Password managers?

Overnight said:
Indeed. Thus the admonition that you do not use the same password for each site. If one is hacked, at least that is the only password that is compromised.
More...
Right. I would also use more than 10 characters for the reasons in my prior post.

So I guess I'm saying that when your passwords start to look like this: $%dji.3#0)2lafDVW54$$fadgra&g.d, it makes typing them in--each and every time--from a post-it note, dreadful, if not unrealistic.
 
userque said:
Right. I would also use more than 10 characters for the reasons in my prior post.

So I guess I'm saying that when your passwords start to look like this: $%dji.3#0)2lafDVW54$$fadgra&g.d, it makes typing them in--each and every time--from a post-it note, dreadful, if not unrealistic.
More...

LOL, omg! Who said it has to look like that?

Regarding the same rule mentioned above, here's all you have to do to follow the 72^10 rule, if the sites allow upper and lower case, 10 numbers and 10 special character.

Remember, this is just an example, not an actual password to anything.

theQu@ckB7

It's a variation on the Quick Brown Fox thingy. That password you see above has the 4 quintillion possibilities in it. So all you have to do is come up with a phrase, or word that means something to you, and tweak a character here and there. Here, watch. Just 10 characters...

theQu@ckB7 <--- site #1
thEQu@ckB6 <--- site #2
TheQu&ckB2 <--- site #3
THEqu@Cka4 <--- site #4

Etc ad nauseum. So long as it follows a certain format, there is no brute forcing of one, and then guessing of another.

P.S. Userque, I plugged your password example into the formula above.

$%dji.3#0)2lafDVW54$$fadgra&g.d is 31 characters. Assuming same ruleset, your password combination hack possibility would be 1 in 3.7783952741213222481929572236823, +57 more digits. That's Knuth up-arrow territory. You may be onto something, albeit a bit overboard on security! :-)
 
Overnight said:
LOL, omg! Who said it has to look like that?

Regarding the same rule mentioned above, here's all you have to do to follow the 72^10 rule, if the sites allow upper and lower case, 10 numbers and 10 special character.

Remember, this is just an example, not an actual password to anything.

theQu@ckB7

It's a variation on the Quick Brown Fox thingy. That password you see above has the 4 quintillion possibilities in it. So all you have to do is come up with a phrase, or word that means something to you, and tweak a character here and there. Here, watch. Just 10 characters...

theQu@ckB7 <--- site #1
thEQu@ckB6 <--- site #2
TheQu&ckB2 <--- site #3
THEqu@Cka4 <--- site #4

Etc ad nauseum. So long as it follows a certain format, there is no brute forcing of one, and then guessing of another.

P.S. Userque, I plugged your password example into the formula above.

$%dji.3#0)2lafDVW54$$fadgra&g.d is 31 characters. Assuming same ruleset, your password combination hack possibility would be 1 in 3.7783952741213222481929572236823, +57 more digits. That's Knuth up-arrow territory. You may be onto something, albeit a bit overboard on security! :)
More...

Ok, I won't say too much more...hackers will get mad at me if I do. :)
 
sprstpd said:
KeePass is a very good open source password manager (and is free).

You can make it generate custom random passwords. You can make it pre-populate websites with your password. It stores your passwords in an encrypted database that you can unlock with different methods (one being a master password). I use it all the time and I have no clue what my passwords are for any website. I just let it handle the details.

If your database file becomes corrupt, well then technically you are screwed. However, most websites have password reset options, plus you can store your password database wherever you like as backup. You'll probably want to do that. But essentially, if your database becomes corrupt (and you have no backup) then it is as if you forgot your password for every website in existence.
More...
i also use KeePass [for years]

[excellent program]
i keep a backup copy [a must] on a usb drive, and one on google drive cloud

marc
:wtf::D:):caution::cool::p
 
Maybe just me, but I use as complex a password as allowed by each site. I work at home so have my hardcopy available easily, but don't see a point in another site generating my password as I assume they use an algorithm that is hackable or discoverable. I go for 2 or 3 factor authentication whenever it is offered. I have no sites that I absolutely have to access away from home that I don't have the passwords in my memory, even after changing on a regular basis.
I admit I am an old fart, and maybe it's good in the internet password age, as I suspect everything on the internet is hackable, and do my best to complicate my life to reduce the risk.
 
LastPass just recently made the equivalent of their "premium" service @ $1/mo.. free. As I read reviews, I found quite a number of complaints about LastPass... enough to consider something else. Like, LogMeOnce. Anyone have any experience with LogMeOnce?
 
Last edited:
You must log in or register to reply here.
Back
Top