Anyone here use Password Managers? They seem counter productive to me

I just don't get it. Just remember the password... You're just adding extra steps for little gain.

>10 passwords

Attached: lmao.png (184x36, 9K)

Just moved from Lastpass to Bitwarden yesterday. I like it because it has both web interface and desktop app (which is probably electron-based but still nice to have). Also the auto-logout feature of the Chrome addon actually works unlike Lastpass.

Jesus Christ please be bait.

i programmed my own using python and heavy encryption. should take the nsa/fbi/lea a few million years or more to crack with today's super computers.

Yes. I use KeePass2. Specifically, MacPass (because I'm a Macfag), and MiniKeePass for iOS. If I'm using a Linux system for whatever reason, I would use KeePassXC.

I have over 40 passwords all over 30 characters of mixed symbols, letters, numbers. Some people actually take their security seriously but you NEETs probably have nothing to protect anyway.

Attached: 1543622991485.jpg (804x720, 195K)

>if you cannot remember 10 passwords in your head for all uses
what a ridiculously stupid thing to write. this some kind of stale bait?

Are you also behind seven proxies?

must be bait.. or pure autism.
1 billion proxies and counting!

>My main password is 43 characters long
t. sperg

By posting an anime image you have already outed yourself as a neet user. You just got OWNED.

This.

head /dev/urandom | tr -dc A-Za-z0-9 | head -c 64 ; echo ""

an save to a txt file and firefox password manager

Nice logic bro you got me

Attached: 1546079822292.jpg (487x367, 102K)

>OWNED
go back to 9fag you fucking retard

Oh my, why didn't I think of this!

>They seem counter productive to me.
Why?

He probably thinks that it's less secure to have all your passwords protected by just one password

This of course completely misses the point of password managers

This paranoia on cloud services is unjustified. Even when LastPass got "hacked" the actual passwords were not leaked.

Using cloud services is counter-productive, using a password manager is not.

KeePass XC on Windows/Linux + KeePass DX on Android

To be honest, It takes less time to use these programs than manually inputting username/phone number and a password.

I use 1Password because it's cloud based and has mobile support. It's a subscription service but I'm not fucking poor so I can handle it.

plus, it's more secure to use a Password manager. Use a password you never used online and some other things like a key file and a security question.

Also I store my backup 2FA codes in KeePass XC and it can be highly customizable.
I also suggest to use Authenticator Plus on Android instead of that Google Shit.

>He probably thinks that it's less secure to have all your passwords protected by just one password
You can have a password manager without that weakness.

How are password managers "counterproductive"?
They can generate strong, secure passwords for you and remember them. They actually enhance your productivity.
This is, of course, assuming you're using a proper password manager and not some cloud garbage.

I don't know about you, but I use well over 50 passwords. There is no way I could comfortably remember them all without them being very simple and insecure.

You don't even have to use a master password. You can alternatively use a key file, preferably stored on some other location such as an external USB drive, or both a key file and a password for maximum security.

That's gonna be a yikes from me tubs.

keepass + google drive

pass + yubikey > all

Attached: YubiKey-5-NFC.png (500x500, 169K)

Is there any decent self-hosted password manager for web without requiring of installed addons?

ssh

I programmed my own password manager in Java.
My password for twitter is twitter, for Game1 is game1, game2 is game2 , mail is mail.
All the programm then does is convert game2 into sth like f6sQzCbCVkWm and put it into clipboard, then after some seconds it deletes the clipboard...

What's the difference from KeePass X to KeePass XC?

I use a Mac and an iPhone so iCloud does it for me. Feels good man. Even migrates over passwords I haven't used in a decade from systems past.

Password managers don't seem so counterproductive when the amount of passwords you have hits the hundreds and you find yourself doing insecure practices like using the same password but slightly modifying it so you don't forget it after you're forced to change it.

Password management/centralisation makes sense for probably the majority of people who use Jow Forums but maybe not for the majority of laymen. Free solutions are convoluted and not user friendly and paid solutions aren't worth the cost.

>after you're forced to change it
That's a thing I have been wondering about.
What exactly does regularly changing your password try to achieve?
I don't see how it supposedly improves security.

>dude just remember 10 different strings of text and numbers lol
Only autistic people do this. Literally, memorizing long strings is a textbook sign of autism. So either you are autistic or your 10 passwords are all in the format of "passwordReddit" or whatever the fuck you use.

Forced regular password changes are actually a fucking terrible idea as it causes users to reuse passwords but modify them slightly and people have already developed cracking techniques that can abuse this. Forced password changes after a security breach are better practice. This practice is continuing due to inertia rather than it actually making sense.

However the point of them is that if somebody discreetly collects passwords over a few months, and then uses them all at once to try and login to bank accounts and such, they will find that many passwords are no longer good. That's the idea it just doesn't work because it's trivial to crack the new passwords most of the time.

Another big issue is that while say, criminals skimming credit cards and gathering pins using a video camera might wait a few months before actually trying to use your pin, nowadays people after stealing peoples credentials are going to use them very quickly.

sans.org/security-awareness-training/blog/time-password-expiration-die

>Forced password changes after a security breach are better practice.
Sure, but even then it either takes the service operator not using hashed passwords with salt, or the operator using a cracked hash algo, in order to create an immediate problem.

Use different passwords for all services and make them as random as possible.
The only reasonable way to achieve that is (offline) password managers.
Then again, we know that the average guy doesn't do that at all (12345, qwerty, password - and writes them on post-it notes anyway), and the world is still going, so maybe this is again part of our "paranoia". (I don't think it is.)

I'm regularly surprised by how little people try to protect their unlock pattern for smartphones.

I cannot recommend the use of a password manager enough. Please try one, even if you find out you don't like it, you might not really know what you're missing until you do.

You would not believe the number of companies that make users remember insecure passwords and pins because they don't enforce the use of password management. I do use a password manager (keepass) and can highly recommend using one. Technology will eventually move away from passwords altogether, but before that happens, a password manager should be in use by everyone that gives even the smallest of shits about security.

Please try one OP, you might find that using one makes your life much easier, and you get the added benefit of the security.

I use a plain text file

I use enpass but they updated recently and now it is shit

The password manager can generate stronger passwords than you can on your own, and having it store them for you reduces the likelihood that you'll reuse passwords across different sites (slight variations on the same password are not much safer than using the exact same one)

i'm paranoid about accidentally locking myself out of every account. how do i avoid it? i just downloaded keepassxc. i make a new database file then generate a password, change my password on the website, and the database autosaves it and then i backup my database file and i'm good? is .kdbx compatible with regular keepass?

Not retarded.
>I use Oubliette password manager.
The best one available. And no fucking snake-oil.

Attached: oubliette.gif (402x400, 9K)

>2FA
A fucking meme.

>pass + yubikey > all
Snake-oil.

Bitwarden or Keypass are the best.
Both open source, both passed audit. Bitwarden can be self-hosted if you don't believe in cloud. KeePass doesn't have a cloud but can use Dropbox or Nextcloud if you self host already.

That's quite clever

Having to use a program to enter a password is not faster than me typing in my password.

I am using LastPass for my personal and company's accounts.