What's your preferred password manager?

The one inbuilt in Firefox

I'm a iCloud Keychain user.

Trying to migrate to enPass. But don't really getting it.

pen and paper

KeePassX 2


I thought that was a Logitech mouse.

Good luck remembering secure passwords for each and every website you use without reusing any of them.

My brain.

My passwords consist of 4 base key words that I made up, combined randomly with 3 other sets of numbers. I use random combinations of these to form a password depending upon complexity requirements.

I often forget passwords and have to guess or reset them if there are limited attempts, but ive never had an account compromised in any way. Better than storing all my passwords and accounts in one place.

The one built into Opera.

OSX + iCloud keychain
Why not just use one password for everything? I do this for 10 years already, works fine.


The KDE Wallet Manager.



I try to use this for as many accounts as I can


My brain.

I use 17 different passwords of varrying degrees of security.


Literally the only good one.

>Doesn't use .NET shit.
>Can autotype on the browser.
>Safest database for passwords out there.

These are really the only options I trust.

It is not crucial that every last password you use be unique, so long as you are careful about WHICH passwords you reuse.

Don't reuse your banking passwords, obviously. E-mail passwords, ditto. OTOH, if, for instance, you do all of your online shopping on the same credit/debit card, you can probably get away with using the same password for all shopping sites, since having one of those cracked has the same effect as having them all cracked anyway. A better safeguard there is to not store your card data in the first place.

"Never reuse passwords" is a simplified (and simplistic) mantra created for the sake of people too thick to figure out not to reuse their bank password all over the net.

>taleo & brassring hiring sites require a different account for each employer you apply to
its like they purposely make these things as shitty as possible

KeepAssXXX for all my porn passwords, brain for everything else

Haven't had a issue doing that so far... just because you can't perform a function doesn't mean others can't.

Keepass and it's forks (KeepassX, MacPass, the android versions etc.).

I just use phrases translated to r'lyehian

it's no surprise that people who outright dismiss their brain as being unable to do something like this are the same people who don't realise that the solution is actually quite simple. how about this:

1. memorise a string of required length (you can make it as complicated as possible but i'd say 10 chars min) which is either randomly generated or appears as such to anyone other than yourself. i, for one, use a few pinyin chinese words with random characters capitalised and swapped for numbers. this makes a password quite secure.
2. but what about the uniqueness? well, why not use some characters from the URL? better yet, why not take at least 2 of them, shift the alphabet independently for each one and add them randomly in your password? again, you can make this as complex as you wish.
4. profit from your password being both secure and unique for each website/app/service you use

>password manager

Just put all your passwords on an encrypted document which is kept in an encrypted container

Alternatively just put all your passwords on an encrypted usb (make backups)
And create a super long hash write that hash on paper and there you go

>using different passwords everywhere
normal people don't do that. I understand that you would use complex and different passwords for your email account and other private services, but why would you do that on websites ?

I've been using the same password on every websites/forums I've registered in since I was 11, it's a 6-characters long password with 2 digits and no cap, I've never had a problem, and even if someone was to hack me on such a platform ... what the fuck do I care ?

>we're sorry, our programmer doesn't know how to use prepared statements, so your password must contain at least one capital letter, number and symbol, but only this arbitrary list of symbols, and must be between 6-10 characters

I hope you're not using encrypted zip files or something, because that extracts the file to plain text in your temp folder when you open it.

And now remember 40 of these

>Just put all your passwords on an encrypted document
This is literally what a password manager does, dipshit. At least a local one like keypassX.

With the upside of being quicker to use since it's got a logically ordered database instead of a .txt file or whatever.

AES-256 nigger
Encrypted something with AES-256 twice just shows how little you understand encryption

I can't even fathom how some faggots can trust proprietary shitware like LastPass.

>normal people don't do that.
So? Normal people do a lot of dumb things.

Except you have control over its contents you dumb fuck

>encrypted container

>inb4 muh open sores password manager that I personally have not audited

>Except you have control over its contents you dumb fuck
It bewilders me how you think this isn't also true for KeypassX archives.

Here's where you say something like: Hurpadurp you haven't audited keypassX

Well have you audited the encryption software you use to encrypt your txt files? Or open them? For all you know your txt file reader might be storing all your passwords in plaintext somewhere just as a cache.

Pencil and paper is more practical, given how often I have to change some passwords.

>muh open sores password manager that I personally have not audited
who tells I haven't? keepassx core and crypto are all in all 5k lines

My GPG Keys + My encripted partition and the script that bings all that together.

My brain.

It's easy if you do pic related. If you need to use anything so shitty that it imposes a limit on how many characters your passphrase can have, then reevaluate your life.

Just have a couple of randomly generated strings ( I have 8 of them) of 12 characters for each use.
You can then use whatever algo that you wish for the uniqueness.

Add to do list some small passwords, who are also random, but very easy to remember and very fast to type for things you use a lot, that don't use internet and that are there mostly to dissuade trolls with physical access to your device.

>Add to do list some small passwords
add to the list*

rate my password:

my memory

Would be cracked immediately/10


Use complicated password generated in password manager [KeyPassX not LastPass you faggot] for every "important" website (mail, bank...), which you encrypt with a unique good password made by a diceware.

Use the name of the website as password for entertainment/useless website.
So you have only one password to remember, the diceware one.

Enjoy the day when you forgot your password because X. You can't even audit an open-source code, faggot.

Dictionary attacks will render this pointless


The only real patrician password manager

>Safest database for passwords out there.
[citation needed]

All I know about their database is that it's full of bullshit home-made crypto, rather than using something well-established like GnuPG.

Obviously he's suggesting to pick your own words, not use the exact phrase “correct horse battery staple” from the comic...

Are you fucking 12?

Remember kids, the strength of a password comes solely from the unpredictability of it.

The length is irrelevant, the alphabet is irrelevant, the language is irrelevant. In general, the password *schema* is irrelevant.

The only thing that matters is: When generating it, how many bits of random entropy were required to decide on the exact form?

Also remember that passwords need to be designed to be unpredictable on the assumption that an attacker knows your other passwords.

you must have missed the whole of "part 2" where i explained that you don't need to remember 40 of these, just 1. the uniqueness comes from you adding a few characters from the URL/name of the site to the ONE string that you've already memorised. take the last and first characters from WebsitE.com, shift the first back in the alphabet to V, shift the last forward to F, then your password becomes vrandomstringF. amazon.com becomes zrandomstringO. how cryptical you want to be about it is completely up to you. but surely the basic concept can't be that difficult to understand?


My fucking brain; I remember all 47 passwords I have to use.


pretty easy to remember(my password btw)

dictionary attacks work well against passwords consisting of one word and a few numbers/special characters here and there. A pass sentence with 4 words like in the comic has a complexity of (dictionary attack patterns included) [dictionary size]^4. That's an extraordinarily high number for most dictionaries, as even a small one of 1000 words will reach 1 trillion possible passwords you have to iterate over.

All my passwords are different too
Although i didn't use pinyin
Only symbols, number, capital, non capital letter, and an old Sup Forums meme

a dictionary attack that strings together four random words as a password attempt? I don't think you understand how dictionary attacks work.

This poster is the reason why the IT and cybersecurity industries are in such a sorry state.

My own brain.