Bitcoin Forum
December 02, 2016, 10:36:36 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: What is the best way to secure passwords?  (Read 1763 times)
yellowknife
Newbie
*
Offline Offline

Activity: 10


View Profile
June 21, 2011, 01:06:44 PM
 #1

This is not necessary a bitcoin-specific question, but it is certainly an important issue for bitcoin users, especially in light of recent disclosure of hashed passwords from mtgox.

What is the best way to keep your passwords secure? I have long believed in memorizing passwords and not writing them down or storing them anywhere. However these days with so many different logins to keep track of, it doesn't seem practical anymore to try to keep a variety of passwords memorized. I can make my passwords much longer and more secure if I don't have to memorize them.

I've looked at password management tools such as keepass, but I can't help but feel nervous about having all of my passwords stored in one place, even if it is encrypted. And even then, the question becomes, where to store that file? If I store it on my PC, it could be vulnerable to malware which copies it offsite somewhere where it can be brute-forced. If I store it on a thumbdrive, I risk losing access to everything if I ever lose the thumbdrive. If I store it "in the cloud", I risk security issues such as the issue with Dropbox yesterday (where you could log in to any account without a password for 4 hours).

I'm genuinely interested in how people are dealing with this. There doesn't seem to be a clear best solution.

1KPoUYMbb9qqMF94DHWh3DL93bdNETcopo
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480718196
Hero Member
*
Offline Offline

Posts: 1480718196

View Profile Personal Message (Offline)

Ignore
1480718196
Reply with quote  #2

1480718196
Report to moderator
1480718196
Hero Member
*
Offline Offline

Posts: 1480718196

View Profile Personal Message (Offline)

Ignore
1480718196
Reply with quote  #2

1480718196
Report to moderator
InstaGx
Member
**
Offline Offline

Activity: 70



View Profile
June 21, 2011, 01:22:28 PM
 #2

What ever you do you should always save it in different physical locations. The redundancy will minimize the risk of loosing all those passwords.

Also you shouldn't register all important accounts on the same e-mail address. You can make more than one GMail account for example.

For the encryption I'd choose a password container with encryption like KeePass and a small Truecrypt container. Put the password container into the Truecrypt volume and sync it (the Truecrypt container) with other services. If your dropbox gets compromised they'd still have to crack the Truecrypt container. The password database is encrypted too, so you can have the Truecrypt volume mounted all the time. The passwords would only be exposed if KeePass (or LastPass or whatever) is currently running.

Buy High - Sell Low
azuthus
Newbie
*
Offline Offline

Activity: 10



View Profile
June 22, 2011, 02:09:16 AM
 #3

Hi,

I use Data Guardian for my passwords and to generate strong pw.

Like Truecrypt, Data Guardian uses one master pw. I backup the Data Guardian db in many different places so if my computer goes down or the file gets corrupted, I always have a backup.

There are the FireFox ways such as synching them using many of the addons that they offer such as lastpass or Xmarks all.

Good luck and let us know how you make out and what you settled on.

Az
justusranvier
Legendary
*
Offline Offline

Activity: 1400



View Profile WWW
June 22, 2011, 02:14:41 AM
 #4

I've been very happy with LastPass.
Ukigo
Hero Member
*****
Offline Offline

Activity: 924


View Profile
June 22, 2011, 03:17:10 AM
 #5

I write my passwords in tokenized format.
Say you have password : $Young76Soul%BeastVgy7
Tokenized format will be  $Y76S%BV.
All you need to remember is your dictionary : Y = Young, S = Soul etc.
Also i  use NOT english words, but from exotic languages such as
Somaali, Swahili and so on. IMHO it's quite safe to keep such passwords
 on paper.
Dropbox is BAD b/c they run application at your PC.
Remote backup solution must use only secure connection between
your box and remote one with SSl/TLS.
All encryption must be done at your PC by you, not by someone else.

"...Enemies are everywhere ! Angka is all rage ! Be a good soldiers, blow everything... " <-- Pol Pot (C)
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!