>he uses a password manager >on a computer or server connected

>he's on a computer or server connected to the internet
Why is /g/ this stupid?

>>60120088
>he does the same thing, but stores the database distributed across a huge corporate CDN with no responsibility to protect it where it can be compromised without you ever knowing

>>60120412
>implying I would do something even worse like giving it to some cloud service

My passwords are always offline. Never sees the internet.

>>60120088
>uses Windows
>obsessed with security
It's not your fault bro.

>>60120585
>implying I use Winblows

no, kiddo

>>60120088
>stores his password offline in a password manager
>uses them to log into a service from a computer or service connected to the internet
>he thinks just because his passwords are stored offline that he is safe
>he doesn't even realize his passwords are up for grabs and it only takes a few seconds to log them via silent malware and then have full access to whatever bank account he logged into without his knowledge

Why is OP this stupid?

>>60120620
>he assumes my passwords are in digital form

kek

>>60120088
>s-stop using jew software and go back to proprietary solutions!
No, /pol/-kun.

>>60120516
Except when you type them in and the keylogger on your computer steals them.

>>60120871
rekt

>>60120871
i was about to post the same fuck u

>>60120871
They can get my randomized passwords but not the db. Meanwhile, your db got stolen and the master password is in their hands, too.

>>60121014
so they get your main passwords (i.e. the ones you mostly use,) instead of filler passwords to random forums or whatever the fuck?
you're helping your adversary here more than anything bud, they own you and you're fucked either way.

>>60120088
I just have it on my USB. Doesn't matter if they figure out my master, since they won't have the database. Also, how the hell are you going to keylog ctrl+c, ctrl+v ?

I use Master Password though.

>>60120603
>shits on open source software
OK macfag. You have to type your master password sometime, and if it's in cleartext or a key file, I'm going to find it.

File: carlos.jpg (34KB, 600x600px) Image search: [Google]

34KB, 600x600px

>>60120088
why do you need a "kee" when you already got a pass? get it?

>>60120088
>What is LastPass
>How does encryption work

>keepass
>not password-store
Son I am disappoint

>>60121232
I don't have a "master password"

Having one automatically means you lose.

>>60120088
if you get a keylogger you've already lost, there's no defence against someone having physical access to your machine

>>60120088 (OP)
>>60121294
So LastPass and KeePass are equally safe. Guess I'l go for paper pencil meme.

>he uses paper and pencil
>on a house or building that can be broken in to or accessed by anyone
>he thinks just because paper is safe from a house fire or in a safe that can be broken into
>he doesn't even realize his paper is completely up for grabs and it takes only a few seconds to get his paper via poking around and then have full access to whatever he put on the paper without his knowledge.

Why is /g/ this stupid?

Kind of not on topic but, how secure is using 15+ character lines from video games and movies?

>>60121473
Well the paper is still more secure unless your enemies are literally some russian agents who want to get into your house

>>60121510
That still doesn;t change the fact anyone can go into your house and take the paper.

>>60121502
The encryption is done locally, and LastPass never has your key, retard.

>>60121533
Nobody would want to do that. Digital crimes are easier to commit then real crimes like breaking into a random guy's house for his private info

File: 1476744239283.jpg (39KB, 508x524px) Image search: [Google]

39KB, 508x524px

>>60121380
>He doesn't even have 2FA with his password manager and he's talking shit about them

I like keepass2 over keepassX because the autotyper is better on 2.

>>60121536
I said its safe as KeePass, shit for brains.

>>60121507
15 characters worth of security

>>60121507
very secure if there's a lot of uncommon words, in the future though, coherent strings of conversation, lines from music, movies, etc will all be added to databases and used to hybrid attack the fuck out of shit.

Random uncommon words with numbers, upper, lower and special cases over 30+ in length are reasonably secure master passwords

>>60121510
Keyloggers cannot grab the passwords if you're copy pasting or autotyping. Why are you dumb?

>>60121564
Yes but that doesn't stop someone who is passing by by taking the paper. The person needs to have a vault to keep it secure. Then there is the fact that that sheet can still be misplaced or get accidentally destroyed.

>>60121533
>anyone can go into your house and take the paper.

If you think this is easier than phishing somebody, you are dumb.

>>60121606
I wasn't saying anything about keyloggers. Besides I am pretty sure that advanced spywares can still get your pass one way or the other even if it is not straight keylogging.

>>60121651
>its easy to trick a retard using a fake site
>its easy to take paper with password from a retard wile he isn't looking
Okay.

>>60121659
The thing is that password managers aren't meant to save you from malware. They're meant to facilitate an easy way to have as secure as you want passwords for every site and thus protect against corporate db leaks and such.

>>60121673
>he thinks people carry their passwords around on a piece of paper
>he thinks pickpocketing is easy


no

KeepassXC master ruuce

>>60121728
Dd I say paper is in a pocket? In can be in a wallet that can be dropped and lost. In a book someone can easily take. On the desk while taking a quick piss. The list is endless.

>>60121749
The people who keep their passwords on a paper on work desk in a job place where anyone can walk into are the same people who can be "phished" by fake email asking for their credit card info

>>60121807
Which is exactly my point. Neither is more secure than the other. As long as the password exists, it can be accessed by anyone who happens to get their hands on it.

>>60121749
>In can be in a wallet that can be dropped and lost. In a book someone can easily take. On the desk while taking a quick piss. The list is endless.

Lol you are really reaching here. Nobody in their right mind would let their entire password db on paper just be right there in the open.

>>60121840
Nobody is going to do that, idiot. Passwords on paper would be hidden, behind lock and key, are in a secret part of a private home.

You are way more likely to get malware than have somebody snatch your password booklet.

File: 1477003285630.jpg (229KB, 627x720px)

229KB, 627x720px

i have a list of my accounts and passwords in a document and keep it on my dropbox for easy access. why would you do this with a piece of paper lul

>>60122493
>keep it on my dropbox

retard detected

>>60120088
Just use pass, it doesn't use a database

I use keepass. I know my security isn't top tier but it was a big step up from the shit tier reusing dictionary word passwords i used to use.

the only winning move is to never login to any accounts that are worth anything.

online banking and online shopping can be avoided by getting off your fat ass and going outside.

steam? netflix? itunes? pirate your media like someone who isn't a cuck.

cryptocurrency is a huge scam, convert it all to real money immediately before it gets stolen.

nothing to hide, nothing to worry about if you get malware.

>>60120088
>he doesn't use a password manager
>on a computer connected to the internet
>he thinks just because he doesn't save his passwords on a computer that he is safe
>he doesn't even realize all passwords he enters are completely up for grabs and it takes only a few seconds to get all of his passwords as he enters them via silent malware and then have full access to whatever account is being logged into without his knowledge

Why is OP this stupid?

>>60120088
>keepass is open source
>not security audits
>no "get paid to find bugs"
>no insentive to find weaknesses except if you use the program itself
>open source so that malicious people can find the exploits way easier

If you use keepass, you're retarded.
>no auto-input in browser unless you download some shady tool
>people trust this 3rd party tool to not have any weaknesses or exploits even though it was written by a 3rd party neckbeard in his moms basement
>"Safe"

If you're gonna use a password manager, use lastpass. At least they have security audits all the time and offer rewards for finding bugs which means people actually bother thus the exploits get removed.

>>60120088
KeePass actually has protection against keyloggers which is better than you getting keylogged from typing in your password without anything.

I use lastpass with 2 factor authentication.

Am I fucked? All my passwords are 20+ in length now.

>>60124200
keepass has autotype idiot

>>60120871
All my pw's are one time use

>>60121453
2 factor authentication.

YU FUCKING RETARD

I've never used a password manager before and this post ironically convinced me to get one.
Was this part of OP's plan?

https://security.stackexchange.com/questions/42446/does-adding-two-factor-authentication-by-otp-really-make-keepass-more-secure

Is 2FA for keepass just a meme?

>he remembers his passwords
>in his own brain
>he thinks just because his brain is his own that he is safe
>he doesn't even realize his memory is completely up for grabs and it takes only a few seconds for the NSA to hack into his central nervous system and then have full access to whatever he put in the brain without his knowledge

>>60120088
... the same for normal passwords if you get a keylogger

>>60124423
theres a big difference

normal passwords are only keylogged after you enter them. you might be able to save your some of your accounts if you detect the keylog early on. with password manager they just need to keylog your master password and then they can get your database and have all your passwords instantly

I use a password manager, but I do not store entire passwords in it. I leave a few characters out.

Where is your god now?

File: life.jpg (191KB, 784x811px) Image search: [Google]

191KB, 784x811px

>>60120088
>not using a pen and paper in the age of artificial intelligence and automated hacking
/g/uys, don't be stupid, de-digitalize your life

>>60124966
I leave some characters out for people with physical access to my machine.

Plus I use a keyfile. So I can back it up without worrying.

No method is perfect. Unless you have a better solution piss off.

>>60121294
>LastPass
kek

>>60124999
Fellow fountainpen lover here, can relax very well

>>60121139
>how the hell are you going to keylog ctrl+c

Here is a super advanced script capable of hacking ctrl+c. Only real mean hackers use this sort of shit. Be warned.

Autohotkey:

^c::
bob := clipboard
; do nefarious things with bob here

Are you seriously that illiterate?
EVERYTHING on a computer is open to software interacting with it.
This is the level of retard on /g/ today.

>>60120088
>>60121014
I have a master (email) account with a password that isn't in my db that I don't use for anything else and don't use the account for anything else and almost never access it to maintain it's security, which is also two factor auth, so even if my db were to be stolen with all my passwords I would be able to lock down my primary use email addresses and then go through all the accounts in my db and change their passwords.
Also use a keyfile for Keypass, though that doesn't add security if they get access to my computer it does mean that the master password alone doesn't get you into my password database.

So while there is the risk of loss

Where do you store your DB?

>>60124200
>Recommending proprietary password managers
When did /g/ sink this low?

>>60126357
contlol

So while there is the risk of loss at a single point, the greater organization and ability to reasonably quickly go through and change all my passwords is a benefit.

Though anyway, if you get a keylogger on your computer you are fucked sideways no matter what.

>>60120088
Jokes on you!
I got a sealed envelope with postits in it where my password are written on it.
There are 268 postits in it so far

>>60124380
THIS DESU

THIS IS LITERALLY WHATS GONNA HAPPEN IN THE FUTURE, /g/. CANT BELIEVE ONLY THIS NIGGA AND I ARE THIS WOKE

>>60126358
In my brain and in a metal case.
I need both to login to services.

That metal case in stored deep under ground in a temple.
Any time I want to buy dragon dildos, I need to go on a trek deep in to the Amazon rainforest.
Secure as fuck.
Highly recommend.
Just get your own fucking temple.

>>60124200
>>not security audits

Confirmed for not knowing what you're talking about, opinion disregarded.

https://www.ghacks.net/2016/11/22/keepass-audit-no-critical-security-vulnerabilities-found/

>KeepAss

I keep my passwords in my head, the only place where they are safe.

Use keepass with the db on one cloud provider and the cert key to open it on another.

>not writing your passwords on a piece of paper

>>60120516
>he doesn't use macro keys to enter his master passwords
>he doesn't use a portable version of keypass on an encyrpted flashdrive

/g/ needs get gud

>>60127981
>not having your salted & hashed passwords tattooed on to your skin

>>60127884
>Limiting yourself to only a handful of complex passwords to reuse across mutiple accounts

File: bundy314.jpg (66KB, 520x730px) Image search: [Google]

66KB, 520x730px

>>60126567
> LITERALLY WHATS GONNA HAPPEN IN THE FUTURE
It's here bro.

>>60124380
>his memory is completely up for grabs and it takes only a few seconds for the NSA to hack into his central nervous system and then have full access to whatever he put in the brain without his knowledge
You are partially right. DOJ and DHS have access to this technology now. They do have access to your cental nervous system, but all they have to do is mention the security of your password, and you will involuntarily give up everything about it. They do not have direct access to your memory, but they can monitor the retrieval process. Welcome to 2017.

>>60130663
Site your sources please

>>60130886
>Site
Test subject 'A' you fucking cunt.

>>60131904
Go fuck yourself if you cant cite a website or document

>>60120871
All my passwords are stored in Firefox, no keys get pressed.

>>60121281
:o)

>>60132123
>lmao storing passwords on a browser

I hope your joking because anybody can just stick a flashdrive in you pc and copy all your passcodes from any browser I've done it before

>>60132177
How would you decrypt them though?

I only. I am mistake. For minutes. Ahah :-) boards

>>60132184
There are softwares out there that copy the key to decrypt from firefox

At least its harder with firefox but with chrome its as easy as taking a toliet from a pajeet

>>60132205
w-what?

File: 1492977836950.jpg (64KB, 772x501px) Image search: [Google]

64KB, 772x501px

>>60120088
>he remembers the password
>on his brain connected to his mouth
>he thinks just because it's in his brain no one can get to it
>doesn't realize if someone really wanted it they'd just kidnap and torture him

>>60132251
why is your frog holding a hammer?

>>60132269
to hit you with

>>60132285
finally an easy way out of things

>>60132230
>as easy as taking a toliet from a pajeet
Impossible? Considering they don't have toilets.

>>60120088
>on a computer or server connected to the internet
>WILLINGLY enters a password to a site, email, etc while using it
>he doesn't realize that password is now compromised by any malware, virus, rootkit, keylogger, etc on his computer watching his every move

File: 8391859530_aefbe96f68_b800x533.jpg (84KB, 800x533px) Image search: [Google]

84KB, 800x533px

>>60132421
On contrary they have government porvided toliets and still refuse to use them. Look it up

>>60132100
Go fuck yourself, I am the source.

>>60132489
Yeah I know, I've watched a documentary on the toilet situation in India where they discussed the issue of getting the people to use them.

>>60120088
>if your computer is compromised you have no security

Wow thanks for letting me know OP, you are a genius.

>>60132511
Its honestly sad. Even in poor african countries the have outhouses and shitting holes

>>60121507
Use a !Correcthorse2batterystaple password and thank me later.

>>60132741
>logs onto a computer
>posts on 4-chan

>>60120088
>having usernames
>having passwords

The only winning move is to not play the game

>>60133107
/thread

my Keepass master password is 1024bit

it would take about 1 million $ of electricity to power a supercomputer to crack it

>>60133218
how do you enter it? my master password is relatively insecure but I'm kind of too lazy to enter some 1024-bit pass every time I need to get in.

>>60133327
its a key file only stored on my USB

>not writing your passwords on a peice of paper
fucking retards

>stores it on his usb
>doesn't have a back-up

>>60133375
>writing passwords
>not training your memory to remember your 5000 passwords to tranny cartoon porn accounts
sure smells like pleb in here.

last call

>not writing a program to copy passwords from an encrypted database stored locally
step up anons

>Never use password managers
>Always use a separate password for every single account
>Always make my passwords made up of several words and numbers like LittleTimmySatOnABridge1944
>Keep all the accounts and passwords written down on a piece of paper that's taped to a hidden compartment in my bedroom drawer in case I forget them

I have never been hacked.

>>60120088
>he remembers all his passwords
>doesn't wear a foil hat
why is /g/ this stupid?

>>60124200
All those assumed security audits you mentioned didn't help when they came up with tons of weaknesses in lastpass during last two weeks.

You're the retard, son.

>>60120088
>and it takes only a few seconds to get his master password via silent malware
At this point they can get your passwords with a keylogger. Regardless of password manager. Dude, what's your threat model?