You are not logged in.
I Just use a long password similar to all the others but a little bit different for each service i use
Offline
My head...I use some sort of bio algorithm to form my passwords.
Offline
keepassx
Offline
I have one long complicated password, which I know by heart and it's not written down anywhere. There is a part in the middle of this password that I modify depending on what service do I log into and with what username. That makes each service's password a little different.
Offline
I have one long complicated password, which I know by heart and it's not written down anywhere. There is a part in the middle of this password that I modify depending on what service do I log into and with what username. That makes each service's password a little different.
... And the difference represents low entropy
Edit: You might have a strong password on the order of 200 (impressive) bits, but if the raw password is compromised, your derivative password might be less than 30 bits (pathetic)
Edit; Oh, I use pass.
Last edited by ewaller (2020-01-29 04:11:41)
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
no-cheating wrote:I have one long complicated password, which I know by heart and it's not written down anywhere. There is a part in the middle of this password that I modify depending on what service do I log into and with what username. That makes each service's password a little different.
... And the difference represents low entropy
Edit: You might have a strong password on the order of 200 (impressive) bits, but if the raw password is compromised, your derivative password might be less than 30 bits (pathetic)
Edit; Oh, I use pass.
200 bits should take a long time to crack and if there all in you head you'd need a good psychic to get it out
However, I never thought about the low entropy part...
Pass might be a better idea..
Offline
The point is that the password does not need to be cracked.
Crappy-Service.com just needs to store the users' passwords in plain text and get their database leaked that the accountant's brother-in-law hosts on his Windows XP home server.
Then @ewaller's critique applies. Just the varying part needs to be guessed.
I use three passwords:
* One master password for keepassx2 where all my online accounts are stored with max-length cryptic passwords
* One password for my linux user account.
* One password for my LUKS partitions.
I only need to remember those three and they are also cryptic and not written down or stored anywhere in plain text.
PS: I store my SSH keys' passwords in addition to keepassx2 in my gnome-keyring, so that I have them ready to go after login.
Last edited by schard (2020-01-29 16:25:30)
Inofficial first vice preseident of the Rust Evangelism Strike Force
Offline
The point is that the password does not need to be cracked.
Crappy-Service.com just needs to store the users' passwords in plain text and get their database leaked that the accountant's brother-in-law hosts on his Windows XP home server.
Then @ewaller's critique applies. Just the varying part needs to be guessed.
Fair point.
I use three passwords:
* One master password for keepassx2 where all my online accounts are stored with max-length cryptic passwords
* One password for my linux user account.
* One password for my LUKS partitions.
I only need to remember those three and they are also cryptic and not written down or stored anywhere in plain text.
PS: I store my SSH keys' passwords in addition to keepassx2 in my gnome-keyring, so that I have them ready to go after login.
I have my passwords in an encrypted container.
SSH and user account I do the same.
Passwords with low entropy are all OTP based.
Shops etc. all have their own PW stored in the encrypted container.
So, I should be safe, though, I should have a look at a PW keeper;)
Offline
* One master password for keepassx2 where all my online accounts are stored with max-length cryptic passwords
I do the same but with LastPass instead of keepass. The only things I do not store in LastPass are my personal banking passwords. I can't get myself to type that into a stored system for whatever archaic reasons.
Offline
There is Biwarden as an encrypted, online and open-source solution.
Offline
no-cheating wrote:I have one long complicated password, which I know by heart and it's not written down anywhere. There is a part in the middle of this password that I modify depending on what service do I log into and with what username. That makes each service's password a little different.
... And the difference represents low entropy
Edit: You might have a strong password on the order of 200 (impressive) bits, but if the raw password is compromised, your derivative password might be less than 30 bits (pathetic)
Edit; Oh, I use pass.
I'm with ewaller I use pass. I don't trust my memory that well
Offline
I used to use supergenpass, now I use lesspass, which is basically the same, but better imho, because it also includes special characters. I generates passwords based on a master password, which is strong of course. To make it more convenient I use a dmenu-script for it. I use such passwords for every website and always as strong as possible.
So I know my master password, my luks password, user and root login password, my password for the university (generated by supergenpass, but I had to type it often, so eventually I remembered). That's it.
I just like the fact that I don't know any of my online passwords and they aren't written down anywhere. Gives me a strange kind of satisfaction :-) And when I talk to people about this (yes, happens sometimes), I always have a good riddle at hand.
Last edited by sekret (2020-02-09 10:17:55)
Offline
I store them in my empty head.
Offline
Pen and paper.
godisnowhere
Offline
What do you think about storing passwords in kwallet, gnome-keyring or gnome-passwordsafe? Is it secure?
Offline
As always, it depends. I use gnome-keyring to store certain passwords.
I also use the password storages of firefox and chromium for storing passwords for certain websites.
Since I do not use that sync BS, all of these passwords are just sored on my local machines i.e. on a LUKS encryped partition, the password to which exist nowhere except in my head.
Inofficial first vice preseident of the Rust Evangelism Strike Force
Offline
pass. Because it is just too simple and elegant to not use.
Arch Linux + sway
Debian Testing + GNOME/sway
NetBSD 64-bit + Xfce
Offline
I write my passwords down on a stapled stack of square papers.
I use too many systems to keep a synchronized password manager going.
Offline
I keep everything in KeePassXC. I sync the password database through devices with SyncThing. On accounts I may have to access outside my computer or smartphone, or my own computer and smartphone password, I choose a long combination of random, rare words, which is quick to type and I suppose a bit secure entropy-wise, considering special characters from my native language. Dunno about dictionary attacks. I want to get the habit of periodically changing passwords, but I'm too lazy for that to bother.
Behemoth, wake up!
Offline
Check out BitWarden it is free and open-source software, I got rid of Dashlane to use it.
Offline
An other happy user of pass here. Oh, and I stopped trying to memorize passwords a long time ago.
I only use pass *phrases*. Something like "Catch me if you can!", but harder to guess.
I have one passphrase for the gpg key, another for my Linux session and that's pretty much it.
They look very impressive when I type them but since it's mostly text it' s quite easy to time them without mistakes.
Responsible Coder, Python Fan, Rust enthusiast
Offline
For a long time I was using KeePassX2, but lately I have switched to KeePassXC due to X2 appearing dead. Except for having to switch from Ctrl+U/Ctrl+V to Ctrl+Shift+U/Ctrl+Shift+V for URL opening and autotype, and some minor gripes with how UI works, the switch was painless.
At the same time I’ve also switched to a single Diceware-generated passphrase for all things that I use without a password manager and I use locally only. If an attacker gains access to my account, the difference between having a single secret and many of them is negligible: within at most a few days I will type them all and they will be compromised. “Switched” is, perhaps, not the best word, because I am still in the process of changing that. One word at the time, giving myself around 4 weeks to learn the new version.
I also have two other secrets I must remember. The debit card and the SIM card PINs.
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
I use KeepassXC on my desktop and notebook systems. Until recently, I used Keepass Mini on my mobile devices, but it is no longer supported. So, I have switched them to Strongbox, which is also compatible with my Keepass database.
Offline
I keep everything in KeePassXC. I sync the password database through devices with SyncThing. On accounts I may have to access outside my computer or smartphone, or my own computer and smartphone password, I choose a long combination of random, rare words, which is quick to type and I suppose a bit secure entropy-wise, considering special characters from my native language. Dunno about dictionary attacks. I want to get the habit of periodically changing passwords, but I'm too lazy for that to bother.
Funny, my approach is exactly the same. In every way, KeepassXC, Syncthing, password formats and lazyness
zʇıɹɟʇıɹʞsuɐs AUR || Cycling in Budapest with a helmet camera || Revised log levels proposal: "FYI" "WTF" and "OMG" (John Barnette)
Offline
Mainly with Pass due to it's integration with dmenu/rofi and on browsers.
Generic response; Operation Stated: Invalid.
Offline