Password management - Security & Cryptography
Memory can diminish over time; just ask an older person. :)

I can memorise quite a few, but some days, I might forget, so having them backed up is useful, to save frustration.
I can't count the number of passwords I forgot. I realised that the day I stumbled upon my myspace account. It tried login in, but couldn't recall the password (it was like 5 years old). So I pressed "forgot my password", and the link to reset it was sent to an old account that I had let die slowly. Couldn't remember the password either, So I pressed "forgot my password", which led me to my first email address created. Needless to say I was locked out too. In the end, I managed to recreate the account, which was deleted after a few monthes, and have myspace give me another password. But I was lucky there!

As of today, I still can't remember what my password was back in the days. and I think it will be the same for the passwords I use now (which are even more complicated, and numerous). Hence the need for a password manager.
The thing I don't like about password managers is that they become just another thing to crack, at which point all the passwords are out. You can sacrifice security for convenience, but rarely can you have both.

Randomly generated passwords are no harder for a computer to guess and far harder for the human to memorize. I use the same long base string for all my passwords, then modify it somehow for each account. I record these modifications in a notebook but not the base, so it's useless to anyone who finds it. For example:

Base password: icantrememberthepasswordto

Nixers password: ic4ntr3m3mb3rthep4ssw0rdt0nix3rs
Nixers notebook entry: l33t nix3rs

Facebook password: icantrememberthepassword4facebook!!ohshit
Facebook notebook entry: -2+4fb!!ohshit

So on and so forth. I have a good memory so after I use the password a few times I don't really need the notebook. Except for things I rarely log into.
I've gone through several approaches to my passwords. From super portable but dumb as shit, to very secure but not very portable.

Initially when I was like 9 or whatever I had a text file in my USB. Not encrypted or anything, I just put my usernames and passwords there.

Then I moved on to using LastPass[1]. An approach I had for like 3 years and it worked great, not once was my account hacked.

Then I moved on to using `pass`[1]. Which was great but a bit tedious. That was until I figured out I could use dmenu+pass, and then I had quick and easy secure access to my passwords. Though not portable because GPG. Then I thought of using z3bra's `pass` but it got tedious to import all the passwords and stuff.

Now I'm back to some sort of hybrid. I use GPG to encrypt my file with all my passwords, and use LastPass to login quickly to my most common websites.

I'm considering trying out getvault[3] seriously. It's as portable as it gets, pretty damn secure, and as long as you've a unique passphrase and pattern for service names, it's pretty unhackable.



@ThePlantMan that's a nice method. Though now that you've shared it with us we could figure it out. ;)

P.S.: Writing as if this was a text email cause I'm too lazy to bbcode.
Eduan / greduan
I use KeePass X Alpha on Mac/Linux and KeePass 2 on Windows. They all support the same password database and it's worked well for me so far.
Version: 3.1
G d s+:++ a--- C++ UB P+ L+ !E !W+++ !N !o K--? w++ !O M++ !V PS+++ PE-- Y++ PGP+ !t !5 !X !R tv b+ DI D++ G e- h r y--

buddhist ~ esperantisto ~ communist
^ same
@ThePlantMan - I do a similar thing, though not as complicated - my passwords are variations of the same words mixed around - but I can represent them with a letter or number etc.

password: asdfqwer4523
in notebook: aq#

number is usually the same, and I have ~4 common variations/phrases I use. I'm slowly moving things to use password-store as well, though. Combined with dmenu it is a pleasant enough experience(and if you use different usernames/emails for different sites, it's handy as fuck), and there's an android app you can use with it as well for convenience:
I manage my passwords a bit like ThePlantMan, but i use 3 types of passwords in general

Type 1. a not too complicated password for things like unlocking my laptop screensaver which i can tell someone and have not to worry about it.
Type 2. a "base string" modified with a website specific string, for my email accounts
Type 3. a really long password for things like truecrypt and full disk encryption
I have a mix of passwords that is now getting beyond a joke trying to remember them all. I have thought of using the base string method with a modifier per service or website. I've also been thinking about getting a couple of yubikeys to use with lastpass.
(23-08-2015, 06:43 PM)swathe Wrote: I have a mix of passwords that is now getting beyond a joke trying to remember them all. I have thought of using the base string method with a modifier per service or website. I've also been thinking about getting a couple of yubikeys to use with lastpass.
I've heard about yubikeys, they've interested me. Will probably get one later on and mess with it.

Members  |  Stats  |  Night Mode