Jump to content

Recommended Posts

Posted (edited)

Like many people, I have about 30 or 40 passwords to various websites, Suppliers, banks, online shopping etc.etc. Remembering them all is a pain in the butt. Forgetting is even worse. Murphy's Law being what it is it's always important or urgent when I forget one.

No more, my son introduced me to Bitwarden. Only email address and one master password needed. Free download from the Google play store.

Bitwarden creates a field where I can store the name of the organisation, its web address URL, my password, and any other details I need to know. Just highlight the URL, open in a new tab, and away I go.

Has anyone else tried this system? It's only downside - all the passwords are lost if one forgets the master password

Edited by Lacessit
Posted

I use LastPass since years for private and a different account for business.

It works fine and is, as far as I understand, pretty secure.

The paid version also allows sharing with passwords with other people.

 

In general, for something important like that, I prefer companies who charge for their service. Because as we know by now, if it's "free", then mostly we are the product. That is not a good idea with security relevant issues. 

  • Thumbs Up 1
Posted
1 hour ago, OneMoreFarang said:

I use LastPass since years for private and a different account for business.

It works fine and is, as far as I understand, pretty secure.

The paid version also allows sharing with passwords with other people.

 

In general, for something important like that, I prefer companies who charge for their service. Because as we know by now, if it's "free", then mostly we are the product. That is not a good idea with security relevant issues. 

There are coders that make fine software for little or no charge, sometimes they request donations. Quite a few people swear by the various versions of Linux ( me included ), which are all free downloads. AFAIK they have far fewer security issues than any version of Windows, which costs, and is the target of nearly 100% of hackers.

Paying for a service does not necessarily mean it is better at security. There's a class action forming in Australia with Optus, the second biggest telecom, after a massive breach of customer data.

 

https://www.mauriceblackburn.com.au/class-actions/join-a-class-action/optus-data-breach-2022/

Posted (edited)

Most passwords these days must be at least 8 digits, including capitals, lower, number and a symbol.

Think of a PIN, 4 or 6 up to you. Follow that with a symbol, * / ? or anything YOU want. That's the start of all your passwords. Then use, for example, the last four letters of the 'company' eg Soft for Microsoft, Ogle for Google, Wide for Nationwide etc etc whatever YOU want. Or use all the vowels in the name, or the consonants. All you need to remember is the PIN & symbol, and to start, or end, the letters with a capital.

Or start with the letters followed by the PIN. Easy.

Edited by KannikaP
  • Love It 1
  • Thumbs Up 1
Posted (edited)
On 3/31/2023 at 9:28 AM, Lacessit said:

Has anyone else tried this system?

Been using it a few years for a couple hundred passwords, etc. Changed from Lastpass when Lastpass changed the terms of service. Besides, Lastpass seems always being hacked, though no customer passwords have been compromised. Bitwarden, OTOH, is open source anyway, so any major flaws would long have been exploited.

 

You can use Bitwarden in various ways, including via your own server. It doesn't have to be cloud-based, to address some of our very shrewd objections.

 

Works well, used it today to login here. It doesn't autofill as well as Lastpass does on a large variety of sites & forms, but good 'nuff.

 

 

Edited by BigStar
Posted
48 minutes ago, BritManToo said:

A1234567

Works for me!

Until the requirement is having a special character included......  (which most are needing these days)

Posted (edited)

I use the password utility in Norton 360 works well.

 

Norton will check dark web and give a report of any suspicious activity.

 

Edited by LosLobo
Posted

I've used Keepass for a while.  Completely offline.  You can create a key file separate from the data file, so both of those plus the password are needed to access the passwords.  

 

KeePass Password Safe

 

There are mobile versions so that the database file (and any key file) can be copied to a phone and used there as well.  That is a drawback versus the web based ones such as Lastpass since you have to keep the file updated on all devices manually.  But I don't trust web based versions.

 

I used to use password safe that someone mentioned above, but I think keepass worked better for use on PC and phone back when I switched.

  • Like 2
Posted

I use old house address #s, or past dog names, so easy to remember.

 

Just add #1 if symbol or # is required.   Easy to remember.

  • Thumbs Up 1
Posted (edited)
On 3/31/2023 at 8:26 PM, dingdongrb said:

I don't trust any app or service. It's pretty much why I don't trust the cloud for storage of important personal documents. Things can always be hacked. 

Fully agree. And what's the difference?

You always need some "master" key/password to open your password safe/list.

 

My sensitive data is a textfile in a container encrypted with VeraCrypt.

Stored locally with three backups on other notebook. mobile phone and external drive.

I open it with the masterpassword and the rest is pure manual "work" (copy/paste).

 

Additionally I print the text file incl masterpassword on a regular basis and lock it in the safe.

Edited by KhunBENQ
  • Like 1
Posted (edited)
41 minutes ago, Carmine6 said:

That is a drawback versus the web based ones such as Lastpass since you have to keep the file updated on all devices manually.  But I don't trust web based versions.

Big thumbs up.

 

13 minutes ago, KhunLA said:

I use old house address #s, or past dog names, so easy to remember.

 

Just add #1 if symbol or # is required.   Easy to remember.

Most all password that are easy to remember are junk.

Everything shorter than 12 characters is weak.

Enter your password in Google search. If found dump it.

 

I use generated easy to read passwords of 14 to 16 characters.

Easy to read: <AZ><az><09>

Like g9aSfgfjUSEGoXqq, 5LR1JzO7oAuOHFKJ  ...

Nerds say 20 characters is necessary.

Using strange characters &^(#)$&*($... is outdated and only gives headaches.

Length matters :smile:

 

Generating passwords with "PasswordTech":
https://pwgen-win.sourceforge.io/

 

 

 

Edited by KhunBENQ
  • Like 1
Posted
1 hour ago, KhunBENQ said:

Like g9aSfgfjUSEGoXqq, 5LR1JzO7oAuOHFKJ 

How am I suppose to remember something like that.

 

Except for one financial site, I have nothing at risk if hacked.

Even the financial site has it's own security measures, and will reimburse me IF hacked.  

Posted
4 minutes ago, KhunLA said:

How am I suppose to remember something like that.

There is exactly one password that you have to remember and that is the master password. That's how all the tools work.

In private secure space it's OK to write that down somewhere.

And as you will use this frequently you will remember it after a while.

The masterpassword must never be used for any other purpose than opening the password safe. Never use it for any online/external service.

This in mind you might reduce the complexity somewhat.

 

A popular method to have a masterpassword to remember:

take some motto/phrase/verse that you remember like (from another post):

 

"Life is like riding a bicycle. To keep your balance you must keep moving."

 

Now take either first or second character of each word (first if only one character):

LilrabTkybymkm

You can well write down the complete verse and put in the cabinet.

 

 

 

 

  • Like 1
Posted
33 minutes ago, KhunBENQ said:

There is exactly one password that you have to remember and that is the master password. That's how all the tools work.

In private secure space it's OK to write that down somewhere.

And as you will use this frequently you will remember it after a while.

The masterpassword must never be used for any other purpose than opening the password safe. Never use it for any online/external service.

This in mind you might reduce the complexity somewhat.

 

A popular method to have a masterpassword to remember:

take some motto/phrase/verse that you remember like (from another post):

 

"Life is like riding a bicycle. To keep your balance you must keep moving."

 

Now take either first or second character of each word (first if only one character):

LilrabTkybymkm

You can well write down the complete verse and put in the cabinet.

OR, I can simple do what has worked for decades, and is so easy to remember, I don't need to write anything down.

 

No need to fix what isn't broken.

Posted (edited)

I’m in the KannikaP, dingdongrb, KhunLA , KhunBENQ camp on this one. However I disagree with the 12 characters.

 

Assuming 60 characters (upper-lower-numerical) options 60*60*60*60*60 (ie 5 characters) typing at 1 character per second would take around 24 years to enter all the combinations.

Edited by DaLa
incorrect number
Posted (edited)
6 hours ago, DaLa said:

Assuming 60 characters (upper-lower-numerical) options 60*60*60*60*60 (ie 5 characters) typing at 1 character per second would take around 24 years to enter all the combinations.

You want to tell that a 5 character password is a good one???

You think some nerd sits at the keyboard and does his tries???

Passwords are cracked from stolen/leaked data on the server or man in the middle ("wire tapping").

It's done with highly specialized hardware.

 

For ALL six character password their respecting hashes (the encrypted form stored on the servers) are available in tabular form.

Cracking a 5 character password is in the millisecond microsecond range.

 

The following picture assumes some kind of computing power of the cracking machines:

spacer.png

 

https://www.betterbuys.com/estimating-password-cracking-times/

 

 

 

Edited by KhunBENQ
Posted

I do NOT recommend to have an active/real password on this site:

https://www.passwordmonster.com/

 

But you can use something "similar" to see what they say,

For my 16 character "g9aSfgfjUSEGoXqq" from above it says 26 billion years to crack.

With the know methods and hardware even the smartest "agencies" won't have a quick hit :biggrin:

 

The real danger is your device.

Updated, free of malware, trojans?

If not all effort is wasted.

That's also the reason not use public computers for sensitive tasks.

 

Posted

i use very secure passwords
never write any down
do not use words etc
do not use any password managers
the key is to have a formula you use to create your passwords
then you only need remember the formula

processors will get faster
and GPU farms will get bigger

password_table-1024x795.jpg

  • Thanks 1
Posted

I use keepass2 and associated clients, depending on device and OS. The password database is kept in the cloud (Google drive for me) with a local copy on each device for when there's no internet connection.

 

The clients I use are:

Linux:

Keeweb 

 

Android:

Keepass2android 

 

Windows:

Yucch. Why would anyone still be using windows... 

 

 

  • Like 1
Posted (edited)
12 hours ago, Carmine6 said:

I've used Keepass for a while.  Completely offline.  You can create a key file separate from the data file, so both of those plus the password are needed to access the passwords.  

 

KeePass Password Safe

 

There are mobile versions so that the database file (and any key file) can be copied to a phone and used there as well.  That is a drawback versus the web based ones such as Lastpass since you have to keep the file updated on all devices manually.  But I don't trust web based versions.

 

I used to use password safe that someone mentioned above, but I think keepass worked better for use on PC and phone back when I switched.

I have used keepass for about a decade.  I keep the dbx file on dropbox.  There is a android keepass app the you can use on your phone and it can sync with the dbx file in your dropbox folder.  So you do not have to update dbx on your different devices as they all sync with the one dbx file on dropbox.

 

A freestanding version of keepass can run from your crypto  wallet or a memory stick.

Edited by Adumbration

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...