Bitcoin Forum
December 03, 2016, 03:51:29 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Good program to store / generate secure passwords  (Read 1516 times)
sonba
Sr. Member
****
Offline Offline

Activity: 395


View Profile
September 11, 2011, 07:28:03 PM
 #1

Hi there,

taken into account that every other month one website where I have a (unique) password on is hacked, I find it difficult to generate enough new passwords that I can actually memorize (I start mixing them up). Can you recommend me a good (and safe!!!) windows-compatible program to store my passwords locally on my computer? (Unfortunately, changing the OS is not an option for me at this moment of time).

Thanks in advance,

sonba
1480780289
Hero Member
*
Offline Offline

Posts: 1480780289

View Profile Personal Message (Offline)

Ignore
1480780289
Reply with quote  #2

1480780289
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480780289
Hero Member
*
Offline Offline

Posts: 1480780289

View Profile Personal Message (Offline)

Ignore
1480780289
Reply with quote  #2

1480780289
Report to moderator
1480780289
Hero Member
*
Offline Offline

Posts: 1480780289

View Profile Personal Message (Offline)

Ignore
1480780289
Reply with quote  #2

1480780289
Report to moderator
bitdragon
Hero Member
*****
Offline Offline

Activity: 610


peace


View Profile WWW
September 11, 2011, 07:31:49 PM
 #2

http://www.keepassx.org/downloads/


ovidiusoft
Sr. Member
****
Offline Offline

Activity: 252


View Profile
September 11, 2011, 07:34:08 PM
 #3

KeePass - http://keepass.info/

It's the best I could find. Very powerful encryption, versions for all desktop and mobile OS-es, and has a "autotype" function so you don't need to copy and paste your password, it will fill it directly to your browser (or any other app). Also has a very good password generator. I use it for some time now (2+ years) and I couldn't be happier.
Revalin
Hero Member
*****
Offline Offline

Activity: 728


165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g


View Profile
September 12, 2011, 12:52:03 AM
 #4

http://passwordsafe.sourceforge.net/
https://lastpass.com/

      War is God's way of teaching Americans geography.  --Ambrose Bierce
Bitcoin is the Devil's way of teaching geeks economics.  --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
September 13, 2011, 02:53:49 AM
 #5

whatever you do, dont store your passwords in an online database, to me this just defies all logic, an takes a hippo shit all over it.

ovidiusoft
Sr. Member
****
Offline Offline

Activity: 252


View Profile
September 13, 2011, 06:21:02 AM
 #6

whatever you do, dont store your passwords in an online database, to me this just defies all logic, an takes a hippo shit all over it.

...but because I can already hear the voices shouting "But I want my passwords synced across devices! Pronto!", the good enough solution is to place the password database in Dropbox so it's automagically synced. The better solution would be Sparkleshare on your own server, when they'll have a stable client for all major platforms.
sonba
Sr. Member
****
Offline Offline

Activity: 395


View Profile
September 13, 2011, 06:32:15 AM
 #7

Thanks for all the replies. Guess I gonna use KeePass - it got some good evaluations, as well. And no, I'm not gonna store them online. That's why I asked for a program running on my local machine Smiley Maybe I'm a bit paranoid there but it doesn't look to safe to me.
Gerken
Member
**
Offline Offline

Activity: 112



View Profile
September 13, 2011, 06:40:18 AM
 #8

Keepass user as well here, it's nice to be able to keep track of usernames as well for sites I only visit a few times a year. 

Jessica
Full Member
***
Offline Offline

Activity: 174



View Profile
September 14, 2011, 11:42:11 AM
 #9

Keepass is great, you definitely should use it! Smiley
BitcoinBug
Full Member
***
Offline Offline

Activity: 196


View Profile
September 14, 2011, 12:38:29 PM
 #10

If you use KeePass and Chrome, you should definitely check this extension:
https://chrome.google.com/webstore/detail/ompiailgknfdndiefoaoiligalphfdae?hc=search&hcp=main
(there is a version for Firefox too)
JBDive
Full Member
***
Offline Offline

Activity: 238


View Profile
September 14, 2011, 12:57:45 PM
 #11

Roboform Portable is what I use however Keepass is nearly identical in function. What I don't like about Roboform is although the passwords are encrypted you can look into the file structure of the program enough to see that there are passwords stored for what sites as it uses the name you give it when storing the password as the file name:

F:\MyRoboForm Data
    -Default Profile
     -Blogs
       Bitcointalk.rfp

This in turn tells the attacker that first off you do have an account and at what site, something I may actually be trying to hide. It may be that I am actually trying to hide the fact that I have used say Facebook or a certain email provider as much as I am trying to hide the password itself. I also assume the attacker could concentrate his efforts on cracking that single file vs. the database as a whole. Granted I could type garbage for the name of the site, FGHE equals Facebook but then I have to keep track of that information as well.

Not sure how Keepass handles this.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
September 14, 2011, 09:38:15 PM
 #12

Roboform Portable is what I use however Keepass is nearly identical in function. What I don't like about Roboform is although the passwords are encrypted you can look into the file structure of the program enough to see that there are passwords stored for what sites as it uses the name you give it when storing the password as the file name:

F:\MyRoboForm Data
    -Default Profile
     -Blogs
       Bitcointalk.rfp

This in turn tells the attacker that first off you do have an account and at what site, something I may actually be trying to hide. It may be that I am actually trying to hide the fact that I have used say Facebook or a certain email provider as much as I am trying to hide the password itself. I also assume the attacker could concentrate his efforts on cracking that single file vs. the database as a whole. Granted I could type garbage for the name of the site, FGHE equals Facebook but then I have to keep track of that information as well.

Not sure how Keepass handles this.

keepass has all the passwords inside a single DB file.

Stalin-chan
Full Member
***
Offline Offline

Activity: 196



View Profile
September 14, 2011, 09:46:49 PM
 #13

Use keypass. It's that simple.
TiagoTiago
Hero Member
*****
Offline Offline

Activity: 616


Firstbits.com/1fg4i                :Ƀ


View Profile
September 14, 2011, 10:24:37 PM
 #14

I use PasswordMaker

(I dont always get new reply notifications, pls send a pm when you think it has happened)

Wanna gimme some BTC for any or no reason? 1FmvtS66LFh6ycrXDwKRQTexGJw4UWiqDX Smiley

The more you believe in Bitcoin, and the more you show you do to other people, the faster the real value will soar!

Do you like mmmBananas?!
JohnDoe
Sr. Member
****
Offline Offline

Activity: 392



View Profile
September 14, 2011, 10:44:24 PM
 #15

What are Linux people using? KeePassX doesn't have browser integration as far as I can tell. I'm leaning towards LastPass for now. It doesn't seem more insecure than KeePass + Dropbox.
pekv2
Hero Member
*****
Offline Offline

Activity: 770



View Profile
September 14, 2011, 11:00:45 PM
 #16

Lastpass is the best to use. If you ever format your pc, that is if you don't backup "firefox profile" "chrome" w/e browser you use, you sign into lastpass addon, all your passwords are there for you. Password database is encrypted on your pc before they get sent off to online through SSL.

Quote
LastPass is an evolved Host Proof hosted solution, which avoids the stated weakness of vulnerability to XSS as long as you're using the add-on. LastPass strongly believes in using local encryption, and locally created one way salted hashes to provide you with the best of both worlds for your sensitive information: Complete security, while still providing online accessibility and syncing capabilities. We've accomplished this by using 256-bit AES implemented in C++ and JavaScript (for the website) and exclusively encrypting and decrypting on your local PC. No one at LastPass can ever access your sensitive data. We've taken every step we can think of to ensure your security and privacy.

More reasons to use lastpass

There was one breech of lastpass, they patched it, but because everything that was encrypted, only most likely weak masterpassworded accounts might, might have been cracked but doubt it, so they suggested for all to just change the masterpassword for weak passworded accounts.

Complete follow up found here

Unlike sony, they were breeched, everything was in plain text.

Edit:
Dropbox is not encrypted, I've heard waula is though. waula same as lastpass, encrypted on your pc before it leaves your pc.
ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
September 15, 2011, 12:39:38 AM
 #17

the files on dropbox are encrypted, however dropbox staff holds the keys. so if dropbox gets hacked, you should still be safe, however if a member of staff abuses their power, your screwed.

pekv2
Hero Member
*****
Offline Offline

Activity: 770



View Profile
September 15, 2011, 01:03:03 AM
 #18

Ah, yea, thanks for correcting me.

http://www.dropbox.com/help/27

I just read their features vs waula. I would lean towards waula for storing password backups.

Whether hiding something or not, I wouldn't trust dropbox with my password backups or anything else.
Dropbox http://www.dropbox.com/help/27
Quote
Dropbox employees are prohibited from viewing the content of files you store in your Dropbox account, and are only permitted to view file metadata (e.g., file names and locations).


Waula http://www.wuala.com/en/learn/technology
Quote
Wuala protects your privacy: In stark contrast to most other online storage services, all your files get encrypted on your computer, so that no one - including the employees at Wuala and LaCie - can access your private files. Your password never leaves your computer.

ctoon6
Sr. Member
****
Offline Offline

Activity: 350



View Profile
September 15, 2011, 01:14:34 AM
 #19

i would advise against having your passwords anywhere on the internet in any form, regardless of how secure you may think it is. all it takes is for someone to keylog you, or guess your password/recovery question or something. having the PW DB locally makes the task far more arduous if you are just key logged or something less serious. keepass can even launch programs with the password in a launch parameter, steam for example.

Code:
cmd://"C:\Program Files (x86)\Steam\steam.exe" -login {USERNAME} {PASSWORD}
Code:
minecraft.exe {USERNAME} {PASSWORD}

if you want anymore things like that just post or pm or something. id be more than happy to help you secure your system, it bothers me to no end with people storing their information on the internet...

that in your URL box will make it far more difficult to get your password remotely because they would not be specifically targeting that method of logging in.

JohnDoe
Sr. Member
****
Offline Offline

Activity: 392



View Profile
September 15, 2011, 03:12:38 AM
 #20

i would advise against having your passwords anywhere on the internet in any form, regardless of how secure you may think it is. all it takes is for someone to keylog you, or guess your password/recovery question or something. having the PW DB locally makes the task far more arduous if you are just key logged or something less serious. keepass can even launch programs with the password in a launch parameter, steam for example.

LastPass has a screen keyboard and one time passwords to prevent keylogging.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!