Does Jow Forums use a password manager or do you just remember the ones you use?

Does Jow Forums use a password manager or do you just remember the ones you use?

Attached: password_strength.png (740x601, 91K)

Other urls found in this thread:

passwordstore.org/
twitter.com/NSFWRedditGif

Password manager. Keepass, store database in multiple locations.

My setup is that I host my database file on my server and just use that. I get a single file to read and update, and my server keeps backups for me.

>44 bits entropy
Yeah okay lol

Attached: DeepinScreenshot_keepassxc_20180610090331.png (997x600, 47K)

Nah, I usually have really good memory, and just in case I can’t remember, I have them all written down in a Thinkpad 600X I keep locked up.

There is zero excuse to not use a password manager in this day and age. Password reuse is the biggest weakness of passwords, and trying to make them memorable makes them inherently prone to that. Plus whenever a site gets compromised and crackers start breaking hashes, they know all the tricks people use to make things more memorable. Capitals in front, numbers at the back, l33tsp34k, etc. Your brain is the weak link here, and a password manager is the only way to take it out of the loop.

and then you activate 2FA on any decent website which will instantly negate your entire comment

>1000 guesses per second
What year it is? Make it couple million per second.

More than half the sites that do 2FA do it over unencrypted, unauthenticated SMS. Not only does that negate much of the value of 2FA on its own, it also makes you dependent on a phone. That's typically the least-secure and most poorly-patched device that most people have.

Besides, even if the site does proper 2FA with a real token and not a smartphone, that's not an argument against having a strong password. You still lock the regular lock even when you also have a deadbolt.

I don't use a smartphone and 2fa SMS's aren't free.

Can you read?

give me a real reason why i should trust password managers

2FA is to make it so you need to compromise two devices instead of one. It's actually remarkably secure against typical attack scenarios. Against a targeted attack of course it isn't actually much more secure, but you aren't being targeted most of the time. Most of a time your details get leaked and this is used to automate attacks on other sites.

Life is fleeting and it's a waste to spend time coming up with and typing out secure passwords when a tool can do it for you

yeah but whats stopping the owners of the software just having a gander at your passwords

seriously redpill me on this im confused why you people shill this stuff so much

All trusted password managers are open source and don't perform any network activity

Use local ones and if you are so paranoid block their internet access?

so gimme some suggestions, whats the Jow Forums approved pass manager?

Dashlane
Fuck manually keeping a spreadsheet/document of all your different passwords

Literally first post. Keepass.

passwordstore.org/

I dunno what Jow Forums approves, but I use KeePass.

KeepassXC is entirely offline and open source.

You shouldn't. Online password managers are retarded.

Excellent reading comprehension, my friend.

My password is heywhatupeverybodywelcometomyemailaccount

>casual user should not be worried about
What a faggot. Does he think that only high profile people should be worried?
What a bullshit.
If someone wants to try his skillz of haxing he won't discriminate.

This all thread is gay.
Everyone on Jow Forums knows that passwords are weak and brute forcing most passwords isn't an issue like it was 10+ years ago.

>2fa SMS's aren't free
I never had to pay for sent 2FA sms, what are you talking about?

LastPass with Authenticator.
Works on my machine

>four random common words
>12 seconds with a dictionary attack

write them in a physical notepad

HOW THE FUCK DO YOU PASSWORD MANAGE YOUR PASSWORD MANAGER'S PASSWORD?

Attached: 1514331854071.png (808x805, 446K)

You use a different password manager retard

really? it's not like you tell them you used 4 words

with a fingerprint scanner

it tests words, it has all of 4 bits of entropy

The question is, how does one efficiently separate personal from work passwords?

Attached: bobobo.png (640x480, 220K)

>Exclude look-alike characters
Like you're going to remember that one

I use password manager. Pen and paper, impossible to hack, easily available (you can take it with you), it doesn't depend on electricity and components won't break unexpectedly.

*spills a glass of water*

wrap it in contact paper then

add a prefix

>remember
the trade-off of memorability - security is his point.

This.

>what are dictionary attacks
this comic is fucking retarded, but what else would you expect from pseudo-intellectual shit like xkcd

FOSS and offline. Avoid online ones though, for obvious reasons.

Can it generate 20+ character, highly secure passwords?

keepass xc, a man of taste

yes

what if the server shits itself?

Yup, sounds like my own realization

>what is a dictionary attack
lmao

I know you don't know.
Protip: you're not going to crack a password composed of six random words with dictionary lookups.

that's exactly what a dictionary attack is good at you retard

Please, don't pretend to be an expert in areas that you know nothing about.

take your own advice moron

>no argument
>"hurr durr you know nothing about it"

Attached: 1351961802031.png (300x300, 13K)

10fa8d23900b0d876b9f5d61697f279ed944226eb2e07eecde599803d86d8cbb
There's the sha256sum of a 6-word Diceware password I just made. Can you crack it? Ought to be a breeze with a dictionary attack, right?

KeepassXC

>Can you crack it?
Yes

I'm not interested in teaching information theory 101 to someone who never bothered to learn it.

Git onto it.

>I'm not interested in teaching
Can't teach what you're entirely ignorant about

Still waiting for you to reverse the hash. Just a basic dictionary attack righto?

Just memorize a single randomly generated 32 or 64 character password to be used universally plebs

how do those password managers work, like im supposed to copy and paste this random string of letters that manager comes up with?

but how will you know in advance that there are four words and not three or five or that you are seeing words?

> use password at service
> services database gets leaked
> your password is now in a rainbowtable
congrats on your perfect security, user

then post the words, if it is a dictionary attack it should be done by now. actually it should be done for about an hour.

I use random latin words

If by "password manager" you mean "a notebook", then yes.

Air-gapped, geographically and traditionally secure (a lock), in a mess of my apartment so effectively secured by obscurity as well.

Hell, further than that, the moment that a site gets compromised and the password list is revealed, you basically should never (*ever*) use that password again. Because it gets added to the database of "passwords that a real person has actually used", which gets run after the "most common passwords" database is used.

Easiest way to get around constantly needing to change all your passwords is to just use different randomly generated ones.

>raids your whole apartment
You can't hide that loli porn with paper.

Attached: 1528339998577.jpg (1000x562, 150K)

If you're a lolicon you have bigger problems than password security

Not him, but that's not the point. As long as passwords aren't stored in plaintext, it's not a big issue if an attacker gets hold of the hash.
The real issue with unsafe passwords vulnerable to dictionary attacks is that they are able to be cracked DIRECTLY in a relatively short time, by brute forcing via a dictionary, even less if the attacker knows some information about you (Don't forget that 90% of cracking is social engineering). Reversing the hash is completely irrelevant.
It sounds like you looked up hash functions on Wikipedia for 5 minutes and then started sperging about this irrelevant issue just to justify your objectively less secure passwords. Grow up.

Then there should be a copy of the database on your devices.

Please explain how random passphrases are vulnerable to dictionary attacks. This is the topic we were discussing.

My password manager is a text file I have in my documents folder that has all my passwords listed in it
What's the security situation on that

No it's not. No one mentioned passphrases. Stop moving goalposts.

Idiot. This is the post that started it: Can you read? Do I need to elaborate further?
For someone who complains about missing points, you sure missed the point entirely.
I posted the hash so that he could prove his point of passphrases being vulnerable to dictionary attacks. Social engineering etc. has no relevance here. This is not me trying to "simulate" a hask leak from a database or something you moron.

Not Jow Forums approved but bitwarden
>FOSS
>easy to use
>can host yourself

Its way less autistic than keepass.

There is a point where you're reaching the hard limit of "every other form of access to your shit becoming easier than cracking the pass". Honestly I'd say that point is clearly passed in the 100+ bit area of entropy, atm.

Attached: 1277930454234.jpg (357x352, 39K)

That's to make it easier to type it by hand

I used to use bitwarden before moving to an offline solution with KeepassXC.
There was a very big incident that turned me off any online solutions for anything critical. That reason was this: I finally had picked a day to finish migrating all of my passwords to one secure place. I still had some in encrypted text files, others in lastpass (i know) and a few already in my bitwarden account. This entailed making many changes to the database of my bitwarden account, etc etc. Well after a few hours that I was basically done. Then, I try to open the bitwarden extension and find that I'm logged out. Try to log in, it doesn't work. I think, ok, let me check if the website is ok.

>IP banned
>nani the fuck?!

I freaked the hell out. Every doomsday scenario was playing in my mind. The FBI/NSA/CIA were about to swat my ass or something or the hackers were already draining my datas.

Try to open bitwarden on my phone, it tries to phone home after which I couldn't access my account NOR the supposedly offline database already on my device. Immediately disconnected my other phone from router without even touching it.

Thankfully this let me use my offline copy of the database which I used to migrate to something else and not be totally locked out. The hardest ass fuckery of my life was a fraction of an inch away from me, but I survived.

I immediately got keepassxc, moved my database, changed most important passwords and felt secure with manual control over my db. A few hours later I checked on bitwarden and they had unbanned me. I deleted my account and never go on there again and don't recommend anyone to hand over control over their most important info without an offline backup.

TL;DR don't let anybody have the ability to deny you access to your most important data. Use offline solutions like KeePassXC or others for something as important as your password manager.

>FOSS
you can just host yourself

brainlet posts

why use a password manager when you can just put all your passwords in a text file and encrypt it

i put all my passwords into an encrypted text file

This is literally only true if there are only two words in the English language.

>this is the post that started it
>literally "lmao"
You sure live just to pick up fights.

Attached: 1512287655455.png (936x772, 28K)

Fantastic arguments.

I'm not going to waste my time arguing with retards on Jow Forums, but every person I quoted was a retard and I want them to know it.

Not him, but your post raises a question: Who is worse off? The mentally challenged or the one challenging the mentally challenged? Or the challenger of the one challenging the mentally challenged. Or is it the one that challenges those who challenge challengers of the mentally challenged?

Attached: 1278532787061.jpg (427x474, 39K)

Oh my god, user is retarded. Do you know how passwords are cracked? The attacker gets the hash and keeps hashing passwords until the hashes match. A Diceware password with 6+ words would not be cracked within your lifetime even with a dictionary. Hashing algorithms for passwords are designed specifically to be slow, you can't crank through them like md5 hashes or sha1 hashes.

>SMS

Use FreeOTP or do you live in 2005?

Calling out someone as retarded without saying why is pure retardation.

It can generate secure passwords automatically. There are more benefits, but that alone would already be worth it considering it's just a 5 MB portable folder.

Attached: password generator.png (491x577, 39K)

the only password manager that u need

Attached: serveimage.jpg (2000x1367, 448K)

You literally don't need more than 96 bits of entropy for a password. Same with a key, where 256 bits is enough now and forever. Nobody is going to actually bother brute forcing your passwords; instead, other weakness will be exploited, such as rubber hose cryptanalysis.

Every post demonstrates a fundamental misunderstanding either of what entropy of a password means, what a cryptographic hash function is, or basic arithmetic.

Did you even read the post you are replying to? If the attacker *knows* it's a diceware password, it's all much faster, especially with modern CPUs. It would be unfeasible, of course, with truly random characters. Brute-forcing the hash doesn't contradict the original statement, in fact it's a requirement for most such attacks.

Forgot pic

Attached: password_entropy.png (1642x1238, 191K)