Are password managers worth using?

Not him, but trusting third parties is a risk.

How do you remember dozens of randomly generated 20 character long passwords? Are you a robot?

I'm not stupid.

Yes, they're the best way by far to have secure passwords on every website

Just stay away from LastPass. KeePassX is fine if you're a shitty winbabby, otherwise use passwordstore.org

so basically yeah, you are stupid.

To add.

thehackernews.com/2016/07/lastpass-password-manager.html?m=1

Keepassdroid

Local storage mobile password book convenient and secure as long as it's on you, and you can pair it with remote deletion software if you don't trust yourself to protect the phone

OK dude, Mr "I cant remember basic information".

Have fun being stupid and poor.

You might as well write your passwords and bank details on a stickynote and leave it in public.

Good thing I'm not using LasPass server :)

butthurtus maximus

wow, you sure showed me! that big company full of security experts is no match to your intellect!

here, this is my main password with a single key missing. have fun with it!

spWC$pREMm%rx3S9uOvC8mk3Ypx^T7c%Q3whfG8G1TzIrzolp9j%y&6V*b3*Iw2NbVp*edFreg1WHoghGGn&hMQx%5HxtSV^oJyl

> he sends his passwords to the cloud

>Having a password with that much autism

Yeah and?

No. Pen and paper > everything else

So how do you remember you main password?

Why should I care? I never have to type it or remember it.

my email account is [email protected]

surely you will be able to >l3 h4XX0r me now, right? with email and password just 1 char off?

I don't need to. That is my google password, not my lastpass password

>he doesn't use a randomly generated string of shit

And how do you remember that password?

Then what's your lastpass password?

>having a generated 100 char password is autistic
>considering top-notch security software not safe enough for storing your sardinian pearl-diving fora passwords, thus having to memorize over 10 different 10 character passwords somehow is not

you insufferable cunt

my password is H#j- waaait a minute, are you trying to trick me?

reading the article:

>"look at all these bugs I found and that LastPass has immediatly fixed the same day!"

oh cool, a list of things LastPass is protected against, thanks for confirming how secure LastPass is!

No, user, I would never do that.

I just want to know what it is and how do you go about remembering it. So spit it out.

Why not ask the NSA to store your data directly?

I find it for some use cases to be extremely useful.
- Since I have brain, then I can memeorize good password for KeePass kdbx file.
- For any garbagesite which requires account for mega.nz links I can just create RANDOM account with RANDOM password.

NSA won't empty out my bank account. A russian scriptkiddy might though.

Doesn't LastPass also have a local database function?

keepass lost my username and random password for a money account, so....fuck keepass? (or fuck me cause I never told it to save for some stupid reason)

>not just keeping a book of your passwords
its 10x more convienient and 10x as safe. As long as you're not retarded and don't put
THIS IS MY EMAIL PASSWORD
THIS IS MY ONLINE BANKING PASSWORD
then you're also literally never going to have an account stolen

Is this a meme?

I thought you were against the botnet?

Why do you want all your account info in one place? With all your passwords none the less.

What happens when they get hacked?

>20 characters
you mean 40 (a lot of sites limit it to 40) and 100 characters.

>just stay away from lastpass

Yeah, stay away from the most popular thus the most tested choice with computer security experts constantly looking around the code for bugs, but instead use a less popular one with less attention and people looking around trying to find bugs/hazards. Smart.

It makes no difference unless there are blacks in your area breaking into homes and stealing notebooks. But it's also good storing it on an old phone, just disable/delete everything except a txt storing app, put it in airplane mode and back up your passwords on a memory card just in case the phone dies for some reason. It's much better to store passwords on devices with no Internet access than using meme programs and cloud services.

It s a great tool, give it a try you d enjoy it.

>manually typing 40 randomly generated passwords everytime he logs into a website

I prefer to just click "copy".

I bet you also fully trust Windows and iOS because you think it's popular therefore it must be secure

>not using 123456 as your password everywhere

No, but it's surely more secure than something like "Obongo OS".

>implying people use anything more than 16 characters
>implying anyone cares about the 5 seconds lost for typing the password

Having a unique strong password for every service is a good idea.
A password manager is a way to do that while keeping the convenience that it is to not remember a lot of passwords.

But if you use an online service, you just have one new point of attack, should your account be breached, every account is breached.

A better solution would be to use fewer accounts.
combined with fewer computers where you access these accounts, you don't have to keep track of a lot of passwords.

I think if someone is dumb enough to use lastpass, then he should only use it for throw away accounts and not for things like email.

I have everything on a keypass database. I have several backups of the database on different computers and a copy on my USB on my keychain, pw is 9 random characters and symbols which I hope secure enough, I've memorised it off by heart

Works pretty good for me

This. While I don't exactly trust the NSA, they are after all a government agency. Storing my passwords (for normie sites) directly with the NSA doesn't seem like a bad idea, they probably have good security.
No, it's client side encrypted. Beware of LastPass however, logmein aren't trustworthy (they still have metadata)

I'm gonna propose an idea, someone tell me why it is bad.

We all know we should have a different password for each service or website, so why not make a system where the password you use is based upon the name of the service it is for.

This way, you can log into any website or service anywhere in the world, and you don't have to store the passwords anywhere. In fact, you should be able to derive the password from the name of the service. This way, you remember the process, rather than a thousand different passwords.

This way, for someone to have to figure it out, they would have to get a hold of 2 different passwords for 2 different services, and even then they would have to notice the system, which can be very hard if you're smart.

This kind of system along with 2 factor authentication means you're basically good, you don't have to store your password anywhere, you don't have to remember 100 passwords, you're pretty much as secure as anyone else as long as you never tell anyone how to derive the password.

Here's an example system off the top of my head:

1) Constant word is 'purple'
2) Intersperse this with the reverse of the name of the service.
3) At the end add the number of letters in the service, first letter the number, the last letter is capital.

You just have to remember these three steps.

Say you want to make a password for gmail

lpiuarmpgle5ivE

You need to know your password for youtube?

epbuurtpuloey7eveN

Even if somehow, an attacker got a hold of two of your passwords, they'd have to manually inspect it and make the connection and then figure out the process. In that case you have two factor authentication enabled because you're not an idiot and you just come up with a new process.

With this, you can go anywhere in the world, don't have to store your passwords in the cloud, etc.

>I'm gonna propose an idea, someone tell me why it is bad.
First question you need to answer: You should assume that of your 100 accounts, an attacker can look at 10 of their passwords. Is your scheme secure under that circumstance?

Second question you need to answer: Is this scheme practical? Can you readily and quickly type your password without needing to basically remember it either way?

What is the real life probability that an attacker is going to get even 2 or 3 of these passwords though? Surely it can't be very high if you're not being an idiot. Even when passwords do get leaked, they're usually dumps of hundreds of thousands of passwords. People rarely look at them manually and hard enough to see that there is a possibility they are linked in some way. I know security through obscurity isn't good, but practically, it doesn't seem like a huge risk.

Generally, you would stay logged in with sessions/store your password locally in the browser. The method would mainly only have to be used when you're away from your own computer, etc.

>everyone here is American
Even I wouldn't trust NSA that much. They're a totalitarian agency.

>should your account be breached, every account is breached.

It's important to do risk assessment here.

There are good ways to securely store information. The problem is that institutions that ought to know how (i.e. major banks) have shown us they don't. A good password manager has every generated password encrypted w/ your root password as a key. The root password is salted and encrypted. A brute-force attack against your account won't work because we're smart and we've setup two-factor authentication. If attackers compromised the password manager's infrastructure, we're still pretty OK since all the passwords are encrypted and we have a securely stored root password. Computational complexity buys us enough time to change these passwords without any problem.

I'd say it's riskier not to use a password manager than to use one.

You honestly believe the government would tell people that their information was compromised by the Chinese or some Nigerians?

Unless your government gets caught with their pants down then they're going to just sweep it under the rug and hope for the best. The government isn't about to tell people they made a mistake no matter how inept or competent they are. There are people from all over the world attacking government databases so it's safe to assume some amount of data has been compromised.

You should just use something that has a local database and make regular backups. Do as much as you can to keep all essential information offline and anything like facebook or youtube information separate from important information like your money/purchase/bank history.

The whole point of using different passwords for different services is to keep your other accounts secured if one is compromised.

If your password is essentially "MyPassword@[service]", it's just as secure as using the same password for everything.

I use pass, gpg encrypts passwords. Also use it to generate and store usernames
pass -c — copy password
pass generate -c — generate n char password

>tfw i actually use this for accounts i dont care about

Your passwords are protecting something that is in the cloud, lol

Read about how it works. They can't decrypt anything

I'm surprised that no one here mentioned about enpass. I use enpass and it has pretty much every functionality that your favorite pass manager has got except that it is not as botnet as them.

Does everything locally and still supports the cloudsync meme.

All of you need to learn how these password managers do security

Bunch of ignorance ITT

>not using Excel

You're a meme

Apple uses nCipher HSMs to store keys, this is better and more secure than any user's home server setup.

Let me know when Linux or Microsoft start saving passwords using independently verified tamper proof crypto-processors.

Oh wait I forgot, this is the board where only fags buy apple. I guess only fags like the highest level of security too, must be a fag thing.

blog.cryptographyengineering.com/2016/08/is-apples-cloud-key-vault-crypto.html

yup

fucking lol, Apple basically has a private key Fort Knox setup here but the keepass local database is keeping him safe, for sure man.

>not using excel with temps and autosave

>not storing your shit offline
You're a meme