Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Should You Use Password Managers?

Posted by BeauHD on from the actions-have-consequences dept.

New submitter informaticsDude writes: What do Slashdot users recommend regarding the use of password managers? The recent election underscored the hackability of many personal accounts. One solution is to use different passwords for every digital experience. But, of course, humans are lousy at remembering large numbers of large random strings. Another solution is to use a password manager. However, password managers have been hacked in the past, in which case you lose everything. How do Slashdot users balance the competing risks? What is a person to do?

9 of 415 comments (clear)

  1. Pick a patrern for your passwords by future+assassin · · Score: 1, Interesting

    say like the sites name and select the letters and add in numbers. I use a couple different patterns depending on the type of site. That way I can remember 10's of passwords. 99% of the time it ends up no where near a dictionary word and they are all 8+ characters long.

    --
    by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
    1. Re:Pick a patrern for your passwords by twitnutttt · · Score: 1, Interesting

      99% of the time it ends up no where near a dictionary word and they are all 8+ characters long.

      And they're all a fucking joke to crack in 3 seconds!
      Seriously, the comments of people here who have these complex schemes but don't understand their "genius" password is going to be cracked by a rainbow table, not brute force.
      You need to just use a combination of diceware passphrases (truly long enough to avoid guessing, we're talking 30+ characters here) to unlock a trusted, non-service-based password manager app that generates unique and ridiculously long and impossible to even want to try to remember passwords.
      So much simpler than your mental gymnastics and ACTUALLY SECURE.

  2. Re:Dont use lastpass by Anonymous Coward · · Score: 3, Interesting

    Why is lastpass a piece of crap, exactly?

  3. Use firefox master password with mozilla sync by Vairon · · Score: 3, Interesting

    Yes. I recommend Firefox's password manager which can encrypt passwords stored in your browser with a master password. Then add to that Mozilla's sync feature to store an encrypted copy of your passwords on Mozilla's server. They are stored encrypted and cannot be recovered without the sync password and e-mail access. If you don't trust Mozilla's server, despite the passwords being encrypted, they provide the open source software so you can run your own server to sync your encrypted passwords to.

    If someone (you or hacker) does not know the sync password and resets the password with access to your e-mail account, it will not give them access to the passwords that were sync'd previously. This is good because it keeps a hacker from being able to just hack your e-mail account then use that to get access to all your passwords.

  4. Re: Encrypted File, Encrypted USB by Anonymous Coward · · Score: 2, Interesting

    You had better use something in addition to that USB drive. One good static discharge and you're toast.

    Use cloud storage like Google Drive or Dropbox and Keepass. It's encrypted, located locally and backed up to the cloud. Been working that way for years without any problems.

  5. Save hints by Lije+Baley · · Score: 2, Interesting

    For any normal person (not rich, famous, or powerful), just storing hints in a document is good enough. Something like:
    EBay kxxxxbxxxx3xxx
    Where the mask character x is not precisely replacing characters.
    It's enough to remind me, but not enough to aid a casual attacker.

    --
    Strange things are afoot at the Circle-K.
  6. I do not.. come up with a good story scheme... by gosand · · Score: 3, Interesting

    it's what I've used for years. I have a not so memorable story, take an event from that, and turn it into your password scheme.

    [completely fabricated example]
    In 7th grade a girl I liked (Sarah) gave a presentation on Abraham Lincoln. She was wearing a blue dress.
    Four score and blue dress. FoScBlDr (8 characters, safe)
    Add in a number and a symbol, because some sites require it. FoScBlDr81? [I think it was in 1981]

    So, there is my starting password. Password hint = Sarah Lincoln 81, maybe SL81 for short.
    6 months later, you have to change your password. Hint becomes SL82 (FoScBlDr82?)
    You could cycle through to 89, then back to 81. Over time, you can morph it in other ways. Maybe put a $ in there instead of a ? for financial sites, or come up with a separate story for those.

    The thing is, YOU make up the story and the cycling rules.
    You can even write down your password hints, nobody would ever think "Crush 88" was actually "FoScBlDr88?"

    I have used one scheme/password since 1999, and it has morphed so much even if I told someone my original password, they couldn't guess what it is now... it's just jibberish.

    --

    My beliefs do not require that you agree with them.

  7. Re:keepass by PopeRatzo · · Score: 1, Interesting

    Have they finally made Keypass databases portable from Windows to macOS? Last time I tried, I couldn't import to macOS.

    --
    You are welcome on my lawn.
  8. Re:keepass by PopeRatzo · · Score: 1, Interesting

    I know the program can be used on macOS, but can a password database created on a Windows PC be used on macOS?

    --
    You are welcome on my lawn.