Bitcoin Forum
December 08, 2016, 02:14:14 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Is anyone still not using a Password Manager?  (Read 1772 times)
Noam
Newbie
*
Offline Offline

Activity: 19


View Profile
June 21, 2011, 05:49:34 AM
 #1

Hi All,


Considering all the recent cases where people's usage of passwords turned out to be less than optimal (and sometimes just negligent), allow me to recommend a free, user friendly, secure password manager: passpack.com.

It can create random passwords for you at many lengths, so you can have very secure passwords, and most important - a different one for each service you use, for each encrypted wallet file you create, for exchanges and whatever...

I am not related to passpack in any way, I just wanted to take this opportunity and help in case a few of you feel overwhelmed by the need to manage many secure passwords at once.

If anyone else has a different tool they prefer please share it as well.


Lets take security up a notch, for everyone's sake...


1481163254
Hero Member
*
Offline Offline

Posts: 1481163254

View Profile Personal Message (Offline)

Ignore
1481163254
Reply with quote  #2

1481163254
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481163254
Hero Member
*
Offline Offline

Posts: 1481163254

View Profile Personal Message (Offline)

Ignore
1481163254
Reply with quote  #2

1481163254
Report to moderator
1481163254
Hero Member
*
Offline Offline

Posts: 1481163254

View Profile Personal Message (Offline)

Ignore
1481163254
Reply with quote  #2

1481163254
Report to moderator
imperi
Full Member
***
Offline Offline

Activity: 196


View Profile
June 21, 2011, 05:57:41 AM
 #2

My "Password Manager" is in my brain, where nobody else can see them.
Noam
Newbie
*
Offline Offline

Activity: 19


View Profile
June 21, 2011, 06:00:36 AM
 #3

My "Password Manager" is in my brain, where nobody else can see them.


I keep about 50 passwords, each one with 12-16 random chars... my brain is just not up to that...
Gareth Nelson
Hero Member
*****
Offline Offline

Activity: 722


View Profile
June 21, 2011, 06:00:58 AM
 #4

Hi All,


Considering all the recent cases where people's usage of passwords turned out to be less than optimal (and sometimes just negligent), allow me to recommend a free, user friendly, secure password manager: passpack.com.

It can create random passwords for you at many lengths, so you can have very secure passwords, and most important - a different one for each service you use, for each encrypted wallet file you create, for exchanges and whatever...

I am not related to passpack in any way, I just wanted to take this opportunity and help in case a few of you feel overwhelmed by the need to manage many secure passwords at once.

If anyone else has a different tool they prefer please share it as well.


Lets take security up a notch, for everyone's sake...




Or, you can generate them yourself on your own trusted hardware.
Take a linux netbook with no internet connection and run uuidgen a few times, memorise some of the results and store them in your brain.
If you MUST store passwords outside your brain, make sure that whatever you use to store the passwords remains on your person 24/7 even while sleeping.

DO NOT use a third-party website to generate passwords - it'd be trivial for that site to log all passwords it generates, and considering how easy it is to generate passwords yourself that stinks of a scam.
Gareth Nelson
Hero Member
*****
Offline Offline

Activity: 722


View Profile
June 21, 2011, 06:03:21 AM
 #5

My "Password Manager" is in my brain, where nobody else can see them.


I keep about 50 passwords, each one with 12-16 random chars... my brain is just not up to that...

Go to relentlessimprovement.com, order ortho-mind, alpha-GPC and piracetam. Next, get some pregnolone from healthmonthly.co.uk.
Take the above daily and avoid alcohol and bumps to the head while practicing neurofeedback and meditation.

Long term memory is EASY to enhance.
imperi
Full Member
***
Offline Offline

Activity: 196


View Profile
June 21, 2011, 06:05:23 AM
 #6

My "Password Manager" is in my brain, where nobody else can see them.


I keep about 50 passwords, each one with 12-16 random chars... my brain is just not up to that...

You can re-arrange the letters of a website to make passwords. For example, bitcoin.org could turn into n41iR32Rr22141R32Rr221.

The n is from the last letter of the domain.
The i is from the 2nd letter of the domain.
41R32Rr221 is what you memorize, and repeat it twice (with the i inserted into it). This is similarly done for every password. You could also have a number at the end for whether it's an even or odd number of characters in the domain.
bitdragon
Hero Member
*****
Offline Offline

Activity: 610


peace


View Profile WWW
June 21, 2011, 06:08:29 AM
 #7

keepassx.org has simplified my life immensely Smiley

Personally, i prefer to have my codes with me on my stick in an encrypted database rather than through an online interface-

Hook^
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 21, 2011, 06:11:09 AM
 #8

Hi All,


Considering all the recent cases where people's usage of passwords turned out to be less than optimal (and sometimes just negligent), allow me to recommend a free, user friendly, secure password manager: passpack.com.

It can create random passwords for you at many lengths, so you can have very secure passwords, and most important - a different one for each service you use, for each encrypted wallet file you create, for exchanges and whatever...

I am not related to passpack in any way, I just wanted to take this opportunity and help in case a few of you feel overwhelmed by the need to manage many secure passwords at once.

If anyone else has a different tool they prefer please share it as well.


Lets take security up a notch, for everyone's sake...



Open Source Password Safe has the same features and more.
Noam
Newbie
*
Offline Offline

Activity: 19


View Profile
June 21, 2011, 06:12:33 AM
 #9

keepassx.org has simplified my life immensely Smiley

Personally, i prefer to have my codes with me on my stick in an encrypted database rather than through an online interface-

PassPack encrypts your passwords using a key set by you, it has an online interface and an offline one (desktop application), and you can save a dump of the encrypted passwords. But KeePassX looks great as well, I checked it out before making my decision, but in my case I preferred an online interface...
Gareth Nelson
Hero Member
*****
Offline Offline

Activity: 722


View Profile
June 21, 2011, 06:14:22 AM
 #10

My "Password Manager" is in my brain, where nobody else can see them.


I keep about 50 passwords, each one with 12-16 random chars... my brain is just not up to that...

You can re-arrange the letters of a website to make passwords. For example, bitcoin.org could turn into n41iR32Rr22141R32Rr221.

The n is from the last letter of the domain.
The i is from the 2nd letter of the domain.
41R32Rr221 is what you memorize, and repeat it twice (with the i inserted into it). This is similarly done for every password. You could also have a number at the end for whether it's an even or odd number of characters in the domain.

A password I no longer use was once made up of the following (and this was years ago, so it's of no use to any potential attackers now):
6 random digits generated by a 386 (see, years ago)
another 6 letters+digits from the combination to the door lock for a hotel room somewhere in london

I mixed the 2 together to get a 12-digit password

But a website? That's silly

Another thing people commonly do is to take a dictionary word and add 2-3 digits, such as Flower29 - that's downright dumb, it only multiplies the number of words to try by 100 and that's not a lot.
You should try to avoid reducing the search space for a potential attacker - anything which has a yes/no answer you should consider as 1 bit of the key, if you answer yes or no, you've given away 1 bit of the key to the attacker on average.

People also do silly things like make their password a swearword when they're known for not swearing on the theory people won't try it - the common 4 letter swears are amongst the first tried (fuck, shit, cunt etc).

Generate random numbers, do whatever you must to memorise them, and if you really can't then store them on a completely disconnected device OR in paper form with something that stays on your person even while sleeping.
imperi
Full Member
***
Offline Offline

Activity: 196


View Profile
June 21, 2011, 06:14:51 AM
 #11

Passwords are very important to remember. I disagree with handing them off to another authority.
imperi
Full Member
***
Offline Offline

Activity: 196


View Profile
June 21, 2011, 06:16:02 AM
 #12

My "Password Manager" is in my brain, where nobody else can see them.


I keep about 50 passwords, each one with 12-16 random chars... my brain is just not up to that...

You can re-arrange the letters of a website to make passwords. For example, bitcoin.org could turn into n41iR32Rr22141R32Rr221.

The n is from the last letter of the domain.
The i is from the 2nd letter of the domain.
41R32Rr221 is what you memorize, and repeat it twice (with the i inserted into it). This is similarly done for every password. You could also have a number at the end for whether it's an even or odd number of characters in the domain.

A password I no longer use was once made up of the following (and this was years ago, so it's of no use to any potential attackers now):
6 random digits generated by a 386 (see, years ago)
another 6 letters+digits from the combination to the door lock for a hotel room somewhere in london

I mixed the 2 together to get a 12-digit password

But a website? That's silly

Another thing people commonly do is to take a dictionary word and add 2-3 digits, such as Flower29 - that's downright dumb, it only multiplies the number of words to try by 100 and that's not a lot.
You should try to avoid reducing the search space for a potential attacker - anything which has a yes/no answer you should consider as 1 bit of the key, if you answer yes or no, you've given away 1 bit of the key to the attacker on average.

People also do silly things like make their password a swearword when they're known for not swearing on the theory people won't try it - the common 4 letter swears are amongst the first tried (fuck, shit, cunt etc).

Generate random numbers, do whatever you must to memorise them, and if you really can't then store them on a completely disconnected device OR in paper form with something that stays on your person even while sleeping.

The purpose of my suggestion was to have a unique and effective password for every site that you can remember.

If you are using the same password for multiple websites, then you've already lost.
da2ce7
Legendary
*
Offline Offline

Activity: 1218


Live and Let Live


View Profile
June 21, 2011, 06:19:16 AM
 #13

https://www.grc.com/%5Chaystack.htm

useful!  From this I should be secure!

One off NP-Hard.
Gareth Nelson
Hero Member
*****
Offline Offline

Activity: 722


View Profile
June 21, 2011, 06:19:44 AM
 #14

My "Password Manager" is in my brain, where nobody else can see them.


I keep about 50 passwords, each one with 12-16 random chars... my brain is just not up to that...

You can re-arrange the letters of a website to make passwords. For example, bitcoin.org could turn into n41iR32Rr22141R32Rr221.

The n is from the last letter of the domain.
The i is from the 2nd letter of the domain.
41R32Rr221 is what you memorize, and repeat it twice (with the i inserted into it). This is similarly done for every password. You could also have a number at the end for whether it's an even or odd number of characters in the domain.

A password I no longer use was once made up of the following (and this was years ago, so it's of no use to any potential attackers now):
6 random digits generated by a 386 (see, years ago)
another 6 letters+digits from the combination to the door lock for a hotel room somewhere in london

I mixed the 2 together to get a 12-digit password

But a website? That's silly

Another thing people commonly do is to take a dictionary word and add 2-3 digits, such as Flower29 - that's downright dumb, it only multiplies the number of words to try by 100 and that's not a lot.
You should try to avoid reducing the search space for a potential attacker - anything which has a yes/no answer you should consider as 1 bit of the key, if you answer yes or no, you've given away 1 bit of the key to the attacker on average.

People also do silly things like make their password a swearword when they're known for not swearing on the theory people won't try it - the common 4 letter swears are amongst the first tried (fuck, shit, cunt etc).

Generate random numbers, do whatever you must to memorise them, and if you really can't then store them on a completely disconnected device OR in paper form with something that stays on your person even while sleeping.

The purpose of my suggestion was to have a unique and effective password for every site that you can remember.

And that's good advice, but you should use true entropy and THEN add associations to help remember it, doing the reverse makes an attacker's job easier.
Here's a random password i've just generated (not used on any accounts of course):
77adc009ea6d
Totally random entropy, but I can find patterns to help me remember it.

adc? the band AC/DC with a bit missing
77 - 2 digits, easy to remember as it's duplicated
009 - 900 backwards, or 9/11 backwards -11

and so on


Basically, you use the same techniques schizophrenics use to find messages in the bible, but to find messages in your random password - it then sticks in your head better.
Oldminer
Legendary
*
Offline Offline

Activity: 1022



View Profile
June 21, 2011, 06:24:38 AM
 #15

Yup, never really liked the idea of 1 central location for all my passwords, having only 1 password to 'crack' to access them all, and keeping them all up to date etc but tried a free one last night and its works superbly. Picked up a stack of passwords on install and saved them to a central website. The 'auto-fill' is quite nice too (even better than chrome auto-fill). Quite like the software. Smiley

If you like my post please feel free to give me some positive rep https://bitcointalk.org/index.php?action=trust;u=18639
Tip me BTC: 1FBmoYijXVizfYk25CpiN8Eds9J6YiRDaX
mieomeo
Newbie
*
Offline Offline

Activity: 22


View Profile
June 21, 2011, 06:43:34 AM
 #16

My password for mtgox is something like this:
Yh&*(&$#hihJE83#*91@()$#G
and still when mtgox got hacked, just some hours before it got shutdown, I couldn't log in anymore, someone changed it and deleted my email from my account  Huh
triforcelink
Member
**
Offline Offline

Activity: 112



View Profile
June 21, 2011, 07:49:37 AM
 #17

My password for mtgox is something like this:
Yh&*(&$#hihJE83#*91@()$#G
and still when mtgox got hacked, just some hours before it got shutdown, I couldn't log in anymore, someone changed it and deleted my email from my account  Huh
that's scary, I changed my password a couple of hours before mtgox went down.

bitdragon
Hero Member
*****
Offline Offline

Activity: 610


peace


View Profile WWW
June 21, 2011, 08:43:49 AM
 #18

My password for mtgox is something like this:
Yh&*(&$#hihJE83#*91@()$#G
and still when mtgox got hacked, just some hours before it got shutdown, I couldn't log in anymore, someone changed it and deleted my email from my account  Huh
How do you know your email got deleted ? It is possible logging in was disabled/difficult at that time no?
My password was very similar to the one displayed above and I hope it will be fine in a few days too- if trades are rolled back, at worst, is a bitcoin withdraw worth 1KUSD which cannot be more than 200BTC (and I expect these to be compensated for...) however, if someone has my password, I am counting on using the same IP to authenticate myself and will not be travelling to Latvia soon- I was wanting to withdraw my coins last week but was slow on that.

rebuilder
Legendary
*
Offline Offline

Activity: 1618



View Profile
June 21, 2011, 08:56:30 AM
 #19

For passwords I need to remember on a daily basis, I will usually generate passes I can remember phonetically. One way I tend to do this is to look around wherever I am when I'm making the password, see what words come up in my mind at the moment, apply some free association until I come up with something you won't find in any dictionary, nor could even associate with the words I used. Then add capitalizations and special characters, typing out the password to see what kind of combination seems haptically natural to me.

So for example I'm looking at a plastic model of a space invader now. Invader > Vader >walsdorf>wassroed>W8SsR?3D

After a while of using this pass, I wouldn't need to remember the sequence I used to "derive" it, but before I get that accustomed to it, it can be useful to have a kind of memory trace I can refer to if I forget what it was.

For more important things I'll use longer passwords stored in a text file in an encrypted container secured with a long passphrase.

Selling out to advertisers shows you respect neither yourself nor the rest of us.
---------------------------------------------------------------
Too many low-quality posts? Mods not keeping things clean enough? Self-moderated threads let you keep signature spammers and trolls out!
mieomeo
Newbie
*
Offline Offline

Activity: 22


View Profile
June 21, 2011, 09:02:25 AM
 #20

My password for mtgox is something like this:
Yh&*(&$#hihJE83#*91@()$#G
and still when mtgox got hacked, just some hours before it got shutdown, I couldn't log in anymore, someone changed it and deleted my email from my account  Huh
How do you know your email got deleted ? It is possible logging in was disabled/difficult at that time no?
My password was very similar to the one displayed above and I hope it will be fine in a few days too- if trades are rolled back, at worst, is a bitcoin withdraw worth 1KUSD which cannot be more than 200BTC (and I expect these to be compensated for...) however, if someone has my password, I am counting on using the same IP to authenticate myself and will not be travelling to Latvia soon- I was wanting to withdraw my coins last week but was slow on that.


I know because everytime I try to recover my password, it says that there's no email for my account Sad. Hope it's just temporary disable of my account  Huh.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!