Password management

So what's stopping the FBI or any private party exempt from 4th Amendment restrictions from looking at the bottom of your safe and sending your dick pics to your girlfriend's father?

pen
and
paper
what fucking else would you use?

Pen, paper, which i roll and shove into my urethra

i use my brain because i'm not a fucking simpleton pleb.

I use pass (passwordstore.org/), the standard unix password manager. It has a command line interface by default but there a community run gui in qt. It uses gpg for it's encryption and uses git to sync between devices.

how safe is using a master password for firefox?

Your brain and passwords are shit

I'm using LastPass now, seems good to me.

Same, except 16-characters. I was diagnosed with the 'tism last year, too, haha.

Might as well call the NSA when you forgot a password

Please give me bunga bunga yes

I have 5 different ones or so.

Same for PC unlock and G-mail
General use password for non important services
One for Facebook
One for Dropbox because of the hack
One for financial like PayPal and amazon

Just started using 1Password myself. Great interface, secure even after that Cloudflare fuckup, and separate 24+ character passwords for each account I have. Shit's nice.

I AM BEING SICK OF WAIT FOR BUNGA BUNGA NOWW

how hard is it to even break?

That's not even the point. How has the idea to store and manage all your passwords on someone else's computer ever become popular? Especially companies big enough so that you can be 100% they have backdoors

TSM

KeePassX on Manjaro
KeePass 2 on Windows
KeepPass2Android on Android

Good luck making it impossible to change passwords when one of them gets compromised, and also getting all of your accounts compromised when any one of the passwords get compromised.

>password crackers know all of your little memory tricks
>your personal memory trick is not special, and you're not a special snowflake
>a few consumer GPUs can burn through TRILLIONS of guesses per second

cool entropy, bro

i'm in the process of switching to lastpass with 2fa for most of my shit. not really worried like some people. it's been audited and its implementation is solid.

I'm using 2fa as well, using duo and google authenticator.

Is it safe to put my database file in a dropbox of the file is encrypted anyways?

How many character password should my master password be?

>The passwords are very similar except that I change the first and last 5 characters depending on what the password goes to.
yeah, well, this does literally nothing, might as well use the same one

KeePassX / KeePassDroid
Only have to remember the passphrase and either PC login or phone unlock combination.

Anyone using selfhosted pass manager such as vault or passbolt? I'm interested in hosting these 2 locally, anyone have deployed this 2 on their network yet?

how safe is a password protected excel sheet?

>>digital offline seems too easy to lose even with backups
You can additionally upload the password database to cloud storage providers. If your master password is strong enough, you don't have to worry.

In the worst case, you usually have a "forgot my password" mechanism which lets you reset it.

Very secure. Which you'd find out if you'd just bother to search.

Do you even know what Master Password for Firefox is?

what risk will be greater?

-police doing that
-random korean hacker tries to get to your back account.

the latter is probably happening right now

just us something non-digital to safe passwords. like at the first page of a book in your room

>>scribble it all down on papers that I have hidden somewhere
>>digital offline seems too easy to lose even with backups
I don't get this meme.

>house burns down while you're away
>lose all your passwords
A proper backup is just as good as scribbling it down somewhere. An online backup (i.e. it's stored in a different place) is even better.

Has anyone used Spideroak Encryptr or has any experience with it? developemnt doesn't seem active any more on it

I use lastpass and I let it generate 48 character length passwords for my all other shit.

I've been doing this also, but I'm getting a bit anxious lately over the possibility of a person getting one of my passwords and then have instant access to every website... Talk courage into me user? Please?

I really hope this is bait.

This.

use a password manager idiot

p a s s
a
s
s

masterpasswordapp.com/ Get your passwords anywhere. without cloud storage whatsoever

your password is generated based on your master password, name and website

Might as well use a password manager app on the smartphone (and your personal PCs) and generated passwords. You'll have to remember less and it's just as, if not more, secure.

This
Keepass is the best locally saved password manager.

Company I work for we built a password cracker and that thing can chew through almost anything but keepass files. as long as you change the password to the DB every now and then its basically perfect.

For cloud based last pass is hard to beat. Yeah they have been popped but they salt the passwords to unbelievable levels. By the time anyone got around to actually breaking into an encrypted dump the passwords would already be changed and worthless.

>IOS only

no

What are some good plugins for Keepass2?

I don't

Hope that's bait. Both are easily broken in seconds

I was going to say the same but figured its either bait or someone who literally has no idea what they are talking about.

>Both are easily broken in seconds
I have no idea about Excel.

But Firefox will encrypt the passwords with your master password using 256-bit AES. It is very secure.
Unless you're using Firefox Sync to sync passwords.

>encrypting my 3tb external hdd with 1 pass wipe
>estimated time 40 hours

paper and pencil is insecure against keyloggers.

Desktop tech here. My company doesnt have functioning SSO and different systems have a different rotation schedule, so pretty much everyone just has a notepad full of passwords somewhere at their desk.

totp
Better yet, if the .xlsx just has a protection password (not encrypted) you can actually rename the extension to .zip, open the XML inside and ctrl+f for 'password'

I use lastpass, it works great and it's secure.

>2011
>not using a password manager

>Integrates well into the browser but doesn't store your passwords in a cloud.
Why is that an issue if it's just an encrypted container that is synced with the "cloud". It's not like they'll get your password.

I use lastpass

Because it's another attack vector. If you have anything of vital importance then don't store it on a network.

Thank for the password, sucker. I'm hacking your PC as we speak ;^)

Brain Pro 2017.

I run a light linux vm with encrypted disk on my homeserver. On this vm I keep a keepass database out of which I can copy+paste my keys anywhere with a vnc+openvpn combo. While vnc is not encrypted, I use it only via openvpn tunnel. Has worked well for years. I never move the keepass database off the vm, I just copy the whole vm (which is encrypted) for backup purposes.

security through obscurity is the best security.

Come up with a system completely weird and alien that nobody would know how to figure it out even if they had it right in front of them.

passwordstore.org/

passwords.txt
haven't been hacked yet

Well if it's encrypted it should be fine.

this

I bet nobody can figure out my google account password

a notepad file that i keep in a folder of food pictures called "recipes to try"
along with a physical list stuffed into the middle of a cookbook

This. Been using it for at least 2 years now, works great.

plaintext on an unencrypted fs
:)

>security through obscurity is the best security.
I thought its supposed to be the worst actually. Isnt that why all the best encryption algorithms are open.

keepass and keepassx work great for me. I dont use it for everything though just stuff that I need to be secure.

GPG encrypted text file

Exactly. This is why I uploaded all my passwords in plaintext on my github.

So I'm currently using an excel sheet for all my passwords.

If I switch to KeePass, how do I save the local pw-db file so I can use it on my iphone or on another computer I own? Google Drive? Dropbox?

Anyone know the difference between LastPass free vs. premium?

I have Password Safe where I save my passwords and also generate them when I need passwords for services I won't frequently need to manually login to.

For important shit I'll use a certain words with some not-too obvious character switches, something easily memorable like dogpiss, except I type it !d8gp3ss which should be strong enough yet easily memorised.

I also save my passwords to Opera without a master password so they're probably in plaintext somewhere on my computer but idgaf. I'm not too worried about some hackers gaining access to my files and searching for a password file of a deprecated browser.

This, if there is only a local copy, how do you login outside of your work/in an unexpected enviroment?

I use lastpass for everything unimportant: Slack teams, forums, reddit, social media, etc.

I don't store my email or banking passwords in Lastpass, so if it is ever compromised it doesn't really matter.

If you don't use a password manager for flippant logins you're just making your life harder.

>!d8gp3ss
>which should be strong enough yet easily memorised

Uh, no:
>password.kaspersky.com/

What about pass? Its a command line based password manager. Can install it with termux on your phone and there are packages for most distros.

or i could just kill myself

You all should just write your passwords on your dick. No one will ever see them then.

I use lastpass with 2FA for everything, including the important stuff. Lastpass makes my bank credentials more secure, not less.

not the trans pieces of shit working on firefox commenting code all day would actually suggest that.

At least we have a dick.

My dick is too small to fit my passwords on it.

Can anyone who uses KeePass answer these questions?

Personally, I've saved it in Dropbox. Some people will advocate against it. But since I'm using a fairly secure password I think I'm good.
I don't know about KeePass iPhone apps.

I usually don't, but if I really have to I keep an older copy (updated like once a month or a few) on my encrypted phone (keepass on pc and keepassdroid on android from f-droid).

Master one is on a pc and all passwords are updated to it's database. Usually random passwords needed are up to date even on an older db on phone.

One might keep his keepass db in cloud, I guess. But I've never felt the need for that.

My uncle had an old Websters dictionary in his small library, scanned a page in the middle and then replaces however amount of the text with his passwords and what they go to in a brief message.

And then glues the page back into the dictionary.

>tfw he need a definition for a word that the page covered.

keepass.info/help/v2/sync.html

if you need to.

To continue, I guess it would be a two minute thing to set up a tasker routine
- once a day
- when connected to home wlan
- copy keepass db from nas

sounds decent until you realize that glueing some paper in the middle makes it really really easy to spot on a book.

Well i mean he took the time to get the right color of the page, etc. It looks pretty legit, had he not ever told me I would of never noticed.