Bitcoin Forum
November 12, 2024, 11:15:31 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 5 »  All
  Print  
Author Topic: [GUIDE] How to Create a Strong/Secure Password  (Read 2927 times)
tbct_mt2
Hero Member
*****
Offline Offline

Activity: 2450
Merit: 862



View Profile
April 17, 2019, 11:53:22 AM
 #21

I stored my keys or passwords as a mixture between online and offline methods. However, I always choose the most reliable cloud storage providers or softwares to store my keys or passwords. For offline storage, I usually store them in as safest places as I can, that are water-, fire-resistant.
In my opinion, I don't think we should choose only one method, online or offline, because as you wrote, each of them has its pros  and cons.

 
 RAZED  
███████▄▄▄████▄▄▄▄
████▄███████████████
██▄██████▀▀████▀▀█████▄
████
██████████████
▄████████▄████████████▄
████████▀███████████▄
██████████████▐█▄█▀████████
▀████████████▌▐█▀██████████
▀███████████▌▀████████████
█████████▄▄▄
█████▄▄██████
████████████████████████
█████▀█████████████████▀
██████████████
▄▄███████▄▄
▄███████████████
▄███████████████████▄
█████████████████████▄
▄███████████████████████▄
████████████████████████
█████████████████████████
██████████████████████
▀█████
█████████████████▀
▀█
████████████████████▀
▀█████
█████████████
▀███████████████▀
█████████
 
RAZED ORIGINALS
SLOTS & LIVE CASINO
SPORTSBOOK
|
 NO 
KYC
 
 RAZE THE LIMITS   PLAY NOW 
mk4
Legendary
*
Offline Offline

Activity: 2926
Merit: 3881


📟 t3rminal.xyz


View Profile WWW
April 17, 2019, 11:54:07 AM
 #22

~would be a hassle to update my password db on a flash drive every time I change a password. ~
how about a deterministic password manager?
i don't really know if such thing exists but the basic idea of it is similar to BIP32. you have an entropy that you back up and then each time you need a new password, you derive that password from that entropy by incrementing your step.
it would be very easy to write an app for it too.

Hmm. It can work. Though I don't see majority of the people doing this unless such a feature is implemented on an open-source password manager like KeePass. I'm definitely going to spend a good amount of time thinking of how I can apply this to my current system without adding too much hassle.

» t3rminal.xyz «
Telegram Alert Bots for Traders
bob123
Legendary
*
Offline Offline

Activity: 1624
Merit: 2481



View Profile WWW
April 17, 2019, 12:13:09 PM
 #23

how about a deterministic password manager?
i don't really know if such thing exists but the basic idea of it is similar to BIP32. you have an entropy that you back up and then each time you need a new password, you derive that password from that entropy by incrementing your step.

Deterministic password manager can't really work for all sites like usual manager do.
There are quite a few problems with deterministic password manager:
  • Different password policies for each site
  • Password revocation
  • You can't store already existing passwords / private keys / etc.

For a more detailed (about 5 minute-)read, look here: https://tonyarcieri.com/4-fatal-flaws-in-deterministic-password-managers

Indamuck
Hero Member
*****
Offline Offline

Activity: 1120
Merit: 554



View Profile
April 17, 2019, 12:20:38 PM
 #24

I stored my keys or passwords as a mixture between online and offline methods. However, I always choose the most reliable cloud storage providers or softwares to store my keys or passwords. For offline storage, I usually store them in as safest places as I can, that are water-, fire-resistant.
In my opinion, I don't think we should choose only one method, online or offline, because as you wrote, each of them has its pros  and cons.

I would never store anything crypto related on cloud storage.  You never know who will have access to those files and they will be a much larger target for hackers.  I keep everything offline and I have a different password for every single website/service/wallet I use.
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18746


View Profile
April 17, 2019, 12:56:58 PM
 #25

the example here may be strong but most people are not going to create strong passwords like that.
No, but they should. We shouldn't be tailoring or dumbing down good practice to fit people's behaviour; rather, they should be tailoring their behaviour to be in line with good practice.

Alternatively, we could use a full bible verse
Better not to use a phrase that appears in popular literature, songs, movies, etc. Also, you would have to remember exactly which version of the Bible, and which edition of that version, you had used, because there are hundreds with very subtle differences.
tbct_mt2
Hero Member
*****
Offline Offline

Activity: 2450
Merit: 862



View Profile
April 17, 2019, 03:43:04 PM
 #26

Why not? Especially if you can secure your accounts with 2FA, for accounts on cloud storage platforms, simultaneously with email confirmations, and email has its 2FA security, too. Only using offline might lead to bad things in worst cases, such as your house got fired, and burnt into ashes.
I would never store anything crypto related on cloud storage.  You never know who will have access to those files and they will be a much larger target for hackers.  I keep everything offline
Surely right, mate. I do the same like you, I never use same passwords for all my accounts on different sites.
Quote
I have a different password for every single website/service/wallet I use.

 
 RAZED  
███████▄▄▄████▄▄▄▄
████▄███████████████
██▄██████▀▀████▀▀█████▄
████
██████████████
▄████████▄████████████▄
████████▀███████████▄
██████████████▐█▄█▀████████
▀████████████▌▐█▀██████████
▀███████████▌▀████████████
█████████▄▄▄
█████▄▄██████
████████████████████████
█████▀█████████████████▀
██████████████
▄▄███████▄▄
▄███████████████
▄███████████████████▄
█████████████████████▄
▄███████████████████████▄
████████████████████████
█████████████████████████
██████████████████████
▀█████
█████████████████▀
▀█
████████████████████▀
▀█████
█████████████
▀███████████████▀
█████████
 
RAZED ORIGINALS
SLOTS & LIVE CASINO
SPORTSBOOK
|
 NO 
KYC
 
 RAZE THE LIMITS   PLAY NOW 
jademaxsuy
Full Member
***
Offline Offline

Activity: 924
Merit: 221


View Profile WWW
April 19, 2019, 03:19:42 AM
 #27

Password is very important but mind you that this.could be one of.the reason why one could not access the account for password was forgotten due some.facts that you made it difficult for.you to remember. It is easy to talk about saving password on notes like digital notepad but it will defeat its purpose if note pad will be compromise.

So, I recommend to just use one strong password to all of the accounts for sure one will never going to lose his/her account having one strong password.
pooya87
Legendary
*
Offline Offline

Activity: 3626
Merit: 11029


Crypto Swap Exchange


View Profile
April 19, 2019, 04:23:24 AM
Merited by dbshck (4)
 #28

Deterministic password manager can't really work for all sites like usual manager do.
There are quite a few problems with deterministic password manager:
the only complication that i can think of is that unlike private keys (HD wallets) in a password manager you have no way of knowing how many passwords you have used because there is no "public key" and "blockchain" to check which one was used. which can be solved if you keep a backup on the cloud only from the "paths" like this:
bitcointalk.org -> path=m/1/3
google.com -> path=m/2/5
...
the first number can be the "account" for different websites and the second number is the number of passwords you have already used like when changing the password every now and then you create the next one.
of course there is the additional risk of not being careful and creating the same thing twice.

Quote
Different password policies for each site
easily solvable by treating the derived bytes as the fixed entropy used to derive a password from. or simply use a certain encoding that only gives you the allowed characters! for example if it doesn't allow symbols then use base-62 (10 num + 2*26 letter (lower+upper)!

Quote
Password revocation
then you derive the next one. m/1/3+1=m/1/4

Quote
You can't store already existing passwords / private keys / etc.[/li][/list]
the whole point is not storing them but creating them on the fly.

these two are the biggest concerns though:
Quote
You can’t store randomly selected answers to security questions in such a vault.
Exposure of the master password alone exposes all of your site passwords

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
GreatArkansas (OP)
Legendary
*
Offline Offline

Activity: 2492
Merit: 1394



View Profile WWW
April 30, 2019, 02:59:49 PM
 #29

Android Version:
KeePassDroid
I just found an android version for password manager/password generator which is also open-source and you can use it offline.
The good thing here you can import your database file from your KeePass in windows. They are almost the same.

Read/write support for .kdb and KeePass 1.x.
Read/write support for .kdbx and KeePass 2.x.


I just added an Android version of KeePass in the OP. Although the KeePass from windows is not the same developer with KeePassDroid from Android, both are still open-sourced projects and they are almost the same.

r1s2g3
Sr. Member
****
Offline Offline

Activity: 742
Merit: 395


I am alive but in hibernation.


View Profile
April 30, 2019, 03:47:33 PM
 #30

Additional tip to keep your password safe:

Be aware of your surroundings. When you are entering your password , make sure you are not getting Shoulder surfed.

I am alive
nakamura12
Hero Member
*****
Offline Offline

Activity: 2450
Merit: 682


drop me a dm if interested to rent my PT


View Profile
May 01, 2019, 11:31:36 AM
 #31

More additional tips to keep your password safe. Always check the computer if there is any applications that is installed on the computer like keylogger applications. You can also check the task manager if there is a program that is running. Some keylogger doesn't show in installed program and it is hidden.

bob123
Legendary
*
Offline Offline

Activity: 1624
Merit: 2481



View Profile WWW
May 01, 2019, 11:41:02 AM
 #32

    the only complication that i can think of is that unlike private keys (HD wallets) in a password manager you have no way of knowing how many passwords you have used because there is no "public key" and "blockchain" to check which one was used. which can be solved if you keep a backup on the cloud only from the "paths" like this:
    bitcointalk.org -> path=m/1/3
    google.com -> path=m/2/5
    ...
    the first number can be the "account" for different websites and the second number is the number of passwords you have already used like when changing the password every now and then you create the next one.
    of course there is the additional risk of not being careful and creating the same thing twice.


    This would make it necessary to keep the backup up-to-date with the latest 'version' of your HD password manager file.
    Which.. destroys the purpose one want to use a HD password manager (to not having to update all backups after changing / updating a password).



    Quote
    Different password policies for each site
    easily solvable by treating the derived bytes as the fixed entropy used to derive a password from. or simply use a certain encoding that only gives you the allowed characters! for example if it doesn't allow symbols then use base-62 (10 num + 2*26 letter (lower+upper)!


    Quote
    Password revocation
    then you derive the next one. m/1/3+1=m/1/4

    Again, both of these approaches need you to update your backup file regularly after changes.
    If you need to do this, you don't have a reason to use a HD password manager.

    The whole sense of a HD password manager is to have 1 backup file generated, and not having to update it anymore.
    Without this advantage, there is no good reason to use a HD manager instead of a standard password manager.



    Quote
    You can't store already existing passwords / private keys / etc.[/li][/list]
    the whole point is not storing them but creating them on the fly.

    But you still can't add other sensitive information which you want to be stored inside there.
    If i want to store my private key to a specific address there.. i can't. Obviously i do not want to create a new one in this scenario.. i want to save a specific one saved there.
    This works in standard password managers, but not in a HD one.


    In the end, if you need to update the backup file, you only have disadvantages - and no advantages - using a HD password manager compared to a 'normal' one.

    vapourminer
    Legendary
    *
    Offline Offline

    Activity: 4508
    Merit: 4102


    what is this "brake pedal" you speak of?


    View Profile
    May 01, 2019, 01:33:38 PM
     #33


      Quote
      You can't store already existing passwords / private keys / etc.[/li][/list]
      the whole point is not storing them but creating them on the fly.

      But you still can't add other sensitive information which you want to be stored inside there.
      If i want to store my private key to a specific address there.. i can't. Obviously i do not want to create a new one in this scenario.. i want to save a specific one saved there.
      This works in standard password managers, but not in a HD one.


      In the end, if you need to update the backup file, you only have disadvantages - and no advantages - using a HD password manager compared to a 'normal' one.

      while it may be inconvenient, i find standard password managers such as keepass better for me as i can print out the list on paper, plus store other related things (urls, challenge answer used, notes, whatever) in it. then the list can be copied and stored in different secure locations.


      multiple copies of keepass can be used for the various things with varying levels of security.. banking in one, logins on another, whatever on a third.

      EDIT: the quote nesting is probably pretty messed up, my apologies.
      roosbit
      Member
      **
      Offline Offline

      Activity: 893
      Merit: 43

      Random coins :)


      View Profile
      May 05, 2019, 03:56:49 PM
       #34

      Great guide!

      Just to add to what is already here, another alternative password manager to generate and store passwords is Lastpass which also has several advantages over existing password managers,for example:
      • Its available on PC and mobile platforms with support of most of the popular browsers on Mac,Windows,Linux and (Android + iOS)
      • easily syncs your data on different platforms
      • Multi factor authentication for that extra layer of security
      • better user interface
      GreatArkansas (OP)
      Legendary
      *
      Offline Offline

      Activity: 2492
      Merit: 1394



      View Profile WWW
      May 07, 2019, 07:56:50 AM
       #35

      Just to add to what is already here, another alternative password manager to generate and store passwords is Lastpass
      Thanks for the additional, but I found this password manager is not open-sourced software and they have pricing, which you can avail their premium products. For me, I don't want to pay for this kind of software, it's just password manager, there is a lot of other software which is totally free and open source.

      whotookmycrypto
      Full Member
      ***
      Offline Offline

      Activity: 168
      Merit: 214


      WhoTookMyCrypto.com


      View Profile WWW
      May 08, 2019, 02:52:48 AM
       #36

      Interesting video on how password managers work, wanted to share: https://www.youtube.com/watch?v=w68BBPDAWr8

      GreatArkansas (OP)
      Legendary
      *
      Offline Offline

      Activity: 2492
      Merit: 1394



      View Profile WWW
      May 09, 2019, 03:59:27 AM
       #37

      Interesting video on how password managers work, wanted to share: https://www.youtube.com/watch?v=w68BBPDAWr8
      Thanks for the video, I watched it and he really explained it well detail by detail. Also heard that he told that using a password manager is not quite risky at all.

      GreatArkansas (OP)
      Legendary
      *
      Offline Offline

      Activity: 2492
      Merit: 1394



      View Profile WWW
      June 10, 2019, 07:29:30 AM
       #38

      Hello everyone, I found another alternative for KeePass Password manager.

      Password Safe
      They are also look a like KeePass.
      Open-source software and totally FREE also.


      Password Safe has also for android phones PasswdSafe - Password Safe and also available in appstore pwSafe 2 - Password Safe Just visit their website for more information.

      Neovitadi
      Sr. Member
      ****
      Offline Offline

      Activity: 364
      Merit: 252

      CryptoTalk.Org - Get Paid for every Post!


      View Profile
      June 10, 2019, 09:23:34 AM
       #39

      Hello everyone, I found another alternative for KeePass Password manager.

      Password Safe
      They are also look a like KeePass.
      Open-source software and totally FREE also.


      Password Safe has also for android phones PasswdSafe - Password Safe and also available in appstore pwSafe - Password Safe Just visit their website for more information.
      Having a password generator or a password application is not a safe option for anyone to have. If you have Notepad++ (Most people have that program pre-installed in their computer) you should just mash long keywords on your keyboard so you could copy and paste whatever you wrote on there and use that as your password for your Bitcoin or Altcoin wallet. Save that file then encrypt it.

      You should always encrypt all of your password files inside of a .rar file or something similar to it.

       
                                      . ██████████.
                                    .████████████████.
                                 .██████████████████████.
                              -█████████████████████████████
                           .██████████████████████████████████.
                        -█████████████████████████████████████████
                     -███████████████████████████████████████████████
                 .-█████████████████████████████████████████████████████.
              .████████████████████████████████████████████████████████████
             .██████████████████████████████████████████████████████████████.
             .██████████████████████████████████████████████████████████████.
             ..████████████████████████████████████████████████████████████..
             .   .██████████████████████████████████████████████████████.
             .      .████████████████████████████████████████████████.

             .       .██████████████████████████████████████████████
             .    ██████████████████████████████████████████████████████
             .█████████████████████████████████████████████████████████████.
              .███████████████████████████████████████████████████████████
                 .█████████████████████████████████████████████████████
                    .████████████████████████████████████████████████
                         ████████████████████████████████████████
                            ██████████████████████████████████
                                ██████████████████████████
                                   ████████████████████
                                     ████████████████
                                         █████████
      CryptoTalk.org| 
      MAKE POSTS AND EARN BTC!
      🏆
      GreatArkansas (OP)
      Legendary
      *
      Offline Offline

      Activity: 2492
      Merit: 1394



      View Profile WWW
      June 11, 2019, 01:02:45 AM
      Merited by vapourminer (2)
       #40

      Having a password generator or a password application is not a safe option for anyone to have.
      The good thing on using some password application is the management. Like how you manage your passwords, especially you have multiple accounts on a different website and you are required to log in most of the time. Using password managers helps you to organize your different account  and I find it also safe since some password managers have their 'master key' or password for the password database or before you can open the application, one example is KeePass.

      If you have Notepad++ (Most people have that program pre-installed in their computer) you should just mash long keywords on your keyboard so you could copy and paste whatever you wrote on there and use that as your password for your Bitcoin or Altcoin wallet. Save that file then encrypt it.

      You should always encrypt all of your password files inside of a .rar file or something similar to it.
      This is good way also since it is encrypted, but I find it not convenient, since it's just a normal txt file and once you already decrypred the file and open the txt file, it will show all your all plain passwords w/out masked then it is prone to Shoulder surfing.

      Pages: « 1 [2] 3 4 5 »  All
        Print  
       
      Jump to:  

      Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!