Get on my level

>>55774243
>write your passwords here
"no"

>>55774323
>he's so arrogant that he thinks corporations care about the accounts of autistic manchildren

>>55774357
2/10 apply yourself

Password security is pretty interesting to me. Brute force cracking is essentially useless in this day and age due to (most) websites require 8+ characters minimum. The easiest way to make a password, then, would be a string of multiple words, which would then get cracked by a dictionary password cracker. What would be an easy way to make a password that's long enough to be secure from brute force, simple enough to remember, but complex enough to be safe from dictionary?

>>55774357
Is that websites connection encrypted?
If not then I wouldn't worry about corporations .

>>55774428
Sequential words, with the first letter of each word.

Op is a massive cum gargling faggot
=oiamcgf

Extend this to however long you need

File: Screenshot_32.png (30KB, 917x407px) Image search: [Google]

30KB, 917x407px

>>55774243

>>55774428
I can brute force all 8 character passwords in seconds. Assuming you're using a relatively fast algorithm to hash them (like md5. don't use md5)

>>55774428
Replace a letter with a number that looks like it, place a punctuation mark however many places into the word that number is for example
>mu5k.rat
>;li0ness
>w4t!ercooler

File: 80tcXEZ.gif (1MB, 250x350px) Image search: [Google]

1MB, 250x350px

Facebook login: [email protected]
Password: H0tc0ckl0v3r69

>>55774468
wouldnt it be more secure to use the words full out as the password?

File: ses shosh.png (41KB, 1058x422px) Image search: [Google]

41KB, 1058x422px

:-)

>>55774499
>logging off of tumblr.gif

>>55774493
hard to remember, easier to pick >5 words from a >10^5 dictionary.

File: ss (2016-07-26 at 08.26.51).png (35KB, 1278x476px) Image search: [Google]

35KB, 1278x476px

>>55774243
>trillions
lol eat shit, OP

>pick a sentence from your favorite book
>1 up each letter on the alphabetical chart
>change vowels to symbols
>type your numerical birthday in symbols
>location of birth - first 2 letters in caps
>close pw with actual number

do it in that exact order

Is 'social engineering' the relatively fastest way of getting someone's password?

>>55774493
>mu5k.rat
Also, that's a terrible insecure password

File: pass..jpg (79KB, 1099x474px) Image search: [Google]

79KB, 1099x474px

>>55774525
Or use diceware and pick 5-6 words.
Pass I used:
rene dang m&m poi safe rivet

>>55774493
https://www.youtube.com/watch?v=3NjQ9b3pgIg

>>55774529
Yes, if they're not savvy.

File: Screenshot_2016-07-26-21-30-01_com.android.chrome_1469590223932.jpg (27KB, 715x220px) Image search: [Google]

27KB, 715x220px

>>55774493
no. that is ridiculously easy to dictionary. do not.

four to five random words all lowercase with a punctuation randomly but not between words or replacing a letter.

orientalobliga.tionparenthesisgoal

File: password_strength.png (91KB, 740x601px) Image search: [Google]

91KB, 740x601px

>>55774243
That's not exactly difficult.

>>55774587
Yeah, but 4 words is too few. I use this to generate passwords:
http://rumkin.com/tools/password/diceware.php

File: horsedicks.png (34KB, 1115x466px) Image search: [Google]

34KB, 1115x466px

>>55774571
ilovethic.kfutashortstac.kswithhorsedicks

File: Screenshot_20160727-133252.png (148KB, 1080x1920px) Image search: [Google]

148KB, 1080x1920px

Pleebs not even using emojis in your passwords

dadada

>>55774501
Dictionary attack

>>55774611
>lewd sentance that makes gramatical sense
okay. have fun getting your bank info stolen

>>55774533
Sorry, it really needs to be longer if we're talking about a brute force attack, try mu5k.rat|www.web5ite.com

>>55774606
I just meant that the concept isn't that hard to figure, extend to haw many words you like. The only thing I'd worry about is a dictionary attack, but that's really it.

IdJustLikeToInterject4AMoment

Use it for everything, never had a breach.

>>55774646
>using a bank
it's like you enjoy just giving all your money away to the jews

>>55774640
yeah but with a pass that short and all lowercase you can brute it easily.

t. https://howsecureismypassword.net and i used the pass youre replying to

>>55774665
I like it

>>55774665
>meme for a passsword

i thought /g/ was supposed to be the tech savvy board.

>>55774665
Well it's in my dictionary now, thanks.

File: password.png (43KB, 1423x466px) Image search: [Google]

43KB, 1423x466px

I think my password manager generates good enough passwords.

>>55774665
>not

I'd just like to interject 4 a moment.

Don't most online services limit the number of login attempts? I don't see why time matters when the number of attempts is the bottleneck

>>55774720
Not everywhere allows for spaces

>>55774750
And if their password database gets downloaded...

File: gitgud.png (72KB, 1366x768px) Image search: [Google]

72KB, 1366x768px

>>55774243
>not having scp-173 documentation as your password

>>55774760
>the passwords are in plain text

>>55774760
...your password would be available no matter how complex it is? I don't see your point

File: rediculoudpassword.png (30KB, 1067x469px) Image search: [Google]

30KB, 1067x469px

>>55774243
"good seller would buy again A+++++"

File: muhhaxxorskillz.png (83KB, 1843x932px) Image search: [Google]

83KB, 1843x932px

The most secure password.

>>55774792
>expose your password to a fleshlight

>>55774825
>repeated pattern

enjoy getting hacking dickface

>>55774829
The fuck does that mean desu

>>55774794
>>55774799
>>>/anywhere but /g//

>>55774663
You don't need to, if you use enough words. Assuming you're using a 10^5 dictionary. With 6 words, that's a search space of 10^30. No one could crack that.

quantum computer will crack anything.

>>55774794
>>55774799
Is this a joke? You can't be this retarded.

>>55774243
nice try, NSA

>>55774753
then use spaces where it's allowed, and don't where it is not. durr.

File: Screenshot_20160727-060350-01.jpg (133KB, 1080x1129px) Image search: [Google]

133KB, 1080x1129px

>>55774243
Before I used a password manager.

File: 1262901395395.jpg (22KB, 285x419px) Image search: [Google]

22KB, 285x419px

>>55774640
>a computer can't easily guess 7 random letters from an alphabet of 52
>a computer CAN easily guess 7 random words from a dictionary of thousands
lmfao

File: The Tek.png (91KB, 270x347px) Image search: [Google]

91KB, 270x347px

>Not utilizing Keepass

>>55775065
everybody learns sometime

>>55774799
The correct way to verify a password doesn't involve storing the password itself, but a one-way hash of the password.
When the user attempts to log-in, the password they enter is hashed and compared to the stored hash.

>>55775245
There's nothing wrong with not knowing something, it's when you act like a smug asshole while boasting your ignorance that you become a fucking faggot.

My password is 41 characters long

>>55775287
>My password is "41 characters long"

whatislovebabydonthurtmenomore12

>>55775065
Does calling others retarded help you avoid answering the question?

>>55774868
Same as above. You must be pretty fucking insecure to pretend you know more than other people on an anonymous forum

>>55775245
>The correct way to verify a password doesn't involve storing the password itself, but a one-way hash of the password.
>When the user attempts to log-in, the password they enter is hashed and compared to the stored hash.
That still has nothing to do with what I said

>>55775266
Kill yourself

>>55775390
>maybe you should add 2+2 for me instead of calling me dumb

If they have the hash, then they can run a bruteforce against it as fast as their computer can hash the guesses.

Are you done being a dumb asshole now?

>>55775450
Holy fuck you're all morons. The *correct* way to store passwords is has + salt. If you can crack the fucking hash the password is weak then you're doing something wrong.

Also, the premise was NEVER about attacks having obtained the hashed passwords. Earlier in this fucking thread terms like brute force and dictionary attacks were being thrown around. Stop making shit up and moving the goalpost.

File: password.jpg (76KB, 1111x449px) Image search: [Google]

76KB, 1111x449px

>>55774243
>>55774587
That's nice, but I have a really good method.

Go to your favorite music player. Choose random play.
Your password is the first song that comes up with the first letter capitalized, followed by the amount of time the song lasts.

For example:

the first song that came up was So He Won't Break by The Black Keys. It lasts 4:14

So, my password is now

Sohewontbreak414

Pic related, it's how secure that is.

Simple and easy to remember.

>>55775551
All salting does is stop lookup tables. You can still bruteforce it or use dictionary attacks.

>>55775562
Thanks for making my dictionary bigger.

>>55775625
Good luck with that mate, I'm pretty sure you'll be successful in adding every single song ever written

>>55775644
Just will take a look at you last.fm account or liked bands on your facebook page. It's not hard.

File: file.png (40KB, 667x384px) Image search: [Google]

40KB, 667x384px

>>55774243
Yeah I'm happy with this.
H4n$#otF1rst
is what I use as a primary key for the slave APK/JAR hosted at masterpasswordapp com

The long passwords that fucker generates run between 50 quintillion and a dozen sextillion.

>>55775562
How is that easy to remember if you use a different one for each pass?

>>55775660
I don't have either of those, but hey, if you find someone stupid enough to have all that and you think that maybe they just happened to have the same idea as me then go ahead go to town :)

>>55774243
I got super paranoid a few months ago and changed all my passwords. The methodology I followed was this, and I'd like to hear your opinions about it:

- No matter how strong the password is if the weakest website gets hacked you are done for if you use the same password for everything.

- I made up a phrase that included obscure words from a few languages and a number.

- I scrambled them in an order that is dependent on the website according to a very simple rule I made up.

- I prayed.

I'm not sure if there's anything better can be done without using a password manager. And I don't want to use one.

>>55775668
I dunno, it's easier for me to remember a song name with the amount of time it lasts (which by the way the time varies sometimes depending on the source) than something like
>>55775666
>H4n$#otF1rst

It would also be a huge longshot for someone like this wannabe "hacker"
>>55775625
>>55775660
to guess that's what I'm doing, and an even longer shot for me to use a song from my last.fm account when there are so many music services

No thanks, I'd rather not enter my password into a site that's potentially vulnerable to XSS and getting my session cookies stolen, resulting in someone knows both my username and password, and all the accounts to use them in.

That is why I don't have an issue with password security in the first place.

File: getaload.jpg (43KB, 395x277px) Image search: [Google]

43KB, 395x277px

>>55775660
>last.fm
>not torrenting all your music and storing it locally

File: b088551fcc0457f79d8788b2a7d45ba5.jpg (8KB, 225x225px) Image search: [Google]

8KB, 225x225px

>>55775724
>not ripping your music from 120kbps yt videos, converting them, compressing them and storing them on your phone in a mess of badly tagged folders and files

File: happys3.jpg (11KB, 300x216px) Image search: [Google]

11KB, 300x216px

>>55775715
Wait, people are putting their real passwords in there?

I'm putting in a similar password with different numbers and characters to get a similar estimate of security.

I seriously doubt anyone was dumb enough to enter their REAL passwords into a relatively unknown website lol

right, /g/?

hehehehehehehehehHAHAHAAHHAAHAHAH

>>55775740
>I seriously doubt anyone was dumb enough to enter their REAL passwords into a relatively unknown website lol
I can guarantee you almost everyone ITT did.

>The quick brown fox jumps over the lazy dog.
>2 vigintillion years
good enough for me

>>55775678
That's really not bad, but you should really just use a password manager.

File: fag.png (7KB, 392x121px) Image search: [Google]

7KB, 392x121px

>>55774243
>OP is such a huge fucking faggot holy shit

>>55774243
The problem is that not all programs, hardware or websites will let you use special characters, heck, not even spaces.

I use
>aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
as my generic password then I just replace one a with a b so if I replace the 20th character I just need to memorize 20b as my password.

With this password

ifyouleavemenowillbuyanewblackdog

you got 39 OCTILLION YEARS

>>55774792
>reddit

File: password.png (128KB, 1351x1374px) Image search: [Google]

128KB, 1351x1374px

Fuck

File: thegame.png (88KB, 1920x1080px) Image search: [Google]

88KB, 1920x1080px

This my password bois

>>55774428
- use words that are rare and unlikely to be found in a cracking dictionary
- modify the word in a way that is not just "lel I substituted e for a 3", but change it in a meaningless way, add hyphens/separators at weird places "thegovernmentdidnineleven" -> thegomernvent_didnin_eltevten"

File: Capture.png (54KB, 1193x745px) Image search: [Google]

54KB, 1193x745px

>>55774243
I use very long randomly generated passwords (sometimes maximum length if I feel like it, 200+ character passwords are wonderful), so no, you need to get on my level faggot.

When I need a password that I can remember, I have a simple one with upper, lower, a number, and a symbol that I pad a few times with a simple to type pattern(such as asdf, 1234, qwer, etc)

>>55776515
What do you do when you're out and need to log on a website from another PC?
I mean how do you manage these 200 character long passwords?

>>55776620
>entering your password on someone else's computer
>ever
shiggy diggy

>>55776637
I expected this response. Why is that so dangerous though? I can imagine other people having spyware and that stuff but is there anything else?
Also what if you definitely need to log in on another computer? I rarely ever have to myself but you never know

File: Untitled.png (15KB, 700x400px) Image search: [Google]

15KB, 700x400px

>Have reasonably long password.
>Double it. (ie passwordpassword)

>>55774501
Yes, it would be. Especially if they are not a valid sentence.

File: 1 complex charater repeated 12 times.png (91KB, 1176x712px) Image search: [Google]

91KB, 1176x712px

>>55774243
I type the same character just 12 times and it puts a ridiculous number of charters in the text box. Well at least it didn't crash like half the systems I put this simple password into.

In my real password version each of those characters are a different type, as such repetition severely weaknesses the password like the dummy one I used in the pic. As I not letting them add the real version to their dictionary.

>>55776716
That's at least 1 bit of entropy added.

>>55776789
clevergirl

>ITT: stupid fucking people entering their (probably real) passwords into a website that just stores all the info
>it's on the Internet which means the data is logged by several dozen government agencies worldwide in real-time and cross-related across multiple databases for verification
>stupid fucking people will be the death of us all

File: super password.png (62KB, 501x627px) Image search: [Google]

62KB, 501x627px

>>55776826
Yes, but the downside is I need both hands and a full keyboard with number pad. Still very easy to remember and not too hard to type.

also a boy

one of my other password creations (pic)

I've even made some hardware specific passwords that are really insane, but those require a high end Roccat keyboard to work and take forever to craft.

>>55776875
>need to make dictionary for cracking passwords of paranoid faggots.
>have idea
>create website that 'guesses' the time it would take to break password
>tards enter passwords like crazy
>sell passwords
>profits

>>55774523
485 thousand years for 12 characters aint bad. At least I don't have to type a paragraph every time I log into my paypal.

When I use lastpass, it comes out to 1 SESVIGINTILLION YEARS

>>55776933
its from jurrassic park my dude. cool beans you got there to test out ps. would you ever recommend password managers/key chains?

What's the most reliable PW manager out there?

File: wow many security wow.png (82KB, 800x1050px) Image search: [Google]

82KB, 800x1050px

I have a few different regular ones, then for stuff I only use on my home computer, I generate random passwords.

>>55776875
I agree that it is generally a terrible idea to enter your password on some random website, but you can open "Inspect" in or the equivalent in your browser and verify that the page isn't making any network requests. I don't think there's actually anything malicious going on in this case. They do have a huge minified JS file loaded, though, so who knows.

People entering their passwords into strange websites is not the real problem. In fact, logging in to any non-https website using a standard HTML form transmits your password in plain text. Isn't it weird that we ended up using HTML forms for login instead of the secure authentication mechanism built-in to HTTP?

>enter "a" 14 times
>51 years

File: easy as fuck to remember too.png (56KB, 878x760px) Image search: [Google]

56KB, 878x760px

>>55774323
Used to use it on a regular basis before realising no-one really cared that much about my files. Changed it to a tiny password.

Haven't used it in probably a year, but I remember it better than yesterday, as well as the slightly shorter variants.

File: 1469648662115.jpg (62KB, 1030x462px) Image search: [Google]

62KB, 1030x462px

>>55774243

>>55777048
this calculator >>55777086 (google "password haystack") just looks at the number of lower aphabet, upper alphabet, digits and symbols to calculate it. Just write "aaaa1aaa" instead of "moot4chan"

>>55774428
Well, since you're interested, let me inform you about a few important principles:

>Brute force cracking is essentially useless in this day and age due to (most) websites require 8+ characters minimum.
That depends on how good you are at brute force cracking. for example, if you look at actual passwords used by actual human beings, you'll notice a trend where at least a third of them are just things like “123123”, “qweasdzxc” or “88888888”. If you write a brute force cracker for password “patterns” like these, you have a very small search space with a very large success ratio.

>The easiest way to make a password, then, would be a string of multiple words, which would then get cracked by a dictionary password cracker.
This is a common misconception. Dictionary password attacks are only useful against a few words (e.g. 1 or 2), or against a single word with permutations (e.g.

Tr0ub4dor3!

). These are both fairly easy to crack by combining a dictionary password with a rule database (e.g. letter -> number replacements, symbol/letter suffixes and prefixes, and so on). Modern password crackers are also self-learning and invent new such rules on the fly based on examples from existing databases of password leaks.

However, as the number of words in your password goes up, so does the password complexity (exponentially). Each word you adds increases the search space by the size of the dictionary you pulled it from. So say you're looking at the 5000 most common words, then while 1 or 2 words would only be 5000 (≈12 bits) and 25m (≈24 bits) long and therefore easily cracked, if you go up to say 5 words you'd be looking at a search space of 3,125,000 trillion combinations (61 bits), a number which would take 36 years to crack with 1 trillion guesses per second (very powerful supercomputer).

>>55774428
>>55777183
(cont)

>What would be an easy way to make a password that's long enough to be secure from brute force, simple enough to remember, but complex enough to be safe from dictionary?
In practice, the best way to pick a good password is to exploit the way the human brain stores information: To gain the most out of a password (assuming an equivalent difficult to memorize), you need to use passwords which have the most entropy (bits) vs cost (memorization effort).

One of the best ways to do this is to visualize your password as a scene or story - a technique used by internationally renowned memorization experts to memorize thousands of random digits in just a few hours. If you either make your password a string of e.g. 6-8 common words, or use a number<->symbol table (e.g. 3=home, 4=arrow, 5=whale and so on) or other mnemonic technique (look up https://en.wikipedia.org/wiki/Mnemonic#Applications_and_examples), you can turn a complex looking password into a simple visual representation that your brain will recall much more easily.

I use the “6-8 common word” technique personally, like this:

curl -s https://0x0.st/8Ix.bin | shuf | head -n 8

(cont)

>>55774493
all of those are common substitutions that you could guess using a dictionary attack with a few rules.

your best bet for password security is still as many characters as you can remember of unpopular words and randomly placed symbols.

pront@erapor#ingjellopy
prontera poring jellopy too long to brute force and uncommmon words with random symbols to confuse dictionaries

>>55774499
doesnt work

>>55777233
With an example run of this, I've gotten these words:

or                                 
catch
sell
chord
prepare
crease
race
fire

I would now look at these words and try to memorize a story based on them. I do this by first identifying semantically related words and then trying to pick a good order. (For example, “catch” and “race” are related)

The order I came up with is: “sell crease chord or prepare catch fire race”, to which I imagine an absurd situation like an armed robber holding up a store saying “sell me your crease chords or prepare to catch fire while running away from me”. (I'm not yet sure how I would remember “crease chords” in this visual representation, but I didn't spend a lot of effort on it. I might also just generate 2 more random words and use those instead)

Even despite the fact that I fixed the order to be pleasing for me, that still leaves me with 64 bits of entropy in my password, which is significantly more than enough against even the most serious adversary. I would then proceed to use this password as the master key in something with a strong local KDF (key derivation function), e.g. GnuPG with 100 million iterations of SHA512, to further increase the time it would take to brute force it by a large constant factor. This would make it effectively impossible to crack within your lifetime even if moore's law continues to hold.

For actual site-specific passwords, I just generate new random keys and encrypt them with this master password (using a password manager like https://www.passwordstore.org/), rather than going to this effort for every single site I sign up for. It's much easier and much more secure than any alternative.

(cont)

>>55777022
Not really, they are very secure till the company you gave the keys to gets hit and the bigger the company is the better walls they make, but the more attacks they have. And attacks will win eventually. Changing passwords regularly is a good defense.

You can just setup a program to complicate things.

Like password is XYZ, program is (_+_)*_=new password, so (X+Y)*Z=ABCD. That is basically what theses things do, granted they are made by experts who do a much better job, but give so many people use that same program it makes for a big target. One thing is to see how much the program can be reduced as a bad person only needs to find the lowest complexity of the statement to get access. Look up password entropy.

Also don't transfer through clipboard, it can be read by many things. But given how big some of these can get, typing a over 500 characters is annoying. Sometimes I use a modified clipboard, changing file names and locations and using a different program I modified, so bots are unlikely to find it and even if they did it looks like a junk temp file. It technically is not that secure, but because nobody has any idea what it even looks like I could leave it on my desktop and people likely wouldn't get it. Separate partitions or even computers can do a lot.

But I find that these measures are not as tough as they seem if the other parties don't do their part. A bank app grants full access with a complex finger print lock, that is storage in basic memory. Thus the lock maybe great, but the key is left under the door mat, and is also broken by a silly putty attack, ugh. So all my work is not doing much to secure things.

But it really comes down to effort vs security. The best vaults are welded shut with no key or lock, yet that makes it hard to get the things inside when you need them. While I have made some really crazy things I honestly don't use them much as it was more the fun of building.

>>55777294
Finally, the last thing that's really important to stress is the fact that the most dangerous thing you can do with a password is *reuse* it.

One of the most commonly misunderstood principles behind passwords is that password strength comes from their unpredictability, not their complexity. If you generate a long and complicated password once and then use it on every single website, you have absolutely zero unpredictability which makes your password worthless.

This is because in practice, passwords databases *are* leaked. As soon as your password is leaked once, an attacker could use it to gain all of your accounts. This is why it's important to pick new, strong and *unique* passwords for every single website. Based on this, the only thing I can possibly recommend is using a password manager to store them for you.

As long as you're not using something shitty like LastPass or KeePass (stick to password databases which are stored locally or on machines you control, and use well-established cryptography only) this is virtually foolproof, easy to apply, easy to rotate, scalable, and resistant against advances in crypto-analysis.

tl;dr pick a good master password by memorizing a visual representation and use it to generate site-specific passwords like

{IqS>4sP7hMNVh8h$,r]8x>Jr"1FE0

randomly.

>>55774243
Would in not be possible to have an everchanging password that only a usb has the program to guess to password based of off the time on the computer or something.

>>55774428
Best way is to come up with something memorable, and just incorporate capitals, symbols and digits into it.

Quotes are extremely good for lengthening. Avoid guessable things (a couple below are possibly questionable) by making them to do with your own interest.

Try and avoid exclusively dictionary words or slight variations (4eva instead of forever).

>"Mootsucks1dickperday." (note: fullstop at end)
>"jewsdid9/11WTC"
>"whatthefuckdidyoujustfuckingsayaboutmeyoulittlebitch?"
>"1!Aaaaaaaaaaa"
>"install/g/ent00"

and a transformation of my own (significantly altered, but I could post it one character off and no-one would ever know):
"itscalledahustlesweetheart!E621carrots"

>>55777322
Oh, also, if you've been reading up to this point, then don't bother listening to the people suggesting you take a word and randomly permute it with symbols or other such nonsense.

Also, don't listen to the people who would have you combine your dictionary words with symbols like “.” instead of just spaces. They're the people who don't understand where the strength of multi-word passwords come from.

Finally, don't listen to people recommending such bunk as appending the name of the website or account to the end of a reused password to make it “unique” - not only is this a known technique but an attacker analyzing your passwords in particular (assuming a directed attack) will very quickly spot the password if they have access to 1 or 2 of your leaked accounts. (Which is a realistic assumption)

>>55777334
That is can be done,just use the time as part of the function to add another variable. The problem is updating things. You would need to change your password as well, some systems support that as it works well. But still has a core function that could compromise everything, although the odds are less then other things.

Bigger problem is getting locked out.
When car keys started using physical and digital locks they were so insane that courts would throw out car theft cases as the locks were deemed unbreakable, only a hand full of cars were ever show to be stole with such a system and such feats were very very rare given the work and risk involved. However a flood of people locking themselves permanently out of their cars lead to the wide spread of the development tools given to dealers and car repair crews to help them, which thieves quick modified to then start stealing cars like they use to.

Thus is the age old trade off of security verse convince, you just have to find a sensible balance and move on.

>>55777315
diffinently will check out entropy and about the pass word program going forward
i have got a handful that i change in and out but not many i need atm, just seems cool as shit to learn about
>But I find that these measures are not as tough as they seem if the other parties don't do their part. A bank app grants full access with a complex finger print lock, that is storage in basic memory. Thus the lock maybe great, but the key is left under the door mat, and is also broken by a silly putty attack, ugh. So all my work is not doing much to secure things.

i knw what you mean i had ~40 btc w/miner rig "stock" stolen off an online wallet and i couldnt do anything despite have 2 factor authentication and a hella long password bc the site itself got run in

>>55777334
While I can't claim to have understood your post in its entirety, if you're looking for a way to have a unique per-session password based on a hardware device like a USB device, look into 2-factor authentication and hardware keychains.

The central idea behind 2-factor authentication is supplementing your password by a secondary authentication source that is unique per session (or transaction). The best known examples include banks' TAN codes, which we have been using for ages.

Other examples include SMS verification, USB crypto devices (YubiKey etc.) or phone apps with unique keys stored on your device. The primary benefit of 2FA is that an attacker doesn't just have to guess or steal your password - but they also have to physically steal your 2FA device.

>>55777481
>online wallet
you got what you deserved

File: Capture.png (8KB, 234x223px) Image search: [Google]

8KB, 234x223px

>>55774523
mfw.

>>55777515
I wonder if “tweet your result” tweets your password along with the score

>>55777334
im pretty sure they do that with pharmacies at hospitals and stuff

>>55777508
i know i was a total norm, dont ever remind me, i refuse to use it to this day

>>55777548
I'm pretty sure pharmacies and hospitals have absolutely shit technology infrastructure and security.

File: Clipboard01.png (36KB, 1069x452px) Image search: [Google]

36KB, 1069x452px

Op pls ... I should also mention that for any service that can compromise me somehow I use a different password. This one is a variation of a vera crypt container password

Writing your password on random websites<

>>55777658
>not knowing how to create a substitute password that gives equal result
>not changing one letter

>>55777086
Here it is in the program you all use.

note: I checked, both use the same method to calculate: how many upper letters, how many lower, etc.
order doesn't matter

>>55774491
No you can't. Lol

>>55777700
So if my password is "abcdefghijklmnopqrstuvwxyz" I can put "azertyuiopqsdfghjklmwxcvbn" in the calculator and get equal results?

File: what is password entropy.png (48KB, 1062x548px) Image search: [Google]

48KB, 1062x548px

>>55777700
lol stop scratching your head as to why you're not understanding what's going on


>filename

>>55777747
It has the same entropy

File: pass2.png (68KB, 1648x920px) Image search: [Google]

68KB, 1648x920px

>>55777730
lol whoops

>>55777767
>>55777761
>I can't fucking read
>I can't compare two integers

File: 1442225353125.jpg (24KB, 282x256px) Image search: [Google]

24KB, 282x256px

>>55777773

>>>55777777

>>55774663
Dictionary attacks actually aren't that big of a deal as long as you're creating your password correctly. Use four or five words that aren't on the top ten thousand words list, and throw a special character into the middle of two of the words. Even the most elegant of dictionary attacks could never find it, so you would need to brute force it, but the length would make that impossible.

File: random.png (40KB, 514x540px) Image search: [Google]

40KB, 514x540px

>>55777761
Better yet

>He can't even get a password that's green

>>55774640
The difference is that for a lowercase random combination there are 26^n passwords to try.

But for a combination of (random) English words there are 1000000^[number of words] passwords to try.

File: 700.png (141KB, 1334x1014px) Image search: [Google]

141KB, 1334x1014px

>>55777761

>>55777833
or 26^5n (assuming average five-letter words) for a brute force
which is much, much bigger than 26^n

>>55777233).
>One of the best ways to do this is to visualize your password as a scene or story
Being entirely incapable of visualizing anything is suffering. I miss out on all the cool meme way of doing things and just have to actually remember them.

>>55774633
Underrated

File: you fucking retard.png (84KB, 1380x1392px) Image search: [Google]

84KB, 1380x1392px

>>55777837
>I have no clue what I'm talking about but I'll still be a smartass
>I use skiddy tools so I use complicated words I don't undertsand (or can't even type correctly)
>entrophy

>>55777874
I don't think you understand.

I don't care about entropy right now. I'm talking about how to participate in these tests without giving your actual password. Look at the reply chain.

Quote:
>Writing your password on random websites<

>>55777874
>they are going to know to use a brute force for characters one and two, a dictionary attack for three to seven, a brute for eight and nine and a dictionary for the next five!
Pure autism

File: hahja.png (33KB, 1409x480px) Image search: [Google]

33KB, 1409x480px

>not using lastpass and auto generate 99key passwords

good luck, hackers.

My master pass is 20 digits.

>>55777850
But those aren't words. You're just remembering a longer random sequence.

File: Screenshot_20160727-042742.png (83KB, 720x1280px) Image search: [Google]

83KB, 720x1280px

>>55774243
It is just the first 10 digits spelt out in English with spaces between each word.

one two three four five six seven eight nine ten

Super easy to remember, super logical, and why would ever input a password I use anywhere besides the entry way for the account?

File: 1412588473145.gif (997KB, 245x245px) Image search: [Google]

997KB, 245x245px

>>55777908
>One password to access all passwords

>>55777888
You're actually missing the entire fucking point.
I'm trying to point out that you can't use these calculators by substituting characters from your actual password, because the results will be wrong. Also your calculator is wrong.

>>55777900
>not knowing how actual password crackers work but still being loud and belligerent
pure ignorance

>>55777930
Good thing I also have 2 factor authentication and never use the password on anything but lastpass, my senpai.

>>55777908
>QUINQUAGIN
fuckin numbers, man

>>55777911
If you are talking about how:
>s^4gY
is more secure than
>five^
, then yes, but after a certain amount of characters, a brute force takes longer than a lifetime and a dictionary attack is easily avoidable
>dsf4$54dsf$%fds[...] for 50 digits
will probably protect you a few trillion centuries shorter than
>Iwillwalk500miles!AndIwillwalk[...] for 51 digits

Email password, encryption password is a little over double

File: Screenshot_20160727-102723.png (158KB, 1080x1920px) Image search: [Google]

158KB, 1080x1920px

>>55777948
Forgot pic

>>55777938
>You're actually missing the entire fucking point.
>I'm trying to point out that you can't use these calculators by substituting characters from your actual password, because the results will be wrong. Also your calculator is wrong.
You are right, but that's not the fucking topic you are replying to. At least try and read the posts you reply to.

File: hqdefault.jpg (18KB, 480x360px) Image search: [Google]

18KB, 480x360px

>>55777908
Too bad every other service restricts you to less than 20 character passwords.

>>55777941
>One password to access ALL passwords

>>55777959
>can't use these calculators
You literally can. I showed you how.

>>55777968
>what is 2 factor authentication

>>55777958
Aaand forgot a character. Strength now at Six sextillion

>>55777965
Those services are pretty shitty considering they dont save passwords as hashes.

>>55777974
One database to be leaked for ALL passwords

File: IKiqOUm.gif (228KB, 720x480px) Image search: [Google]

228KB, 720x480px

Oh my god - so many retards in this fucking thread

Thread summary:
- OP's calculator is wrong
- Even if it wasn't wrong you can't substitute characters from your actual password because that would be wrong too
- >WHAT IS PASSWORD ENTROPY
- I'm done with you mouthbreathers

>>55777984
Feels good it's encrypted in 2048 bit then, right?

Mine is
>implyingmypasswordissecure

>>55778021
I meant aes-256bit*

my bad.

Also, from reddit about cracking 256-aes

>380 Tianhe-2 Supercomputers running for the entirety of the existence of everything to exhaust half of the keyspace of a AES-256

>>55777974
>Call up service provider
>Hey I'm here at the [service provider] store at location] and we have a customer here who recently lost his/her smartphone
>I was wondering if we could transfer the old number to a new simcard?
>They have supplied all the information for the account and I have verified it

>5 minutes later
>Old simcard deactivated
>New simcard with old number activated


And now they can receive your 2FA codes :^)

>>55778021
yeah but what about their implementation? For all you know there could be a memory leak somewhere as yet undiscovered just like heartbleed.

A password manager represents a single point of failure.

>>55775188
>a computer can't easily guess billions of times per second

>>55778054
this, it is shockingly easy to do.

>>55778083
Exactly. I've found it can be hit or miss, but you can just call up again and speak to someone else who will let it slide.

>>55778083
>>55778093
>FA went down a while ago (notorious for shithole site that only lives because of popularity)
>reset all passwords
>"if your email is outdated, send us a message"
>harvest artist accounts
>???
>kys for using FA

>>55777442
>Finally, don't listen to people recommending such bunk as appending the name of the website
I generally use the name of the website for the first letter of each word in order to remember from where it coming from. For example :
STEAM = Shack Terminus Eat All Money.

File: ayylamo.jpg (71KB, 1079x463px) Image search: [Google]

71KB, 1079x463px

>>55774243
"Niggers tongue my anus"

https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/

>>55777930
What's wrong with that?

>>55778333
What's the use of having a different password for each, if you only need one to access all of them?

>>55778039
bits?
There's your problem.
Let me guess, you are using some kind of electrical binary computer system like everyone else.

You need to just develop a non-corporal sentient* life-form with the sole purposes of managing all your passwords for your benefit. It super easy and to my knowledge there are no known vulnerabilities.

*Just don't make it too smart and independent, when they rebel it sucks.

>>55774357
>he's so arrogantly hiding behind his kaspersky firewall, he thinks only corporations would target him

>>55778361
Just don't let anyone get the master password.

It's easier than having a unique secure password for every single thing you use a pass for, and it's a lot safer than using the same password for everything.

>>55774243
>>55774481
>>55774502
>>55774523
>>55774551
>>55774571
>>55774611
>>55774621
>>55774712
>>55774792
>>55774821
>>55774825
>>55775111
>>55775562
>>55775666
>>55776048
>>55776420
>>55776452
>>55776515
>>55776716
>>55776789
>>55777039
>>55777096
>>55777515
>>55777591
>>55777769
>>55777908
>>55777958
>>55778251
Congratulations!
You just gave away your Password to some Stranger on the Internet.

>>55774465
In all seriousness it probably doesn't even send your password. It's probably all done client side.

I still wouldn't put my passwords into it though.

>>55778425
>>55778260
kys

>>55778454
its done client side, you can disconnect your internet before you type if youre not sure.

>>55778461
I never said you had to use Lastpass. Obviously that's fucking retarded.

>>55778477
what are some legit managers?

>>55778454
I've discussed this, I didn't.

File: 1466803739367.png (229KB, 366x345px) Image search: [Google]

229KB, 366x345px

>>55778454
>there are people who unironically believe this

What webshite is this?

>>55778483
pen and paper

>>55778504
howsecureismypassword

>>55778504
google "password strength"

>>55778510
>pen and paper
As long as none of them have access to your house, this.

Do it at a workplace and I'd fire you.

>>55778521
>>55778510
so then memorize all my shit, okay

>>55778054
>using your phone or e-mail for 2 factor authentication

I'm not braindead like your favorite youtuber, sorry.

>>55778260
>turn off autofill
okay, thanks my famila

File: 1392857768420.gif (1MB, 350x117px) Image search: [Google]

1MB, 350x117px

>20 spaces
30 million years
(possibly a telephone number?)
>password123456
5 thousand years
>`openssl rand -base64 9`
3 thousand years

>people actually entering real passwords or even password schemes to that lame database

>>55778711
The haystack calculator give a nice paragraph on how it's "not a strength calculator", since it only predicts a brute force attack.

IRL, "password" wont last a second. Literally.

>>55778521
>>55778538
Pen and paper is the best password. If anyone has physical access to your machine (your house) and it's not encrypted you are fucked anyway. It takes like less than 5 minutes to get past the windows password shit and then you can install whatever weird keyloggers and shit that you want.

>>55778871
But on the flipside, if you pen and paper, any technically illiterate person can still fuck you over.

In your head is the best password; only torture and keyloggers will get it out.

File: truecrypt.gif (823KB, 1041x427px) Image search: [Google]

823KB, 1041x427px

My truecrypt password

ITT: Faggots who think they understand entropy and password security but are still using bullshit passwords with 1337speak or complicated nonsense that requires a password manager.

LastPass just got compromised, enjoy having all your account stolen at once.

http://www.zdnet.com/article/lastpass-zero-day-vulnerability-remotely-compromises-user-accounts/

PassPHRASES or die motherfuckers. L2security.

>>55778871
>Pen and paper
923 THOUSAND YEARS

indeed

>>55778728
>"password" has 8 characters so it is at least a 5 out of 10 on a typical 16 character strength limit, making it a good password.

>Because it is easy to remember yet strong it is commonly used.

>>55774640
Would separating the words with symbols/numbers instead of spaces make it less vulnerable to dictionary attacks? for example, is "make&america1#great`again}}}" more secure than "make america great again" ?

hunter2

>>55779047
You don't have to censor yourself here dude.

File: Screen Shot 2016-07-27 at 14.23.32.png (143KB, 2108x890px) Image search: [Google]

143KB, 2108x890px

Guess the password.

>>55779358
abcdefghijklmnopqrstuvwxy

File: supercalifragilisticexpialidocious.png (23KB, 702x384px) Image search: [Google]

23KB, 702x384px

supercalifragilisticexpialidocious

I have a feeling it's not going to take this to guess this.

>>55779623
This is now added to the dictionary and has a beach time of under 3 minutes.

Great job ruining a cool password, any others?

>>55779623
I'm sure that's pretty high up on the list of common passwords.

Wouldn't last 1 second against a dictionary attack.

>>55779657
What website allows a password without capitlization, a number, or a special character?

>>55779663
My thoughts exactly. Shitty estimator.

wow yankees1 isn't very secure apparently uh oh

>>55774323
This.

For what it's worth, all my online accounts use 10-word Diceware passphrase or 20-character random strings. There is no reuse. They are remembered by a password manager on a custom, in-development secure USB HSM, on which my encryption and signing keys also live; my master passphrase on that and its backup, which is memorised, is a 10-word Diceware passphrase correctly generated with real, new, calibrated casino dice.

That far exceeds the capabilities of any threat model I am personally concerned about.

>>55779670
My companies employee only website for starter.
It also lets you reset your password without any verification other the your first and last name.

For such a big company it is only a matter of time before we get hacked headlines like others.

>>55779670
>What website allows a password without capitlization, a number, or a special character?
I know Google doesn't. It doesn't really matter; you can have a secure password without those, and you can have a very insecure password with them. Using shit like that is barely going to affect dictionary attacks anyway. It's a stupid requirement expecially when the same sites often have requirements like 12 characters max.

>Shitty estimator
To be fair, it's pretty hard to estimate something like this.

Take any password and a proper estimate against a dictionary attack is going to look like "anywhere from .01ms to longer than the life of the universe."

It depends too much on the dictionary and ruleset. I don't even know what this site assumes about hashing speed either.

>>55779783
Sorry Google does allow passwords with only lowercase letters.

If a password is minimum/maximum size 8 characters
And assuming most brute forces go "aaaaaaaa"-"aaaaaaab"-"aaaaaaac" etc

Is one of the most secure passwords Z9999999?

>>55779816
I guess technically.

It will go from taking a fraction of a millisecond to maybe a couple of seconds to crack.

>>55779816
If by "most secure" you mean "might take 20 seconds longer to crack than 'aaaaaaaa'", then maybe.

>>55779783
I argue it make it less secure as it limits the number of passwords.

If they require a capital letter then they just told the cracker to not both testing all lowercase options, that just saved them a lot of time by narrowing things.

>>55774663
Use uncommon words in an uncommon combination.
Problem solved - you are now virtually as impervious to dictionary attacks as you are a brute force attack.

Even better, just include a special in the middle of a word.

EVEN BETTER - I am literally just reciting what a Youtube channel for computer noobs (computerphile) has already made a video about recently.

EVEN EVEN BETTER MOTHERFUCKER - MAKE UP YOUR OWN WORDS OR MIX LANGUAGES. FUCKING SIMPLE.

>>55779836
>>55779828
Then surely any password in this thread has the same effect. Why is "mrei4;;r" better than "zzzzzzzz"?

>>55779883
It's not. Any password less than 10 characters is going to be bruteforced in a matter of minutes.

>>55779883
cuz ur an idiot loloollolol

get out of thread'

>>/REDDIT/

>>55779883
Because it isn't really. The only thing that makes it better is that symbols add a slight amount of entropy because they are extra variables.

The "most secure" password is a passPHRASE made up of a few unrelated random words possibly with numbers of symbols seperating the words if you feel like it. Easy to remember, incredibly hard to guess.

Something like "Moon1Cow2Watermelon3Fork" would be millions of times more secure than "Th1sPassw0rd15Secure!"

best way to make a seemingly random character password that you'll actually remember is to take a fictional word then hit caps lock and start typing out something like a license plate number, hitting the left arrow key twice between each digit/character.

pain to type on mobile but just use pen and paper to visualize it.

File: Reddit[1].jpg (36KB, 200x200px) Image search: [Google]

36KB, 200x200px

>>55779913

>le correct horse battery staple may-may

desu senpai i just bang my dick on the keyboard to make passwords

one slap and i have a 20 char password totally random

>>55779926
Prove it wrong, faggot. Bruteforcing words is easy, managing to put together a correct phrase composed of random english words is incomprehensibly hard.

Just because there's an XKCD comic about it, doesn't make it a meme.

File: 1407424871745.png (51KB, 186x178px) Image search: [Google]

51KB, 186x178px

>tfw my password is just five letters

>>55779926
That's not even wrong thought. You just have to protect against dictionary attacks by using uncommon, made up, or mixed language words and doing some tricky shit that rulesets wouldn't expect like adding a few random characters in the middle of one or two.

Though even just putting four semi-common lowercase english words together is safer than doing shit like the troubadour example in that xkcd strip, which would be easy as fuck to crack. Leetspeak is basically worthless now since that's the first thing any basic ruleset will try.

File: Screen Shot 2016-07-27 at 9.36.50 PM.png (145KB, 1982x886px) Image search: [Google]

145KB, 1982x886px

didn't expect that

the main factor in the password vs passphrase example is length.

people are talking shit about substitutions and dictionary attacks, or masks.

entropy is fine, but it grows much larger with length than it does with increasing your character pool.

>>55774502
Password? 5 seconds it took me

>>55779010
Keepass or keepassx is the only way, also keepass is getting autdited

>>55778454
......no, just no

>>55777908
>lastpass
you might as well just publish your passwords in plaintext online

https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/

File: Screenshot_2016-07-27-07-44-11.png (107KB, 720x1280px) Image search: [Google]

107KB, 720x1280px

Its okay

How to get on your level, OP?
What is my current level?

File: truth.jpg (115KB, 1416x1000px) Image search: [Google]

115KB, 1416x1000px

>>55774243

File: untitled.png (23KB, 1113x450px) Image search: [Google]

23KB, 1113x450px

>>55774243
Really dont put much weight on this site, this is a really common thing i used to get used to touch typing, which i used in a program i made once.

and what is the website?

Lastpass vs dashlane?

Posted this in sqt the other day, but might as well here too.

Diceware faq makes it sound like if you use a non-crypto rated RNG to generate the dicerolls you might as well just use password123.

Anybody know just how much worse a diceware passphrase is if using any ol' rng to generate it IN PRACTICE? I have a feeling that it's effectively just as secure. The only time I feel like it would start to show weakness is if you had a database leak and many people were using diceware passwords using the same RNG function.

>>55776998
What's it like being slow as shit at typing?

>>55778454
I posted the password along with the image. It's obviously not one I use lol
They should revoke your Internet license

File: Screenshot_2016-07-27-09-59-46.png (126KB, 720x1280px) Image search: [Google]

126KB, 720x1280px

Purty good.

>>55774428
Patterns on your keyboard that change with every password

File: Capture.png (12KB, 744x232px) Image search: [Google]

12KB, 744x232px

>>55774323
What are they going to do with a password and no information about your usernames or what site you use it on?

>>55782758
Add it to brute force lists. Doesn't take much for your email or accounts to end up on another list either, chances are slim but it happens.

File: optimus-maximus.jpg (32KB, 450x404px) Image search: [Google]

32KB, 450x404px

>>55782658
You might be on to something.
Get an Optimus Maximus Keyboard and invent some software.

Constantly remapping keys with time and image recognition components. At that point the keyboard is part of the key, which could get very interesting assuming it doesn't just store all the data in some easy to get place.

Similar to how I mapped functions to my keys rather then individual characters. Program complies and solve the functions to generate the real password into the text box. But the changing buttons could make it way more complex. Still the program would need to be secured properly.

first password
> use it for social networks

11 trillion years

second password
> use it for mostly throwaway accounts

227 million years

third password
> use it for banking , email and other important things

830 sextillion years

File: neato.png (223KB, 565x563px) Image search: [Google]

223KB, 565x563px

>>55779004

>>55783026
Using the same pass for multiple accounts is poo though. All it takes is some shitty Pajeet website to store your password in plaintext or with MD5 or something and you're screwed when they inevitably get hacked.

>>55778454
Why do you keep Capitalizing every other Word on your Post?
>he actually believes this
>mass quoting

I used to throw in unicode characters for letters ® © ¥ but then you have to remember the alt code for them.

This is bullshit. I've seen Swordfish.

>>55779913
NeutralMilkHotel am I doing it rite desu

>>55783069
i know
been trying to get into password manager , but cant decide which one is better

>>55783012
oh shit, I forgot about this memeboard. Is it still 1000 dollars? Does anybody anywhere actually own one?

>>55784118
passwordstore.org is the clear winner

Redpill me on password managers /g/. Are they all botnet?

I'm looking at Dashlane and it seems pretty solid.

>>55785531
passwordstore.org isn't botnet. It's entirely local, with the only optional synchronization / management being done through a git server of your choice

File: 2016-07-27-232852_958x1053_scrot.png (3MB, 958x1053px) Image search: [Google]

3MB, 958x1053px

>>55774243
write code for your passwords
just remember the output
eg

while True: print("Fuck off, nignog")

pic somewhat related

>>55785531
Keepass user here, pretty gr8 stuff

>>55776420
Um, let me guess... Password?

To you all! The best way to create a password is:

openssl rand -base64 128

In this case a password with 128 characters will be created. You can choose any sequence length you want changing the last number ;)

>>55778454
>i dunno how thigns work l;ul xD

>>55778454
>all me
I didn't even put in my password you shit

File: Screenshot_20160727-185200.jpg (236KB, 1419x1562px) Image search: [Google]

236KB, 1419x1562px

[^:

>>55790029
>on screen keyboard
LUL

>>55774499
She's hotter when she was fat

What do bruteforce / dictionary attacks test against? Any site will block you for a while if you miss 3 or so attempts, right? I seriously never got that part

>>55779309
>trigniggerillion years
lol

File: password.png (38KB, 771x351px) Image search: [Google]

38KB, 771x351px

huhuh guys nice job not cheating fags

>>55791192
If someone hacks a site's database they can get your hash, then they can try guesses as fast as they can hash them, which can be pretty fast if you have shit like several TitanX's and/or the hashing algorithm the site uses is weak.

>>55774428
Password Manager
Set master password to a uncommon but easy to memorize sentence

Here's the trick, add a dash between one of the words to prevent dictionary brute force.

Start with "My dick is small."
Now add a dash
"My dic-k is small."

Pretty secure.

>>55792586
Ohhhh I see. Thanks m80.
But then how do they go about hacking a facebook password for example? I imagine sites like that don't get their hashes stolen that often at all?

>>55792983
Well they wouldn't target facebook directly. What will happen is some site gets hacked, all the weak passwords get cracked, and then the hackers take those username/email and password combos and they go to lots of other sites to see if they used the same pass everywhere.

>>55793024
Oh gotcha. So it sounds pretty unlikely that you'd be a victim if you simply use (even slightly) different passwords everywhere. Not quite getting some of the more emphatic people in here although it is paranoiding me a bit.

>>55774243
>20 trillion years for "please rape my face"
>2 quintillion years for "niggers tongue my anus"
>8 septillion years for "lorem ipsum dolor sit amet"
>97 sexdecillion years for "the quick brown fox jumps over the lazy dog"

File: Screenshot_2016-07-28-07-32-03.png (195KB, 1080x1920px) Image search: [Google]

195KB, 1080x1920px

I need to change my password

>>55793080
The trouble with variations on the same password is that the passwords often end up in the open. So while you'd not likely be a victim of a lazy dragnet moneymaking operation, one of your passwords might end up out there for a more targeted adversary (from a vengeful ex to someone who thinks you might be discussing business or government secrets) to try guessing your facebook password with varying levels of sophistication.

File: image.png (455KB, 810x688px) Image search: [Google]

455KB, 810x688px

>>55778454
Did you enjoy clicking on all those posts, anon?

>>55793199
"lorem ipsum dolor sit amet" and "the quick brown fox jumps over the lazy dog" probably wouldn't last more than a minute.

The other two aren't great either.

>>55774428
I use a password manager. The master password was generated with a Python script. Basically I took a list of 2000 common English words and randomly generated eight in a row. That's 11*8=88 bits of entropy, plus I think the password manager uses salts. The only trick is to string those eight words into a rememberable sentence. The other thing is to use the system random number generator, otherwise you might have less than 88 bits.

Also I keep the encrypted password file on a public repo in case something were to happen to my computer.

File: Screenshot_2016-07-28-02-26-29.png (150KB, 1080x1920px) Image search: [Google]

150KB, 1080x1920px

>tfw your uni email service has an extremely low character cap for passwords (must be at least 8, no more than 10)

eh, good enough for my weekly newsletter and inter classmate emails.

>>55774243
>Must be passwords you remember

I remember a single one, and it's only used as a seed to generate my passwords for everything, so it doesn't give you access to shit, not even a password safe.

Fucking plebs I swear.

>>55778454
tfw even if I gave them my password it doesn't matter because they don't know what accounts it's associated with

>>55778060
Decoded client side, so I don't care about server leaks.

File: Capture.png (13KB, 1028x227px) Image search: [Google]

13KB, 1028x227px

What do I win?

>>55794477
Good thing the LastPass client leaks information to arbitrary websites :^)

>>55794708
Only if you have autofill and the target website is specifically targeting lastpass users and specific websites, plus that was patched the moment it was found :^)

>>55794708
That was an audit by a security specialist who only found that one error, an error which is now patched.

>>55794855
>>55794923
>cloudcucks desperately defending their botnet :^) :^) :^)
it's actually sort of cute

why don't you want to open your eyes and realize there are alternatives to lastpass that aren't enterprise garbage?