Wrote all my passwords down for everything (literally everything, banking, amazon, schools...

I have most of my passwords written in computer notepads. How retarded am i? What are some good password managers

>The hackers stole your encryption keys
and how did they do this? i am running GNU/Linux and using Common Sense 2018

>what is a literal safe to put your notebook in

sorry you live in a bad area, user. most of us don't need to worry about people breaking into our house to steal our password notebooks.

so you like inconveniencing yourself and making logins longer and more cumbersome for no reason other than because you can?
by the way, your reddit spacing is showing, at least try to blend a little bit when you come here

Actually reddit loves password managers, you're on the wrong side.

They hacked into your computer, that's how (PRO TIP: They may or may not have used a zero day exploit)

They'd seriously have to have to evil maid me to do that.

Attached: 1525647505976.jpg (596x444, 72K)

you seem to have conveniently forgotten to address my point

great, care to show me any source of an example of such an attack, ever?

why would they burn a zero day on random joe schmoe?

Zero days happen spontaneously you can never know when's the next one (The Hackers are working all day to find these, and in some countries they may have government backing)

great, that's very good to know, care to provide me with an example as I asked in my prior post, instead of talking about a completely unrelated thing?

>you seem to have conveniently forgotten to address my point
I'm not the person who you were talking with, I'm OP, just laughing at your schizophrenic tantrum.

Attached: 1531527914685.png (400x368, 12K)

i'm sure you're not.

Just say if you wanna stop this thought experiment
Anyway, they stole your encryption keys, got your passwords compromised and logged in all of your online accounts including email, bank and amazon because you didn't safe them. They went through all your online purchase history and spread your cock pics all over the internet, now your family is in shame. What do you do next?

are you just pretending to be dumb?
very well, I can repeat my question
>they stole your encryption keys
how did they do this? I am running GNU/Linux with my hard drive encrypted, a BIOS password and using common sense while downloading and installing files onto my computer

I am quoting TGT: Even with seatbelts people die all the time in car crashes, isn't that interesting?

great quote, now care to tell me how a potential hacker would steal my keys? any example is fine, really

They used a zero day exploit, they happen spontaneously and you have no way of knowing it even existed before it hit you

>Hard drive encrypted
but not while you are running it

>while downloading
so you have an internet connection, at the same time that your hard drive is unencrypted because you are interacting with it. Hmm, it's not like somebody could connect to your computer and get all your stuff... no possible way whatsoever, user. you're safe. mightaswell disable iptables while your at it too.

i see, and they would use a zero day to target a random person whose information they aren't even sure would be useful at all, instead of a high profile target, seems plausible

go on, connect to my computer and get my stuff, I am connected to the internet and my hard drive is unencrypted because I am interacting with it

They ran a mass attack which was automated and got the personal information from high amount of people, even ordinary day to day normies

Every single one. You obviously write it down in its encrypted form.

very well, they have acquired my encrypted database, how will they decrypt it?

They got the keys too, with a key logger

my keys are stored on a hardware device, I plug it into my usb port when I need to access the database, the private key never leaves the device

like I said, user. you're safe. also, I ain't no 1337 h4x0r and I just shit-post on Jow Forums all day. Do you really think I am anywhere near capable of pulling that shit off?

I have to end, or at leasy delay, this thought experiment from my part -- I have to take a shower. My legs have gotten dirty from sitting on the floor.

how sure are you that some random app didn't cache your keys? better yet, how sure are you that the crypto program you use doesn't leave your private keys in memory after logging off?

If someone hacks your computer he can steal your password db and read your inputs to catch you entering your key.
The way to be truly secure is to keep the password manager on a separate dedicated device with no capacity to connect to the internet.
The price is obviously inconvenience in that you need to actually type out your passwords and a hacker will still be able to steal them one by one as you use them.
However the overall database will not be compromised, which should be your main goal with a password manager because you're keeping everything in one place.
This isn't too different from having a phisical notepad, with the difference that it will not contain plaintext entries, but ciphertext.

The problem this creates is that in practice you lose the ability to use truly random passwords because physically entering passwords like that takes too long as you read them from the dedicated device every time.

However since this is not a notepad, we can implement a technical solution.
Your dedicated device connect to your pc through USB and emulates a keyboard when you tell it to enter a specific password.
This is a one way street which guarantees that your password db cannot be parsed even if your PC is compromised and you maintain the convenience of a desktop password manager or something close to it.

Attached: bg-mutra.jpg (600x424, 40K)

>keep all account info in plain text file in Windows for decades
>never had any problems because I'm not dumb enough to get viruses

as I said, keys never leave the device, the encrypted file is sent inside of it for decryption

This is unironically the most secure way to store passwords.

Should've used an offline password manager if you don't trust things like (((Lastpass)))

You should just crank your lever desu