where to store your passwords ?
-
- Addict
- Posts: 4519
- Joined: Thu Jun 07, 2007 3:25 pm
- Location: Berlin, Germany
Re: where to store your passwords ?
Regardless what way you choose, there is always a weak point. Some methods are less weak than some others, though.
I'm using the portable version of KeePass Professional (free and open source). The database that contains my passwords is encrypted and protected by its own password. That means, I have to remeber only this one passwort.
One copy of the program and my database is at home on the hard drive of my PC, another copy is on a USB pen drive which I always take with me when I'm going to work etc.
It's possible -- but very unlikely -- that I'd lose that USB pen drive. In that case I still have the copy on my PC. And if someone finds the pen drive, s/he could not easily read my passwords, because they are stored in an encrypted database.
I'm using the portable version of KeePass Professional (free and open source). The database that contains my passwords is encrypted and protected by its own password. That means, I have to remeber only this one passwort.
One copy of the program and my database is at home on the hard drive of my PC, another copy is on a USB pen drive which I always take with me when I'm going to work etc.
It's possible -- but very unlikely -- that I'd lose that USB pen drive. In that case I still have the copy on my PC. And if someone finds the pen drive, s/he could not easily read my passwords, because they are stored in an encrypted database.
Re: where to store your passwords ?
> it's necessary to remember a bunch of rules
Not so. You can use one rule if you want.
> You're always reading sequentially in one of eight directions
Nope, you don't get it. Nothing is sequential if you don't want
it to be. You can make all your passwords zig-zagged, or in a
spiral, etc. I already explained all this. Plus, the password can
be from 1 to X chars long. Where did you pull 8 from? You're
totally not getting it.
> A dictionary created from the card containing less than 10k
> entries would contain all your passwords
Again, you're not grasping its concept properly. That single
card is capable of storing over 48,000 passwords if we used
just its first line ALONE. And that's just using left-right as
the direction on the first line. And there's 9 lines, so that
comes to over 432,000 passwords using left-right with all
lines. Now, add up-down, zig-zag, whirls, and the number
of possible passwords more than MILLIONS.
> Regardless what way you choose, there is always a weak point
Weak points apply to technical limitations, not your brain.
Of course, a weak point with your brain would be the old
rubber-hose cryptanalysis technique.
Not so. You can use one rule if you want.
> You're always reading sequentially in one of eight directions
Nope, you don't get it. Nothing is sequential if you don't want
it to be. You can make all your passwords zig-zagged, or in a
spiral, etc. I already explained all this. Plus, the password can
be from 1 to X chars long. Where did you pull 8 from? You're
totally not getting it.
> A dictionary created from the card containing less than 10k
> entries would contain all your passwords
Again, you're not grasping its concept properly. That single
card is capable of storing over 48,000 passwords if we used
just its first line ALONE. And that's just using left-right as
the direction on the first line. And there's 9 lines, so that
comes to over 432,000 passwords using left-right with all
lines. Now, add up-down, zig-zag, whirls, and the number
of possible passwords more than MILLIONS.
> Regardless what way you choose, there is always a weak point
Weak points apply to technical limitations, not your brain.
Of course, a weak point with your brain would be the old
rubber-hose cryptanalysis technique.
I compile using 5.31 (x86) on Win 7 Ultimate (64-bit).
"PureBasic won't be object oriented, period" - Fred.
"PureBasic won't be object oriented, period" - Fred.
Re: where to store your passwords ?
Beat somebody with a rubber hose until they tell you their password?PB wrote:... would be the old
rubber-hose cryptanalysis technique.
Best wishes to the PB community. Thank you for the memories.
-
- Enthusiast
- Posts: 542
- Joined: Tue Apr 24, 2012 5:08 pm
- Location: Ontario, Canada
Re: where to store your passwords ?
I was thinking in terms of having to remember the reference point, direction, and number of characters, for each online account. Plus one needs to carry the key card, in real or virtual form.PB wrote:> it's necessary to remember a bunch of rules
Not so. You can use one rule if you want.
It seems like a lot of trouble to go to when it would be just as easy to remember the passwords.
A true story:
I once installed one of my packages with a temporary password, and explained to the customer that he would need to use the password to change the preferences. I told him that the password was "secret", but he could change it via the preferences screen. He nodded and said, "Ok". About five years later he phoned me and asked if I could change the preferences when I was next in the building. I reminded him that he had the password and could do it himself. He responded, "No I can't -- you told me the password was secret".
For ten years Caesar ruled with an iron hand, then with a wooden foot, and finally with a piece of string.
~ Spike Milligan
~ Spike Milligan
-
- Addict
- Posts: 1654
- Joined: Sun Dec 12, 2010 12:36 am
- Location: Somewhere in the midwest
- Contact:
Re: where to store your passwords ?
I recently started using LastPass
-
- Addict
- Posts: 4519
- Joined: Thu Jun 07, 2007 3:25 pm
- Location: Berlin, Germany
Re: where to store your passwords ?
Oh, e.g. forgetfulness does not exist? So what's all the fuss about?PB wrote:> Regardless what way you choose, there is always a weak point
Weak points apply to technical limitations, not your brain.
Then just remember your dozens of passwords, and you are done.
Re: where to store your passwords ?
> Beat somebody with a rubber hose until they tell you their password?
Yep. https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis
Yep. https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis
I compile using 5.31 (x86) on Win 7 Ultimate (64-bit).
"PureBasic won't be object oriented, period" - Fred.
"PureBasic won't be object oriented, period" - Fred.
- electrochrisso
- Addict
- Posts: 980
- Joined: Mon May 14, 2007 2:13 am
- Location: Darling River
Re: where to store your passwords ?
PB wrote:> Beat somebody with a rubber hose until they tell you their password?
Yep. https://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis
PureBasic! Purely one of the best
Re: where to store your passwords ?
Double or triple encrypted passwords seem fine to me. For example serpent encrypted inside AES encrypted.
Re: where to store your passwords ?
use a password generator, you have a long phrase that you know well and can't forget as your seed that you use to generate unique passwords for different forums or other sites.
Re: where to store your passwords ?
> forgetfulness does not exist?
I was referring to weak points in the context of others
getting your password from you. With a file, it can be
hacked. Your brain can't.
I was referring to weak points in the context of others
getting your password from you. With a file, it can be
hacked. Your brain can't.
I compile using 5.31 (x86) on Win 7 Ultimate (64-bit).
"PureBasic won't be object oriented, period" - Fred.
"PureBasic won't be object oriented, period" - Fred.
-
- Always Here
- Posts: 6425
- Joined: Fri Oct 23, 2009 2:33 am
- Location: Wales, UK
- Contact:
Re: where to store your passwords ?
. Hang on PB, you already referenced Wikipedia to show that it can be hackedYour brain can't.
A well encrypted file is a very difficult animal to hack, almost impossible. Most hackers are not going to have the hardware/time/patience - and they don't need to, since they have a list of millions of potential victims free-of-charge from Sony etc. Any sign that your file is well guarded and I think most hackers will just move on to the next Joe.
IdeasVacuum
If it sounds simple, you have not grasped the complexity.
If it sounds simple, you have not grasped the complexity.
-
- Addict
- Posts: 4519
- Joined: Thu Jun 07, 2007 3:25 pm
- Location: Berlin, Germany
Re: where to store your passwords ?
You did not write that in your regarding reply. You answered in a general sense to a sentence of mine, which was about weak points of password usage and management in general. Others getting your password from you is only one aspect of the whole story.PB wrote:> forgetfulness does not exist?
I was referring to weak points in the context of others
getting your password from you.
Last edited by Little John on Tue Jun 10, 2014 12:59 pm, edited 1 time in total.
Re: where to store your passwords ?
For all practical purposes, an aes encrypted file is unhackable.
Re: where to store your passwords ?
For future prospects, watch the 2013 movie: ElysiumPB wrote:With a file, it can be hacked. Your brain can't.