[PuppetMaster]

I thought about making this thread because I didn't see one devoted to it.

What is a password manager?



Think of a safe. Hardware valuables are held in safes of varying sizes. This could be money, gold, important papers, etc.

This is what a password manager is for your online passwords. All of the passwords you use online are stored into an encrypted database. Long and complicated passwords are also generated from this and used for each website you are registered for.

Furthermore, using a password manager allows you to implement two more methods of cyber security; compartmentalization and disinformation.

I'm sure some of you guys have aliases and disposable emails that you use online. Using a password manager means it is much easier for you to do this as you no longer have to remember a bunch of passwords. This makes it harder for anyone to hurt you while online. That and the only password you will have to remember is the one for the password manager.

Take some time to write out at least two aliases with separate disposable email accounts. Keep your social media account emails such as facebook or snapchat separated from your amazon account emails. Keep your financial accounts separated from each other; and so on and so on.

None of this will prevent your laptop or smartphone from ever getting hacked. It will however, significantly reduce the probability while also minimizing damage in the worse case scenario. Stay paranoid.

Which password managers should I use?

There are several good password managers you can use. These include LastPass, True Key, Dashlane, RoboForm, keypass, and many more.

Several of these are free; others require a payment. I encourage you to look more into password managers yourself and make your own decision on which to choose.

[ElFlaco]

Instinctively I feel that a password manager is either a bad idea or more trouble than it's worth. Perhaps I'm wrong.

Incidentally, those pesky password generation rules (must contain at least one symbol, one number, one capital letter and so on) do not lead to strong passwords unless they are long. Experts recommend using long 'passphrases', which are harder to guess via brute force but easier for the user to remember:
http://okrypterat.blogg.hbl.fi/en/2017/0...-passwords

[PuppetMaster]

(06-06-2017 03:38 PM)ElFlaco Wrote:  

Instinctively I feel that a password manager is either a bad idea or more trouble than it's worth. Perhaps I'm wrong.

Incidentally, those pesky password generation rules (must contain at least one symbol, one number, one capital letter and so on) do not lead to strong passwords unless they are long. Experts recommend using long 'passphrases', which are harder to guess via brute force but easier for the user to remember:
http://okrypterat.blogg.hbl.fi/en/2017/0...-passwords

The password for your password manager could be the long catchphrase.

[mr_x]

Yeah, a really good idea to talk about cyber-security.

Just my two cents:

* Don't use the internal password manager of your browser, especially without a master password.

* I personally use keypass with browser addons, but never tried the others b/c keypass works already flawlessly for me.
But I can't imagine how to remember everything without a password manager.
- Sure, there may be bugs in the encryption, so always use ne newest version. And most important thing which should be crystal clear, is to have a really strong master password.
- If you caught a trojan, and it steals your password database, you're basically screwed, so the main goal is not to click on every stupid site/ad and not to catch malware.
- Alternative: You can create a scheme, how to generate passwords for every site, based on the site name and some base password, but that's too much hassle for me (personally). On the other hand there's no central database with all your passwords / your online identity, and this method would be preferable for higher security requirements.

* There is this nice "security experts top online safety practices" image.
Focus on the right hand side of course:
A password manager will help you with points 2 & 4 (& 5 :-P)

As long you're not on the watchlist of an intelligence agency or an APT, these security measures should be fine.

   

[mammal]

I see a password manager as having a master key for your home, office, safe, car, etc. Convenient but risky if the master key is compromised. If remembering passwords is complicated,one solution is to write them down and keep them at home (if youlive by yourself.) Another way is to have a coded list. For example, "music endss alice" would mean nothing to anyone,but to me would mean "name.of.favorite.song + last.four.my.ssn + Alice's.apartment.number" i.e. "Greensleeves4296105"

[Cation]

Alice? Who the fuck is Alice?

[Numbers Man]

Is there a preference for using password manager, rather than keeping a hard copy? Also does anyone have any resources they would recommend on generic IT security?

[BallsDeep]

Do you not feel concerned about LastPass having access to all your passwords?

[John Michael Kane]

There are USB password safes such as this: https://splashid.com/keysafe/

That might be a good option for anyone who isn't interested in LastPass having everything stored in the cloud. If you use LastPass or any other password storage in the cloud, make sure you turn on two-factor authentication with an actual authenticator program. Do NOT use text message for 2-factor, as dedicated criminals can easily port your phone number over to a different provider and then gain access to your password reset functions that way.

[Icarus]

(06-11-2017 05:19 PM)Cation Wrote:  

Alice? Who the fuck is Alice?

Is she from the Buckingham Palace?

[ivansirko]

(09-16-2017 11:02 AM)Icarus Wrote:  

(06-11-2017 05:19 PM)Cation Wrote:  

Alice? Who the fuck is Alice?

Is she from the Buckingham Palace?

Here is your password manager

[John Michael Kane]

I see a potential security vulnerability around the kneecap and abs. Poor trigger discipline too. Sorry, would have to kick her out of my compound.