Password managers?

Discussion in 'Networking and Security' started by Scataphagos, Sep 30, 2016.

  1. For stronger security reasons, I'm considering using a password manager. However, I'm not up on how they work and one big potential problem I can imagine.

    So... how's it work? (1) Use a "randomly generated, strong password" generator. (2) Have your "password manager" keep track of all the pass words for you....

    What happens if the the password manager fails/gets corrupted and no longer functions. How do you get into your websites when you don't even know the passwords for each site?

  2. sprstpd


    KeePass is a very good open source password manager (and is free).

    You can make it generate custom random passwords. You can make it pre-populate websites with your password. It stores your passwords in an encrypted database that you can unlock with different methods (one being a master password). I use it all the time and I have no clue what my passwords are for any website. I just let it handle the details.

    If your database file becomes corrupt, well then technically you are screwed. However, most websites have password reset options, plus you can store your password database wherever you like as backup. You'll probably want to do that. But essentially, if your database becomes corrupt (and you have no backup) then it is as if you forgot your password for every website in existence.
  3. userque


    With LastPass, you can backup the passwords etc. locally.
  4. Surgo


    Hey, a question about the field I work in!

    I strongly suggest using a password manager. They will generate true random passwords much longer than you can personally remember, and they will ensure that you use a different password for every site (this is extremely important). In terms of risk management, the risk of your password manager having a security issue that exposes your passwords is far smaller than the risk of you having a security issue that exposes your passwords.

    I personally use LastPass.
  5. SumZero


    Is it ?

    I can understand that an hacker will have an easy job hacking my PC/mobile/tablet when compared with a password manager, BUT a password manager will, no doubt, suffer many more (and better quality) attempts from hackers.

    I guess that I'm not under constant attack but no doubt that a password manager will always be under fire. That's something where most hackers want to put their hands on. So, I'm not sure if the probability is lower for them than for an individual.
  6. Unless a hacker knew/suspected hacking your account could lead to a big gain, why would one try especially hard when there is so much other low hanging fruit? Wouldn't hackers spend their time and effort on easier targets?
  7. Surgo


    You're looking at only one small piece of the overall risk picture.

    What you're defending against isn't someone directly hacking your PC or whatever. You're defending against using weak passwords less than 13 characters (because you have to memorize them) or using a few passwords that you share between sites.
  8. My main laptop is Linux with whole-drive encryption (LUKS) and a long-ass password.
    That's where my other passwords are.
  9. Another +1 for LastPass. It's not without it's issues, but I find it's the easiest if you work across multiple platforms.

    Also look at 2FA if you haven't already and turn it on wherever possible. This is a decent list to get you started.
  10. P. S. And remember to make your master password long. Don't bother with special characters and numbers. Just make it long. The best option is to come up with some nonsense phrase (longer than 25 characters) that draws a vivid picture in your mind. That way it'll be easy to remember.

    e.g. hugebluedinosaursneezinglava
    #10     Sep 30, 2016