How do you manage your passwords?
-
Lastpass - only way to fly!
-
Lastpass was hacked.
What a stupid idea to centralize all your passwords on other person hdd.
Use pen and pencil dammit.
-
What about blockchain? :)
-
Mirrax, that’s terrible advice. I’d still argue that last pass is still a better solution for most people than using one password for all websites, which is what plenty of people do.
I mean let’s not blow this out of context, even if last pass’s server side DB fell into the wrong hands, each user’s database is individually salted and hashed 1000 times.
The risk is without a password manager people struggle to manage a unique password for every website, resulting in them trusting hundreds of less secure websites with their password.
Sure pen and pencil are great, but it requires a strictness most people don’t posses
-
If you do use paper, use a random password generator like Keypass to generate strong unique password for every website before writing it down in multiple secure locations.
-
Look it’s the desk of Mirrax :)
-
Look it’s the desk of Mirrax :)
Still better than uploading all my passwords to lousy cloud…
-
Still better than uploading all my passwords to lousy cloud…
Mirrax, for the benefit of others, can you help them understand your paper method? How do you produce sufficiently strong unique passwords like say “90^,z+!ZAuGelOf” ? Where do you store them? How do you protect your paper copies against the elements? How do you keep backup copies in case you damage your original? If you need a access to your passwords on multiple machines, how do you ‘take your passwords with you’? Since you can’t auto polulate from your encrypted database, do you have to type your password in each time, or do you allow your browser to insecurely remember them? If it’s the latter, what about your own computer being hacked?
-
Mirrax, for the benefit of others, can you help them understand your paper method? How do you produce sufficiently strong unique passwords like say “90^,z+!ZAuGelOf” ? Where do you store them? How do you protect your paper copies against the elements? How do you keep backup copies in case you damage your original? If you need a access to your passwords on multiple machines, how do you ‘take your passwords with you’? Since you can’t auto polulate from your encrypted database, do you have to type your password in each time, or do you allow your browser to insecurely remember them? If it’s the latter, what about your own computer being hacked?
Paper + pen.
I dont care about elements.
Yes, type each time.
Thats my method and it works really worm, I mean well.
EDIT: It is just paper, it will never have all fancy gimmicks like lastpassword. Yet still it is safer by design.
Thats it you are focusing on gimmicks to much in general.
-
Paper and Pen is cool. I’m just wondering how you manage to randomly generate strong unique passwords and keep them safe from loss. That’s not a gimmick.
-
Paper and Pen is cool. I’m just wondering how you manage to randomly generate strong unique passwords and keep them safe from loss. That’s not a gimmick.
I use my imagination (yes I can generate unbreakable passwords with my brain, thats how great I am)
Then I write them down on the paper.
I do not recommend executing loss of the paper.
-
Dice, a character/symbol map to use with the dice, and a pencil. If someone wants to break into my home and steal my passwords they deserve it as they have to pass the gauntlet of motion security cameras uploading detection to the cloud and security server, everything runs on a battery backup as well.
I use a 100% random head and tail both random length and randomly generated with dice (3 versions, public, private, banking) to pad a core pw theme that I can follow based on website/company. Every few months I will generate a new heads and tails for each of the 3 password sets. This allows me to have random length 22+ character pws (22 is my personal minimum regardless of how my dice roll none are currently this length). In essence, I only have to memorize 3 passwords, however, every password is unique.
-
That’s an interesting method. I think the problem most users have is the more complicated the method, the more likely when requiring a new password, to skip that procedure and fall back on a ‘stock’ password. I’d still recomend lastpass to people who would be more secure by having unique passwords for each site who struggle to manage them.
My current solution seems sufficiently secure. SpiderOak are zero knowledge, not even they can access my password DB, and even if they did, they would need both my memory based complex password and my key file. The keyfile is only held on the three devices I use regular. I guess the only weakness is having my machine compromised by a MITM and my master pass taken along with my local keyfile and a copy of the database. However, the same attack wouldn’t protect paper/pen users, since a MITM would just keylog your keystrokes.
I do plan to look at YUBI keys for 2FA, meaning the database could only be unlocked with the YUBI key present. But it’s an additional cost.
-
Another thing I would like to add, is I don’t keep private keys or my encryption password for wallets in my password manager. I have a different method for them.
