Thread replies: 145
Thread images: 9
Thread images: 9
File: lastpass.jpg (17KB, 700x394px) Image search:
[Google]
17KB, 700x394px
What does /g/ use to store and manage passwords?
>scribble it all down on papers that I have hidden somewhere
>have to remember all of them for when I cannot access my notes
>don't trust lastpass etc.
>digital offline seems too easy to lose even with backups
Is Spideroak Encryptr any good? It's GPL'd and seems pretty simple
>>
Firefox with master password and backup exported to password protected Excel workbook.
>>
>>59121294
Pen, pencil and paper, and I lock them in a safe.
>>
>>59121294
>What does /g/ use to store and manage passwords?
My brain. I have 26 passwords for all of my different accounts, hard drives, and users. The passwords are very similar except that I change the first and last 5 characters depending on what the password goes to.
>>
>>59121366
this too.
>>
>>59121366
I use 4 to 6 character "chunks" that I mix and match.
>>
>>59121294
Keepass is the way to go for password managers. Integrates well into the browser but doesn't store your passwords in a cloud. You can also use it on mobile for free and it has plugin support.
>>
>>59121335
What happens if you forget your combination?
>>
>>59121366
What happens when you die or have amnesia?
>>
>>59121483
I have the combination written down on the bottom of it.
>>
>>59121663
So what's stopping the FBI or any private party exempt from 4th Amendment restrictions from looking at the bottom of your safe and sending your dick pics to your girlfriend's father?
>>
pen
and
paper
what fucking else would you use?
>>
Pen, paper, which i roll and shove into my urethra
>>
>>59121294
i use my brain because i'm not a fucking simpleton pleb.
>>
I use pass (https://www.passwordstore.org/), the standard unix password manager. It has a command line interface by default but there a community run gui in qt. It uses gpg for it's encryption and uses git to sync between devices.
>>
how safe is using a master password for firefox?
>>
>>59121366
Your brain and passwords are shit
>>
>>59121294
I'm using LastPass now, seems good to me.
>>
>>59121394
Same, except 16-characters. I was diagnosed with the 'tism last year, too, haha.
>>
>>59124231
Might as well call the NSA when you forgot a password
>>
Please give me bunga bunga yes
>>
I have 5 different ones or so.
Same for PC unlock and G-mail
General use password for non important services
One for Facebook
One for Dropbox because of the hack
One for financial like PayPal and amazon
>>
Just started using 1Password myself. Great interface, secure even after that Cloudflare fuckup, and separate 24+ character passwords for each account I have. Shit's nice.
>>
I AM BEING SICK OF WAIT FOR BUNGA BUNGA NOWW
>>
>>59124663
how hard is it to even break?
>>
>>59124762
That's not even the point. How has the idea to store and manage all your passwords on someone else's computer ever become popular? Especially companies big enough so that you can be 100% they have backdoors
>>
>>59124574
TSM
>>
KeePassX on Manjaro
KeePass 2 on Windows
KeepPass2Android on Android
>>
>>59121366
Good luck making it impossible to change passwords when one of them gets compromised, and also getting all of your accounts compromised when any one of the passwords get compromised.
>password crackers know all of your little memory tricks
>your personal memory trick is not special, and you're not a special snowflake
>a few consumer GPUs can burn through TRILLIONS of guesses per second
>>
>>59121366
cool entropy, bro
>>59124414
i'm in the process of switching to lastpass with 2fa for most of my shit. not really worried like some people. it's been audited and its implementation is solid.
>>
>>59125219
I'm using 2fa as well, using duo and google authenticator.
>>
Is it safe to put my database file in a dropbox of the file is encrypted anyways?
How many character password should my master password be?
>>
>>59121366
>The passwords are very similar except that I change the first and last 5 characters depending on what the password goes to.
yeah, well, this does literally nothing, might as well use the same one
>>
KeePassX / KeePassDroid
Only have to remember the passphrase and either PC login or phone unlock combination.
>>
Anyone using selfhosted pass manager such as vault or passbolt? I'm interested in hosting these 2 locally, anyone have deployed this 2 on their network yet?
>>
how safe is a password protected excel sheet?
>>
>>59121294
>>digital offline seems too easy to lose even with backups
You can additionally upload the password database to cloud storage providers. If your master password is strong enough, you don't have to worry.
In the worst case, you usually have a "forgot my password" mechanism which lets you reset it.
>>
>>59124231
Very secure. Which you'd find out if you'd just bother to search.
>>
File: fx_master.png (25KB, 959x432px) Image search:
[Google]
25KB, 959x432px
>>59124837
Do you even know what Master Password for Firefox is?
>>
>>59122400
what risk will be greater?
-police doing that
-random korean hacker tries to get to your back account.
the latter is probably happening right now
just us something non-digital to safe passwords. like at the first page of a book in your room
>>
>>scribble it all down on papers that I have hidden somewhere
>>digital offline seems too easy to lose even with backups
I don't get this meme.
>house burns down while you're away
>lose all your passwords
A proper backup is just as good as scribbling it down somewhere. An online backup (i.e. it's stored in a different place) is even better.
>>
Has anyone used Spideroak Encryptr or has any experience with it? developemnt doesn't seem active any more on it
>>
I use lastpass and I let it generate 48 character length passwords for my all other shit.
>>
>>59121366
>>59125003
I've been doing this also, but I'm getting a bit anxious lately over the possibility of a person getting one of my passwords and then have instant access to every website... Talk courage into me Anon? Please?
>>
>>59121366
I really hope this is bait.
>>59121463
This.
>>
>>59127772
use a password manager idiot
>>
p a s s
a
s
s
>>
http://masterpasswordapp.com/ Get your passwords anywhere. without cloud storage whatsoever
your password is generated based on your master password, name and website
>>
>>59128455
Might as well use a password manager app on the smartphone (and your personal PCs) and generated passwords. You'll have to remember less and it's just as, if not more, secure.
>>
>>59121463
This
Keepass is the best locally saved password manager.
Company I work for we built a password cracker and that thing can chew through almost anything but keepass files. as long as you change the password to the DB every now and then its basically perfect.
For cloud based last pass is hard to beat. Yeah they have been popped but they salt the passwords to unbelievable levels. By the time anyone got around to actually breaking into an encrypted dump the passwords would already be changed and worthless.
>>
>>59128455
>IOS only
no
>>
What are some good plugins for Keepass2?
>>
>>59121483
I don't
>>
>>59121321
Hope that's bait. Both are easily broken in seconds
>>
>>59129730
I was going to say the same but figured its either bait or someone who literally has no idea what they are talking about.
>>
>>59129730
>Both are easily broken in seconds
I have no idea about Excel.
But Firefox will encrypt the passwords with your master password using 256-bit AES. It is very secure.
Unless you're using Firefox Sync to sync passwords.
>>
File: 1482936459678.png (4KB, 120x120px) Image search:
[Google]
4KB, 120x120px
>encrypting my 3tb external hdd with 1 pass wipe
>estimated time 40 hours
>>
paper and pencil is insecure against keyloggers.
>>
Desktop tech here. My company doesnt have functioning SSO and different systems have a different rotation schedule, so pretty much everyone just has a notepad full of passwords somewhere at their desk.
>>59129582
totp
>>59129263
Better yet, if the .xlsx just has a protection password (not encrypted) you can actually rename the extension to .zip, open the XML inside and ctrl+f for 'password'
>>
I use lastpass, it works great and it's secure.
>>
File: lastpass.png (22KB, 353x472px) Image search:
[Google]
22KB, 353x472px
>2011
>not using a password manager
>>
>>59121463
>Integrates well into the browser but doesn't store your passwords in a cloud.
Why is that an issue if it's just an encrypted container that is synced with the "cloud". It's not like they'll get your password.
>>
I use lastpass
>>
>>59132166
Because it's another attack vector. If you have anything of vital importance then don't store it on a network.
>>
>>59132152
Thank for the password, sucker. I'm hacking your PC as we speak ;^)
>>
>>59121294
Brain Pro 2017.
>>
I run a light linux vm with encrypted disk on my homeserver. On this vm I keep a keepass database out of which I can copy+paste my keys anywhere with a vnc+openvpn combo. While vnc is not encrypted, I use it only via openvpn tunnel. Has worked well for years. I never move the keepass database off the vm, I just copy the whole vm (which is encrypted) for backup purposes.
>>
security through obscurity is the best security.
Come up with a system completely weird and alien that nobody would know how to figure it out even if they had it right in front of them.
>>
>>59121294
https://www.passwordstore.org/
>>
passwords.txt
haven't been hacked yet
>>
>>59133894
Well if it's encrypted it should be fine.
>>
>>59133823
this
I bet nobody can figure out my google account password
>>
a notepad file that i keep in a folder of food pictures called "recipes to try"
along with a physical list stuffed into the middle of a cookbook
>>
>>59121463
This. Been using it for at least 2 years now, works great.
>>
>>59133942
plaintext on an unencrypted fs
:)
>>
>>59133823
>security through obscurity is the best security.
I thought its supposed to be the worst actually. Isnt that why all the best encryption algorithms are open.
>>
keepass and keepassx work great for me. I dont use it for everything though just stuff that I need to be secure.
>>
GPG encrypted text file
>>
>>59134002
Exactly. This is why I uploaded all my passwords in plaintext on my github.
>>
So I'm currently using an excel sheet for all my passwords.
If I switch to KeePass, how do I save the local pw-db file so I can use it on my iphone or on another computer I own? Google Drive? Dropbox?
>>
Anyone know the difference between LastPass free vs. premium?
>>
I have Password Safe where I save my passwords and also generate them when I need passwords for services I won't frequently need to manually login to.
For important shit I'll use a certain words with some not-too obvious character switches, something easily memorable like dogpiss, except I type it !d8gp3ss which should be strong enough yet easily memorised.
I also save my passwords to Opera without a master password so they're probably in plaintext somewhere on my computer but idgaf. I'm not too worried about some hackers gaining access to my files and searching for a password file of a deprecated browser.
>>
>>59134704
This, if there is only a local copy, how do you login outside of your work/in an unexpected enviroment?
>>
>>59121294
I use lastpass for everything unimportant: Slack teams, forums, reddit, social media, etc.
I don't store my email or banking passwords in Lastpass, so if it is ever compromised it doesn't really matter.
If you don't use a password manager for flippant logins you're just making your life harder.
>>
>>59135189
>!d8gp3ss
>which should be strong enough yet easily memorised
Uh, no:
>https://password.kaspersky.com/
>>
What about pass? Its a command line based password manager. Can install it with termux on your phone and there are packages for most distros.
>>
>>59135496
or i could just kill myself
>>
You all should just write your passwords on your dick. No one will ever see them then.
>>
>>59135334
I use lastpass with 2FA for everything, including the important stuff. Lastpass makes my bank credentials more secure, not less.
>>
>>59121321
not the trans pieces of shit working on firefox commenting code all day would actually suggest that.
>>
>>59135605
At least we have a dick.
>>
>>59135605
My dick is too small to fit my passwords on it.
>>
>>59134704
>>59135303
Can anyone who uses KeePass answer these questions?
>>
>>59135641
Personally, I've saved it in Dropbox. Some people will advocate against it. But since I'm using a fairly secure password I think I'm good.
I don't know about KeePass iPhone apps.
>>
>>59135303
>>59135641
I usually don't, but if I really have to I keep an older copy (updated like once a month or a few) on my encrypted phone (keepass on pc and keepassdroid on android from f-droid).
Master one is on a pc and all passwords are updated to it's database. Usually random passwords needed are up to date even on an older db on phone.
One might keep his keepass db in cloud, I guess. But I've never felt the need for that.
>>
File: 1485463019508.jpg (71KB, 414x499px) Image search:
[Google]
71KB, 414x499px
My uncle had an old Websters dictionary in his small library, scanned a page in the middle and then replaces however amount of the text with his passwords and what they go to in a brief message.
And then glues the page back into the dictionary.
>tfw he need a definition for a word that the page covered.
>>
>>59135641
http://keepass.info/help/v2/sync.html
if you need to.
>>
>>59135707
To continue, I guess it would be a two minute thing to set up a tasker routine
- once a day
- when connected to home wlan
- copy keepass db from nas
>>
File: what is this shit.jpg (142KB, 422x422px) Image search:
[Google]
142KB, 422x422px
>>59135760
sounds decent until you realize that glueing some paper in the middle makes it really really easy to spot on a book.
>>
>>59135818
Well i mean he took the time to get the right color of the page, etc. It looks pretty legit, had he not ever told me I would of never noticed.
>>
>>59135840
>not ever
should of used ever lel
>>
>>59135760
https://www.youtube.com/watch?v=YgHNtzxO0y8
>>
Paper and https://www.passwordstore.org/
>>
>>59135840
>It looks pretty legit, had he not ever told me I would of never noticed.
this is why I said it looks pretty legit, if you just randomly move your thumb on the side going through the pages you will feel where it is. It will feel weird because now that page is at least twice the weight. In fact if you look the book from the side you will notice a fucking line where that page is and this is a best case scenario since glue gets weird with time and even could change the color of the page.
Again I guess nobody will go on browsing the book randomly to look for passwords and even a loose piece of paper just placed there would be safe.
>>
>>59135633
What are you sperging out about now, shit for brains?
>>
>>59135970
>nobody has fallen for my bait
>I know, I will just reply to myself!
>>
>>59136000
actually I'm the guy trying to explain why the whole glued page will be easy to spot and >>59135970 is just a fucking idiot that can't read.
Nice trips though.
>>
>>59121463
Keepass extension shits itself on my browser, something about "initialized array"
>>
>>59135614
> Lastpass makes my bank credentials more secure, not less.
Eh. I still wouldn't trust it for that. they've been breached before.
>>
>>59131613
True. But then again copy and pasting isn't safe either, if you install or are affected by malware that can view your screen and shit your basically screwed.
I plan on keeping them on a USB (and paper) and using velcro to secure the USB under the table, and just remove it from there whenever I need it.
>>
>>59131613
Wow, I didn't know you could install a keylogger into a pad of paper.
>>
>>59121294
Keepass
I store the database in the cloud and use the app on my phone for when I need passwords when im out of the house.
>>
Why aren't you using the objectively best password manager in the world, /g/?
http://masterpasswordapp.com/vid/about.webm
>>
>>59137345
See >>59128455 and its replies.
>>
>>59129379
>iOS only
You fucking dirty liar kike. There's a java file you can download that runs on any OS, besides that you also have it on Android in Google Play.
>>
>Ctrl+f "Keepass"
>22 results
Feelsgoodman not being tech illiterate.
>>
>>59135641
I've got my keepass db in my Google drive account. The desktop and android clients can sync with it natively, it's just like working with a local database, and everything is kept in sync.
There's no real worries with security in storing the database in the cloud.
The whole point of password managers is that the database should be secured with encryption strong enough that you could upload the db to a public server or email it to everyone in the world, and it would still be secure. The security comes from the (uncrackable) encryption, not from hiding the database.
>>
>>59128455
>>59137345
>isn't available on most platforms
>all passwords are easily derived if someone knows your master password
At least with other solutions someone needs your master password AND a copy of your database to get your passwords. This is just worse every way you slice it.
>>
I have one single password. But, I have a specific modification for every website/software
Example:
Take a correct password (Like «0P5ucksD1ck5»)
Then at the end, add something relevant from the website, like first and last character
For example, Amazon: 0P5ucksD1ck5!an
Google: 0P5ucksD1ck5!ge
>>
>>59137605
>isn't available on most platforms
STOP LYING REEEEEEEEEEEEEEEEEEEE
>all passwords are easily derived if someone knows your master password
Don't let people know your master password then lol.
>>
>>59137654
>Don't let people know your master password then lol.
If that's your logic then why not just use that password everywhere and "don't let people know it lol"
Then you'd have no need for a manager at all
>>
>>59137631
I've done something like this in the past. But I couldn't be consistent and the systems varied slightly. So I was actually relying on the browser internal password manager.
That was my own problem. Easily fixed by having a definite system and sticking to it. But it's not all that secure.
Adding first and last character of a domain to the end, middle, beginning, or a mix of those, of your password is a really obvious thought with this style of password.
One more thing: Substituting letters with numbers is also really common. And if there is suddenly a few characters that don't look like the rest of the password, (like that "ge" at the end) it won't be hard to figure out where it came from and what your password for other sites must be.
>>
>>59137787
You just don't understand how it works then. The Master Password is used completely offline and for no sites whatsoever.
>>
>>59137855
I know that. And because it's the only thing that your passwords are dependent on, it's a single point of failure. Other password managers are still shit, but are less shit because an attacker has to compromise two things, your master password and your database, to get any of your passwords.
>>
>>59137855
What do you do if a site had its account data stolen and as such requires you (for security reasons) to pick a new password?
>>
>>59137956
Add "2" to the option of password generation.
>>
>>59137956
Stop using the shit site.
>>
>>59137996
You'll always have to remember that. If it's something you don't use often you might forget it and then suddenly it doesn't work anymore.
>>
>>59138054
Not really. If I forget I can just cycle the numbers until I hit it.
>>
>>59137256
Which cloud service do you use?
>>
>>59127156
>house burns down while you're away
>what is a fireproof safe
>>
Keepass with a password and keyfile.
I don't store my entire password in keepass though. I always add four default symbols at the end of every password. So if sees the contents of my keepass database he still needs to know one of my complete passwords to decipher it.
>>
>>59138144
*So if someone sees the contents
>>
>>59137631
But then
Site A says your password cannot contain special characters. So you need to modify your password for that site
Site B has a maximum password length of 12, so you have to alter it for that
Site C says you must include at least two upper case characters, so you have to alter it for that
By the end you can't remember what password you used for site A, B or C
Better to just use a password manager
>>
>>59138644
>Site A says your password cannot contain special characters
Shit site = dropped
>Site B has a maximum password length
dropped
>Site C says you must include at least two upper case characters
dropped
>>
>>59138124
>Not buying a fireproof house
It's like you want to lose your valuables.
>>
>>59138719
>wasting money on a fireproof house and not just paying for home owners insurance
>>
>Lastpass for account that I don't care if I lose
>Keepass for important account
>>
>>59137585
I don't like this because in theory if someone discovered a new vulnerability in the encryption your database would be easier to get a hold of.
I just manually transfer it to my phone via USB. I just do it the same time I'm updating my music or whatever.
>>
>>59138060
Password crackers can cycle the numbers too.
>>
>>59140615
Not without my full name + master password, lol.
>>
File: 1480997101001.jpg (34KB, 658x464px) Image search:
[Google]
34KB, 658x464px
>>59138719
>implying you own a property
>implying you own anything of value
>>
>>59121294
passwords are literally just there for consumer peace-of-mind.
they are pretty much only an obstacle to access for your grandma who keeps forgetting which icon gets her to facebook
>>
>>59140831
bait
>>
Lastpass is quite good IMO. As good as your master password. The company itself has no access to you passwords which can be verified with their "open source" extension. I can't see how this is worse then synced keepass database. Also had a good laugh at autists remembering 15+ repeatable passwords.
Thread posts: 145
Thread images: 9
Thread images: 9