How do you store your passwords?

[yatsey87]

I just keep them on pendrive in an ordinary txt file. I don't use all this sneaky renaming, noone touches my stuff anyway 

Similar here. With a little maths (algorithm) involved to get the actual passwords.

As long as you use the pen drive on a safe computer. I recommend using a linux boot CD. If your computer is infected when you look at the password text file you could be in trouble.

If you have to write passwords down it kinda defeats the point. Just make a reminder. If your password is Bitcoinpimp2014 just write down btcp14.

[guybrushthreepwood]

I just keep them on pendrive in an ordinary txt file. I don't use all this sneaky renaming, noone touches my stuff anyway 

Similar here. With a little maths (algorithm) involved to get the actual passwords.

As long as you use the pen drive on a safe computer. I recommend using a linux boot CD. If your computer is infected when you look at the password text file you could be in trouble.

If you have to write passwords down it kinda defeats the point. Just make a reminder. If your password is Bitcoinpimp2014 just write down btcp14.

Yeah, as long as you don't forget what btcp14 means lol.

[BadBitcoin (James Sutton)]

I store them in my head, and they are 20 character passphrases not passwords.

I forgot one for a BTC wallet late last year. It wasnt fun but I remembered it after trying combinations for a few days. You have to be very careful.

I recommend keeping passwords in your head, but not massive 20 character pass-phrases lol.

I use a 9 word passphase with a acronym in the center, just what wikipedia suggests I do.

As an added bonus, I can't spend my coins while intoxicated because my password is way too complex to type properly when on drugs so I have my own anti-drug security measure on my bitcoin wallet, woho.

[whtchocla7e]

My password(s) is a 256 bit hash of several answers to very personal questions. Basically a puzzle that you have to solve in certain order.

Yes, it's a big hassle to retrieve it. On the other hand, yes it's a big hassle to retrieve it. 

[guybrushthreepwood]

My password(s) is a 256 bit hash of several answers to very personal questions. Basically a puzzle that you have to solve in certain order.

Yes, it's a big hassle to retrieve it. On the other hand, yes it's a big hassle to retrieve it. 

lol, big paswords wont matter if you've got a keylogger though  .

[BadBitcoin (James Sutton)]

My password(s) is a 256 bit hash of several answers to very personal questions. Basically a puzzle that you have to solve in certain order.

Yes, it's a big hassle to retrieve it. On the other hand, yes it's a big hassle to retrieve it. 

lol, big paswords wont matter if you've got a keylogger though  .

If you're incompetent enough to have a keylogger on your system and not understand why you should be regularly scrubbing your "run on start" programs (hijackthis! generally is my tool of choice) then you have bigger issues than keyloggers I reckon.

[guybrushthreepwood]

My password(s) is a 256 bit hash of several answers to very personal questions. Basically a puzzle that you have to solve in certain order.

Yes, it's a big hassle to retrieve it. On the other hand, yes it's a big hassle to retrieve it. 

lol, big paswords wont matter if you've got a keylogger though  .

If you're incompetent enough to have a keylogger on your system and not understand why you should be regularly scrubbing your "run on start" programs (hijackthis! generally is my tool of choice) then you have bigger issues than keyloggers I reckon.

That's true. I prefer to use linux anyway.

[BadBitcoin (James Sutton)]

My password(s) is a 256 bit hash of several answers to very personal questions. Basically a puzzle that you have to solve in certain order.

Yes, it's a big hassle to retrieve it. On the other hand, yes it's a big hassle to retrieve it. 

lol, big paswords wont matter if you've got a keylogger though  .

If you're incompetent enough to have a keylogger on your system and not understand why you should be regularly scrubbing your "run on start" programs (hijackthis! generally is my tool of choice) then you have bigger issues than keyloggers I reckon.

That's true. I prefer to use linux anyway.

Just because you're using linux doesn't mean your keylogger proof https://code.google.com/p/logkeys/

[JohanM]

- pfsense firewall
- main wallet is on fully encrypted ubuntu pc, wallet again encrypted
- password storage is in text file within triple encrypted truecrypt container

[guybrushthreepwood]

My password(s) is a 256 bit hash of several answers to very personal questions. Basically a puzzle that you have to solve in certain order.

Yes, it's a big hassle to retrieve it. On the other hand, yes it's a big hassle to retrieve it. 

lol, big paswords wont matter if you've got a keylogger though  .

If you're incompetent enough to have a keylogger on your system and not understand why you should be regularly scrubbing your "run on start" programs (hijackthis! generally is my tool of choice) then you have bigger issues than keyloggers I reckon.

That's true. I prefer to use linux anyway.

Just because you're using linux doesn't mean your keylogger proof https://code.google.com/p/logkeys/

Even booting from a cd?

[RodeoX]

My password(s) is a 256 bit hash of several answers to very personal questions. Basically a puzzle that you have to solve in certain order.

Yes, it's a big hassle to retrieve it. On the other hand, yes it's a big hassle to retrieve it. 

lol, big paswords wont matter if you've got a keylogger though  .

If you're incompetent enough to have a keylogger on your system and not understand why you should be regularly scrubbing your "run on start" programs (hijackthis! generally is my tool of choice) then you have bigger issues than keyloggers I reckon.

That's true. I prefer to use linux anyway.

Just because you're using linux doesn't mean your keylogger proof https://code.google.com/p/logkeys/

Even booting from a cd?

I think your good with a live CD. Unless it included a keylogger, which is unlikely.

[BadBitcoin (James Sutton)]

Even booting from a cd?

depends on the source of your CD .iso, it's definitely possible (although highly improbable) that you could download a dirty .iso from a backdoored or bitsquatted download page, you wouldn't even notice the ~2mb required for an attacker to have complete access to your computer.

[johnyj]

One of the nice method I heard about, not tried yet:

Remember the number of a block and select a transaction that include multiple receiving adresses. Remember a special string in this transaction

For example: Select the first transaction with 12+ receiving adresses in this block, and compose a 12 letters string using the first letter of the first receiving adress, second letter of second receiving adress, third letter of third receiving adress, etc... As long as blockchain lives, the password is safe, and it is enough random  

[keithers]

1password works pretty well as well

[miaviator]

I have found that the letter "a" lowercase, by itself is a very easy password to remember.

Once a website's database is hacked or for those that store in plaintext all of your complex passwords are just as easy to grab

[SirBitsalot]

I just keep them on pendrive in an ordinary txt file. I don't use all this sneaky renaming, noone touches my stuff anyway 

Lol that's the same way I am! They would have to scan through all the porn anyways (totally kidding)

[CRkfx1]

Keepass, the only password manager I trust.  Lastpass and the like just give my a bad vibe, gotta be online to use them.

My primary .kdb file is sync'd across all my devices/pcs using a 2FA google drive.

[willphase]

http://amzn.com/1441303251

[frank754]

I use multiples of pi to 5 digits, and insert them periodically into a different spot inside my passwords, and keep a log of the way I do it as a system.

[zeetubes]

Complex passwords are a bit of a joke imo. Anything more than a few characters becomes impossible to crack if there are lockouts after "x" failed login attempts. And as someone pointed out, 99.9999% of password cracks are from sniffing the password, which means it doesn't matter how long it is. The apps that I would be most suspicious about collecting your data and especially logging keystrokes are firewalls and antivirus/antimalware - we all just seem to trust them without any real good reason. I like the way Kryptokit allows an onscreen virtual keyboard. Pen and paper is still the best option.

Funny, I've been testing lastpass for the past day and now it only gives me grief on one site. You guessed it: bitcointalk.org. It will not let me login from chrome. every other browser and on my phone are all ok. Wonder what's going on there? Probably some malware or the nsa. I love the functionality of lastpass. Hopefully the security is ok too.