Why aren't you using a password manager?

>>61872949
my brain

>>61872949
My password manager is passwords.txt and piece of paper that I write them to as a backup.
Cant remeber them because I use

date | md5sum | head -c15

to make them.

>>61872949
keepassxc

File: IMG_1404.jpg (34KB, 387x461px) Image search: [Google]

34KB, 387x461px

Keepass. Nuff said.

Enpass, sync to a personal vps. Ease of use with sync on any device and the data is in my own hands

>>61873026
How do you do that? I like that option, I don't want to get my shit hacked.

>>61873070
Get enpass, get a vps, create wallet, install nextcloud on vps, put wallet file on vps, configure webdav, get the enpass client on any device you use (everything is supported, big reason of why I choose enpass) and connect to the webdav location. Done.

pass(1), of course. I integrate it with dmenu and xclip and trigger it with a simple keybind. What more do you need?

>>61873093
>webdav
oh shit nigga, high security af

>>61872987
the only real answer, everything else is botnet

>>61872949
In 2005 I was making a gmail account and that's when I came up with a 9-digit password I used for everything since.

In 2013 I got more concerned about security, changed some passwords and wrote them in passwords.txt so I don't forget them.
Then I got lazy and changed them back to what they originally were though I kept passwords.txt in order to catalog all sites I ever registered to.

Now my passwords.txt just looks like this (actual snip):

Gmail         ********[email protected]    1921*****
Stackoverflow ********[email protected]    1921*****
Gelbooru      ********[email protected]    1921*****
Sankaku       ********[email protected]    1921*****
Reddit        ********[email protected]    1921*****
...

No issues, never hacked, I know it's bad but I don't really see a reason to change anything.

pass with the passFF addon, works great

>>61873153
So your password is a 9 digit pin?

>>61873300
What's the difference between calling it a password or a pin?

>>61873326
But if anyone of those sites is hacked, the hackers will now have your email and your password, and if it's identical on all sites, then you're totally fucked

Why would I use software to manage my credentials when a txt file or XML sheet works just as well?

Never understood why keepassx is so popular.

https://www.passwordstore.org/
Simple and I like it, it's basically a script managing GPG encrypted passwords.

>>61873356
Do you at least encrypt that text file? Seems like a security risk if it's always in plain text.

>>61872992
this gives me hope for /g/
godspeed anon

>>61873335
But in 12 years it never happened and I don't know why anyone would target me specifically and hack a site because of me.
Besides if they hacked Reddit for example, how would they know I also had a Stackoverflow account?
I don't really have any secrets so again I don't see why anyone would hack a big site like Gmail because of me.

>>61872992
Use sha512 or bcrypt. md5sum is cryptographically broken, there could be a collision.

>>61873153
>Reddit

>>61872992
>all an attack vector has to attempt is md5sums of dates pertaining to account creation data to get your passwords
You could literally just use /dev/*random for the same effect, and have it be nearly truly random.

>>61872949
Because I don't want to be locked out in a situation where I don't have access to my password manager.

Also, fuck you OP. Now I am thinking about situations where I don't have access to my phone for 2FA.

KeePass, checking in.

>>61873400
Fine, risk it, but don't come crying to us when you get royally buttfucked.

It's even worse that even your email is common.

>>61873428
Thanks for the tip Anon, will use this for future passwords. Though I think its unlikely somebody would use the method you described to get into my accounts.

>>61872949
KeePassX

>>61873438
>Fine, risk it, but don't come crying to us when you get royally buttfucked.
I had the same thing said to me in 2013 though everything is still going good. I think most of /g/ is just too paranoic.

I mean think about it: Has this royal buttfuck ever even happened? Except for that one online dating site and Adobe once a long time ago.

>>61872949
keepassxc.

>>61873113
This.
Pass is perfect, the dmenu integration way faster than any GUI-based password manager.

KeePass 2.36 :D

Site 1: R3al1yL0n6AnDc()mpl3XP4s5wor[)1

Site 2: R3al1yL0n6AnDc()mpl3XP4s5wor[)2

Site 3: R3al1yL0n6AnDc()mpl3XP4s5wor[)3

etc.

I only have to remember the master password and then the number associated with the website and my password is literally impossible to hack and without hacking one password they can't figure out my simple yet efficient system.

>>61873135
What do you mean?

sha256(realname + passphrase + sitename)
no need for a password manager, just need to remember the passphrase and the character used to separate the components

>>61873400
https://haveibeenpwned.com/
Big companies have data leaks all the time. If you use the same email/password for multiple sites you only need one site to get compromised and all your accounts are compromised.

>>61873428
Newfag to this, how does this work? Just trying to learn so I'm not one of those retards on /g/ arguing about AMD and Intel. Any books I could pick up to learn about this?

>>61873736
Newfag to what? Device files or random number generators?

password manager
now instead of needing several passwords to compromise your everything a theif only needs one such a great idea

>>61873772
Both. I just find documentation on them, maybe I'm not asking the right questions. Care to give a quick rundown? It's nice to actually discuss technology on this board instead of the constant shilling.

enpass
>free for /g/
>normies who "need" convenience pay which means active development
>offline unless you want it to sync
>isn't ugly
winwinwin

>>61873841
Not the guy you're responding to and I'm not a cryptographer, but I'll try to explain.

Linux and other *nix systems have a pseudo-random number generator in the kernel, and /dev/urandom is an interface to that. Hashing dates without salts isn't as secure because all somebody would have to do is compute the hashes of all possible date combos where someone could have registered (probably only a few hundred thousands), and then they would have the password. That's insecure compared to getting purely random passwords.

I wrote my own password manager in C#.

>>61873895
Makes sense, thank you.

>>61874160
>writing your own cryptographic programs
sploited within 30 seconds

>>61873005
This.
I keep my password encrypted Keepass database synced to the cloud and the accompanying keyfile always offline. So if a hacker somehow managed to break into my dropbox account and download my keepass database file, it would be impossible for them to get my passwords because my keyfile is never online.

>>61874229
Not using a 30 character random master password.

>>61874218
> C#

of course he's retarded
not even Python

>>61874229
How do you implement this? Also, why dropbox?

>using a password manager
>risking the chance an autist can pull all your passwords
>not using your brain
you deserve to get your shit pushed in OP

is there such a thing as a physical password manager?

>>61874475
>get pushed down stairs
>lose memory
>forget passwords to everything
>become homeless
>die

>>61874570
Not an actual _password manager_, but you can have physical PGP keys to encrypt/decrypt passwords and other things.

>>61872992
So it says on Reddit you created that account last year at 16:53.

$ date -d "last year 16:53" | md5sum | head -c15
cef7cf1ad3d813c

Lmao I instantly got your password.

so is enpass good, i only have like 10 passwords so maybe i dont need one

File: 1499298398253.jpg (100KB, 447x460px) Image search: [Google]

100KB, 447x460px

>>61872992
Holy shit. I like the simplicity. Going to switch it up but... Yes!

Any major flaws here if I go for sha512?

>>61874218
You can easily build a pw manager on top of PGP. Way more secure than bloat shit.

>>61872949
figaro, my first time using one, but it's on a live distro and i keep it on said live distro.

>>61873630
Lol let's say you're registered on 10 sites and I hack one site and find out you used this password:
>R3al1yL0n6AnDc()mpl3XP4s5wor[)7
What do I have to do to get into other 9 sites? I have try 9 other passwords.
So if your master password is discovered your password effectively diminishes to a single digit password: *
That's literally no better than if you didn't use this system at all.

>they can't figure out my simple yet efficient system
Of course they're gonna figure out. They're immediately going to check for deviations you might've made on an already known password.
Something like this:
>First character: R S T U V W X Y Z
>Second character: 3 4 5 6 7 8 9
>Third character: a b c d e f ... x y z
To check all single-character deviations it will take 32 * (26 + 26 + 10) = 1792 times to check i.e nothing at all

I'll give you that this is a good idea against casual hackers like your wife but it's useless against an automated program.

>>61873696
this

>>61873428
this

head -c 64 /dev/urandom | md5sum

>>61873391
>>61873422
>>61875190
Haha these posts are /g/ in a nutshell.
>hurr don't use md5 it has collisions that happen like 1 in 10^40
>but disregard the fact that checking every single second since 2001 literally takes only 500 million iterations.

>>61875609
I don't know how I quoted you anon but I actually meant to give a (You) to a nigger bellow you: >>61875221

>>61875621 Damn I did wanted to quote >>61875190 now, not myself.
4chan is too complicated for me. I'm going back toReddit.

>>61875621
Yeah, out the window with those ideas

>>61873548
This and syncthing for database syncing.

>>61872949
txt file
I'll probably write down my passwords in a notebook in Eylian Script and delete the file before I change Hd's in the future.

i just cat dev/random copy paste and reset the password every time i need to login again

>>61872949
A piece of paper that I keep safe.

>>61872949
No reason for a password manager. If you forget a password for a service, it means that service wasn't very important.

>>61872987
dys desu

>>61875609
You're truncating.
Might as well go for gold.

And it costs nothing to sha512 vs md5, it's just a user password. The answer is simple.

File: 1502375280849.jpg (15KB, 480x360px) Image search: [Google]

15KB, 480x360px

>>61872987
>>61872992
>>61873151
>>61873433
>>61875221
>>61877615
>>61877938
You are all so fucking retarded. Especially >>61873433 . Every password manager has apps for almost every OS now. I'm not kidding.

I hope you all get hacked. Especially you, >>61873433 .

>>61873153
meme

>>61878622
>i hope you get hacked

I don't use a (((password manager))), so that probably won't happen.

>>61874443
im not him nor do i use a keyfile but im pretty sure you dont have to implement anything. theres an option to do the keyfile shit in keepass itself. dropbox servers are the best cloud storage so i agree with using that

i myself have a remote server i can ssh into, use an encrypted zip file. so that means two passwords to get into my password list. three if you count the server

>>61878690
So I have the key and the encrypted password vault. I heard of uploading the encrypted password vault to dropbox, then decrypting using a local key. How would the remote server change things? Does the zip file contain your passwords or the password to your dropbox with the password vault?

>>61872949
I use 1Password because I trust them more than any OSS or free alternative, the browser and phone integration make the cost worth it.

Use a unique password for everything, that way if their server is compromised the rest of your PKI is still safe. To access the manager I have a unique phrase that I switch out when I feel like it. It's pretty internal business tool if you can eat the cost.

>>61878676
Woah, did not expect a bigger retard would reply to me.

Do you realise that there are password managers which are OPEN SOURCE?

>>61878888
Wasted quads.

>use password manager
>12 y/o rats you and steals your identity

No thanks, tardo.

enpass and rsync

>>61872949
KeePassXC

>>61872999
>>61873548
>>61877529
my mans

>>61878888
single point of failure

>t brainlets using password manager

Pretty easy

My password follows this pattern.

X1 0 X2 epeSOC

Where X1=X2 and both are numbers, so a password would be

101epeSOC
202epeSOC
303epeSOC
etc...
Impossible to forget

>>61878622
What about situations where I have to login on systems that I don't own?

Syncing the password database across devices is a pain in the ass. Trusting cloud services is a no-no.

File: genius_comic_meme_jigsaw_puzzle-rb018336ff07f4555b90cdc7e9fdb1c2d_ambtl_8byvr_324.jpg (15KB, 324x324px) Image search: [Google]

15KB, 324x324px

>>61879638
>Open KeePass on phone
>Enter master password
>Tap View password
>Type password across

>>61878925
> use same password everywhere
> Why did I get hacked
Ok.

but, for example, with KeePass:
> use *different* passwords everywhere (> 20 characters, special characters, etc.)
> Use a super strong password (>20 characters) that you only have to remember once (Master password)

It's like you want to say not using a Password manager is safer.

>>61879638
This: >>61879899

>>61879638
Create your own cloud with Nextcloud like I did.

>>61879443
Unsafe.

>>61878622
How do you store passwords?

>>61873400
see
>>61873716

People have compiled big password databases you can rent for cash.

>>61873381
>attacker can read local files
>>you fucking lost already
>attacker can't read local files
>>why are you worried about your passwords file ?

sqlite3 and a bash function to query it. No specific pattern for making passwords.

>>61873696
Kerchoff's principle. The enemy knows how you enerated the password. If you're serious about security, the only thing to crack is your passphrase.

>>61874218
He didn't say that he wrote the crypto code himself.

>>61874620
>get pushed downstairs
>die
much better

File: 1414919313242.png (276KB, 518x428px) Image search: [Google]

276KB, 518x428px

>>61872949
A .txt file that I printed out.

>>61872949

bitwarden

an ACTUALLY easy to use libre password manager

>>61872987
Brain for super secret passwords and sites I need to login to from many places. All different.
Same password for things I don't care if someone logs in as me and when i need to have access from many places
Password manager for random websites, and any website I'll only use on my desktop

I started using one of those passwords that some websites automatically assign to you before you can change it to your own. I don't even know if it's any good or not, 10 letters 2 numbers

>>61872949
lastpass

>>61880681
KeePass.

Maybe because I have a fucking brain with the capacity to remember my own passwords unlike you autistic dumbasses.

File: 1493959652990.jpg (7KB, 250x228px) Image search: [Google]

7KB, 250x228px

>>61881444
You can't remember a 4096 character password, anon.

>>61881471
Neither can a website

File: 1495386758697.gif (428KB, 360x360px) Image search: [Google]

428KB, 360x360px

>>61881489
Yes they can.

>>61881513
dumb frogposter

>>61881444
How many passwords are you using? I try to keep unique and decent quality passwords at least 1 for every 2-3 accounts.

File: 1489936636995s.jpg (2KB, 107x125px) Image search: [Google]

2KB, 107x125px

>>61881678
~250

>>61881693
uh huh

>single point of failure
>makes you dependent

I never got compromised in the 20+ years I've been online. I'll do fine for the next 20.

LastPass

Explain why sentences aren't superior passwords.

>>61872949
keepassxc

>>61873659
look it up motherfucker, your attack surface is huge

>>61873428
Never use dev/random, only urandom for cryptographic purposes. /dev/random is pseudorandom while urandom uses physical entropies to generate genuinely random bits.

Pass + rofi-pass

>>61872949
my own shitty script in Python

>>61883583
I thought it was the opposit.

>>61884230
You might be right, I've been drinking a lot. In fact I think you are, urandom won't block when you make a request.

It should be easy a fuck to write your own password manager simply using the coreutils.

>>61872949
I don't trust a password manager to keep my shit safe, so I come up with really long lines from stuff I like, throw in some entropy, and laugh as I have something memorable that has to be backdoored to be accessed by anyone else.

>>61878622
retarded for memorizing all my passwords? kek try again brainlet

>>61872949
NSA/CIA/FBI/ETC doing stats on how you manage your passwords, DONT REPLY

>>61880569
I don't use the same password everywhere, that's why I'm safe, if you use a passwod manager and your computer gets compromised, they get all of your passwords, not just the ones you used since you were compromised. Nobody uses password managers, stop shilling that stupid shit here.

>>61884630
I just memorize them, but I feel that I could use a better solution in case I need to memorize more.

>>61872949
iCloud

If you use anything more complex than pass, remember that it's bloat.

http://passwordstore.org/

>>61874475
I don't use one, I just want an alternative to memorizing them.

>>61872949
Keepass because I don't trust cloud hosting with my passwords. And then I sync my password db with dropbox cause I'm a retard.

File: 1465962094836.jpg (159KB, 1280x538px) Image search: [Google]

159KB, 1280x538px

>>61872949
>trusting anything but your brain or a notepad with your passwords

>>61872949
>trusting your passwords to a program you didn't write.
wew

File: IMG_20170810_201910.jpg (82KB, 1219x1280px) Image search: [Google]

82KB, 1219x1280px

pass

>>61880790
They'd also need to know my full name (I don't have any sort of social media footprint online whatsoever and there's no way to tie any of my usernames to any real person other than my gmail address which i only use for sites like paypal/banks/amazon and has no relation to my other usernames, and my middle name(s) aren't included anyway), the passphrase (which is decently secure itself), what "sitename" means in this context, and what character is used to separate the components in the input string.

An example would be something like "JohnAlanDoeG*GAys*dUuma1d=CGwwwgmail" where "John Alan Doe" is the name, "*GAys*dUuma1d=C" is the passphrase, "wwwgmail" is the site name, and "G" is the separator. It would produce the password "74a86c4e499cc8375900232a89ae27abe595196b3d32f0edd750ff0874dc1baa"

Of course no password system is secure on its own, and should always be combined with things like 2fa where possible, but my system would protect against the most common way of accounts being compromised (one site's information being leaked and using the same passwords on multiple sites) by providing a way to generate very unique passwords for each site that are very difficult to bruteforce. You would have to know a lot about me and my system to even have a chance of breaking the system, which is out of reach of all but the most dedicated crackers and I don't have any enemies like that, and as I keep all my online identities separate they would only crack the site they know me from without even knowing what other sites I use.

I'm not claiming I'm invincible but this system is like a password manager but without the requirement to actually have a password manager which may or may not be portable and I don't have to physically store my passwords anywhere.

>>61872949
Keepass.

>>61873540
>Has this royal buttfuck ever even happened?
see: haveibeenpwned

>>61874475
>not using an encrypted OFFLINE password manager saved on your again encrypted hard drive, for the offchance of happening to forget some pass ever
I cant trust my brain to remember a password I made in 2007 on an account that I access once a year