- Posts: 8735
- Thank you received: 7349
Bugs: Recent Topics Paging, Uploading Images & Preview (11 Dec 2020)
Recent Topics paging, uploading images and preview bugs require a patch which has not yet been released.
Kickstarter Breached
- Sagrilarus
- Topic Author
- Offline
- D20
- Pull the Goalie
I used a password that I've used on other sites, and of course two of them are down for maintenance this weekend so I can't enter new passwords.
Another reason to buy at your local store.
S.
Please Log in or Create an account to join the conversation.
- Posts: 1728
- Thank you received: 771
Please Log in or Create an account to join the conversation.
I don't even know what my passwords are on most sites (this one included). It's some noisy bunch of crap that includes 20 characters (or less, if the site stupidly requires this.) I got this notice, logged in over there and had a new pile of schwas as my password in about 20 seconds.
If you will spend $5 on a latté, spend $5 on a password manager.
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
- SuperflyPete
- Offline
- Salty AF
- SMH
- Posts: 10733
- Thank you received: 5119
Please Log in or Create an account to join the conversation.
- san il defanso
- Offline
- D10
- ENDUT! HOCH HECH!
- Posts: 4623
- Thank you received: 3560
jeb wrote: Get and use a password manager. I use LastPass, others use KeePass, there are a bunch of them. Most are cross-platform, integrate with browsers, even iOS. It's worth it.
I don't even know what my passwords are on most sites (this one included). It's some noisy bunch of crap that includes 20 characters (or less, if the site stupidly requires this.) I got this notice, logged in over there and had a new pile of schwas as my password in about 20 seconds.
If you will spend $5 on a latté, spend $5 on a password manager.
How do these work on other computers, like work or something like that? This would be a really good investment for me, but I do things on about three different machines.
Please Log in or Create an account to join the conversation.
- SuperflyPete
- Offline
- Salty AF
- SMH
- Posts: 10733
- Thank you received: 5119
Please Log in or Create an account to join the conversation.
Please Log in or Create an account to join the conversation.
www.howtogeek.com/165882/how-to-use-keep...s-and-on-your-phone/
Look into it. The hassle factor is there, but the hassle factor of recovering from a breach is MUCH lower.
Please Log in or Create an account to join the conversation.
- Sagrilarus
- Topic Author
- Offline
- D20
- Pull the Goalie
- Posts: 8735
- Thank you received: 7349
Keypass is a good idea that doesn't work for me personally. I could use it for my personal passwords but can't use it for work places.
S.
Please Log in or Create an account to join the conversation.
- ChristopherMD
- Offline
- Road Warrior
- Posts: 5225
- Thank you received: 3758
Please Log in or Create an account to join the conversation.
- SuperflyPete
- Offline
- Salty AF
- SMH
- Posts: 10733
- Thank you received: 5119
AAAAA(symbol)BBBBBBC
A= is the first letters of the web address. You can use the last letters (minus the dot com or whatever)
Symbol= Your symbol of choice which is the same symbol you use for everything
B=6 letter word that is the core of all your passwords
C=Alphanumeric code for the type of site, ie 1 for sites that have credit card info, 2 for anything else
An example would be
fort~fuckoff2 (first 4, tilde, personal key, non-shopping site) or keeg%fuckoff2 (same convention, just used last 4 backwards).
All you need to remember is the convention and your personal key "fuckoff", and all your passwords become very easy to remember. If you need to change password due to a breach, just use the last letters instead of the first. If you have to change AGAIN, due to another breach, don't go back to that site because they don't give a shit about your safety.
Please Log in or Create an account to join the conversation.
But for security, as an IT type with a lot of passwords with 12-15char minimums and as short as 2-week password rotations (at work), it makes for a lot of balls in the air, if you have an aging memory.
So I use the _freeware_ Keypass2 on my home pc, work pc, iphone4s and ipad2, all sync'd with dropbox.
On the IOS devices I use Minikeepass reading the synced kbdx file - not the snappiest method to open the db - esp if you're punching in a long master password, and a 2-factor keyfile spec, to get it open. But it does the job.
For most complex requirements or work, I use LONG 18-20char mixed case, + numbers + punctuation passwords, and Keepass's autotype functions to hot-key enter passwords.
The keepass 'URL in Title Bar' plugin can go a long way to helping you get a 'recognizable' browser title string, for matching the proper entry to the proper page.
Other plugins I like (from the keepass plugins page)
-KeePassFaviconDownloader (dl's an entry's matching icon - speeds up visually id'ing them in your lists)
-KPEntryTemplates - gives you custom entry screens for custom items like credit cards, or in my case, inventorying items at home (ser#'s, make, model, detailed specs on collections of things).
-PronouncePwGen - I don't use this much yet, but it's designed to build more human-readable passwords
-RDCAutoTypeAndTCATO - I use this one for compatibility with mstsc (MS TermServ RDP client, for remoting servers).
-WordSequence (custom-pw-construction-algorithm plugin, supports word lists & custom dictionaries)
Since I have it on my phones & dropbox, I've also taken to leveraging KP's capacity for holding files within an entry; passport & birthcertificates, vaccination-record scan images, , etc, for when traveling, or on my son.
Using a two-factor authentication (with a common-generic-item keyfile), and secure-desktop entry of the master password, *should* make things fairly secure. I'd like it better if I was re-encrypting the sync file on dropbox, but at this point, it's more important that I have the data sync'd than that one extra piece of security.
Also, with all the data breaches these day's I'm becoming a big fan of use of Google Authenticator and Symantec\Verisign VIP Access 2-factor apps on my devices:
GoogleAuth supports, google, facebook, dropbox & microsoft's sites (or any that provides a QR code export).
Symantec supports paypal, ebay, and a range of financial sites.
The above help ensure that, even if someone gets your uid & password, that they still are missing a piece of the puzzle to get logged on.
Would that more sites were actually using 2-factor though...
Well.. and that helpdesks at places like Amazon/Apple etc weren't staffed with idiots that hand out password resets over the phone, like candy...
Please Log in or Create an account to join the conversation.
Sagrilarus wrote: I'm on seven or eight machines and have to keep track of about 50 passwords right now each in a set that can never repeat. I use a black book, as it's the only way to remain sane.
If this is a for-real policy position at a firm, they really need to consider revising, and/or providing a central alternative. Because, hand-written unencrypted records (or the old standard 'magical word .doc of passwords') are suicidally risky. And at the end of the day, their restrictions of secure password tools are in many ways making them _more_ at risk.
Most of the firm's I've worked at, not only permit you to use independent password keepers (or actively look the other way), some had active projects in the pipe to look at *buying* central password-management db apps. It's that important.
One of my prior jobs was at a firm that did US govt work, and wouldn't even permit *any* non-VPN remote email-access at all. They used 2-factor auth on all remote access (s'why they wouldn't do email; it didn't support it smoothly). They also drove 14day password expirations and other ridiculously burdensome options. But they didn't support or provide any centrally-approved means of managing passwords. And Security wasn't concerned about results, just paper policy. The firm also had an IT workforce with ages averaging over 50. Net result of the above combo was that I had coworkers with passwords openly written on cubicle walls...
Completely nuts.
Please Log in or Create an account to join the conversation.
- Posts: 2498
- Thank you received: 590
SuperflyTNT wrote: I'll give you a secret method that I have used in the past, but I have a newer, better, secret'er way.
AAAAA(symbol)BBBBBBC
A= is the first letters of the web address. You can use the last letters (minus the dot com or whatever)
Symbol= Your symbol of choice which is the same symbol you use for everything
B=6 letter word that is the core of all your passwords
C=Alphanumeric code for the type of site, ie 1 for sites that have credit card info, 2 for anything else
An example would be
fort~fuckoff2 (first 4, tilde, personal key, non-shopping site) or keeg%fuckoff2 (same convention, just used last 4 backwards).
All you need to remember is the convention and your personal key "fuckoff", and all your passwords become very easy to remember. If you need to change password due to a breach, just use the last letters instead of the first. If you have to change AGAIN, due to another breach, don't go back to that site because they don't give a shit about your safety.
your core word is dangerously accurate for many of my passwords you hacker fuck! hahaha
Please Log in or Create an account to join the conversation.