Password managers?

Scataphagos · Sep 30, 2016

Low Salubrity Thug said:
P. S. And remember to make your master password long. Don't bother with special characters and numbers. Just make it long. The best option is to come up with some nonsense phrase (longer than 25 characters) that draws a vivid picture in your mind. That way it'll be easy to remember.

e.g. hugebluedinosaursneezinglava
More...

I was thinking of using, 3rd grade girlfriend's name followed by "I bet she turned out to be one great piece of ass"... Too long?

stevegee58 · Sep 30, 2016

Something you should consider before using a password manager is using 2FA for your important logins.

I've enabled 2FA on every important login to mitigate password loss. These include:

Google mail

Yahoo mail

Interactive Brokers

Oanda

Purse.io

Github

Cex.io

Coinbase

I don't consider forums and message boards as important enough to worry about aside from having a reasonable password on them. Anything involving personal information and money are priority #1.

FreakofNature · Sep 30, 2016

Keep in mind many account hacks occur by hackers resetting your passwords and not by brute force attacks.

FreakofNature · Sep 30, 2016

Scataphagos said:
I was thinking of using, 3rd grade girlfriend's name followed by "I bet she turned out to be one great piece of ass"... Too long?
More...

Now that's worth a "like"!

Scataphagos · Sep 30, 2016

FreakofNature said:
Now that's worth a "like"!
More...

Geez, Louise. I was beginning to wonder if everybody lost their sense of humor..

dunleggin · Oct 1, 2016

Scataphagos said:
For stronger security reasons, I'm considering using a password manager. However, I'm not up on how they work and one big potential problem I can imagine.

So... how's it work? (1) Use a "randomly generated, strong password" generator. (2) Have your "password manager" keep track of all the pass words for you....

What happens if the the password manager fails/gets corrupted and no longer functions. How do you get into your websites when you don't even know the passwords for each site?

??
More...

http://masterpasswordapp.com addresses these issues. I think there's a Wiki page on how it works. Just began using it. Some effort is needed, though, to get migrated.

Overnight · Oct 1, 2016

When it comes to brute forcing a password, wouldn't it be simpler and more secure to use very strong passwords 10 digits long?

A strong password would apply to a system that allows upper and lower-case letters, 10 numbers, and special characters. Let's say there's 10 special characters.

So that's 52 letters, plus 10 numbers + 10 special characters. Over the course of a 10-character password, it's

72^10 = 3,743,906,242,624,487,424. That's ~3.8 quintillion combinations. Since most websites needing tight security with their password formats usually allow only 3-5 tries before a lockout and need to manually reset, doesn't it follow that the chances of being brute-forced are just about zero?

As far as an account being hacked, well, just keep a post-it note in your room/office where you work with the passwords listed, and don't store them on your machine. And use a unique password for each website, so if one account is compromised, they can't get to the rest.

Surgo · Oct 1, 2016

As far as an account being hacked, well, just keep a post-it note in your room/office where you work with the passwords listed, and don't store them on your machine.
More...

That's what we like to call an analog password manager. It works just fine. The convenience of using Lastpass cannot be beat, however.

userque · Oct 1, 2016

Overnight said:
When it comes to brute forcing a password, wouldn't it be simpler and more secure to use very strong passwords 10 digits long?

A strong password would apply to a system that allows upper and lower-case letters, 10 numbers, and special characters. Let's say there's 10 special characters.

So that's 52 letters, plus 10 numbers + 10 special characters. Over the course of a 10-character password, it's

72^10 = 3,743,906,242,624,487,424. That's ~3.8 quintillion combinations. Since most websites needing tight security with their password formats usually allow only 3-5 tries before a lockout and need to manually reset, doesn't it follow that the chances of being brute-forced are just about zero?

As far as an account being hacked, well, just keep a post-it note in your room/office where you work with the passwords listed, and don't store them on your machine. And use a unique password for each website, so if one account is compromised, they can't get to the rest.
More...

Typically, the attack is on the database(s) storing all of the passwords, and not just on your login screen. So a lot depends upon how the passwords are being stored by the company (e.g. Yahoo, etc.), regardless of how long your password is.

And, it may not take as long as you think. Research 'Rainbow Tables.'

Overnight · Oct 1, 2016

userque said:
Typically, the attack is on the database(s) storing all of the passwords, and not just on your login screen. So a lot depends upon how the passwords are being stored by the company (e.g. Yahoo, etc.), regardless of how long your password is...
More...

Indeed. Thus the admonition that you do not use the same password for each site. If one is hacked, at least that is the only password that is compromised.