Thread replies: 31
Thread images: 1
Thread images: 1
File: keepass_512x512.png (36KB, 512x512px) Image search:
[Google]
36KB, 512x512px
Let's talk about passwords
Up until like 3 days ago I had the same 8 character password for everything, decided that was pretty retarded.
Ended up using random passwords for each different account that I have on the internet, and make them as long as the website would let me. To manage these passwords, I use keepass, some open source meme that saves all your passwords as a database that you have to use a master password (I chose a 20 character long randomly generated password for this too, only 20 so that I could remember it) to unlock as well as a keyfile (optional, but I went for it). I have the database file on a cloud in an account with a different 20 character password. The keyfile I keep on my phone and in a usb drive, so that if someone gets access to my cloud account, the password they used to get into it being different, and the lack of the keyfile prevents them from using the database file to get the rest of my passwords.
I feel pretty good about it, but I kinda just made it up. Not really sure if it's good or not.
What are your practices? Shittiest thing you've had to deal with from a website wrt password restrictions?
Wells Fargo, one of the only things that I actually care about restricts you to use a password that's between 6 and 14 characters long. shits probably in a plaintext file somewhere.
>>
I have the same 8 character password for everything
>>
>>56043248
yea, the catalyst for this whole thing was like the 14th email from yahoo saying someone in a foreign country attempted to login to my account, but was rejected because of their location. Didn't want to choose a new password to make everything again, so I went full autism instead. Maybe you'll have an experience like that, maybe you won't.
>>
>>56043238
Can someone recommend a good password manager which isn't a mono-based bloatware?
>>
>>56043248
You're pretty retarded.
>>
>>56043238
I never get the use of an additional keyfile.
Like, if there's a fundamental flaw in the way Keepass implemented AES, it will most likely not matter whether you're password is 20 or 50 characters (because a keyfile is just a way of adding more entropy to the password).
Likewise, if someone gets hold of your keyfile, a 20 character password with reasonable entropy is enough to render it useless for the intruder.
No need for another layer of complexity. But do what you want
>>
>>56043433
I use keepassx, it is pretty based
>>
Using quiet the same setup:
32 Char random passwords for everything
But I have them all in one offline-only keefile, and a seperate one with only those passwords I need on my phone in it, which is on my phone obviously.
Of course, 20char etc should be safe 2upload, but I dont trust it. kinda paranoid, i know, blabla
>>
oh, and worst password: A credit card company forces me to take a 8char password (IT MUST BE EXACTLY 8 CHARS) and contain at least one lower/upper/special/number, like wtf
>>
>>56043482
Why do you need a password for a credit card?
>>
abc123 password for accounts i made just to access some goods, like forums and stuff
pretty strong password following a scheme
ie. 4ching_abc123@#$, fuckbook_abc123@#$, etc
some real passwords for banking, email and other stuff I consider important, mostly combinations of random checkums with special characters put in random places
>>
>>56043443
for very important data it's a nice way to lock yourself out, eg plausible deniability:
i CAN'T open not because i don't want to but because i lost access to the key file.
YMMV
>>
>>56043433
KeepassX, no browser extension support tho.
>>
>>56043443
It's really just a kind of 2 factor authentication, while having a lot of entropy in a single password is enough to secure the crypto in an educational environment (i.e clean) it's certainly not how hackers would attempt to gain access.
Hackers are more likely to use something like a side channel attack and gather more data about the system, that could be anything from keyloggers to putting cameras over the keyboard or hardware interceptors, wireless interceptors and things like that.
Otherwise you're right a key file from the cryptography points for view is just more entropy in the key, I think it's safe to say that right now secure maths in the crypto is hard enough that long/strong passwords are sufficient to make something unbreakable from a brute force attack, but in the real world many other attacks occur and types of 2 factor auth just make things for attackers.
>>
https://www.youtube.com/watch?v=7U-RbOKanYs
>>
I thought about using KeepassX, but man, I'm too fucking lazy.
Also, I got a stupid question. Do I have to have the program installed in whatever device I want to login? I work with a lot of computers and sometimes I can't and don't want to just go and install my password manager with everything for some shared PC.
>>
I use KeePassX as my password manager with an 8 word diceware passphrase.
I then use it to store randomly generated 32character length passwords for everything.
>>
pwgen 20 1 -s -B
I keep the passwords for uncritical stuff like forums in the Firefox password manager. Even if someone steals my PC these are still secure because the whole disk is encrypted.
More critical passwords are stored in an extra password manager where they are encrypted again.
I memorized some passwords, like the one for my SSH keys, the disk encryption etc.
>>
>>56043950
You can get a portable version. Put it on a usb stick with your database and keyfile and keep it in your pooper until you need it.
>>
>>56044036
Since I use Loonix at home and Wangblows for work, do I have to use one portable version for each?
Should I just generate fuckhuge passwords for everything, make up some fuckhuge password for KeepassX that I will have to remember, and I'm good to go? Anything else is recommended?
>>
>>56044072
Look up diceware for the master password you have to remember.
>>
>>56043238
Wow this is weird. I did the same thing except my randomly generated passwords I decided to use the xkcd meme website to have one actually memorable.
I didn't think about backing up the file on "the cloud" though. Nor did I download keypass for my phone. I just have it on a USB drive. I don't know which file is the one that stores the actual info however. Does anyone know? I plan on backing it up in a few places just in case.
>>56043458
>>56043582
What's the difference between Keypass and KeypassX?
>>
>>56044072
I don't think there's a dedicated portable version for linux. You're master password for your database should be something strong that you can easily remember. If you forget it you're fucked, same thing if you use a keyfile and lose it. I usually make 32 character passwords for pc only stuff and 16 character passwords for anything else.
>>
>>56044132
When you make a password database it creates a .kdbx database file which is where all your passwords are. KeyPassX is just a cross platform fork of KeyPass I think.
>>
>>56044219
not >>56044132
but I use regular ol' keepass on linux, windows, and android, so I'm not sure where the crossplatform memes are like, meaningful. Maybe that project was before keepass was crossplatform on its own and people are loyal? I'm not really sure.
>>
I love the cloud and i am going to upload all of my fucking passwords to it, you know? I mean, nothing bad will ever happen, guys. Right?
>>
>>56043238
I am doing the exact same thing. I use Keepass2Android for my phone.
>>
>>56044258
OP here, this is why my keyfile never touches the internet
>>
>>56044258
May I refer you to >>56044036
>>56044257
They're both just ports of the windows keepass I think.
>>
>>56043238
Same thing as you, although I don't use a key file, just a long password.
We get a free lastpass pro account from work, so I've started using that for less sensitive info. No way I'm putting my bank account and credit card stuff into last pass though.
>>
If you know how GPG works I would recommend Pass:
https://passwordstore.org/
Otherwise KeePassX-http is a good option aswell:
https://github.com/droidmonkey/keepassx_http
Thread posts: 31
Thread images: 1
Thread images: 1