PASSWORD MANAGEMENT THREAD
ITT: We discuss techniques to manage passwords in a more efficient way.
Do you use KeepassX?
How do you manage your most important passwords, such as Social Media (including E-Mail service)?
How do you choose your passwords?
Do you use a "master password"?
Other urls found in this thread:
hi nsa
right click .zip and e-mail them all to -> [email protected]/* */
master password: obamasdildo
I wrote a simple password maker on a unconnected ubuntu laptop.
Then i used it to generate all my passwords.
I write them in a book i keep on a shelf close by.
you're not welcome here
...
emerge pass
/thread
...
Gonna bet he uses Fedora or Ubuntu but put emerge just to fit in.
/thread
roboform. yes its botnet, but if you guys want to live in a wood without internet access+live on a vegan commune +work for $/Euro £. And never travel outside the usa/eu ,wherever you live then the government knows about you anyway "tinfoilers"
Use a memorizable password algorithm, it's better than a password manager.
KeepassX
with the database file living on an encrypted USB stick
backup existing on an old, unconnected laptop
...
You can't avoid "botnet" completely but that's no reason to stop caring. There are plenty of quality libre password managers.
A lot of botnet is worse than a little botnet.
Why not just memorize some of them or write it down and keep it in a very hidden place?
cd /usr/ports/sysutils/password-storemake install clean
sha256("secretmasterpassword" + "google" "goodgoy457" + "2016")
this is the best way to generate passwords. prove me wrong. protip: you can't
That's a neat idea.
Liked, friend! Retweeted! Hearted! +1 +1 +1 +1!!!!!!!!!!
I store my passwords in a file called passwords.txt
Very few sites will accept a password as long as a SHA256 hash.
Also, aren't hashes usually composed of pairs of hexadecimal numbers? So, no special characters, and each digit/letter will be 0-9 or a-f.
Given that many sites will truncate your password to 16, 12, 10, or even 8 characters, and there are only 16 possible values for each character, that seems not good.
Also, plenty of sites require at least 1 special character in a password.
Sorry, but your scheme sucks.
haven't you read the protip?
dd if=/dev/urandom|strings|tr -dc "[:alpha:][:digit:]"|fold -w 25|head -n 5
can't tell if you're serious or not but that's exactly what I do
printf "%.32s" $(openssl sha256 -binary
Things you didn't mention in your post and which make a SHA256 hash even longer and more useless for this purpose.
...
Almost all do.
Maybe to generate passwords, but wasn't the thread about storing them?
this is fucking stupid
addendum: storing passwords anywhere but your brain is fucking stupid
You're retarded.
no u
what are you going to do when you dont have access to where your passwords are stored?
Goddamn this place has turned to shit.
Here I was hoping it had gotten better.. but it's even worse.
ri.p 8/tech/
I'll never not have access because I backup stuff and am not a real retard.
The real question is what will you do when you forget your passwords because you were oh so much better than us password manager chumps?
or how about when their password manager software/site hosts are backdoored?
They're setting themselves up for failure.
pic related
i derive my passwords from a masterpassword.
i have to remember the exact same amount as you password manager chumps without having to backup shit.
keepass + keyfile + 72 character length password
use SFTP or usb on lan to move it too and fro computers, phones, etc.
I try to always have a 72 random character password.
I use different methods for entropy.
Some passwords are words based (~ 7 words, not 72 characters in length)
"@kilo epsilon niner twenty mexico bravo cheerful forthy)"
or computer based from /dev/urandom
"rhz3Pqoa5I7aT2r43ZGw2haGn0QS9zsi26TjifHuJXZiQfeo1pucAYJTFnTMI6Zr5D4l81zc"
Every so often I change them, I use a coin to determine if account "x" will stay as is or I will use the alternative method to create my password.
This is not ful proof but I feel it works for me. if someone is getting into my accounts, they are going to have to think on their feet.
I also enable 2 factor auth when possible.
the problem with you solution is you have to remember a master password + a counter for each site.
in the event that your accounts are compromised or if you want to change a password.
a way to circumvent it would be to use a master password + master counter, in where you chance all your passwords when you need to change one.
if you do that latter, that would seem pretty secure.
only problem left is server side as far as "how did they hash your password"
...
A pen and paper cleverly hidden is the only good way to store ones passwords. Plus since you don't have to worry about remembering all of your passwords offhand, you can focus on making more secure passwords.
Well you made your bed.
?
I was addressing both of them at the same time
but what do you have against deriving passwords from a masterpassword?