086
yeah. assuming that you have access to this database in the first place, imagine typing a 20-character password into a device like a tablet. Consider that the 20 character password should (in principle) vary between letters, numbers, and punctuation, so you're going to be toggling between those the whole time.

there's nothing you can do about that, but checking your reference source (presumably a mobile phone) to retain 3-4 characters in memory as you switch back to the new device to enter the password means 5-7 "trips" of going back to your phone to see what the next substring is.

You can claim that you memorize 7+ characters, but research in human-computer interaction has suggested that people tend to remember something like 5 plus or minus 2 elements clearly. Take into account that you don't want to risk having fucked up a character and having to re-enter the whole fucking thing, and most people will only commit ~3-4 characters to memory (maybe less).

this is absurd. if you have a phrase that you remember intuitively (a phrase like "I came up with this Facebook password in 2015 and it still works.") then you can come up with a password longer than 20 characters, providing punctuation, numbers, and varied capitalization, and requires no special database or software for you to remember.

do a sequence of numbers
and a pattern of letters underneath

for example, emulate this with your left hand on the keyboard:

0p1a1q8k9o9l9o

>>52862301
and to be clear, the output for the example password phrase I offered would be

IceupwhtsFkpdin25aditslws.

which might take some "thinking" as you work out what the first and last characters of each word are, but fundamentally the source password is the phrase and the algorithm, both of which are easily memorizable.

>take website name
>hash it with the account name as a salt
>only record the number of passes in a notepad or something
autism

Use 2factor sign in where possible and use one password everywhere, except for main mail. Secure by design.

https://www.grc.com/passwords.htm

I use the above website to make all of my passwords; It's one of my favorite sites.

>>52862237
why the fuck would you ever do that

all you guys must be fucking retarded if you can't follow that and have 3-4 passwords like that for everything

>>52862450
>3-4 passwords for everything
I think you're the retarded one here

>>52862450
>why the fuck would you ever do that
Using a passphrase, you mean?
>all you guys must be fucking retarded if you can't follow that
What do you mean? That seems contradictory to your previous question.
>and have 3-4 passwords like that for everything
Except that we don't, we have our generated ones in our vaults.

I'm having difficulty following you.

>>52861642
Keepass. Save The keepass file on a USB stick just in case

>>52861642
I have an OpenBSD box that generates and prints passwords with barcodes that I can scan with my USB barcode scanner.

>>52861819
This is retarded.
Dictionary attacks can easily find your password by combining words. which is rather easy if the reward is good.
Best solution is to use full sentences with two or three random number/capitalizations/special chars
example:

IamOPandilck32dicksperdayforaliving.

Easy to remember, hard to bruteforce, reminds you of who you are everyday.

I use one password for my bank account , one for my phone, and one for everything else. I don't believe in safety.

>>52861642
https://www.random.org/strings/
master passwords with lowercase/uppercases/numbers/symbols - 16characters
often used ones, with only lowercase/numbers - 12/S6 characters

I change both every 3month, and just memorize them, the first 2 weeks, I make sure I always have the list of passwords printed in my pocket/wallet.

for everything else I use something like >>52861804

I just use the same password for everything, nothing has ever happened so it's cool

>>52862681
I have one password
quick simple and efficient

>>52862846
Not to mention, retarded.

i go with the cutesy nickname of an ex who tried to start a rumor that i raped her.

also i throw in the word "fuck" to my passwords usually because people are just plain less inclined to guess a no-no word.

>>52862894
with every website requiring different password rules, i think its safe to say that if someone guesses my safesex69, then they still dont know about my afeex420, but its still close enough for me to call it the same password.

i just use my phone number in reverse

>>52862990
which is why i usually guess that within my first 5 tries.
dumbass

>>52861642
I somehow remember all my passwords. Sometimes I use my middle name plus numbers and symbols, sometimes "Masterexploder" plus numbers and symbols.
My wifi's password is my grandma's name and the year she was born.

>>52862956
>people guessing
yeah noone's going to 'guess' your password unless it's personally identifiable information, or really really simple

anything past that is immediately in the realm of hybrid dictionary/bruteforcing attacks, which don't care about how taboo your language is, only how commonly it's used

>>52863189
>which don't care about how taboo your language is, only how commonly it

by your own logic, using taboo language is a good idea because it's not commonly used.
Which by extension, means that bruteforcing actually does care about how taboo your words may be.

>>52861739
Correct!

>>52863243
>it's not commonly used
you might want to look at some top 100 password lists sometime

>>52863297
nah because it really doesnt matter and nobody has gotten it ever so who cares

>>52861642
My password is unique in every account that i have
my name + website/device initials + @Bc123

>>52863322
>nobody has gotten it ever so who cares
if it's in the top 100 list, the majority of people have it.

>>52863424
post it then

I use the same password for everything and then I append an obscure unique prefix to the start based on what the password is for

For example if my base password was $hartFartlol12345 and the password was for newegg, I'd look to the top of the columns on my keyboard for the symbols above E G G, translate it to #%% and prefix my password like #%%$hartFartlol12345

I write them down physically on one piece of paper and never let it leave my person.

I use a standard password followed by a delimiter followed by something memorable about the site I'm logging into.

>Password
>#
>tw33t
For twitter for instance.

>Password
>#
>mus1c
For Pandora for another instance.

Obviously my standard beginning portion is more complicated but yeah. Standard opening, delimiter, and something about the site.

>>52861642
you would like to know top 20 most commonly used formulas for making passwords, wouldn't you?

take your name, lets say Sad Pepe, and just add(1234567) 7654321 so its
7S6a5d4P3e2p1e

>>52861642

passwords don't mean shit when your keyboard or embedded controller is fuxored.

>>52861642
If you create your
I mean if you remember the step to get it
Like basic maths operation you ll not have those problems anymore

KeePass or LastPass? I'm illiterate in term of security and I don't know which one to choose.

Also, did you guys literally changed all you passwords after knowing KeePass/LastPass(the ones that you had before knowing the program)?

I use tier passwords. I don't matter and I don't interest anyone. Therefore I can use one passwords for servies of similar importance.

I have unique passwords for Google, Facebook, Microsoft (hotmail) and a few others. But for most simple logons I have a general password. Those services usually have different logon names, but some use the same. They are unrelated to eachother mostly, so even if my password for that group of services leaks, chances most of my accounts are safe.

I have been thinking of renewing all of my passwords and dividing them further into tiers so I could remember them better. I usually use a form of one capital, four numbers twice.

>>52861642
I just generate a random 24 character password and store it on an encrypted drive with absolutely no context as to what it's for.

I use things like FederalAssRapePrison666

I have two ways of generating a password

1. alternating groups of three like
aDe 135 Bjk 269 dEJ 156 $DG
Usually they are longer than the example. They are stored in a password-safe protected by a master password. Should I forget one. But usually they are easy to remember with a bit of training. Use them work related.

2. The other is quiet old cryptography
Just create an easy to remember sentence like:
the hare is running across the cornfield
Create or have a table like this
a = 01
b= 02
c= 03
d=04
e=05
etc
add the respective number after the letter and you get
t20h08e05 h08a01r18e05 i09s19 r18u21n14n14i09n14g07 a01c03r18o15s19s19 t20h08e05 c03o15r18n14f06i09e05l12d04
then eliminate the empty spaces by filling them with $ you get

t20h08e05$h08a01r18e05$i09s19$r18u21n14n14i09n14g07$a01c03r18o15s19s19 t20h08e05$c03o15r18n14f06i09e05l12d04

I admit it is a complicated extremely nerdy way to create a password but I have a script doing it for me.
Use this method only where security is extremely necessary.
To my knowledge nobody ever hacked my accounts ore one of my computers rooters etc.

>>52861642
I use cStash on Android
Problem solved

File: passx.png (167KB, 613x356px) Image search: [Google]

167KB, 613x356px

KeePassX.
https://www.youtube.com/watch?v=x1dIWj3xFak

And remember the autologin feature
https://www.youtube.com/watch?v=_BM8XxS1jUE