Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.misc > #21047 > unrolled thread

Do you use a password manager?

Back to article view | Back to comp.misc

Contents

  Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-12 09:53 +0000
    Re: Do you use a password manager? Wade Garrett <wade@cooler.net> - 2021-07-12 07:37 -0400
      Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 07:41 -0400
      Re: Do you use a password manager? "Andy K." <andy.k466@gmail.com> - 2021-07-12 15:14 +0200
        Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-12 21:45 +0000
      Re: Do you use a password manager? Scott Alfter <scott@alfter.diespammersdie.us> - 2021-07-12 15:17 +0000
        Re: Do you use a password manager? Lamey <lametroll@invalid.invalid> - 2021-07-12 09:36 -0600
          Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-12 21:46 +0000
          Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-19 10:43 -0400
      Re: Do you use a password manager? Rich <rich@example.invalid> - 2021-07-12 15:40 +0000
      Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 11:52 -0700
        Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-12 19:58 +0000
          Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 13:15 -0700
            Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 16:27 -0400
              Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 13:48 -0700
                Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 17:14 -0400
                  Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 14:43 -0700
                    Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 18:11 -0400
                      Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 15:52 -0700
                        Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 19:18 -0400
                          Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 16:57 -0700
                            Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-12 20:25 -0400
                              Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-12 21:41 -0700
                                Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-14 07:10 +0000
                            Re: Do you use a password manager? Rich <rich@example.invalid> - 2021-07-13 01:08 +0000
                            Re: Do you use a password manager? Scott Alfter <scott@alfter.diespammersdie.us> - 2021-07-13 14:43 +0000
                            Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-13 15:59 +0000
                              Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-13 13:55 -0700
            Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-13 15:48 +0000
              Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-14 07:04 +0000
      Re: Do you use a password manager? om@iki.fi (Otto J. Makela) - 2021-07-16 16:34 +0300
        Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-16 15:06 +0000
          Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-16 20:10 +0000
            Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-16 21:51 +0000
              Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-16 22:05 +0000
                Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-16 22:19 +0000
        Re: Do you use a password manager? Wade Garrett <wade@cooler.net> - 2021-07-16 11:19 -0400
      Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-19 10:42 -0400
        Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-19 11:08 -0700
          Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-19 14:12 -0400
          Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-19 20:07 +0000
            Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-19 14:15 -0700
          Re: Do you use a password manager? Richard Kettlewell <invalid@invalid.invalid> - 2021-07-20 09:15 +0100
            Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-20 20:13 +0000
          Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-20 16:39 -0400
            Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-20 15:52 -0700
    Re: Do you use a password manager? Jolly Roger <jollyroger@pobox.com> - 2021-07-12 15:28 +0000
      Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-12 21:51 +0000
        Re: Do you use a password manager? Jolly Roger <jollyroger@pobox.com> - 2021-07-13 17:15 +0000
    Re: Do you use a password manager? Michael Trew <mt999999@ymail.com> - 2021-07-13 01:56 -0400
      Re: Do you use a password manager? kludge@panix.com (Scott Dorsey) - 2021-07-17 15:18 +0000
    Re: Do you use a password manager? Oregonian Haruspex <no_email@invalid.invalid> - 2021-07-14 01:29 +0000
      Re: Do you use a password manager? % <pursent100@gmail.com> - 2021-07-13 18:43 -0700
        Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-14 07:00 +0000
    Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-19 10:40 -0400
      Re: Do you use a password manager? Unbreakable Disease <unbreakable@secmail.pro> - 2021-07-22 08:52 +0000
        Re: Do you use a password manager? Alan Browne <bitbucket@blackhole.com> - 2021-07-22 09:52 -0400
          Re: Do you use a password manager? Unbreakable Disease <unbreakable@danwin1210.me> - 2021-07-27 11:27 +0000
            Re: Do you use a password manager? Your Name <YourName@YourISP.com> - 2021-07-28 08:30 +1200
              Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-27 17:30 -0400
              Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-27 22:47 +0000
                Re: Do you use a password manager? Your Name <YourName@YourISP.com> - 2021-07-28 15:40 +1200
                  Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-28 08:41 +0000
                  Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-28 12:35 +0000
              Re: Do you use a password manager? om@iki.fi (Otto J. Makela) - 2021-07-28 10:52 +0300
              Re: Do you use a password manager? Scott Alfter <scott@alfter.diespammersdie.us> - 2021-07-28 17:45 +0000
              Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-28 22:30 +0000
                Re: Do you use a password manager? nospam <nospam@nospam.invalid> - 2021-07-28 18:56 -0400
                  Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-07-29 07:38 +0000
    Re: Do you use a password manager? Dreamer In Colore <dreamerincolore@hotmail.com> - 2021-07-21 13:28 -0400
      Re: Do you use a password manager? Keith Thompson <Keith.S.Thompson+u@gmail.com> - 2021-07-21 12:31 -0700
        Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-21 21:00 +0000
          Re: Do you use a password manager? Ben Bacarisse <ben.usenet@bsb.me.uk> - 2021-07-22 01:23 +0100
            Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-07-22 08:46 +0000
    Re: Do you use a password manager? rtr <rtr@nospam.invalid> - 2021-11-28 06:51 +0800
      Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2021-11-27 23:40 +0000
      Re: Do you use a password manager? om@iki.fi (Otto J. Makela) - 2021-11-28 14:16 +0200
        Re: Do you use a password manager? rtr <rtr@nospam.invalid> - 2021-11-28 21:06 +0800
        Re: Do you use a password manager? The Real Bev <bashley101@gmail.com> - 2021-11-29 10:31 -0800
      Re: Do you use a password manager? Anssi Saari <as@sci.fi> - 2021-11-29 13:01 +0200
        Re: Do you use a password manager? Lewis <g.kreme@kreme.dont-email.me> - 2021-11-29 15:52 +0000
    Re: Do you use a password manager? Matti Haveri <nospam@here.invalid> - 2022-02-05 14:43 +0200
      Re: Do you use a password manager? The Real Bev <bashley101@gmail.com> - 2022-02-05 09:41 -0800
        Re: Do you use a password manager? Dan Purgert <dan@djph.net> - 2022-02-05 19:03 +0000
          Re: Do you use a password manager? Scientific (she/her) ⚧ <science@danwin1210.de> - 2022-02-05 19:37 +0000
            Re: Do you use a password manager? meff <email@example.com> - 2022-02-05 23:26 +0000
              Re: Do you use a password manager? Bob Eager <news0009@eager.cx> - 2022-02-07 09:50 +0000
                Re: Do you use a password manager? scott@alfter.diespammersdie.us - 2022-02-09 19:14 +0000
              Re: Do you use a password manager? Vlad Markov <vlad@happy.dwarf7.net> - 2022-06-02 00:28 +0000
                Re: Do you use a password manager? meff <email@example.com> - 2022-06-07 06:11 +0000
                  Re: Do you use a password manager? Vlad Markov <vlad@happy.dwarf7.net> - 2022-06-08 22:45 +0000
            Re: Do you use a password manager? Dan Purgert <dan@djph.net> - 2022-02-07 00:54 +0000
            Re: Do you use a password manager? Eli the Bearded <*@eli.users.panix.com> - 2022-02-08 22:32 +0000
          Re: Do you use a password manager? The Real Bev <bashley101@gmail.com> - 2022-02-05 19:52 -0800
            Re: Do you use a password manager? Dan Purgert <dan@djph.net> - 2022-02-07 00:57 +0000
              Re: Do you use a password manager? The Real Bev <bashley101@gmail.com> - 2022-02-07 14:55 -0800
                Re: Do you use a password manager? Dan Purgert <dan@djph.net> - 2022-02-08 01:55 +0000
                  Re: Do you use a password manager? The Real Bev <bashley101@gmail.com> - 2022-02-07 21:57 -0800
                    Re: Do you use a password manager? meff <email@example.com> - 2022-02-08 07:00 +0000
                      Re: Do you use a password manager? The Real Bev <bashley101@gmail.com> - 2022-02-09 14:03 -0800
                        Re: Do you use a password manager? Eli the Bearded <*@eli.users.panix.com> - 2022-02-09 23:05 +0000
                        Re: Do you use a password manager? scott@alfter.diespammersdie.us - 2022-02-10 17:04 +0000
                    Re: Do you use a password manager? Dan Purgert <dan@djph.net> - 2022-02-08 12:18 +0000
                      Re: Do you use a password manager? Rich <rich@example.invalid> - 2022-02-08 14:41 +0000
                        Re: Do you use a password manager? Dan Purgert <dan@djph.net> - 2022-02-08 15:13 +0000
                      Re: Do you use a password manager? The Real Bev <bashley101@gmail.com> - 2022-02-09 14:05 -0800
                        Re: Do you use a password manager? Dan Purgert <dan@djph.net> - 2022-02-10 00:46 +0000
                    Re: Do you use a password manager? scott@alfter.diespammersdie.us - 2022-02-09 19:19 +0000
                      Re: Do you use a password manager? Dan Purgert <dan@djph.net> - 2022-02-09 19:29 +0000
                        Re: Do you use a password manager? The Real Bev <bashley101@gmail.com> - 2022-02-09 14:14 -0800
                          Re: Do you use a password manager? Dan Purgert <dan@djph.net> - 2022-02-10 01:19 +0000
                            Re: Do you use a password manager? The Real Bev <bashley101@gmail.com> - 2022-02-10 12:58 -0800
        Re: Do you use a password manager? Matti Haveri <nospam@here.invalid> - 2022-02-06 11:39 +0200
    Re: Do you use a password manager? gtr <xxx@yyy.zzz> - 2022-02-06 19:27 +0000
      Re: Do you use a password manager? Siri Cruise <chine.bleu@yahoo.com> - 2022-02-06 18:21 -0800
        Re: Do you use a password manager? The Real Bev <bashley101@gmail.com> - 2022-02-07 14:57 -0800
          Re: Do you use a password manager? Siri Cruise <chine.bleu@yahoo.com> - 2022-02-07 19:21 -0800
      Re: Do you use a password manager? El Kabong <twang@the.noodle> - 2022-02-06 22:16 -0800
    Re: Do you use a password manager? gtr <xxx@yyy.zzz> - 2022-02-12 21:35 +0000
    Re: Do you use a password manager? Y A <y000000000000@ya.ee> - 2023-02-11 08:15 -0800

Page 4 of 6 — ← Prev page 1 2 3 [4] 5 6  Next page →

#21166

On Wed, 28 Jul 2021 08:30:16 +1200, Your Name wrote:

> With the source code available for free, it also means the hackers can
> more easily work out how to steal your information. Using open source or
> hacked pirated versions for anything even remotely to do with security
> is simply incredibly silly.

Ah, a proponent of security through obscurity.

I think not.

-- 
Using UNIX since v6 (1975)...

Use the BIG mirror service in the UK:
 http://www.mirrorservice.org

[toc] | [prev] | [next] | [standalone]

#21168

On 2021-07-27 22:47:01 +0000, Bob Eager said:
> On Wed, 28 Jul 2021 08:30:16 +1200, Your Name wrote:
>> 
>> With the source code available for free, it also means the hackers can
>> more easily work out how to steal your information. Using open source or
>> hacked pirated versions for anything even remotely to do with security
>> is simply incredibly silly.
> 
> Ah, a proponent of security through obscurity.
> 
> I think not.

I guess that's why the banks leave their vault doors open all night.  :-\

[toc] | [prev] | [next] | [standalone]

#21170

On Wed, 28 Jul 2021 15:40:13 +1200, Your Name wrote:

> On 2021-07-27 22:47:01 +0000, Bob Eager said:
>> On Wed, 28 Jul 2021 08:30:16 +1200, Your Name wrote:
>>> 
>>> With the source code available for free, it also means the hackers can
>>> more easily work out how to steal your information. Using open source
>>> or hacked pirated versions for anything even remotely to do with
>>> security is simply incredibly silly.
>> 
>> Ah, a proponent of security through obscurity.
>> 
>> I think not.
> 
> I guess that's why the banks leave their vault doors open all night. 
> :-\

Non sequitur.



-- 
Using UNIX since v6 (1975)...

Use the BIG mirror service in the UK:
 http://www.mirrorservice.org

[toc] | [prev] | [next] | [standalone]

#21171

In message <sdqjit$aif$1@gioia.aioe.org> Your Name <YourName@YourISP.com> wrote:
> On 2021-07-27 22:47:01 +0000, Bob Eager said:
>> On Wed, 28 Jul 2021 08:30:16 +1200, Your Name wrote:
>>> 
>>> With the source code available for free, it also means the hackers can
>>> more easily work out how to steal your information. Using open source or
>>> hacked pirated versions for anything even remotely to do with security
>>> is simply incredibly silly.
>> 
>> Ah, a proponent of security through obscurity.
>> 
>> I think not.

> I guess that's why the banks leave their vault doors open all night.  :-\

You obviously have no idea what "security by obscurity" means. A vault
is not obscure. If you hide you money in a hollow book, that would be
security by obscurity.



-- 
Demons have existed on the Discworld for at least as long as the
	gods, who in many ways they closely resemble. The difference is
	basically the same as between terrorists and freedom fighters.

[toc] | [prev] | [next] | [standalone]

#21169

Your Name <YourName@YourISP.com> wrote:

> With the source code available for free, it also means the hackers can
> more easily work out how to steal your information. Using open source
> or hacked pirated versions for anything even remotely to do with
> security is simply incredibly silly.

"Hacked pirated" versions aside, security by obscurity never works in
the long run.

The security of cryptosystems should depend on things like your key
management, not that nobody has got their hands on the source code.
Widely used systems like openssl are open source and better for it,
as they have open audits of how they are builts.

-- 
   /* * * Otto J. Makela <om@iki.fi> * * * * * * * * * */
  /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */
 /* Mail: Mechelininkatu 26 B 27,  FI-00100 Helsinki */
/* * * Computers Rule 01001111 01001011 * * * * * * */

[toc] | [prev] | [next] | [standalone]

#21172

In article <sdpqco$1erg$1@gioia.aioe.org>,
Your Name  <YourName@YourISP.com> wrote:
>With the source code available for free, it also means the hackers can 
>more easily work out how to steal your information. Using open source 
>or hacked pirated versions for anything even remotely to do with 
>security is simply incredibly silly.

Security by obscurity?  Please tell us you're joking...this has to be one of
the most ignorant comments I've seen on Usenet in a good long while.

If you have access to the source code, you can verify that (1) secure
algorithms are in use and (2) those algorithms have been properly translated
into secure code that works.  Without source code, you're potentially buying
a pig in a poke.

  _/_
 / v \ Scott Alfter (remove the obvious to send mail)
(IIGS( https://alfter.us/           Top-posting!
 \_^_/                              >What's the most annoying thing on Usenet?

[toc] | [prev] | [next] | [standalone]

#21175

In message <sdpqco$1erg$1@gioia.aioe.org> Your Name <YourName@YourISP.com> wrote:
> On 2021-07-27 11:27:00 +0000, Unbreakable Disease said:
>> On 22.07.2021 13:52, Alan Browne wrote:
>>> On 2021-07-22 04:52, Unbreakable Disease wrote:
>>>> On 19.07.2021 14:40, Alan Browne wrote:
>>>>> 
>>>>> You can keep the encrypted master file on iCloud or Dropbox so it's 
>>>>> available to all of your devices.  Avoid the 'rent' model if possible.
>>>> 
>>>> You can use any FOSS password manager. For me, anything that is not 
>>>> FOSS is automatically suspicious (including 1Password). I don't trust 
>>>> proprietary software and try to reduce its usage to minimum.
>>> 
>>> 1Password has proven itself over time.  I like companies that pay 
>>> employees to do things right when it's a critical component.
>>> 
>>> Free?  "You get what you pay for."  So unless it's a wildly widespread 
>>> and popular package with many people maintaining it, it tends to crud.
>>> 
>>> The Gimp refers.
>> 
>> Well, I like free software. It's not always of the same quality as 
>> commercial software, but at least its security can be tested by many 
>> experts in the industry easily as anyone has access to the source code. 
>> Anyone can read and edit it... understanding and making it work not so 
>> much.

> With the source code available for free, it also means the hackers can 
> more easily work out how to steal your information. Using open source 
> or hacked pirated versions for anything even remotely to do with 
> security is simply incredibly silly.

Once again you demonstrate a complete lack of knowledge on a topic. The
VAST majority of encryption is done with open source tools, you nimrod.
Not on;y that, but when companies try to write their own (like Telegram)
it turns out they write shitty software with massive security holes.

Please stop trying to weigh in on things you know absolutely nothing
about, it's embarrassing.

-- 
"Are you pondering what I'm pondering?"
"Sure, Brain, but how are we going to find chaps our size?"

[toc] | [prev] | [next] | [standalone]

#21176

In article <slrnsg3mjk.2fg5.g.kreme@m1mini.local>, Lewis
<g.kreme@kreme.dont-email.me> wrote:

> In message <sdpqco$1erg$1@gioia.aioe.org> Your Name <YourName@YourISP.com>
> wrote:
> > With the source code available for free, it also means the hackers can 
> > more easily work out how to steal your information. Using open source 
> > or hacked pirated versions for anything even remotely to do with 
> > security is simply incredibly silly.
> 
> Once again you demonstrate a complete lack of knowledge on a topic. The
> VAST majority of encryption is done with open source tools, you nimrod.
> Not on;y that, but when companies try to write their own (like Telegram)
> it turns out they write shitty software with massive security holes.
> 
> Please stop trying to weigh in on things you know absolutely nothing
> about, it's embarrassing.

that would mean an end to his posts...

[toc] | [prev] | [next] | [standalone]

#21177

In message <280720211856021661%nospam@nospam.invalid> nospam <nospam@nospam.invalid> wrote:
> In article <slrnsg3mjk.2fg5.g.kreme@m1mini.local>, Lewis
> <g.kreme@kreme.dont-email.me> wrote:

>> In message <sdpqco$1erg$1@gioia.aioe.org> Your Name <YourName@YourISP.com>
>> wrote:
>> > With the source code available for free, it also means the hackers can 
>> > more easily work out how to steal your information. Using open source 
>> > or hacked pirated versions for anything even remotely to do with 
>> > security is simply incredibly silly.
>> 
>> Once again you demonstrate a complete lack of knowledge on a topic. The
>> VAST majority of encryption is done with open source tools, you nimrod.
>> Not on;y that, but when companies try to write their own (like Telegram)
>> it turns out they write shitty software with massive security holes.
>> 
>> Please stop trying to weigh in on things you know absolutely nothing
>> about, it's embarrassing.

> that would mean an end to his posts...

<fingers crossed>

-- 
'The trouble with my friend here is that he doesn't know the
	difference between a postulate and a metaphor of human existence.
	Or a hole in the ground.' --Pyramids

[toc] | [prev] | [next] | [standalone]

#21115

On Mon, 12 Jul 2021 09:53:00 +0000, Unbreakable Disease
<unbreakable@secmail.pro> wrote:

>My 50-year old brain isn't capable of memorizing that many passwords 
>anymore, so I use KeePassXC. I keep basically everything here including 
>my financial passwords and credit card data, with the exception of 
>passwords that I would have to remember anyway (full-disk encryption, 
>login, primary e-mail passwords, etc.)
>
>Overall, it's much easier to remember and much harder to forget 10 
>complicated passwords that you use everyday than 100+ simple passwords 
>you use every month or even less.
>
>I can't speak about Windows version of KeePass, because with the 
>exception of playing games not available on Macintosh, I haven't used 
>one since Windows 95 days.

For what it's worth, I like LastPass. I'm not crazy about the fact
that I can't use it on multiple devices without having to pay for it,
but I can't begrudge the software developers over there the right to
earn a living.

The best strengths in current password technology are in passphrases:

https://useapassphrase.com

There's some great stats in there, such as the amount of time it takes
to crack common spatial word passwords such as "qwerty" or "aaaaaa"...
10 milliseconds.

Or how long it takes to crack a password that's a date like
"03261981"... 2.213 seconds.

However, if you use a sequence of four randomly chosen words like
"mergers decade labeled manager", it'll take 6 million centuries to
crack.

So.

I've converted all my passwords to sequences of four to six words; and
I have an email account at a provider that I've never used to send
email to anyone, or to use as the id for any website. There, I have a
draft of an email saved that holds the information.

I now only need to remember one password, and I can get to everything.
As for the remote chance that the email provider will cease to exist,
I made backup accounts with other major providers, because paranoia.

I don't use email apps to access my password storage account; and I
use Tor to get to it for the sake of anonymity. I'd be fairly
impressed if someone got through that level of security, and it's
probably overkill, but why take the risk?

While I'm at it... does everyone know about 

https://haveibeenpwned.com

You can put your email address in there, and see if it's been involved
in any large-scale thefts. It's got records going back years, and I
was fairly shocked to see that my wife's account had been hacked years
ago.

-- 
Cheers,
Dreamer
AA 2306

"The fact that a believer is happier than a skeptic is no 
more to the point than the fact that a drunken man is 
happier than a sober one. The happiness of credulity is a 
cheap and dangerous quality of happiness, and by no means 
a necessity of life."

George Bernard Shaw
Androcles and the Lion 

[toc] | [prev] | [next] | [standalone]

#21116

Dreamer In Colore <dreamerincolore@hotmail.com> writes:
> On Mon, 12 Jul 2021 09:53:00 +0000, Unbreakable Disease
> <unbreakable@secmail.pro> wrote:
>>My 50-year old brain isn't capable of memorizing that many passwords 
>>anymore, so I use KeePassXC. I keep basically everything here including 
>>my financial passwords and credit card data, with the exception of 
>>passwords that I would have to remember anyway (full-disk encryption, 
>>login, primary e-mail passwords, etc.)
>>
>>Overall, it's much easier to remember and much harder to forget 10 
>>complicated passwords that you use everyday than 100+ simple passwords 
>>you use every month or even less.
>>
>>I can't speak about Windows version of KeePass, because with the 
>>exception of playing games not available on Macintosh, I haven't used 
>>one since Windows 95 days.
>
> For what it's worth, I like LastPass. I'm not crazy about the fact
> that I can't use it on multiple devices without having to pay for it,
> but I can't begrudge the software developers over there the right to
> earn a living.
>
> The best strengths in current password technology are in passphrases:
>
> https://useapassphrase.com
>
> There's some great stats in there, such as the amount of time it takes
> to crack common spatial word passwords such as "qwerty" or "aaaaaa"...
> 10 milliseconds.
>
> Or how long it takes to crack a password that's a date like
> "03261981"... 2.213 seconds.
>
> However, if you use a sequence of four randomly chosen words like
> "mergers decade labeled manager", it'll take 6 million centuries to
> crack.
>
> So.
>
> I've converted all my passwords to sequences of four to six words; and
> I have an email account at a provider that I've never used to send
> email to anyone, or to use as the id for any website. There, I have a
> draft of an email saved that holds the information.
>
> I now only need to remember one password, and I can get to everything.
> As for the remote chance that the email provider will cease to exist,
> I made backup accounts with other major providers, because paranoia.
>
> I don't use email apps to access my password storage account; and I
> use Tor to get to it for the sake of anonymity. I'd be fairly
> impressed if someone got through that level of security, and it's
> probably overkill, but why take the risk?
>
> While I'm at it... does everyone know about 
>
> https://haveibeenpwned.com
>
> You can put your email address in there, and see if it's been involved
> in any large-scale thefts. It's got records going back years, and I
> was fairly shocked to see that my wife's account had been hacked years
> ago.

I use a couple of programs I wrote to generate random passwords and
passphrases:

    https://github.com/Keith-S-Thompson/random-passwords

It's two Perl scripts.  gen-password generates random passwords with
specified criteria, and gen-passphrase generates xkcd-style random word
sequences using the system dictionary or a specified one.

-- 
Keith Thompson (The_Other_Keith) Keith.S.Thompson+u@gmail.com
Working, but not speaking, for Philips
void Void(void) { Void(); } /* The recursive call of the void */

[toc] | [prev] | [next] | [standalone]

#21117

On Wed, 21 Jul 2021 12:31:11 -0700, Keith Thompson wrote:

> I use a couple of programs I wrote to generate random passwords and
> passphrases:
> 
>     https://github.com/Keith-S-Thompson/random-passwords
> 
> It's two Perl scripts.  gen-password generates random passwords with
> specified criteria, and gen-passphrase generates xkcd-style random word
> sequences using the system dictionary or a specified one.

I use dicewords and a set of casino dice.

-- 
Using UNIX since v6 (1975)...

Use the BIG mirror service in the UK:
 http://www.mirrorservice.org

[toc] | [prev] | [next] | [standalone]

#21118

Bob Eager <news0009@eager.cx> writes:

> On Wed, 21 Jul 2021 12:31:11 -0700, Keith Thompson wrote:
>
>> I use a couple of programs I wrote to generate random passwords and
>> passphrases:
>> 
>>     https://github.com/Keith-S-Thompson/random-passwords
>> 
>> It's two Perl scripts.  gen-password generates random passwords with
>> specified criteria, and gen-passphrase generates xkcd-style random word
>> sequences using the system dictionary or a specified one.
>
> I use dicewords and a set of casino dice.

What do you do when the password is restricted as is so often the case?

-- 
Ben.

[toc] | [prev] | [next] | [standalone]

#21119

On Thu, 22 Jul 2021 01:23:46 +0100, Ben Bacarisse wrote:

> Bob Eager <news0009@eager.cx> writes:
> 
>> On Wed, 21 Jul 2021 12:31:11 -0700, Keith Thompson wrote:
>>
>>> I use a couple of programs I wrote to generate random passwords and
>>> passphrases:
>>> 
>>>     https://github.com/Keith-S-Thompson/random-passwords
>>> 
>>> It's two Perl scripts.  gen-password generates random passwords with
>>> specified criteria, and gen-passphrase generates xkcd-style random
>>> word sequences using the system dictionary or a specified one.
>>
>> I use dicewords and a set of casino dice.
> 
> What do you do when the password is restricted as is so often the case?

It provides a basis to which I add stuff.

Jitsi does similar when choosing a random 'room' name, although I haven't 
looked at the code.



-- 
Using UNIX since v6 (1975)...

Use the BIG mirror service in the UK:
 http://www.mirrorservice.org

[toc] | [prev] | [next] | [standalone]

#21624

On Mon, 12 Jul 2021 09:53:00 +0000
Unbreakable Disease <unbreakable@secmail.pro> wrote:

> My 50-year old brain isn't capable of memorizing that many passwords 
> anymore, so I use KeePassXC. I keep basically everything here
> including my financial passwords and credit card data, with the
> exception of passwords that I would have to remember anyway
> (full-disk encryption, login, primary e-mail passwords, etc.)
> 
> Overall, it's much easier to remember and much harder to forget 10 
> complicated passwords that you use everyday than 100+ simple
> passwords you use every month or even less.
> 
> I can't speak about Windows version of KeePass, because with the 
> exception of playing games not available on Macintosh, I haven't used 
> one since Windows 95 days.

I use Pass, which is a command-line only password manager using git and
gpg. It's good and lightweight.

[toc] | [prev] | [next] | [standalone]

#21625

On Sun, 28 Nov 2021 06:51:45 +0800, rtr wrote:

> On Mon, 12 Jul 2021 09:53:00 +0000 Unbreakable Disease
> <unbreakable@secmail.pro> wrote:
> 
>> My 50-year old brain isn't capable of memorizing that many passwords
>> anymore, so I use KeePassXC. I keep basically everything here including
>> my financial passwords and credit card data, with the exception of
>> passwords that I would have to remember anyway (full-disk encryption,
>> login, primary e-mail passwords, etc.)
>> 
>> Overall, it's much easier to remember and much harder to forget 10
>> complicated passwords that you use everyday than 100+ simple passwords
>> you use every month or even less.
>> 
>> I can't speak about Windows version of KeePass, because with the
>> exception of playing games not available on Macintosh, I haven't used
>> one since Windows 95 days.
> 
> I use Pass, which is a command-line only password manager using git and
> gpg. It's good and lightweight.

Yes, me too. It works well.



-- 
Using UNIX since v6 (1975)...

Use the BIG mirror service in the UK:
 http://www.mirrorservice.org

[toc] | [prev] | [next] | [standalone]

#21626

rtr <rtr@nospam.invalid> wrote:

> I use Pass, which is a command-line only password manager using git
> and gpg. It's good and lightweight.

I also use it, though gpg is a bit clunky it helps me trust the cryptosystem.
-- 
   /* * * Otto J. Makela <om@iki.fi> * * * * * * * * * */
  /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */
 /* Mail: Mechelininkatu 26 B 27,  FI-00100 Helsinki */
/* * * Computers Rule 01001111 01001011 * * * * * * */

[toc] | [prev] | [next] | [standalone]

#21627

On Sun, 28 Nov 2021 14:16:49 +0200
om@iki.fi (Otto J. Makela) wrote:

> rtr <rtr@nospam.invalid> wrote:
> 
> > I use Pass, which is a command-line only password manager using git
> > and gpg. It's good and lightweight.  
> 
> I also use it, though gpg is a bit clunky it helps me trust the
> cryptosystem.

GPG is indeed a bit clunky and non-user friendly. It's really secure
but the complexity required to set it up makes it unapproachable.

It's only recently that I've gotten around maintaining a proper gpg key
setup when I was sorting out my password situation and looking at what
you can do with it it's certainly a waste that not all people are aware
or can even use this with ease.

-- 
Give them an inch and they will take a mile.

[toc] | [prev] | [next] | [standalone]

#21634

On 11/28/2021 04:16 AM, Otto J. Makela wrote:
> rtr <rtr@nospam.invalid> wrote:
>
>> I use Pass, which is a command-line only password manager using git
>> and gpg. It's good and lightweight.
>
> I also use it, though gpg is a bit clunky it helps me trust the cryptosystem.

No.  I have a text file for when browsers and email forget.

I'm increasingly annoyed by the 'security' features required by various 
financial businesses.  I don't want texts sent to my phone EVER -- email 
is just fine.  I don't want to have to respond to a text message on my 
phone BEFORE I can accomplish a transaction on my computer.  This shit 
takes time.  MY time.

-- 
Cheers, Bev
    Warning -- Driver carries less than $20 worth of ammunition

[toc] | [prev] | [next] | [standalone]

#21631

rtr <rtr@nospam.invalid> writes:

> I use Pass, which is a command-line only password manager using git and
> gpg. It's good and lightweight.

I haven't used pass but now that I looked into it, it seems it could
work for me too. I currently used Keepass with sftp access to the
password database and it works, for my current platforms which are
Linux, Android and Windows. Looks like pass could also work for my use
case.

[toc] | [prev] | [next] | [standalone]

Page 4 of 6 — ← Prev page 1 2 3 [4] 5 6  Next page →

Back to top | Article view | comp.misc

csiph-web