HE KEEPS HIS PASSWORDS IN A SINGLE "PASSWORDS.KDBX" FILE!!

>HE KEEPS HIS PASSWORDS IN A SINGLE "PASSWORDS.KDBX" FILE!!

Attached: laughinggirls.png (449x401, 490K)

bump

.KDBX ?

Keepass format.

>he keeps his passwords anywhere but his own mind

more like KeepASS

hehe

Attached: 1526928822574.png (866x900, 94K)

And what is wrong with that op?

I don't. I back it up, so I have TWO passwords.kdbx files.

I keep my passwords in my secure folder on my galaxy s9, which needs my fingerprint to open and the pass in written in a way only i understand.

Hopefully i'm safe from (((them)))

>using keep ASS fagfest sweaty fat man's pedo locker
example >not using bitwarden hosted at your own server

Attached: 1515971142930.jpg (252x212, 12K)

No you're not. Now you have mentioned the name of your phone, anonymous haxxor group is going to hack your phone and expose you, you fucking child pornography director

>not putting your passwords in a password protected rar file

Attached: REDDIT_SAMPLE_366.gif (575x420, 507K)

I currently keep a .txt of my passwords in a password protected zip folder. Am I retarded or is this safe enough for a nobody like me?

Attached: Seeks.png (720x720, 269K)

...

Well you can do that if you don't want to download a password manager which is more normie friendly solution

You have 5 seconds to tell me why a password manager should be any thing more than a program that spits out a hash of your masterpass + sitename like this? No need to store passwords anywhere.

password = hash("muh password" + "facegook")

I store my passwords in a notepad file on dropbox come at me

secure clipboard wiping, autofill, local memory attack mitigations

what if your hardware is compromised and you need access to your passwords from another device.

Savage

Attached: 1512730461299.jpg (750x573, 46K)

I keep mine written on a yellow pad of paper near my desk. There is higher chance of having my computer hacked than someone coming into my bedroom and stealing my passwords.

Are they strong passwords AND do you use unique passwords for every account?

If yes, then you're doing better than 99% of people regardless of how you store them.

Attached: the great wave.jpg (3072x1728, 883K)

Security through obscurity is not security.

All this procedural and digital protection doesn't really matter. They're addressing threat models that are incredibly unlikely to be encountered. The main things you need to do are use strong passwords (long, truly random) and never reuse a password. After that it doesn't really matter how you store them.

A security through cryptography hash is real security though not obscurity. You could argue all encryption is a form of obscurity though. Its just slicing up your bits in a predefined pattern combined with a key.

>Its just slicing up your bits in a predefined pattern
This is where the equivalence ends. The point of using a PRNG is that there is no predefined pattern between each password generation.

If your password is compromised and uses a pattern for other sites (eg: hash(pass+site)) then you can consider it to be eventually compromised everywhere.A password manager requires not only your password be compromised - but also requires access to the password database in order to compromise other accounts.

Tefl#@2INore34!)aseeMoV

That's my gmail pass, is that strong?

Same but I back mine up twice because Im autistic.

In case you need reference, my email is: LuckEye@gmail .com

Not very safe Zip folders can be easy to crack. Search "John the Ripper" on YouTube and you can see a live demo.

Not anymore

I see what you mean, but why not go ahead and use a password manager anyways? IMO you don't lose anything by using keepass over a home-rolled solution that produces equally secure passwords

Close, but I call mine mustardgas.kdbx. Literal flawless protection.

That was interesting, but it seems to rely on commonly used passwords. The pass on my zip folder is a garbled mess of half-words, numbers and symbols. So I think I'm pretty safe.

>but why not go ahead and use a password manager anyways?

Why not, indeed. And I do, because I like the extra security. But if you're storing those strong, unique, passwords in a plaintext file (and the device is locked) you're effectively just as secure as I am

Safe in the sense that it will take slightly longer to run the permutations but no. Not safe.

yubikey HOTP makes me wonder why you bother with anything else

This but in txt and each file for each password because it would be hard to select a one password with 40960 (or at the worst just site limit) characters from /dev/urandom from many others

Attached: 321.png (659x525, 163K)

What happens when you open the text file and it copies it to your %localappdata%\Temp folder where I'd look first to find your codes....?

Holy shit it was right there. Welp, thanks for bringing this to my attention. I'll try to find a better way to hide it.

>I'll try to find a better way to hide it.
Like maybe using a proper password manager.

That's a nope. What's to stop a software company from accessing my passwords and looking into my personal shit so they can build a detailed ad profile and sell it to google or Amazon?

Just use keepassxc it's free and open source. Use a strong password along with a keyfile.

>open source
Doesn't that mean anyone can just read the code and come up with an exploit?

>he doesn't whitelist his router firewall
No wonder you're paranoid of 3rd parties. Nothing should be going in, out, or across your network without your permission first.

Yep but it's at least not storing them as plain test at rest. Unless you're using a TPM and encrypting your boot disk I can see that text file even after you delete it (within reason).

The password file Keepass will make actually goes through physical change so I'm not sure what you think could be exploited exactly.

Just get it done.

I keep my passwords in paper textbook with my own encryption.
Hack that.

Just use unencrypted .txt faggot.