>Logging into website
>Accidentally enter user/pass for another website
>>47545813
>not having the same login for everything
Pleb
>>47545844
low brain function detected
>>47545844
Can't tell if bait or g has really fallen this hard
>>47546008
What is the problem? Not him, but i have few usernames(like 6) and 1 password. Username is what matters.
>>47545844
>>47546111
real men don't need artificial security measures.
All my passwords are 123. Anyone who wants to fuck with me bring it on
I actually don't really worry about changing my passwords for shit.
There probably isn't anyone who wants to crack my passwords for youtube or some random forums.
>>47545813
If it's an account you care about, change the password.
Otherwise it's not worth the effort.
Why is nobody using password managers?
KeePass exists for a reason.
>>47546765
doesn't nearly everything enforce le 8 digits?
I've actually created my own 'technique' or 'algorithm' whatever you want to call it to generate my passwords.
I would take parts of the name for whatever I was registering for and autistically work out what the password would be. They were all like 25 characters and looked completely random.
But it got too annoying to have to recreate them
Now I just inject part of the site name and username into a string I have memorized, so I can create them much quicker and it's different for every site.
I have various strings that I use for different security levels.
>>47546973
>KeepAss
>one password to rule them all
Pencil and paper is all you need, anon.
>>47547024
Paper gets lost.
Tattoo it on your dick.
Nobody's going to see it there, that's for sure.
>>47546987
Most enforce *something* preventing "123", but it was kind of obvious he was kidding, wasn't it?
I was toying with the idea of an account creation process that basically worked the same as a standard account creation process, except that you could send a cURL request to an endpoint through a terminal where you basically "manually" request an account creation. Under *this* process, no password requirements would be enforced intentionally, because the thinking would be that anyone savvy enough to do the cURL request in the first place is probably savvy enough to know the risks they're taking.
I would of course have clear instructions (the endpoint, syntax, format, etc...) on the webpage, but I wouldn't give the person some text to copy/paste to make it TOO easy. It'd functionally act like a documented backdoor.
>>47546987
No, most places just 6 alpha chars. Passwords are fucked
>>47546991
>I would take parts of the name for whatever I was registering for and autistically work out what the password would be. They were all like 25 characters and looked completely random.
Uh, you know that's incredibly insecure, right?
It doesn't matter if your passwords "look random" or not, what matters is that they actually ARE random.
>>47546991
Are you literally autistic anon?
I feel like only a real autist could come up with this bullshit.
>>47547038
Passwords don't need to be random.
They need to be long and have no personal information or anything related to the thing the password is for.
>>47547052
Are you more worried about somebody guessing your password or brute forcing?
>>47547066
Brute forcing, obviously.
The amount of people that can guess your password is a lot smaller than the amount of people that can brute force your password.
>>47547052
>Passwords don't need to be random.
Uh...
Fuck, the entire POINT of a password is that it has as much entropy as possible, so that it can't be guessed by an attacker. If your password is constructed from just the site name, then an attacker can get in on the first attempt.
>>47546973
I really loathe the idea of a single password unlocking everything. I would much rather spend more human brain cycles thinking up a clever algorithm that I can just memorize and apply to every service I use. For example, at one point I used an algorithm like the first and last characters of each word in a sentence like
>My password for Netflix is this sentence!
so it'd be
>MypdfrNxistsse!
or whatever. Point being that it's long, has a mix of capitalized characters and lowercase, as well (potentially) as punctuation. And it's easy enough to remember and extend (Hulu? Just swap "Netflix" for "Hulu"). The only way this would be a problem would be if someone
1) wanted to break every account *I* personally had (ie, not breaking into LinkedIn, but stealing *my* identity), and
2) discovered my input sentence (otherwise they're just looking at gibberish as above and it might not be clear what the logic is).
At one point I used a character shift cipher as well (so A->B, N->O, etc...) so it wasn't even like you could pluck "Nx" out of the Netflix password. It'd be "Oy".
The only appeal I could ever see in a password manager would be a programmatic interface to *change* all of my passwords. When Heartbleed came to light, I realized that I had to scramble all over the fucking internet changing all of my passwords. Why the fuck don't password managers handle that much for me?
I could give up the security of an algorithmic password I can calculate in my head if it was a simple matter of clicking a single button to change/rotate all of my passwords. But it's not.
>>47545813
>go to website login prompt
>type login
>tab
>start typing password
>document.onLoad() fires, setting focus to username input
>half my password is now in the plaintext username field
>>47546111
What about all the websites that want you to log in with your email address?
>>47547086
It's like you ignored the second part of my post.
Oh wait, you did.
Random passwords are less secure because they're harder to remember, thus likely to be shorter, or you wont bother to make a good one.
Or you could just use a fucking password manager like a sane human being.
>>47547084
So have a random password
>>47547086
guy who made the post about constructing the passwords here
Even random number generators construct randomness from something. What matters is how obscure it is
and I don't think there is any way at all someone was going to guess how I did it.
But you're also forgetting that anyone trying to crack the password is not going to even know I used such an algorithem. Doing it the way I did isn't exactly considered normal.
Anyway, as I said, now I use a string that is actually random and unrelated to the site. I merely inject a few letters related to the site an my username just to add a little bit of variation from site to site.
I know it's not the most secure way, but it's definitely better than using a phrase with dictionary words, or having the password be exactly the same for everything
It's still 20+ characters and only 4 or 5 are even related to the site. I feel pretty safe
>>47547095
Get a better web browser
>>47547093
>I really loathe the idea of a single password unlocking everything
Your loss. You won't be able to do better than KeePass or similar manager, or even half as good. You're basically crippling your security because of a superstition.
You can even set it to require a key file in addition to a text password. You can also get a Yubikey or something, if you want something physical (although it's not really that much different from typing out your password).
>>47546765
I use 321, that oughta throw them for a loop.
>>47547120
Your random password just as susceptible to brute forcing as a properly constructed (<-pay attention to this part) non-random password, but much harder to remember.
Ohhh I know that feel. When you accidentally log in with your Microsoft password on your Facebook.
> botnet connection established
>>47547154
I don't need to remember my passwords. But if your passwords contain symbols and don't have standard letter runs like "gh" "qu", go for it
>>47547099
As a username?
That's fine.
>>47547102
I ignored the second part because it's flat out wrong.
The ONLY measure of how secure a password is is how much entropy it contains; ie, how "random" it is.
You can arrange that entropy into a memorable form if you like, but everything other than the number of bits of entropy is utterly irreverent to security.
>>47547128
>Even random number generators construct randomness from something. What matters is how obscure it is
Random number generators are assumed to be random. They're often not, but we build them as close as possible.
>But you're also forgetting that anyone trying to crack the password is not going to even know I used such an algorithem.
You can't possibly know that. Also, that's straight up security by obscurity.
>Anyway, as I said, now I use a string that is actually random and unrelated to the site. I merely inject a few letters related to the site an my username just to add a little bit of variation from site to site.
That's fine.
>I know it's not the most secure way,
Actually, the "known letters" don't detract from the security. They just don't add to it either.
>but it's definitely better than using a phrase with dictionary words,
Nope. Randomly picked dictionary words are still random, and using a largish dictionary will provide a lot of bits per word.
>It's still 20+ characters and only 4 or 5 are even related to the site. I feel pretty safe
15 characters at about 6.5 bits per character gives 97.5 bits. That's fine.
My only problem with password managers is that for them to be useful, I need them to follow me around. I sometimes log into some of my sites on other computers or from my phone and being stuck without the password manager means I can't log in.
>>47547193
>The ONLY measure of how secure a password is is how much entropy it contains; ie, how "random" it is.
>You can arrange that entropy into a memorable form if you like
You do realize that you're contradicting yourself.
Anyway, that's not what entropy means.
>>47547136
Is your KeePass password so much stronger than mine that it's fair to describe mine as crippled? I can easily arbitrarily change it with either a change in the input sentence or a change in the algorithm.
And none of my passwords endanger the others on their own. The KeePass password represents a lynchpin in your system. If that gets broken, you're potentially fucked to an unprecedented degree. If someone changes your KeePass password, you don't even have the passwords to the constituent services to try and "outrace" them to reclaim your accounts before those get taken down (not that you want to be in that position ever anyway).
>>47547129
happens in every single one i tried so far
>>47547193
I'm sorry but I'm just going to call BS on this
If my "constructed password" uses information like the number of strokes it takes for me to write a particular letter in my handwriting and various things like that all combined together, how the fuck is a computer going to have an advantage cracking that over a randomly generated string?
Without a large database of my constructed passwords to use to figure out the pattern such a constructed password is no different to the cracking program or person, than a completely random string would be.
>>47547239
That's what backups are for
>>47545844
>>47545813
Site owner here, can confirm I have a bot that searches for username/email matches on other sites and attempts all passwords entered.
>>47547226
>You do realize that you're contradicting yourself.
How so?
Entropy is a measure of the number of possible passwords that could be constructed by that method. If there's only one password (eg you're rearranging the site name), then you have ln2(1)=0 bits of entropy. But a 100 bit password is just as hard to break if it's make of 10 selections of words from a list of a thousand, or 100 selections of the letters 'P' and 'N'.
>>47547239
KeePass is a local program, you keep the password database file on your system, and you keep an additional key file somewhere else on your system (or a thumbdrive if you want). It is much harder to compromise. People can't lock you our of it if you have a backup.
Also, your passwords might be as good as whatever KeePass generates, but the point of failure in your system if you (you forget, you don't keep up with password rotation, you get lazy, etc.), while KeePass can be configured to be really strict with you, and improve your security.
>>47547066
>>47547052
>>47547084
>>47547086
Length > brute forcing
random string > humans
>>47547030
>anon, could you just check your mail quickly to see if you got the document?
>...anon, what are you doing?
>>47547276
Backups of what? Your KeePass password? Are you saying that multiple passwords satisfy KeePass's requirements for it to give someone entry to your comprehensive database of passwords?
That's the opposite direction of what I want.
Any password avoiding the obvious traps (short, dictionary words, all lowercase, etc...) is necessarily sufficiently complex that nobody will crack it in a reasonable timeframe.
Yours might take until the heat death of the universe before current tech can break it, but a password like "MypdfrNxistsse!" would take 18 billion years to crack anyway.
Life on Earth will end billions of years before either password gets cracked, unless some technology emerges that makes *everything* trivial, in which case everyone is pretty much equally fucked.
I just write my passwords on a sticky on my monitor
literally nobody will ever find that, since I has no friends.
>>47547291
this.
correctbatteryhorsestaple is longer and thus harder to bruteforce.
random string is harder for humans to remember.
