In light of all the (recent) public hacks and their leaked passwords (e.g. Ashley Madison http://arstechnica.com/security/2015/09/new-stats-show-ashley-madison-passwords-are-just-as-weak-as-all-the-rest/ ) it's time to get yourself a password manager, /g/.
Seriously, this is getting retarded. Stop reusing the same password over and over again for your Web sites, or slight variations thereof, because you're too lazy to get you shit together!
Some popular *open source* password managers:
KeePass
Password Safe
Some proprietary alternatives:
LastPass
1Password
Also password manager general, if you will.
>>51466753
....i should change my passwords...
I use a piece of paper.
iCloud Keychain
>password registration at work
>enter your password
>toarukagaku
>must contain a number
>t0arukagaku
>must contain a special character
>t0@rukagaku
>too short
>t0@rukagakun0r@il9un
>can only contain one special character
>t0@rukagakun0rail9un
>must contain capital letters
>t0@Rukagakun0rail9un
>must contain more than one capital letter
>t0@RuKagakun0rail9un
>password is too long
>t0@RuKagakun0rail9
>password is too long
>t0@RuKagakun0rail
>password accepted
i swear i've never seen "must contain more than one capital letter" before until today. it's my first day working upstairs at a department store, not the fucking CIA headquarters
>>51466891
Haven't you learned anything? Have your password manager generate one for you, that meets the requirements, and with much higher randomness. People really suck as an entropy source.
>Password is literally whatever
>When people ask me for my password as a joke, I say "Oh, just type whatever"
>The standard warning on the first sudo
>"whatever"
1Password. But more importantly, i have 2 step auth turn on on every site that supports it
Dashlane
inb4 >xkcd
>>51466891
topkek this might be helpful:< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c24
Copy and paste it in a text file, save it as .sh and run it from the command line. Generates a 24 chars long randomized password, replace the number 24 with any length you need.
>>51467705
Nice. But things may still get ugly, even though you're using 2FA. Take LastPass for example: http://www.martinvigo.com/even-the-lastpass-will-be-stolen-deal-with-it/
In their defence, LastPass did seem to take this very serious and solved most if not all vulnerabilities by now.
>>51467733
Useful for these select few password you actually *need* to remember, such as your master password you use to unlock your password manager. For everything else, generate them using your password manager.
>>51467822
i guess the only way around all that is if i had a unique pass for every site, and kept them all in a book somewhere. I'm not willing to sacrifice convenience though. 1pass + 2FA is an acceptable level of risk to me
>>51467705
>proprietary pwd manager
It's like you want to get your accounts stolen.
Do you have a phone? write your passwords in a text file, save it and encrypt it with a password that you will never forget. When the need to use one of those passwords arises, take your phone, enter the password, find the password you need and enjoy.
>>51467942
i trust proprietary stuff more than a bunch of degenerate losers making an app for me
>>51467942
>Do you have a phone? write your passwords in a text file, save it and encrypt it with a password that you will never forget.
that is exactly what 1password is.
>>51467855
>Keeping passwords in a book
No, not without encryption, or everyone can read them. You also need your passwords outside your home, so that means you need to take your book with you everywhere you go. You see where I'm going with this?
>1pass + 2FA is an acceptable level of risk to me
That's fair enough.
>>51467966
>i trust proprietary stuff more than a bunch of degenerate losers making an app for me
enjoy your negative bank credit m8.
>>51468014
A professional software company steals all your passwords and money: Your fine, there are laws protecting you.
A bunch of losers who thing they know how to code make an app, and steal your passwords and money: You're completely fucked
Password managers are retarded. Read a memory book and make your own passwords
>>51468053
>still talking about apps
>he didn't even understand my post in the first place
if you say so, Expert-sama...
>>51468092
so you are talking about a text file and password protect it? That is a significant step into the dark ages compared to a password manager with extensions and stuff
>>51468053
You mean apart from the agreement not to sue or take legal action against the company that you agree to when using the service?
>password managers
Just use Supergenpass
>>51466753
I dont need a password manager. all my passwords are GOD
I just use my head to remember all my passwords.
I am extremely smart so there is no problem
>>51468139
Sorry but I'm a kuk and I like when chinese hackers fuck my shit up.
I use a base password:
(ClP83 [xX] 5:kLw29 [Yy] Po04w3
Then depending on the site I use, I change what is in the square brackets to:
x= last letter of domain, shifted 6 letters to the right
X= numeric value of penultimate letter of domain +1
Y= numeric value of second letter of domain - 1
y= first letter of domain, shifted 6 letters to the left, in caps
So my Amazon password would be:
(ClP83t165:kLw297UPo04w3
I change the base password every 6-8 months, as well as the algo.
Never have to remember a single password, nor do I have to use a password manager.
>>51468211
Kek
>>51468211
Good luck spending 5 minutes of your time figuring out your password every time you need to log in somewhere, faggot
>>51466753
how is kaspersky's built in password manager?
>inb4 i use an antivirus
>>51468208
never happened with 1password as far as i know
>>51468211
So what you're saying is that someone who grabs one of your passwords can get into all your accounts?
No thankyou
>>51468245
Is that an "I'm impressed" kek, or a "I have the utmost disdain for your methods" kek?
This of course is not my real base password, nor the algo I hse, and was given as an example.
Entropy the hell out of it for real use.
>>51468250
>not knowing the alphabet.
> not knowing how to do basic mental arithmetic
It takes me 15-20 seconds to do this for sites I dont visit regularly, or for passwords I havent used more than a couple times.
>>51468309
That would only be possible if they figured out my algo.
Even if they got multiple passwords and knew what services they were for, noone would waste their time trying to "decompile" my password.
Even if they did, I use 2-step on my critical data, and have a couple tricks I use to detect unauthorized attempts.
I used to use "hi" as a password. It was amusing in games that prevented you from saying your password
>>51468274
No 2FA.
No import/export or backup/restore.
Not open source, therefore security through obscurity.
>>51468211
This is not how you do crypto, anon. Shame on you.
>>51467727
This. The mobile app and browser plug-ins are amazing and the auto fill makes registering for sites so easy. Problem is I feel I'll get too deep into their ecosystem and have trouble migrating if I ever need to.
>>51466753
password-store (pass) is the manager to go, if you use terminal a lot.
>>51468337
>That would only be possible if they figured out my algo.
No.
If they would get 2 of your passwords it would be simple to brute-force only 4 letters that are changing.
The best password ever is : espace
>implying if I told you my WPA key you could hack my network
keepassx
>>51468981
How exactly would they bruteforce passwords when most services will lock your account after 4-8 unsuccessful login attempts?
>>51469033
Haha, good one.
Major websites only, and not even all of them.
>>51468949
Thanks senpai, I didn't know this one yet. Interesting.
>>51469255
Do they seriously replace f.a.m. with senpai now...
>>51469286
>He doesn't know
baka desu senpai
>>51469286
yup...
f.a.m -> senpai
t.g.h -> desu
>>51466753
>There's an app for that
It also includes a built in password generator, manages your certificates, GPG Keys, SSH auth, you name it. It also has a neat secure notes feature that can store sensitive personal info.
It is all encrypted of course with 3DES( 2^112) and can be synced to other devices via Wi-Fi effortlessly. No cloud involved.
>>51467822
2FA issues aside...msecure?
>>51469343
Wouldn't know for sure, but I dislike proprietary software when it comes to cryptography. I don't believe in security through obscurity.
>>51468211
I do something similar but strip out alot of the autism
>>51469491
Never do your own crypto. You'll fuck things up so bad it'll make your head spin.
>>51466753
>have 4 different 10-20 character passwords memorized
>sometimes use a combination of them
>the worst part is getting the right mix
Done.
>>51469896
You're killing me.
>>51468194
123456789
http://www.passwordstore.org
>>51467980
How do I encrypt a text file?
>be me, bottom of the pile
>get special use laptop
>password is 14 characters, crap I'll look it up everytime
>decrypt password is special characters and only the letters is the word password with matching l33t characters
I start a lot of shit battles at work, but I didn't even know where to start
>>51468194
mine is sex
I think I might need to change some PWs.
I just use a number as a password,
and then add some letter and if I need special characters I add them at the end.
like 42088693111222333444huJ@
how safe would that be? I can easily recognize numbers and so I can create long passwords. Of course I won't use numbers likenbirthdays etc.
Keepassx
>>51466753
KeePass works on everything
>>51470084
But is it good?
>>51470182
GPG
>>51468211
lol one good shag would knock that out of my brain
>tfw not getting any atm ;_;
>>51466753
I'm actually required to use KeePass by work.
>>51472379
Just your department, or the whole company?
>>51472440
Meh, we sub contract tier 2 and 3 tech support plus we have a Geek Squad competitor. From my end, it's the whole company. From your end, it would seem like my dept.
For generation, one thing that works well is:shuf -rn${1:-10} --random-source=/dev/random /usr/share/diceware.txt | tr '\n' . | cut -d. -f-${1:-10}
Keepass works okay for management. It's not perfect, but it's probably fine as long as no-one gets write access to your device (and if anyone does, all bets are off anyway).
For anything actually important, I have used GnuPG/SSH keys held on a smartcard, although I'm about to switch to a new one when the design and implementation is finished (Ed25519 and Ed448!).
my password reuse is shockingly bad and i'm a retard and i'm gonna go unfuck it right now
thanks /g/
>>51466936
People are the only St source of entropy.
uewhbsusbsbshshszmakallr926;'+#!#-#+#!*-2?@;&°[~℅£{£[[+*:-*;*-#+#;#+*!*72+!#:666°€=|°℅€°¢
There... So random
>>51474977
Was looking into getting a smart card for my keys, where did you get yours?
>>51475021
That's hardly random. You start with a consecutive string of lower case of no more than 12 different characters, with much repetition and recurring patterns. You then add a few (again consecutive) numbers, followed by a lengthy (again consecutive) string of symbols, two numbers, symbols, numbers and symbols again.
There's too much repetition, patterns and a serious lack of variation. You, sir, are a bad source of entropy. Just like me, everybody here, and the rest of the human race.
