Hello guest, if you read this it means you are not registered. Click here to register in a few simple steps, you will enjoy all features of our Forum.
Rules have been updated! Here

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5

[-]
Tags
password security

Password security
#1
Password managers are important to me. Fundamentally, if you don't know your own passwords, how is someone else going to retrieve them when you dump your authentication?

Word documents, text files and using of the same password in multiple places is entirely non-secure. You may as well buy Zuckerberg some printed fridge magnets with your email accounts, bank details and social security number.

There are billions of pre-cracked and ready hashed passwords out there, so high entropy is your goal. But how is one supposed to know their 16-256 length extended ascii passwords? You're not, which brings me to KeePassXC; which is a FOSS and cross-platform password manager, and the only one I trust. I know there are more out there but I wouldn't trust 1Password, Lastpass and the likes, hence allocating one in particular.

KeePassXC comprises of:
Code:
https://keepassxc.org/


AES (Rijndael) encrypted databases using a 256bit key
Code:
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard

Compatible with KeePass password safe
Cross-platform, open source (FOSS) and works offline
Code:
https://en.wikipedia.org/wiki/Free_and_open-source_software

Holds anything from passwords, to 2FA/MFA recovery keys
Code:
https://en.wikipedia.org/wiki/Multi-factor_authentication

Supports custom URL icons
Supports YubiKey for authentication challenge-response
Code:
https://www.yubico.com/

High *entropy* password creator
Automatic clearing of the clipboard and memory space after a password copy

Using a password manager with a strong master-key is how you should be rolling in 2020. A post-it note on your computer monitor does not cut it anymore, in fact it never did. But reverse-engineering tactics, spying and malware are only getting more sophisticated. Do yourself a favor, enhance your privacy by protecting your passwords.

* Entropy in this context means the strength of a password via information theory.
[-] The following 6 users say Thank You to ntdll for this post:
  • Bl4ckCyb3rEnigm4, kara yel, MaskedUser, PriSim, Skunk1966, TanMan
Reply
#2
Also, for those (still!) not using password managers, here's a useful site to check your password strength:
Code:
https://www.security.org/how-secure-is-my-password/
Reply
#3
(02-21-2021, 05:09 PM)starilater Wrote: Also, for those (still!) not using password managers, here's a useful site to check your password strength:
Code:
https://www.security.org/how-secure-is-my-password/
Coded your link, please code any external links

Thanks
[-] The following 1 user says Thank You to BALTAGY for this post:
  • kara yel
Reply
#4
Using Bitwarden and make random password for each website. Feel safe for now
Reply
#5
Lastpass is pooped on all of their free users, but I do wonder with all of these password managers... what happens when they get eventually hacked? All of my passwords will be exposed in one go. And those that say it will never happen, in my opinion, are naive.
Reply
#6
(02-26-2021, 12:44 AM)Lewis3545 Wrote: Lastpass is pooped on all of their free users, but I do wonder with all of these password managers... what happens when they get eventually hacked? All of my passwords will be exposed in one go. And those that say it will never happen, in my opinion, are naive.
There are password managers like KeePassXC that stores encrypted passwords in local storage. So if hackers can't access your local storage they can't hack it.
Reply
#7
lets be true to ourselves, the moment you plug yourself into internet, your're never 100% safe, but regarding easy of acess instead of security, ii agree, passwords managers may be great!
but i never used any, in the end its one more app to use lol
Reply
#8
I have been using keepass for many years, now KeepassXC, with a local storage located in dropbox, This way I use the same storage everywhere and on all devices which is very well secured with a master password. If my dropbox gets hacked, it's no use to anyone.
[Image: PNLYiEq.png]
[-] The following 1 user says Thank You to mare1 for this post:
  • Skunk1966
Reply
#9
I personally prefer lastpass just because it is easy to use and works well on my phone as well.
[-] The following 1 user says Thank You to dyxtro for this post:
  • Ratva
Reply
#10
For me, and for years, it's KeePass (with KeePassXC-Browser plugin for interaction with Browsers)

+ Certified 100% safe
+ All plug-ins (with their sources)
+ Because I know it by heart3

I had taken a look some time ago at KeePassXC, (and participated for a while in its translation), but it had not convinced me and, but it is really a personal opinion, for having followed for a while the development, it was "a bit" mess3
and for such sensitive software, that didn't encourage me to change.
I just kept "KeePassCX-browser" for the principle, but with personal modifications of the code.
[-] The following 1 user says Thank You to ADomi for this post:
  • Skunk1966
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)