Password Manager

lastpass
best browser integration
its working on 99.999% of sites without a hitch

anyone who says they just use brain use some simple password two password on all the sites they visit and think they are some masters of security

Microsoft® Excel™

>never leave my basement.

Keychain Access. Comes with macOS

No, I always carry my laptop or at the very least my botnet device.

I hope you're at least password-protecting the file.

This is the only right answer. You can store the database on a cloud and use an offline keyfile.

Looking at getting either of these.

>I hope you're at least password-protecting the file.
yes, it's password protected

SPM, Doesn't require any special permissions and doesn't upload anything to a gay cloud.

play.google.com/store/apps/details?id=com.skyking.skilo.superpasswordmanager&hl=en

>not keeping your keepass database in le cloud meme
I have a cert and a password on mine, so it's practically two factor auth

cert=keyfile*

They don't. There is a subscription but for families and teams. The software you bought can still be bought today.

Pass

Encrypted and Password protected on a USB drive.
And/OR pic related

Keepass + android keepass2android offline

>entering passwords to doubtful security points
enjoy your stolen passwords

forgot to add that i use also keefox extension (makes keepass the same as Lastpass, if not better) and KeeOTP (for generating TOTP tokens and entering them through auto-type automatically)

So my uni has some bank information and stuff on my account but that info is also used to login to campus computers

So can I not use a randomly generated password that I can't memorize from a password manager or is there some magical input device that will auto type it at windows login? Those assholes make me change my password every 3 weeks for "security reasons"

I use botnetpass

Would still be hell for random passwords.

>Keepass
This plus keefox add on for Fire Fox otherwise LastPast if I want my shit stolen.

>LastPast
LastPass*

folder of text files with login info for each site in separate text files, kept in an encrypted file on my dropbox account

Use 7zip to encrypt an excel file with aes 256 bit .

I don't think there's reason to do more than that unless someone can prove me wrong

Last pass comes with a 2FA USB device called yubikey. A short press on the device generates a one-time key.

You can configure the device to spew out a string of characters on long press. Usually people memorize the first 5 chars of their passwords in the yubikey for extra security.

Anyway if you don't want Lastpass you can pick up a yubikey just for this purpose I guess.

>best browser integration
Yes. github.com/cxxr/lostpass

I use Lastpass for things I don't care too much about (ie anything that I don't have my financial/personal info on). I use KeePass for the important stuff, and I also keep a PasswordCard in my wallet just in case I can't access KeePass for some reason.I change passwords on important stuff every month (eg Paypal, bank, email, etc).

My threat model isn't too extreme, though, and I don't do anything that'd require me remembering some ridiculous 128-character passphrase.

>this thread again
Pic related. The only solution.

You have to go back reddit

Munroe would have a valid point if alot of websites didn't have idiotic password rules in place seemingly for thr sole purpose of making you create a password you can't remember.

(IE my mortgage company requires password to be between 8 to 12 characters, with at least one capital letters, 1 numeral, and one punctuation)fuck them so much, these asshole websites and their idiot admins are responsible for this

I do have a copy of my keep ass db on my work computer, personal laptop and desktop. Haven't come across a situation where I really really really needed to log in somewhere

So, yeah, fuck it

>make your passwords crackable to a dictionary attack with concatenation

Why not use both symbols and words user?

Look on the bright side - this makes it MORE secure for people like you because most would just put exactly one capital, one numeral and one punctuation character in their password, which will be based on a normal dictionary word. Any attacker would just need to go through the dictionary and try a few variations on each word to get a shitton of accounts, while your randomly generated password would be virtually unhackable.

Wrote my own.

Windows Registry

Excel already does AES if you put a password on a spreadsheet

I have a real life diary that I barely use anymore. I figured if it holds all of my secrets since the tender age of 9, it might as well hold my passwords.

Anybody know of a good way to protect a diary?

Don't fucking keep one and stop being a queer.

1password and Keepass

AES with backdoors, lovely.

I literally only use one password for everything, so I only have to remember one. Try it sometime.

I use last pass pro for work.
i use last pass personal for some things personal

for everything else i use a formula using my 'keyword', which we'll say is horse. my second keyword is the first word that comes to mind for me for that particular site.
My passwords for all sites are: Horse {2ndKeyWord}3#
IE, facebook would be: Horse book3#

using this method i can have a complex and different password for every site that i dont want to save in the PW manager and i can store it in my head. i have changed my keyword over the years so that if my formula and keyword are ever discovered then every account i have created are not compromised. i combine this with 5 different emails, each one used for a different level of concern. i have an outlook email for my personal business in the format [email protected]. this i use for paypal, amazon etc, things that already have my name attached to them. i then have 4 more emails that are used on the level of anonymity i wish to have on that particular site. 1 for spam sites (pintrest, facebook etc) 1 for webforums (spiceworks et al) one for mailing lists and one for other. the email for 'other' is hosted on a private mail server out of the country and has only ever been logged into using either temp web proxys, or tor.

i do not worry about 'giant data leaks' because generally i am immune.

I'm a lastpass pro user. It's great overall. I don't like the company that bought lastpass ~1 year ago (LogMeIn). I'm confident in their security practices because of how paranoid they come off.

Enjoy dictionary attack.

>You're password is not strong enough, it must contain a symbol such as ?,!,#,& etc.
>You can password can only be alphanumeric ABC123

I do this too. Best way to mánager passwords but the only problem is the length of the password. Some sites allow at maximum 16 characters or less. How would you proceed?

You don't like them or you do?
You are confident in them or you're not?

...

I'm confident in their security, I'm not confident in Lodmein's business practices. Their products are solid, but I'm waiting for them to pull some bullshit against their users (e.g. price hikes, getting rid of freemium).

>dictionary attack
>cloud based service
sure thing kid

oh my god what kind of weird porn do you watch

A plain text file on my computer. If you think you're any safer by trusting them to some (((service))) you're retarded.

>implying i watch weird porn because..
wait, why do you think i watch weird porn?

Nice meme

This is the correct answer

Don't talk to him that way, he can be a queer if he wants to

A plaintext file inside a Veracrypt container.

I'd never trust a password manager.

keepassx2

AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Enpass.

/thread