I asked this question somewhere in another post - and forgot to subscribe to it and can't find it.

So, Passwords.

My passwords are basically poor and I don't make many changes between forums I don't care about and my banking passwords which I do care about.

Not being blessed with photographic memory, having 87 different passwords and carrying around everything written on flash paper seems burdensome.  So how does one manage passwords?  

I have a phone, laptop, tablet, and desktop. keeping thing like my apple id and my microsoft id setup so all my devices actually log into those accounts is challenging since it may be weeks or months between log ins.

It's easy enough to write a spreadsheet to randomly generate a password, but it's gobbelty gook that is impossible to actually remember.  

1Password. Worth every penny.

Lasspass is all you need.

Roboform - used it for years, it just works.

The new thing is to break into a forum, steal the passwords and usernames (emails) and then go try the same user/pass in other places.


Using the same password over and over again sets you up for disaster.




LastPass, one of the Cloud Based password tools got compromised with a pretty bad security hole. This is by no means unique and is barely unusual among those tools.




What I do, is I have a file on my email (but should move it to my phone) with a password list on it, using a code that lets me remember what password it is for but isn't obvious at first look. So, for Facebook it might be gc-72687.  Where "gc" is the two letters after "fb".  Then if the list gets compromised, you don't lose anything.  And, you can carry the list around and use unique and reasonably long passwords.




Do not use the same password in financial stuff as you do anywhere else. Period. Same for email. If they get in email, they can reset lots of stuff.


 

compromised


 

https://it.slashdot.org/story/16/07/27/1342205/lastpass-accounts-can-be-completely-compromised-when-users-visit-sites


Sure, they will fix it.


But, you have to keep on top of all the tech news to make sure you know when it happens again. (It will.)  And, you won't know the extent fully, and you'll have to change all your passwords if it happens (at least.)

LOL, of course i just installed lastpass to tinker with to see if I'm capable of learning.


If I get this correctly, essentially I'm going to want to delete any chrome bookmarks and chrome logins and launch apps through lastpass?  Or just delete chromes saved passwords and launch websites from chrome and lastpass will supply a password?

1Drowssap

I'm basically immune from hacking.

Girls love guys with great skills

Computer hacking skills.....

LastPass fixed the two security issues before the story went public yesterday.

1password6 is the real deal and used by people who take their passwords far more seriously than I do.  neat little tool, works on all platforms.

people make it a bigger deal than it is.
simpler explanations would lead to better passwords.

You are basically trying to avoid dictionary attacks or brute force type attacks.

The reason they ask you to use a number a capital letter and a special character is to increase the complexity.

Adding a number or special character makes a dictionary attack useless with some exceptions.

adding a cap makes a dictionary attack take longer if it is just a word.

both combined make the time a brute force attack to crack your password take longer because of the extra combinations it must hit to get your password.

So it doesn't have to be garbage to be secure, just complex.

you can have "simple" complex passwords for you to remember.
You just can't use anything meaningful to you due to social engineering attacks.
Which really is only an issue if they are targeting you.

That is why two part authentication is being more popular as you need a real time authentication of something they already have to make sure you are you.

So for instance, there is a joke about the blond who's password was snowwhitebashfuldocgrumpyaustindopy5
or something like that.
because it asked for 4 characters a capital and a special character.

but that is a pretty solid password except it is too long.

Another choice is WW2started194(
a phrase you can remember and means something historically, but not directly to you.
there are a lot of variations of that phrase and how you type it but it gives you something to start with.
It is also a little long, but should float in most password checks.

There is no reason for a password like AWDG2(390)(gbe*as;(*# crap that the auto generators pull.

If they get into the db's like mentioned above, you are just as screwed as if it were maryhadalittlelamb.

Social engineering is a whole other ball of wax. While those security questions can be verified by lexus nexus, they are just too easy to crack.
I literally make stuff up for answers and just have to be consistent or write them down.
I specifically pick stuff that isn't public record for those questions as well.

The funniest one though is mothers maiden name as my mothers name only had 2 letters in it and that freaks out the current systems. Just can't handle only 2 characters so I always have to make stuff up for that anyway.

I've been using 1Password for years and don't have any complaints. Well, other than they don't support mutli-factor authentication via the Yubikey. I'm trying LastPass now but as mentioned, they had a hack attack and I've never been a fan of the whole "cloud" idea.

KeyPass

 
This is what I use. Sadly the Linux variant doesn't have any of the nice sync features so maintaining multiple copies can be burdensome.

Doh, it's "KeePass" aka KeepAss.

I use abbreviated loading data.  I may put the bullet first, or the caliber first, or the primer.  It won't contain all the information.  

As an example, though it is not one that I would use, there is this:

Sp150gnSPT*40gnSR4759.

It stand for Speer 150 grain spitzer with 40 grains of SR4759.   The reason this is not one that I'd use, I cannot think of a cartridge where a 40 grain charge of SR4759 would be safe. Hence feeling comfortable posting it.

KeePass for sure.  It's local, good encryption, and easy to use.  There's no reason not to use a password manager like this anymore.  Reusing passwords, even if they're good passwords, is the absolute worst think you can possibly do online.  Besides maybe posting all your sensitive personal info to Reddit...

Use a REALLY good password to encrypt your DB(obey all the good password rules) and since you only have to remember one, make it long(20+Characters).  Use whatever cloud based system you want to get it on all your devices...even if your dropbox or whatever gets hacked, they still have to brute force the encryption on the file...which if you're using a good long password should take them months...at which point you should know about the breach and changed all your passwords(with ease because KeePass makes it easy to do) and those passwords they got will be useless if they ever do break into it.

It's really not that complicated anymore.  I wouldn't trust any cloud based password system.  That's just a huge target for hackers...you're asking to get those stolen.

1Password

I really like KeePass. I just have to propagate the changes across a couple of machines and a encrypted USB flash drive I carry with me.

I may try KeePass in the future. I'm nervous about lasspass now.