Bitcoin Forum
November 10, 2024, 07:02:52 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Remembering all of those passwords without sacrificing security  (Read 2617 times)
youbob (OP)
Member
**
Offline Offline

Activity: 90
Merit: 10


View Profile
June 20, 2014, 03:42:35 AM
 #1

It's important to have a good password for your online accounts; to best combat and minimize hacker threats. A lot of online web servers use the best online security, for example, hotmail is Microsoft emailing hosting, they use some of the best firewalls/encryption that can be offered, but yet I have personally seen some of my friends account get hacked in very easily, and the root to the security compromise is the lack of a good password.

According to this NBC News tech article:http://www.nbcnews.com/tech/security/8-character-passwords-just-got-lot-easier-crack-f1C7530242

"A password expert has shown that passwords can be cracked by brute force four times faster than was previously thought possible. ", "Jeremi Gosney of the Stricture Consulting Group shared the findings at the recent Passwords^12 conference in Norway, where researchers do nothing but focus on passwords and PIN numbers. What Gosney showed is that a computer cluster using 25 AMD Radeon graphics cards let it make 350 billion — that's right, billion — password attempts per second when trying to crack password hashes made by the algorithm Microsoft uses in Windows."

As the article continues to state this claim, "Eight characters "just isn't long enough for a password these days," Sophos Labs' Paul Ducklin told NBC News in an email. "Even before this latest 'improvement' in cracking, standalone GPU (graphics processing unit)-based servers could do the job on eight-character Windows passwords in under 24 hours." "

So you need to make your passwords longer than 8 characters. 23 Characters long password are nearly crack proof because of the mass amount of resource are not easily available. We are talking about you need to have some of the worlds most powerful super computer to be begin to crack those long passwords.


Here are some tips to shared from that article that can help better protect your online accounts, and I will also add in ways to better remember new passwords, without sacrificing security.

1) Never use the same password on the different accounts. This just makes sense. because we all have data bases on our computers that will likely content all of the accounts we even signed up to. If that information where to fall into the wrong hands all the hacker would have to do in know one password to get into them all. It's not just what's on your computer, but if a number of web servers get compromise with all of those different linked to your IP address the lazy hacker now has the same easy job of breaking in.

2) Use Complex passwords. For example, "Guinness_ROCK@#!2014_01" (without quotes). Most website will allow you to add in special symbols, and up to 23 character. An example of one site that will let you do this is google. In fact they will let you make a password that is 27 characters long.

3) If you do run into a site that doesn't let you use special character, still try to make a password that is 23 characters long but use UPPER case, lower case letters, and a mix of numbers to still keep your account secure. For example, GUINnessROCKSatYR201401.
Personally, any site that doesn't allow you to use special character may not be using the best method of security protection, so with any online account sign up on using that server is both not going to be hosting any important information, and will not be use as my primary.

If you want to test out a password you can use this site: https://howsecureismypassword.net/

It states that they don't steal peoples passwords, but I wouldn't go off testing a password that either I currently use or about to use fully. Always change it up.

Now for the main part of this thread. You might be asking your self How do I remember all of these long passwords.  

The answer is very simple. Just change one thing to your password and to a computer cracking program it's like you just made up an whole entire new password.
For example,

email #1
Guinness_ROCK@#!2014_01

email #2
Guinness_ROCK@#!2014_A2

email #3
Guinness_ROCK@#!2014_B3


Or just add in an extra character.

email #1
Guinness_ROCK@#!2014_01

email #2

Guinness_ROCK@#!2014_01A

email #3
Guinness_ROCK@#!2014_01A1

You can go up to the maximum numbers of characters allowed in the service register panel.

The thing is you might think this maybe increasing the risk of someone getting all of your so-called hard to break in online accounts, but you have to know that computers are very dumb. adding characters or changing numbers increases the difficulty of you password being cracked.


I hope this thread was helpful to someone. donate if you want.

Shogen
Legendary
*
Offline Offline

Activity: 966
Merit: 1001



View Profile
June 20, 2014, 03:48:33 AM
 #2

You could also use Lastpass, 1Password and even better the open-source Keepass. Smiley

ranochigo
Legendary
*
Offline Offline

Activity: 3038
Merit: 4420


Crypto Swap Exchange


View Profile
June 20, 2014, 04:49:13 AM
 #3

Theoretically, one cannot bruteforce most of those email services since they have bruteforce protections. Also, they offer two factor authentication, it actually provides more security than just using a strong password. Most hackers actually use viruses to hack accounts instead of exploiting weak passwords.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
shogdite
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


LIR Dev. www.letitride.io


View Profile
June 20, 2014, 06:42:06 AM
 #4

http://keepass.info/

Keepass is your friend  Cheesy


                     ▀▀█████████▀████████████████▄
                        ████▄      ▄████████████████
                     ▄██████▀  ▄  ███████████████████
                  ▄█████████▄████▄███████████████████
                ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀████████
                                               ▀▀███▀
    ▄█▀█       ▄▀  ▄▀▀█  ▄▀   █████████████████▄ ██▀         ▄▀█
   ▄█ ▄▀      ▀█▀ █▀ █▀ ▀█▀  ███████████████████ █▀ ▀▀      ▄▀▄▀
  ▄█    ▄███  █     █   █   ████████████████████  ▄█     ▄▀▀██▀ ▄███
███▄▄▄  █▄▄▄ █▄▄ ▄▄▀   █▄▄ ██████████████████▀▀   █▄▄ ▄▄ █▄▄█▄▄▄█▄▄▄
                           ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
                            ▀▀█████████████▄
                                █████████████▄
                                  █████████████▄
                                    ▀███████▀▀▀▀▀
                                      ▀████▀
                                        ▀█▀
LetItRideINNOVATIVE ▬▬▬
DICE GAME
                        ▄███████████▄
                       ██  ██████████▄
                     ▄█████████████  ██▄
            ▄▄▀█▄▄▄▄▄████████████████████▄
        ▄▄█▀   ███████████  █████  ████  █
    ▄██████ ▄▄███████████████████████████▀
 ▄▀▀ ██████████████████████████  ████  █
█  ▄███████████▀▀▀█████████████████████
██████████████    ████████▀▀██████  █▀
██████████████▄▄▄██████████   ▀▀▀▀▀▀▀
███▀ ▀██████████████████████
██    ███████████████████████
██▄▄██████████████████████████
██████████████▀   ██████████
  █████████████   ▄██████▀▀
     ▀▀██████████████▀▀
         ▀▀██████▀▀
PROVABLY
F A I R
▄█████████████▀ ▄█
██            ▄█▀
██          ▄██ ▄█
██ ▄█▄    ▄███  ██
██ ▀███▄ ▄███   ██
██  ▀███████    ██
██    █████     ██
██     ███      ██
██      ▀       ██
██              ██
▀████████████████▀
BUY  BACK
PLANS
[BTC]
Icardi09
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250



View Profile
June 20, 2014, 09:36:46 AM
 #5

i use lastpass to generate secure password (more than 15 characters) and save it there for online account

http://keepass.info/

Keepass is your friend  Cheesy
so this is password manager for windows
i think i must store my password there instead write in notepad like i do now
too bad they don't accept bitcoin for donating options Grin
Harley997
Sr. Member
****
Offline Offline

Activity: 266
Merit: 250


View Profile
June 21, 2014, 05:18:47 AM
 #6

The only way that one could brute force a web-based account is if the attacker had the hash of the password, in order which to obtain they would need to compromise the site

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
PRIMEDICE
The Premier Bitcoin Gambling Experience @PrimeDice
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
weex
Legendary
*
Offline Offline

Activity: 1102
Merit: 1014



View Profile
June 21, 2014, 07:03:18 AM
 #7

One issue with modifying a long base password like Guinness_ROCK@#!2014_01 is if you ever get keylogged, that password may be used as a base to guess other passwords. Many password cracking algos make extensive use of their dictionaries by transforming each character various ways. Using completely random passwords for each service is better -> Keepass.
DubFX
Sr. Member
****
Offline Offline

Activity: 434
Merit: 250


View Profile
June 21, 2014, 07:06:20 AM
 #8

http://keepass.info/

Keepass is your friend  Cheesy
Thank you, going to look into that it seems promising Smiley
Harley997
Sr. Member
****
Offline Offline

Activity: 266
Merit: 250


View Profile
June 21, 2014, 05:07:37 PM
 #9

http://keepass.info/

Keepass is your friend  Cheesy
Thank you, going to look into that it seems promising Smiley

This type of service is much better then making each password different with only miner differences.

The only issue is that you would have a central point of failure.

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
PRIMEDICE
The Premier Bitcoin Gambling Experience @PrimeDice
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
Velkro
Legendary
*
Offline Offline

Activity: 2296
Merit: 1014



View Profile
June 21, 2014, 07:39:45 PM
 #10

Good password is strong and easy to remember.
Its a whole science, making passwords.
Chemistry1988
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000


View Profile
June 22, 2014, 03:51:05 AM
 #11

+1 for keepass.
It is free, user-friendly, open source, and you can make random strong passwords with it. Smiley
Borisz
Sr. Member
****
Offline Offline

Activity: 476
Merit: 251



View Profile
June 22, 2014, 07:30:46 PM
 #12

keepass +1

Strong password for you wallets too
InwardContour
Sr. Member
****
Offline Offline

Activity: 644
Merit: 260


View Profile
June 22, 2014, 08:20:16 PM
 #13

+1 for keepass.
It is free, user-friendly, open source, and you can make random strong passwords with it. Smiley

If you lose your credentials to your keepass then you will lose your credentials to everything. If your keepass file somehow gets corrupted or otherwise inaccessible then you will lose access to everything.
ranochigo
Legendary
*
Offline Offline

Activity: 3038
Merit: 4420


Crypto Swap Exchange


View Profile
June 23, 2014, 04:24:32 AM
 #14

+1 for keepass.
It is free, user-friendly, open source, and you can make random strong passwords with it. Smiley

If you lose your credentials to your keepass then you will lose your credentials to everything. If your keepass file somehow gets corrupted or otherwise inaccessible then you will lose access to everything.

You can always write all your password down on a piece of paper and place it somewhere which is secure.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
validium
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250

Decentralized thinking


View Profile
June 23, 2014, 04:52:19 AM
 #15

http://keepass.info/

Keepass is your friend  Cheesy

Another alternative is passwordsafe https://www.schneier.com/passsafe.html

Made by the creator of twofish encryption algorithim. Been using for the last one year and it doesnt look like am going to stop anytime.

+1 for keepass.
It is free, user-friendly, open source, and you can make random strong passwords with it. Smiley

If you lose your credentials to your keepass then you will lose your credentials to everything. If your keepass file somehow gets corrupted or otherwise inaccessible then you will lose access to everything.

You can always write all your password down on a piece of paper and place it somewhere which is secure.

Thats why its always good to backup the database from time to time on a cloud like MEGA

bassclef
Hero Member
*****
Offline Offline

Activity: 924
Merit: 1000



View Profile
June 23, 2014, 05:23:42 AM
Last edit: June 23, 2014, 05:37:31 AM by bassclef
 #16

Best way:

Use Diceware to create a strong master password consisting of 6 or more random words. Keep a written copy in a safe place until it's memorized, then destroy it. Remember to keep your computer unplugged from the internet while you do this, and don't say the numbers or corresponding words out loud while rolling the dice.

Download Keepass on your devices (ports available for Windows, Linux, Android and ios). Unlike other password managers, Keepass is fully open source.

Use your Diceware password as your master Keepass password. Use it to generate long random passwords for everything you do online.

Keep multiple copies of your Keepass database file backed up. Using a cloud service for this is a no-brainer as the database file is useless unless someone knows your master password.

When you need a password simply open Keepass, type in your master password to unlock the database and copy/paste. Keepass has lots of neat features like 2-channel auto-type obfuscation to thwart keyloggers, clipboard auto-clear, and database auto-lock after a specified amount of time. There are dozens of options to customize it to your security comfort level.

Enjoy the extra sleep you get from having unbreakable passwords Smiley
Reav3R
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile WWW
June 23, 2014, 06:34:46 AM
 #17

I suggest cutting them to parts then encrypting them using a reversible algorithm (like base64) and memorizing the order of segments.
Kprawn
Legendary
*
Offline Offline

Activity: 1904
Merit: 1074


View Profile
June 23, 2014, 07:06:00 AM
 #18

Bruteforce use a dictionary of words. So use a password with no words. example {#.#--#.#}_GLLo--->>69 {Mixture of Uppercase and lower case and symbols and numbers}

But as a previous poster said, if you get keylogged, NO password is strong enough. Or if you webcam is not covered, and your keystrokes streamed, via cam and logged, hmmm well you f$%^.

So cover those cams guys and girls.  Grin

THE FIRST DECENTRALIZED & PLAYER-OWNED CASINO
.EARNBET..EARN BITCOIN: DIVIDENDS
FOR-LIFETIME & MUCH MORE.
. BET WITH: BTCETHEOSLTCBCHWAXXRPBNB
.JOIN US: GITLABTWITTERTELEGRAM
DoubleU
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile WWW
June 23, 2014, 07:30:11 AM
 #19

Bruteforce use a dictionary of words. So use a password with no words. example {#.#--#.#}_GLLo--->>69 {Mixture of Uppercase and lower case and symbols and numbers}

But as a previous poster said, if you get keylogged, NO password is strong enough. Or if you webcam is not covered, and your keystrokes streamed, via cam and logged, hmmm well you f$%^.

So cover those cams guys and girls.  Grin

I'm curious about keylogging. What happens if you use a password manager? Like, does it just give hackers "CMD+V or CTRL+V"? Auto form filling?

My password generator is currently set for 23 characters. How long until somebody comes up with something to break that?

-W

ranochigo
Legendary
*
Offline Offline

Activity: 3038
Merit: 4420


Crypto Swap Exchange


View Profile
June 23, 2014, 07:42:52 AM
 #20

Bruteforce use a dictionary of words. So use a password with no words. example {#.#--#.#}_GLLo--->>69 {Mixture of Uppercase and lower case and symbols and numbers}

But as a previous poster said, if you get keylogged, NO password is strong enough. Or if you webcam is not covered, and your keystrokes streamed, via cam and logged, hmmm well you f$%^.

So cover those cams guys and girls.  Grin

I'm curious about keylogging. What happens if you use a password manager? Like, does it just give hackers "CMD+V or CTRL+V"? Auto form filling?

My password generator is currently set for 23 characters. How long until somebody comes up with something to break that?

-W


It can be possible for hackers to steal your passwords by infecting your computer. Some keyloggers can reveal your clipboard history. Your password should be secure enough for a long time, an even long time if you include nonstandard characters like (#?$&!). Your password should not be a common word which most people can think of.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!