Password managers?

userque · Oct 1, 2016

Overnight said:
Indeed. Thus the admonition that you do not use the same password for each site. If one is hacked, at least that is the only password that is compromised.
More...

Right. I would also use more than 10 characters for the reasons in my prior post.

So I guess I'm saying that when your passwords start to look like this: $%dji.3#0)2lafDVW54$$fadgra&g.d, it makes typing them in--each and every time--from a post-it note, dreadful, if not unrealistic.

Overnight · Oct 1, 2016

userque said:
Right. I would also use more than 10 characters for the reasons in my prior post.

So I guess I'm saying that when your passwords start to look like this: $%dji.3#0)2lafDVW54$$fadgra&g.d, it makes typing them in--each and every time--from a post-it note, dreadful, if not unrealistic.
More...

LOL, omg! Who said it has to look like that?

Regarding the same rule mentioned above, here's all you have to do to follow the 72^10 rule, if the sites allow upper and lower case, 10 numbers and 10 special character.

Remember, this is just an example, not an actual password to anything.

theQu@ckB7

It's a variation on the Quick Brown Fox thingy. That password you see above has the 4 quintillion possibilities in it. So all you have to do is come up with a phrase, or word that means something to you, and tweak a character here and there. Here, watch. Just 10 characters...

theQu@ckB7 <--- site #1
thEQu@ckB6 <--- site #2
TheQu&ckB2 <--- site #3
THEqu@Cka4 <--- site #4

Etc ad nauseum. So long as it follows a certain format, there is no brute forcing of one, and then guessing of another.

P.S. Userque, I plugged your password example into the formula above.

$%dji.3#0)2lafDVW54$$fadgra&g.d is 31 characters. Assuming same ruleset, your password combination hack possibility would be 1 in 3.7783952741213222481929572236823, +57 more digits. That's Knuth up-arrow territory. You may be onto something, albeit a bit overboard on security!

userque · Oct 1, 2016

Overnight said:
LOL, omg! Who said it has to look like that?

Regarding the same rule mentioned above, here's all you have to do to follow the 72^10 rule, if the sites allow upper and lower case, 10 numbers and 10 special character.

Remember, this is just an example, not an actual password to anything.

theQu@ckB7

It's a variation on the Quick Brown Fox thingy. That password you see above has the 4 quintillion possibilities in it. So all you have to do is come up with a phrase, or word that means something to you, and tweak a character here and there. Here, watch. Just 10 characters...

theQu@ckB7 <--- site #1
thEQu@ckB6 <--- site #2
TheQu&ckB2 <--- site #3
THEqu@Cka4 <--- site #4

Etc ad nauseum. So long as it follows a certain format, there is no brute forcing of one, and then guessing of another.

P.S. Userque, I plugged your password example into the formula above.

$%dji.3#0)2lafDVW54$$fadgra&g.d is 31 characters. Assuming same ruleset, your password combination hack possibility would be 1 in 3.7783952741213222481929572236823, +57 more digits. That's Knuth up-arrow territory. You may be onto something, albeit a bit overboard on security!
More...

Ok, I won't say too much more...hackers will get mad at me if I do.

marcoPolo21 · Oct 3, 2016

sprstpd said:
KeePass is a very good open source password manager (and is free).

You can make it generate custom random passwords. You can make it pre-populate websites with your password. It stores your passwords in an encrypted database that you can unlock with different methods (one being a master password). I use it all the time and I have no clue what my passwords are for any website. I just let it handle the details.

If your database file becomes corrupt, well then technically you are screwed. However, most websites have password reset options, plus you can store your password database wherever you like as backup. You'll probably want to do that. But essentially, if your database becomes corrupt (and you have no backup) then it is as if you forgot your password for every website in existence.
More...

i also use KeePass [for years]

[excellent program]
i keep a backup copy [a must] on a usb drive, and one on google drive cloud

marc

userque · Oct 3, 2016

The main problem with KeePass (imo, afaik) is that there is no official mobile app version.

Scataphagos · Oct 16, 2016

Lastpass says it's "compatible with Pale Moon but doesn't support it".

Anyone use Lastpass with Pale Moon? Problems?

tango29 · Oct 19, 2016

Maybe just me, but I use as complex a password as allowed by each site. I work at home so have my hardcopy available easily, but don't see a point in another site generating my password as I assume they use an algorithm that is hackable or discoverable. I go for 2 or 3 factor authentication whenever it is offered. I have no sites that I absolutely have to access away from home that I don't have the passwords in my memory, even after changing on a regular basis.
I admit I am an old fart, and maybe it's good in the internet password age, as I suspect everything on the internet is hackable, and do my best to complicate my life to reduce the risk.

Scataphagos · Nov 4, 2016

LastPass just recently made the equivalent of their "premium" service @ $1/mo.. free. As I read reviews, I found quite a number of complaints about LastPass... enough to consider something else. Like, LogMeOnce. Anyone have any experience with LogMeOnce?

sprstpd · Nov 4, 2016

Anything wrong with KeePass?

Scataphagos · Nov 4, 2016

sprstpd said:
Anything wrong with KeePass?
More...

Didn't look into it. In comparison reviews, KeePass seemed to score "middle of the pack".