What password manager does Sup Forums use?

What password manager does Sup Forums use?

my brain

/thread

Dadada

LastPass.

Looks like the EU is sponsoring a code audit of KeePass though, so good news for those that use that software.

>hurr derp durr, I can remember literally hundreds of unique passwords - the human brain is really good at that - hurr please kill me

How does your bran handle 200 passwords, each with 30+ randomized characters?

>hurr derp durr, I trust a program to manage literally hundreds of important passwords - this program is really good at that - hurr please kill me

long term memory

I do, yes. Machines are good at coming up with and storing totally randomized passwords.

You cannot memorize the hundreds of passwords that I have stored in my manager. You literally can't and you're a lying faggot piece of shit if you believe otherwise.

It works for you, good for you. I don't want to put all my eggs in one basket.

Paper.

mnemonics

keepassx

I use the same 7 characters password for pretty much everything

I've never understood the point of keep-pass and shit like this, neither do I understand exactly what they do

A sheet of paper

Just looking for something

Keypassdroid

I used to use a notebook but that's a lot harder to keep up to date and isn't as secure anyway

They are password managers. You have a master password that unlocks a keychain. It's main advantage is convenience.

Do you keep your money in a mattress as well ? Are you not worried about the security of each of your credit/debit cards and bank account ???

Anyways, my tips for keeping your accounts secure/ compartmentalizing potential hacks.

1- Use 2 factor authentication whenever you can
2- Use a different password/username for each site you sign up for
3- Make sure the passwords/usersnames are unique, changing the trailing numbers at the end of your password is not enough.
4- Make a secondary email account for all your junk/spam related shit. Use that when you sign up on forums and non-important stuff.


You would *could* use a password manage. I have no qualms with that.
Another idea to consider is to write your passwords down, typically your physical location is secure, so why not write them down and keep it in a safe spot ?
It might sound counter intuitive, but a hacker has thousands of points of access when it comes to stealing a database/your account info, but how often is your home broken into for the sake of stealing your passwords ?

I got ~350 sites saved in lastpass and each has unique and long password
with brain only you dont have this, you reuse 3 passwords for all your sites

Brain 2016

Best open source manager out there.

If you can remember all your passwords, they probably aren't very good passwords

>7 characters
>not 20 like mine

So you are telling me you use one password for everything? what the fuck?
but if someone hacks your ass they only need one password to fuck you over entirely?

How do you manage to use your package manager on any and all devices that you use? Like a public library computer, for example.

>Best open source manager out there.

When was the last brain audit? You seem due for one.

>hurr durr you can only remember shit passwords
kys

Lastpass for most part

Important passwords I keep on my head

his brain is proprietary. if you try to audit his brain he'll die.

>but if someone hacks your ass they only need one password to fuck you over entirely?
2 factor password for lastpass eliminates this
plus my most important things like bank and main email are not there anyway and too demand two factory verification

its just all about better security and comfort, hand in hand

Keepass uses key stretching. This increases the amount of time it takes for an attacker to test passwords. You can set the amount of rounds that are done in the stretching, and it's a good idea to set it to a value that takes a second or more to complete.

If you use a decent password, they'll never get in.

try remembering a 25-40 random sequence of numbers, letters. punctuation and special characters.

I don't know man, I just don't see how this can be comfortable or how this would work.

one dumb motherfucker or a crazy fucking girlfriend in your convo gets your password and you are fucked.

I'll give it a try and see how it works in detail later.

I generally avoid logging into super personal/sensitive things on public machines anyway. But if I have to, I access LastPass on my phone, copy-paste the password and send it to a secondary email address (with a memorable password) that I'll access from the public machine.

Give Enpass a try. It's the best thing ever made in India. Safe encryption, the file stays on your disk. It has a built-in sync option (via Google Drive/Dropbox etc.) but you can just sync it by yourself if you want.

I've been using it since the Lastpass extension became a resource hog on Firefox, and haven't looked back.

Are you logging in to your accounts or have your browser remember them?
If browsers do remember them then you should understand that same goes for your.. all your passwords there in the open, litterally 5 clicks away from being revealed...

Google Chrome

Also, its UI is much better than Keepass.

Recently moved from Keepass to self-hosted KeeWeb.

Works well enough, just miss the auto type user/password functionality.

>KeeWeb
They copied Enpass UI. Check it out. It has a browser extension that autotypes passwords when you press the button.

Nnyone remembers this awesome idea about password security that was popular few years ago?

I was big in to opera at the time, before it turned to chromium and I kept my eye on extensions for opera.

And there were like 5 password extensions that did the same thing..

They took your unique password, the domain you were on, and produce out this combo a unique password through their alghorithm.

So the idea was that you had single password for every site, but combination of the domain name and the alghorithm made a unique password out of it.

The beautiful thing was that there was no storing of password anywhere, it was just math

>all your passwords there in the open, litterally 5 clicks away from being revealed...
huh?
Honestly I need remove them from chrome, don't know who or what time did the old "me" decided to keep them, in fact I barely even started syncing my google account until a few weeks.

but you can easily remove remember password and autofill's.

I still can't understand how one master password is safer, one keylogger and you are pretty boned.

I sincerely doubt you can remember dozens of 8-12 digit strings of random case sensitive numbers, letters and symbols for all your accounts along with which email/username you are using for which site/service/account

If you can I'll eat crow but otherwise, fuck off

Anyway, how come none of you recommend keepass?

Wait, so you are from now on going to log in to every site manually every time you visit?

Not open source though.

I did but I misspelled it

We kinda expect that people know about it.
Also keepass wont help you much actually, which browser extension are you using that uses keepass vault and that has good browser integration?

huh? you mean as in type my username and password on forums and shit? yeah.

there's keepassx

every day?

>what is "stay log-in"
answer is "no"

stay log in works on that session, sessions time out
your browser logs you in next day

So what, cocksucker? You can import and export it to other formats, and it won't connect to the Internet. You can run it with firejail (a sandbox application) if you want.

Using inferior alternatives just because they are open source isn't much different from praying to gods instead of going to a hospital.

Not him.
I'm not sure about that, I usually stay logged in even after rebooting.

I don't understand what you mean?
>sign in
>stay log-in
>shut off computer
>go back to website
>still log in

don't tell me you log in every time with your lastpass thingy?

This, enpass is great. Although it has some annoying bugs. 8/10 pajeet shit.

A bash script using a gnupg file for a database.

Keepass on my PC.

KeePassDroid on my phone.

>KeePassDroid

did you tried some others and this one was the best
or it just worked and so your are fine?

I heard Keepass2Android being more popular

>Storing your whole digital life in the safe Jew

giving your passwords to 3rd party software, literally kek

Notepad.

what about giving it to open-source soft?

I haven't tried any others.

I don't think there were any others when I was looking for an Android version of Keepass.

I think Keepass2Android has been released fairly recently, because I don't remember seeing it before.

...

Keepass/KeepassX and Chromium+GNOME Keyring/Kwallet

pass

This is fine if your password is complex enough and you don't have to remember too many (more than 10 or so) of them.

retard

currently using LastPass and thinking about giving them the yearly 14$. Enpass seems interesting, how much for the mobile app/sync? How is it better than LastPass?

FYI LastPass mobile app auto-fill is pretty iffy. A lot of times you don't have the lastpass prompt in apps to autofill and you have to launch the app separately and copy-paste the info.

yeah, i noticed it. is enpass better?

/bread

now delet dis

I use the same login and password for everything, and have for over a decade with no change: dozens of web services, including various bank accounts with tens of thousands of dollars on tap. AMA.

Algorirhmic passwords are much more secure than using a program to store passwords

For Google your pass could be
go(pass)og
For wells fargo your pass could be
we(pass)ll
For papa John's your pass could be
pa(pass)pa

You see how easy it would be to remember these, and yet they are all different for each site or login?

Has anyone tried Encryptr?

Nanami?

[GO]

>reusing the same password over and over
>Only changing 4 characters


Honestly, password brute forcing is out.
Hackers will attempt to instead steal a large database from somewhere and see which accounts had poor security and take it from there.
There are probably automated tools to just try the stolen username+password combo on popular sites and just return everything with a positive result.

I only have about 6 important passwords (emails, steam, bank, encryption keys) for every other account be it forums, trackers, social medcia, etc I just use simple throwaway accounts/passwords because I couldn't care less if those got hacked.

Okay I see. Didn't realize they copied rei for norn9.

I will never give a password manager my passwords. Sure, the ones I keep in my head are shorter, but there's also no way to discover them all at once by breaking the password manager. It's a trade off.

I only use two secure passwords for Paypal and my bank.

I mean, does it really matter if some elite cyber hacker breaks into my Pogo account?

What you said is completely true - when hackers steal large databases of usernames and passwords, they only check for the accounts that work on other sites - changing 4 characters is a good enough security measure to prevent virtually any large scale account theft like usually happens

This method is also more secure than using a password manager if someone physically had your computer in their possession

And I don't need to install a seperate program to hold my passwords

There's really no reason to use a password manager

encrypted plaintext file

My brain.

A black notebook.

What's your password?

...

I don't know much about computers but with lastpass it sounds like you're just giving them all your passwords.

>LastPass
For general shit I don't care too much about (ie sites that don't have financial/personal info about me)

>KeePass
Everything else (bank, paypal, etc) + backup of LastPass stuff.

>PasswordCard
Keep one in my wallet, safety deposit box, and safe containing important passwords in case I can't access KeePass for some reason.

Granted, my threat model is just hackers getting entire DBs, not the NSA or whatever.

My brain and as a back up I keep passwords in a notebook that's encrypted via gunchest that's impossible to move

> hundreds of passwords
What the fuck?

- Use 2 factor authentication whenever you can
>2 factor password for lastpass eliminates this

I want to use 2FA more. at least for things like my email, my bank account, etc. But everything seems to be moving toward doing 2FA via phone. You're lucky if its just SMS, usually you need an app. I don't want that. I want the freedom to not have a phone around, or to have a dumbphone.

why can't they just let us buy one of those little RSA dongles?

fucking finally, someone else with a brain

A perfect compromise between reusing the same password and having a totally immemorable unique one for each thing. You only have to remember some base strings of different levels and how you build your pattern, and you have a largely unique password for everything ever. No need for a fucking password manager yet still pretty good security.

I'm paying the 12 dollars yearly for Lastpass premium so I can get it on my Nexus as well.

I've no issues with it.

>using algorithms to slow down cracking software that uses algorithms to find the patterns that algorithms create.

>pretty good security

good joke user, now go use a password manager

Blowfish encrypted text file. Vim to read, write, encrypt and de-encrypt. Because you all bloated faggots.

>I still can't understand how one master password is safer, one keylogger and you are pretty boned.

This is where we need to work on features in operating systems that allow for a secure channel for entering text that is isolated from other processes.

I know that macOS has "secure" text entry that is supposedly isolated from other processes, but with root access i'm sure that can be bypassed. Though its getting harder to grab onto root in macOS with System Integrity Protection and Gatekeeper.

Windows 10 is probably the closest to being able to provide the most secure using virtualization to isolate the processes even from the kernel itself. They are already using it for Credential Guard to eliminate Pass The Hash attacks by isolating the Local Security Authority, too bad its Enterprise only.

It won't stop malicious hardware obviously, but if your threat model includes evil maids swapping out your hardware then you've got bigger problems.

OTOH, gaming keyboards and mice probably provide an easy vector. Some of them have fucking ARM CPUs and enough storage to store a payload.