Unironically using your own thought up passwords that literally anyone can decrypt/crack within mere minutes instead of...

>what would entail "ironically" making up your own password?
Definition of irony according to google: "a state of affairs or an event that seems deliberately contrary to what one expects and is often amusing as a result."
Example of ironically making up a password: "Haha, I'm genuinely using "password" as my password. Look at me, I'm such a hilarious retard. Nobody would ever expect me to do something this retarded."

Attached: images.jpg (248x203, 7K)

>accounts do you even need?
>do you even need?
>you even need?
>even need?
>need?
>4,5 tops?
>tops
1, Dildos 'r' us.com
2, Rectal Doctors.org
3, Animal Shelter.404
4, Redundant
5, Redundant

kys

Currently using >80 logins for all sorts of shit - printers, servers, emails, web hosts, banks, ebay, amazon, and about 20 other suppliers and routers, laptops, forums, tax, bills, etc etc...

ALL have stupidly long (64+ characters, lots 128) and utilize as much of the asci set as possible. I also just manually change a few bits just in-case anyone ever finds the generator is predictable in any way.

Nvidia can crank out 100 generations of upgrades and all my PWs are safe.
comfy.jpg

Although tfw the weakest point of attack is my Keypass password itself ... but waddaugonnado?

Attached: 29706136403_1fba77ce5f_o_1.jpg (3634x2687, 2.43M)

I have 5 passwords for all my accounts and literally can't remember 3 of them, I just ask for the SMS verification when I can or make new password I won't remember and save it in Firefox

>he missed typing out the chars
>he points it out like it wasn't clear as day from the paste
>calls someone else retarded

>Introducing a single point of failure so that you can use pointlessly long passwords for everything.
This is fucking dumb.

>Introducing a single point of failure because you have >80 passwords that you use on a regular basis and can't possibly remember that many unique passwords.
This is an acceptable reason. However, it isn't applicable to most people.

>what are dictionary attacks

Just use some other language or mix them.
KawaiipasswordsugoiAnime

Ok Normal Fag mode... (not basement dweller)
You need to remember login data for:

Electricity
Gas
Local TAX
Water
Income TAX
Internet Provider
Mobile Provider
Internet Router (cuz u dont use the default PW do you user)
Email
Facistbook
Amazon
Ebay
Bank
Insurance
Some fucking Cloud shit service

So thats 15 logins all of which you don't want people fucking with... and its not hard to add to that list is it? (its only got minimal use of tech stuff in there)
Seriously you can keep 15 PW tight can you? And how often do you change electric supplier or telco to find a new rate? That must keep you sharp... glad you got this shit down!

Attached: steel_man___gagarin_by_georgepro.jpg (1536x2048, 801K)

KawaiiTrapsArentYoai

Ok fucker, let's do the math.

Suppose the attacker is using a dictionary with 10,000 words. They are usually bigger than this, but I'll use a small number to give you the benefit of the doubt. In this case, the number of 7 word passwords that they need to try is 10000^7 = 10^28. This means that if they are guessing 1 billion passwords every second, it will take them 10^19 seconds to guess all possible 7 word passwords. That works out to 316 billion years.

Length is far more important than complexity. Mixing in misspellings and random special characters/numbers is usually pointless and only makes your passwords harder to remember.

As a side note, the dictionaries that attackers use commonly contain mangled words, so adding misspellings and swapping out your ls for 1s and es for 3s won't help you much.

Attached: 17909321_1853113304905893_434347666_n.png (600x341, 340K)

Who in the fuck password cracks anymore?

It's all about those back doors, zero days, and good ole social engineering.

I already tried WPS attacks but WPS 2.0 is secured with timeouts which eventually lead to a wps lock, and nobody really uses WEP anymore.

>Length is far more important than complexity
That's what she said.

>implying they don't have your pw from a 0-day keylogger

Attached: Blank+_07fb56378c66b780921476b412711e70.gif (200x200, 1.79M)

> "Haha, I'm genuinely using "password" as my password. Look at me, I'm such a hilarious retard. Nobody would ever expect me to do something this retarded."
Irony is more like the fire station burning down or the dentist getting a cavity. Maybe your example would technically qualify as irony but it's like the most trivial form.

And then what is "unironic?" A state of affairs in which the expected actually happens? Why even note it as "unironic" if that's the case?

KawaiiYuriGirlsSugoiDesuBakka!

>cuz u dont use the default PW do you user
What's wrong with default password?

What do you think happens when the website you're using falls victim to SQL injection? All the hashed passwords end up on the attacker's machine. Guess what happens next? That's right, they start brute forcing everyone's passwords.

routerpasswords.com/

>what is "unironic?"
Example of somebody who is unironically a retarded autist: >Why even note it as "unironic"
Some people ironically act like retards because they are trying to be funny. Others unironically act like retards because they ate lead paint chips as a child and now have genuine brain damage. Sometimes it is important to clarify what type of retard you are talking about.

Attached: b8.png (800x600, 91K)

Yeah I think the words you're looking for are "jokingly" and "seriously." Keep sounding like an idiot, though!

>routerpasswords.com/
Those are passwords for the control panel.

Dumb cunts.
If you are using passmanager, you are storing all eggs in one basket.
You are literally relying on 1 (one) password for everything.
After attacker gets your masterpass, he not only gets all your passwords, but he also gets all the metadata which is far more important.

And this retarded "muh entropy" meme again.
You need to understand, you cretins, that nobody these days are bruteforcing the login pages anymore, they hack the server and then maybe crack the salted hashes of the passwords.
This is when your "password entropy" comes into play, after service is already hacked.
Basically, high entropy only helps if you are reusing the same password everywhere.
Which means, if you are not retarded, it doesn't help you at all.

You are so fucking dumb. Keep using password managers.

Nowadays, ironically and jokingly are synonyms. This is sort of like how faggot and queer are now synonyms but weren't in the past. The dictionaries haven't quite caught up yet.

>Sometimes it is important to clarify what type of retard
If you say so.
>Why even note it as "unironic" if that's the case?
No worries, user. This is the general state of the millennitard. System has failed them and the psychologically driven compensation has them acting in all sorts of creative manner.

moneysavingexpert.com/news/broadband/2017/06/virgin-media-tells-customers-to-check-online-security-after-hacking-risk-exposed
bleepingcomputer.com/news/security/5-000-routers-with-no-telnet-password-nothing-to-see-here-move-along/
They don't always do it right...

Attached: nhq201709100035.jpg (4017x2483, 1.93M)

>ironically and jokingly are synonyms
(YOU) need to start over again. Square one. Pay attention this time. Retard.

I store my passwords in a veracrypt container and sync them to all of my devices with syncthing.

Society as a whole needs to start over. That is the most common way the word "ironically" is used. The oldfags in this thread are only getting triggered because they know it is true.

How is that information even gonna help crack a strong router password?
You still need to connect to the network to use the acces panel.

>If you are using passmanager, you are storing all eggs in one basket.
Every practical system of storing passwords boils down to "putting all your eggs in one basket". The best reasonable approach is to make that basket as strong as possible, which a password manager accomplishes.

>After attacker gets your masterpass,
Gaining the master password is an exceptionally hard problem. The only practical method I can think of would be a keylogger, which would provide ALL your passwords regardless of how you chose to store them.

>but he also gets all the metadata which is far more important.
???

>This is when your "password entropy" comes into play, after service is already hacked.
>Basically, high entropy only helps if you are reusing the same password everywhere.
Or if you care about an attacker gaining access to your account - which you should.

When someome cracks your password manager password the get access to all your stuff. Everything. Why place that much trust in one?

As much as PGP itself or AES or whatever, will be a single point of attack for the whole world.

But also as stated It tends to be sites that fall - then you need to generate another PW ASAP and make it another safe one... life is a wall of passwords.
Unless you are directly targeted by the full force of 3 letter agencies (and even then if done right keypass might?? still stand) I think the security of Keypass will be way stronger than your own mind especially as you need more passwords... also if a vulnerability gets found it can be fixed. Your biggest total loss threat is probably getting a key-logger installed and having all your passwords kill no matter what you do.
So fucking VM, Sandbox, no scrpt, add block, do what you gotta do and stay clean.
And make your master Keypass PW a fucking big one! - you could even use 3 Keypass files to segment your access:
everyday shit/work/filth
Whatever - this is 2018 burn your 1980s filofax!
Use FOSS, don't use free services or cloud storage, check your download hashes and encrypt all the things!

Attached: as11-44-6642~orig.jpg (3000x2896, 573K)

Via wifi... which its self is the weakspot.

>the full force of 3 letter agencies
Against attackers who know your identity, no software is secure. See pic related.

Attached: security.png (448x274, 26K)

You could always take it to the grave...
Then I don't know if 3 letter will get it? (they might still)

Attached: images.duckduckgo.com.png (1191x794, 873K)

> if you care about an attacker gaining access to your account
he has the access to the whole server already.
he doesnt need your shitty password to do things at this point.

>what is metadata
info about your accounts outside of passwords.
the thing is, when people usually start using passmanagers, they usually starting using them for everything.
so by getting your master pass, attacker instantly knows every single site you are registered at.
even in the worst case security scenario without passmanager, where you use the same password everywhere, attacker still needs to guess where you also used the same password first and then manually check everything.
but with passmanager it's fucking easy. passmanager will tell him everything he wants to know.
what is even funnier, is that retards get so confident and lazy, so they will start sorting shit like bank accounts and creditcard info in passmanager. just look at onepass interface, they make it very easy to store that kind of info there. and retards are actually doing it.

>he best reasonable approach is to make that basket as strong as possible, which a password manager accomplishes.
No, it does not. You just massively increased the risk to get a little bit of comfort and you are one zero-day away from losing everything.

>Implying they're nice enough to let you kill yourself.
I'm sure a lot of the "enemy combatants" in guantanamo tried.

Attached: 0517ae5794e9e7173b9e0c702b5ca6fb.jpg (800x1076, 142K)

>i'm gonna hack into this kids account xD
>you have 5 failed login attempts and are locked out

>he has the access to the whole server already.
Not necessarily - look at the password leaks from companies like Adobe. Leaked password DBs tend to be spread far and wide.
And even if they do have full access (which is very rare), then that access will end once the sever operator gets their shit together.

>so by getting your master pass, attacker instantly knows every single site you are registered at.
Unless you memorise all your passwords (in which case they're reused and/or horribly weak), that's true no matter how you go about storing your passwords.

>You just massively increased the risk to get a little bit of comfort
The loss of security from using a PM is small, as it's a reasonably small, non-network-facing utility. The password manager is almost never the weakest link in the chain - if an attacker has broken it, they've probably broken everything else too.

>and you are one zero-day away from losing everything.
You were always one zero-day away from losing everything. Pretending otherwise is just wilful denial.

And that's why we should use a notepad or brain with variations on the same 3 shitty 10 letter passwords? Rather than keypass Mmmm OK...

>You were always one zero-day away from losing everything
Objectively false. You can potentially lose a lot more when you are under false sense of security (e.g. storing banking info in PM).
When attacker gets into your system, if you are using passmanager, he just need to wait for you to type 1 (one) and he gets everything instantly. After that he clears after himself and out he goes.
But if you are not using passmanager, he will have to wait until you manually type every single password, which means he have to stay on the system longer and increase the chance of him being detected.

>The loss of security from using a PM is small
Arguably a lot more than without it, because of false sense of security it gives as i said before.

>Unless you memorise all your passwords (in which case they're reused and/or horribly weak)
As i said before, you don't need 1 millions bites of entropy, because noone bruteforces login pages anymore.
Password just have to be reasonably difficult and reasonably unique.
This is not hard to accomplish at all, even without a passmanager.

Corporate shills (from OnePass for example) did a pretty good job of planting preconception in the public mind. It basically goes something like: "to be secure you have to use passmanager". And you apologists are only making it worse by supporting it.
Maybe you are smart just enough to use some open source PM, but what your average normie would do? He will go and download onepass and will rely on it for everything. And would be thinking how smart and secure he is, because "smart" people said so, until one he gets pwned and will lose everything. Then he will cry, then he will learn.

When I was younger, I had a .txt file with about 200,000 random numbers/letters/symbols, and I memorized something like "41-52" for passwords and looked it up.

Looking back, that was super retarded

Nah, that's not what I was saying. was implying that keypass might be secure against the federal government and I was pointing out that it is pointless to bother trying to guard against the government using software. At some point, humans become the weakest link regardless of what software you are using.

>2018
>unironically debating the meaning of the word irony on a chinese cartoon forum where it's had a distinct colloquial meaning for at least half a decade

I bet you think you're a real smart person

jesus christ how fucking new

I use lastpass

How bad am I screwing up? I actually need it because I have dozens of websites I need to remember the passwords for with different usernames and mails. The most important stuff is protected with 2FA and passwords in my native language that only about 8 million people speak in the world.

>I use lastpass
I would strongly recommend switching to an open-source, offline password manager.

>unironically being a fucking frogposter
unironically die

Attached: download (2)__01.png (132x224, 26K)

>unironically thinking anyone cares about stealing your password

There's no forseeable scenario in which an attacker steals my database.

>Objectively false. You can potentially lose a lot more when you are under false sense of security (e.g. storing banking info in PM).
There's no "false sense of security" - a password manager provides exactly as much security as you would expect: it's an AES (or equivelent) encrypted DB.

>But if you are not using passmanager, he will have to wait until you manually type every single password,
For the most valuable passwords (email accounts etc) that's only going to take a day or two. If an attacker has installed a keylogger on your system, you're fucked regardless.

>As i said before, you don't need 1 millions bites of entropy, because noone bruteforces login pages anymore.
They attack leaked DBs instead, which makes password entropy MORE important.

>This is not hard to accomplish at all, even without a passmanager.
That is almost impossible to accomplish without a password manager (or an unencrypted store, which is worse). How many secure passwords can you actually recall? How many services do you use?
I can't remember a tenth of the passwords I use.

Two more unique qualities of the millennitard: lacking awareness (most often self-awareness) and sense of entitlement.
>inb5 that's not an arguement
Out of here, fags. Late