you don't know shit about password managers, do you ?

>>55503974
Only true for pw managers stored in 'the cloud'
The cloud is the real meme

>>55504004
not OP but i share his opinion.

Instead of having to figure out where someone goes to on the internet and try and hack their email account, then reset every password, (if you're lucky) you now need to crack one password and you get everything you want to know. a full list of websites, usernames, passwords. all behind a single line of defense.

>>55504025
and how do you get the database if it is not in the cloud ? he posted keepass logo so i'm assuming we don't talk about closed source cloud memes

that xkcd comic with the 'drat! he's using jigabit n-word encryption! we have failed to crack his system' vs 'hit him with this wrench until he talks'

only replace 'encryption' with 'password manager'

also i suppose they would just subpoena ebay or wherever instead of breaking into your storage and somehow obtaining your passwords and shit

also i'm gay and think about dicks and balls in my mouth

>>55503974
*tips tinfoil hat*

Whoever hacks you can get all the places you go, password manager or not.

Or you know, use a keyfile on a USB stick (back this up too) and even if they hack you they can't get your passwords.

>>55504025
>a full list of websites, usernames, passwords. all behind a single line of defense.

And they all tell a big picture about the kind of person you are.

The bank you go to, the credit card accounts, the shady forums, the multiple emails, the piracy memberships, everything incriminating you in one database.

>>55504336
Whatever method they use to get your master password can also be used to collect all of that other crap anyway

>>55504336
One offline database, yes. Whats your point?

>>55504025
If someone can crack your email account they will probably be able to figure out most of the sites you use anyways. Every site sends you an email at least once. Password managers are strictly better than any alternative security-wise.

>>55503974
Do you read that as Kee Pass
or Keep Ass?
Just asking...

>>55504350
Don't centralize info, especially in a way that can be accessed digitally.

>>55504369
>I don't understand what capital letters mean
>I'm a retarded /b/ memer who sees sex in everything because I'm a chronic masturbator and degenerate.

There is malware that targets password managers.

>>55504523
good

>>55503974
I agree. Keeping everything written in a small notebook is much better.

I have a notebook for my passwords.

>>55504322
>256 bit enc
>long af passphraase
yah nah

>>55504060
>and how do you get the database if it is not in the cloud ?

Your personal laptop is easier to access than Lastpass' servers once it connects to the internet.

http://arstechnica.com/security/2014/07/severe-password-manager-attacks-steal-digital-keys-and-data-en-masse/

>>55504345
>Whatever method they use to get your master password can also be used to collect all of that other crap anyway
This. The only true safe way is to -only- login to critical accounts on a clean system which you use solely for this purpose and nothing else. This of course doesn't protect you if they gain physical access, but nothing does in that case.

>>55504538
>>55504542
This

>>55504538
>>55504579

b-but mom might find the notepad and my login details for porhnhub and sandpanda....... FUCK MY LIFE!!!!!!!!!!!!!!!!

If they already have access to your local password manager
database, you've already lost, as they have access to your
machine.

File: 1465768226104.jpg (32 KB, 456x384) Image search: [Google]

32 KB, 456x384

>>55504615

>Not having an algorithm that only you know that gives the right page for the right password

for shame, anon.

>>55504632
>if they already have access to your machine, then you've already lost
>that's why my passwords.txt is okay

Fuck off, idiot

>>55504646
learn to read anon. a password manager database is password-protected

>>55504537
http://arstechnica.co.uk/security/2015/11/hacking-tool-swipes-encrypted-credentials-from-password-manager/

>>55503974
>2016
>having "password" as your master password of your password manager
>not having self destruction after X amount of false password entry enabled

>>55504661
Learn to read yourself, faggot

You haven't already lost, like the dipshit implied, if they have access to your machine BECAUSE the database is password protected

You literally win

>>55504676
>one day not feeling the best
>incorrect password
>forget caps is on
>incorecct password
>turn caps off
>incorrect password
>incorrect password
>notice num lock wasn't on
>incorrect password
>database deleted

Yeah sounds great, sure do like having a way to lose absolutely everything all at once

>>55504693
>not having more than one DB in separate areas.

>>55504693
>not having an automated backup

>>55504693
>being this tech iliterate
please leave /g/

>>55504706
>>55504707
>having a backup
>defeating the point of having the database deleted

Top fucking kek.

There is nothing stopping them from ripping a million db copies from your dropbox or whatever meme shit you use, or duplicating it before even attempting

>>55504680
but anon I was arguing in favor of password managers, the OP is implying that they are bad because they centralize all passwords.

Even if the database is password-protected, if someone has access to your machine, they can install a keylogger to get that password.

It's all about your threat model, and password
managers are about protecting you from shitty
webpages are easily managing your information,
but they don't do shit agains local attackers

>>55504715
>>55504716

Get fucked low-iq subhuman

What is copy+paste

>>55504716
>having a DB in the cloud

>>55504732
If they have access to your db then they can duplicate it, cloud or not, and have infinite attempts, faggot

You've been blown the fuck out, leave the thread and disconnect your internet

>>55504557
How is my personal computer easier to access if i use "common sense 2016" ? you know it's literally impossible to access another computer without a little help from the owner.
Plus why would anyone put all the work to access my personal computer ?

>>55504745
>letting them have access to your DB
Are you even in security mate?

>>55504717
>keylogger

Keyfile.

>>55504765

The entirety of this discussion was about what to do when someone gets access to your password manager.

You're a fucking idiot. Bye

>>55504790
Password manager != DB Files

Are you even into information technology?

>>55504790
And the answer was you've already failed of you allowed that to happen. What more is there to discuss?

>>55504615
>underage
Just encrypt it like >>55504633 said

Don't let them have access to your DB. Don't use a cloud service. Don't use a retardedly easy to guess simple password. If your DB gets compromised just change your passwords so even if they do crack it, it will be useless to them.

File: Reddit-Online-Abuse[1].png (87 KB, 736x622) Image search: [Google]

87 KB, 736x622

>>55504803
You need to go back to your fellow autists.

>>55504813
No faggot, the answer was that having a password that deletes the database after X attempts is an absolute failure of an idea

>>55504828
>realises he has lost an internet argument
>better insult everyone

>>55504835
>lost an internet argument
>when I was right and unrefuted

>believing in internet fights

Fuck off reddit

Who the fuck is stealing your guys' computers?

>>55504843
kek dude
please leave /g/ forever and never look back

>>55504790
Lol btfo

Then don't use it to store important accounts, just use it to sign up to websites

File: 02af19e290f66a266d19d0910683a5f6[1].jpg (55 KB, 640x640) Image search: [Google]

55 KB, 640x640

>>55504888
Stick to /b/ or /pol/ your pathetic faggot, your "trolling" needs some work if all you can come up with is this basic shit

>>55504706
>>55504707
This is the dumbest shit I've seen on /g/ today

I use KeePass, but I use a unique password that is over 40 characters long. Gotta keep up that entropy, Boy'O.

>>55504922
I never had sex nor touched a vagina even remotely.
I'm 34.
Who's more into information technology now?!

You should stick to whatever shithole you came from.

>>55504752
>you know it's literally impossible to access another computer without a little help from the owner.

Tell that to anybody in security so they can laugh.

>>55504930
>not using a keyfile

kek

>>55504930
>not using a 64 character password
Err..?

>>55506161

I use a 70 character numeric password which is a combination of seven 10 digit phone numbers I've used in my lifetime in a specific sequence, it will never be broken so whatever.

>>55505260
tell me how, without javascript or physical access

I'm glad somebody finally said it. Password managers are a mistake.

>>55503974
I love running into those during pentests, it's like finding a Christmas tree fully stocked with presents.

>>55504384
If someone found a way to access my pc, my online accounts are the last thing I worry about.

>>55504558
>2014
>The researchers examined LastPass and four other Web-based managers
>web-based manager

>>55507571
If you run Windows, anybody can access your PC.

>>55503974
i write my passwords down on my small book, and keep im my safe whenever i need it really. using software for this is kinda dumb to me.

>>55509054
So if I use Linux, a non-cloud password manager, and only use reputable websites like 4chan, I'll be able to shitpost comfortably?

>>55510431
I'd just like to interject for a moment. What you’re referring to as Linux, is in fact, GNU/Linux, or as I’ve recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.
Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called “Linux”, and many of its users are not aware that it is basically the GNU system, developed by the GNU Project. There really is a Linux, and these people are using it, but it is just a part of the system they use.
Linux is the kernel: the program in the system that allocates the machine’s resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called “Linux” distributions are really distributions of GNU/Linux.

>>55510431
yes

>>55503974
Keep ass

>>55506757
two people hacking at once

>>55506526
>sequence of personal phone numbers
>having any entropy
lol

>governments

Do you really think the gov needs any help from password managers ?
They can compel any company on their soil to hand over your information.

>>55511348
To clarify: if someone is able to find phone numbers associated with your person, your password could have as low as 12.3 bits of entropy.

nah shut up cunt.

you getting hacked is on you anyway, maybe stop downloading sketchy porn you degenerate fucks

>>55504025
>you now need to crack one password

Good luck with that. First you'd need access to my password manager's database container, which I happen to keep on a encrypted hard drive. It's never in cloud. Oh and you'll need a key file, too. I wonder what file I chose for a keyfile out of hundreds of thousands of files I have.

Yeah and my database manager password is over ten utf characters, including but not limited to @'#%_ and letters.

>>55503974
>i want the netsec meme to end

I wonder who could be behind these posts

>>55509054
how?

I don't understand this shilling for anti password managers. I really hope it's a bored kid, complaining about people not managing his passwords like he does.

>>55503974
I've always written my passwords on a piece of paper I keep in my desk

>>55509054
>unironically running windows
yeh rite

File: Untitled.png (42 KB, 408x546) Image search: [Google]

42 KB, 408x546

>>55503974
ikr

itt: tinfoils and pedos who think people use password managers to safeguard themselves from clandestine elements of the government

normal people don't even consider this when they decide to use a password manager

>>55511939
>password with only 10 characters
try 48 or more next time

>all account passwords consists of 64 randomly generated characters, with upper and lowercase letters, underscores, brackets and special characters
>password manager's master password is just 6 random words in all lowercase

>>55512729
it's crazy, you literally can't do any thing about the gov't.

gave up on that myself, just don't want some fucking chinese or ruskie hacker to get into my shit.

>>55503974
>p-p-please stop using cryptographic solutions to protect your information from prying eyes
Nice try FBI

>mfw this thread is full of people who think it's trivial to crack a password with 128 bits of entropy
>mfw there's people that think that "malware targeting password protectors" is some sort of amazing new tech when a simple fucking keylogger does the same thing if a user's machine is compromised
why is neo-/g/ so shit

>>55513311
Because of http://correctrecord.org/ and other similar groups.

Because it's summer and kids get later bedtimes and 4chan has been in endless September mode for a while now.

Because everyone's grandmother is on Facebook and technology doesn't require you to be smart enough not to require a drool cup now.

>>55503974
Good luck cracking my manager.
You better show up at my house with a baseball bat and cliche torture devices because you're not getting it any other way.

>>55513388
What the fuck did you just fucking say about me, you little bitch? I’ll have you know I graduated top of my class in the Navy Seals, and I’ve been involved in numerous secret raids on Al-Quaeda, and I have over 300 confirmed kills. I am trained in gorilla warfare and I’m the top sniper in the entire US armed forces. You are nothing to me but just another target. I will wipe you the fuck out with precision the likes of which has never been seen before on this Earth, mark my fucking words. You think you can get away with saying that shit to me over the Internet? Think again, fucker. As we speak I am contacting my secret network of spies across the USA and your IP is being traced right now so you better prepare for the storm, maggot. The storm that wipes out the pathetic little thing you call your life. You’re fucking dead, kid. I can be anywhere, anytime, and I can kill you in over seven hundred ways, and that’s just with my bare hands. Not only am I extensively trained in unarmed combat, but I have access to the entire arsenal of the United States Marine Corps and I will use it to its full extent to wipe your miserable ass off the face of the continent, you little shit. If only you could have known what unholy retribution your little “clever” comment was about to bring down upon you, maybe you would have held your fucking tongue. But you couldn’t, you didn’t, and now you’re paying the price, you goddamn idiot. I will shit fury all over you and you will drown in it. You’re fucking dead, kiddo.

>>55513416
Hello red dit

>>55513445
What the fuck did you just fucking type about me, you little bitch? I’ll have you know I graduated top of my class at MIT, and I’ve been involved in numerous secret raids with Anonymous, and I have over 300 confirmed DDoSes. I am trained in online trolling and I’m the top hacker in the entire world. You are nothing to me but just another bot. I will wipe you the fuck out with precision the likes of which has never been seen before on the Internet, mark my fucking words. You think you can get away with typing that shit to me over the Internet? Think again, fucker. As we chat over IRC I am tracing your IP with my damn bare hands so you better prepare for the storm, maggot. The storm that wipes out the pathetic little thing you call your computer. You’re fucking dead, kid. I can be anywhere, anytime, and I can hack into your files in over seven hundred ways, and that’s just with my bare hands. Not only am I extensively trained in hacking, but I have access to the entire arsenal of every piece of malware ever created and I will use it to its full extent to wipe your miserable ass off the face of the world wide web, you little shit. If only you could have known what unholy retribution your little “clever” comment was about to bring down upon you, maybe you would have held your fucking fingers. But you couldn’t, you didn’t, and now you’re paying the price, you goddamn idiot. I will shit code all over you and you will drown in it. You’re fucking dead, kiddo.

>>55513150
There's a fuckton you can do when you go into high assurance stuff: airgaps, data diodes, microkernels, smart cards...

>>55513837
suppose you are right

not something i would do myself

>>55511099
>i'm a loser

>>55503974
>Implying it's not offline

>Implying it's not encrypted database, maning you must be able to find the database in the first.

>Implying you can't create Muti-authenication using a key file, which can be anything in your operating system. Or create One time password to open your database

>Implying your master Password can't create long Hard to crack password which will take forever to crack.

>Implying you can't spilt up your database of passwords into mutiple files that require differnet password/keyfiles to each one.

>Implying you can't tie your password database to specifc OS user account/device. Meaning you can't unlock the database unless the password is used on the same device. If the User Account is delete, the files can't be access.

>>55512824
He said over 10 and not at most 10.

>keep my passwords in a text file on a USB stick

I'm probably pretty stupid but at least I don't give them all to some random company.

>>55504633
> the computing power of my brain is so powerful no computer can crack the true random passwords it generates

>>55507415
Please do tell how you trivially decrypt them. Or wait, you are running the same pentest since 1990?

I get that in a pentest you'd just try a password library to every database you find but I don't think anyone would focus on a single user's database and try to crack it. I don't think it's that trivial (I actually know it's not trivial).

What do you guys think of this idea:
Choose a master password, e.g. "^5f3nsi&%62"
Concatenate the name of the website/service to the end of it, e.g. ^5f3nsi&%62facebook
Run this through a slow hashing function like Bcrypt, and the result is your password.

You only have to remember one password, and you don't have to store anything anywhere. Just need to have a hashing program wherever you log in. How secure is this? More or less secure than storing a bunch of different, unrelated passwords in a password manager secured with a master password?

>>55503974
>2016
>using 3rd party closed source software
>not writing your own and using audited and vetted open source crypto libraries to store the passwords securely

>>55517576
like the OP's Keepass, which is open source
> yeah you sure showed us

>>55513388
It works when you open it yourself on a school or work computer.

https://github.com/denandz/KeeFarce

>I only have 2 passwords, one for email, and the other for some shitty hentai forum
Well, some of us have lives and jobs, and we cannot memorize over a 100 passwords. Password mangers are the most secure option there is.

Do you suggest I write them on a piece of paper and shove it up my ass then? I love how people here just criticize shit (shit they don't even understand) without suggesting any sort of alternative

Mods, can we please have some sort of age restriction on this website? Ask a question only an adult would be able to answer instead of captcha maybe? I really don't want to damage my brain by reading the opinions of 13 year old kids on technology

>>55517929
>>I I really don't want to damage my brain by reading the opinions of 13 year old kids on technology

If reading opinions of a 13 year old kid damages your brain, the maybe something actually is wrong with it.

I suggest you consult with a doctor. I'm saying this for your own good.

Jokes apart, just ignore the bullshit, don't let affect you. You could try explaining to kids with a rational answer. If they don't listen, screw them, they'll learn eventually.

You were a kid too once and you too were like this.

>>55518009
You're right, I reacted pretty immaturely there... I didn't do that when i was a kid though, I know those who did, but I knew to stay quiet when I did not understand what was being talked about

Sorry to OP and everyone, I wish you nothing but success in life, but I highly suggest you do your homework before sharing such strong opinions. You will learn more, and protect yourself from looking like a fool!

There's a lesson for me too, to learn how to control my temper.. It's easy to lose it when you're on an anonymous imageboard..

I can just torture you until you give me the password.

>>55512679
[] Hidden

:^)

>>55518815
I'll be too turned on to cooperate. Can we take turns?

>>55517539
It will be secure if they don't know that you're doing that. It also depends more on the security of the hash function I think. Overall maybe not a bad idea if you do it right, but it seems equally if not more inconvenient than a password manager.

Also, what do you do if you have to change one or more passwords? Will you change it on every site? A password manager will make it easier to keep track of that.

>>55503974
>2016
>not using an open-source password manager that you can audit yourself
>not using a password manager that is literally a bash script running gpg2, so you REALLY CAN audit the whole thing yourself
>not storing the encrypted password database on a private git server (optional, though nice for backups and syncing passwords between multiple machines), with ssh access only via RSA keys
If hackers/government are so hell-bent on getting my data that they can bypass and decrypt all that then I'm fucked anyway.

>>55519023
I'll torture your family, friends and dog instead.

>>55518934
You'd be amased how much of an obstacle this is for most people who try to get their nose into your stuff.

How would one find a person's location via phone number???

>>55519159
From the cell tower they connect to. (You) can't but large companies (like Google) have access to this data provided by your carrier.

Keep your db and key files in separate luks containers

Now what

Sure you could in theory root me, but that risk is a risk for every Linux system in the world

>>55519073
That's fine. Then it's my turn right?

>>55503974
>meme

Whats is it with you fucking kids? Everything you don't like is now automatically categorized as a "meme".

Idiots.

>>55517827
Bad opsec that

>>55517827

why would you open your database on any other device than your own?

I woudln't. I keep my database on my laptop and on my android.

>>55519063
>>not storing the encrypted password database on a private git server (optional, though nice for backups and syncing passwords between multiple machines), with ssh access only via RSA keys

oh this would be cool. I might look into making this happen. This would enable provisional rollbacks if something would be fucked up, right?

>>55513150
>You literally can't do any thing about the gov't.
>believing the govt propaganda
kek, any govt is filled with easily duped morons, they think recording all the things is useful ffs

code your own pw manager

>>55517469
I like simple things like surveillance footage or hardware key loggers, turns out not everyone checks for those every time. Also people tend to act dumb in stressful situations, so you press them a little and who knows maybe they just might open it from a compromised terminal. Encryption by itself doesn't guarantee anything, and when it comes to security technology won't help you, in the end it all comes down to training and discipline.

>>55503974
>What is a key file

There is no way to get past a well-configured Keepass.

You sniff the passwords like for any other app, but instead of one login you get all of them. Keyfiles are not an issues nobody use those.

>>55503974
I'm tired of using same 3 password for everything I'm just installing this and leaving my db in a dropboxfolder with a different name fuck you guys.

>>55504025
lel
so they'd need to get my hard drives and crack them and the encrypted container that has my database, to then crack the database password too?
wow so ez

>>55523925
i use a keyfile

>>55523925
>Keyfiles are an issue, everybody and their grandma use those.
fixed it for you

File: 1444870513584.jpg (32 KB, 604x604) Image search: [Google]

32 KB, 604x604

>>55504952
>>55504922
>>55504888
>>55504843
>>55504828
Anon BTFO
How can Anon even compete?
How will Anon ever recover?
Anon on suicide watch

Really entices one to ponder

File: mutio.webm (1 MB, 640x480) Image search: [Google]

1 MB, 640x480

I just use Keepassx