AiOwares
Password security - Printable Version

+- AiOwares (https://www.aiowares.com)
+-- Forum: Cyber & Forensics (https://www.aiowares.com/forumdisplay.php?fid=65)
+--- Forum: Cyber Security (https://www.aiowares.com/forumdisplay.php?fid=66)
+--- Thread: Password security (/showthread.php?tid=1556)

Pages: 1 2


Password security - ntdll - 01-06-2020

Password managers are important to me. Fundamentally, if you don't know your own passwords, how is someone else going to retrieve them when you dump your authentication?

Word documents, text files and using of the same password in multiple places is entirely non-secure. You may as well buy Zuckerberg some printed fridge magnets with your email accounts, bank details and social security number.

There are billions of pre-cracked and ready hashed passwords out there, so high entropy is your goal. But how is one supposed to know their 16-256 length extended ascii passwords? You're not, which brings me to KeePassXC; which is a FOSS and cross-platform password manager, and the only one I trust. I know there are more out there but I wouldn't trust 1Password, Lastpass and the likes, hence allocating one in particular.

KeePassXC comprises of:
Code:
https://keepassxc.org/


AES (Rijndael) encrypted databases using a 256bit key
Code:
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard

Compatible with KeePass password safe
Cross-platform, open source (FOSS) and works offline
Code:
https://en.wikipedia.org/wiki/Free_and_open-source_software

Holds anything from passwords, to 2FA/MFA recovery keys
Code:
https://en.wikipedia.org/wiki/Multi-factor_authentication

Supports custom URL icons
Supports YubiKey for authentication challenge-response
Code:
https://www.yubico.com/

High *entropy* password creator
Automatic clearing of the clipboard and memory space after a password copy

Using a password manager with a strong master-key is how you should be rolling in 2020. A post-it note on your computer monitor does not cut it anymore, in fact it never did. But reverse-engineering tactics, spying and malware are only getting more sophisticated. Do yourself a favor, enhance your privacy by protecting your passwords.

* Entropy in this context means the strength of a password via information theory.


RE: Password security - starilater - 02-21-2021

Also, for those (still!) not using password managers, here's a useful site to check your password strength:
Code:
https://www.security.org/how-secure-is-my-password/



RE: Password security - BALTAGY - 02-21-2021

(02-21-2021, 05:09 PM)starilater Wrote: Also, for those (still!) not using password managers, here's a useful site to check your password strength:
Code:
https://www.security.org/how-secure-is-my-password/
Coded your link, please code any external links

Thanks


RE: Password security - Tymerias - 02-22-2021

Using Bitwarden and make random password for each website. Feel safe for now


RE: Password security - Lewis3545 - 02-26-2021

Lastpass is pooped on all of their free users, but I do wonder with all of these password managers... what happens when they get eventually hacked? All of my passwords will be exposed in one go. And those that say it will never happen, in my opinion, are naive.


RE: Password security - BerbQ - 03-04-2021

(02-26-2021, 12:44 AM)Lewis3545 Wrote: Lastpass is pooped on all of their free users, but I do wonder with all of these password managers... what happens when they get eventually hacked? All of my passwords will be exposed in one go. And those that say it will never happen, in my opinion, are naive.
There are password managers like KeePassXC that stores encrypted passwords in local storage. So if hackers can't access your local storage they can't hack it.


RE: Password security - sterki - 03-06-2021

lets be true to ourselves, the moment you plug yourself into internet, your're never 100% safe, but regarding easy of acess instead of security, ii agree, passwords managers may be great!
but i never used any, in the end its one more app to use lol


RE: Password security - mare1 - 03-08-2021

I have been using keepass for many years, now KeepassXC, with a local storage located in dropbox, This way I use the same storage everywhere and on all devices which is very well secured with a master password. If my dropbox gets hacked, it's no use to anyone.


RE: Password security - dyxtro - 03-16-2021

I personally prefer lastpass just because it is easy to use and works well on my phone as well.


RE: Password security - ADomi - 04-01-2021

For me, and for years, it's KeePass (with KeePassXC-Browser plugin for interaction with Browsers)

+ Certified 100% safe
+ All plug-ins (with their sources)
+ Because I know it by heart3

I had taken a look some time ago at KeePassXC, (and participated for a while in its translation), but it had not convinced me and, but it is really a personal opinion, for having followed for a while the development, it was "a bit" mess3
and for such sensitive software, that didn't encourage me to change.
I just kept "KeePassCX-browser" for the principle, but with personal modifications of the code.