Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
What are your thoughts on password managers?
#1
Password managers are programs which store randomly generated, powerful passwords for different sites you use on your computer. The database in which these passwords exist is encrypted by a single "master password" - like a key to a safe with all of your passwords in it.

They're good in a way because they can let you use unique, practically uncrackable passwords for each account you make on the internet. You only have to memorize one strong password and you're pretty much done. Also, it makes coming up with new passwords or even changing your current passwords set to a whole new one much less of a hassle.

On the other hand, I've always considered storing passwords on a day to day computer, in any form, to be a bad idea. It means one will always have to carry his password database everywhere if he wants to login, say to LFE, on another computer, and that can be inconvenient. This master password plus the database file can become a free pass to all of your passwords. While it's difficult to acquire the pair, it's still possible to obtain both with a malware which logs keys and sends files (I think it would've been smart for password managers to let databases be at least >= 1 GB in size. One would easily notice a long transfer going on with some program like networx and maybe manage to stop it). Had you kept your passwords stored in your head, the said malware would have at least only got access to passwords you typed while it lurked.

The main problem with not relying on password managers, depending on how many sites you login to, is that some of your passwords will probably be reused (or you'll be having a lot of fun with the "I forgot my password" button), and that's a bad idea since someone who's found out about some of your passwords will probably try it on a couple of other websites you use. Trying to use different passwords for different sites will affect how strong each of these individual passwords are (you can memorize so many easy passwords, but only a few difficult, more secure ones).

I'm still not using a password manager, but I've been seriously considering using one. Do you guys use password managers, and what do you think about them?
[Image: signature.png]
A-Engine: A new beat em up game engine inspired by LF2. Coming soon

A-Engine Dev Blog - Update #8: Timeout

Reply
Thanks given by:
#2
Let my browser remember all my passwords. If I forget them, I use right click, inspect and change password type to text, who needs a password manager.

Every account is connected to my e-mail. My e-mail is connected to my phone number, so as long as you don't steal my phone, stealing any of my passwords wont help you. Even if you steal all numbers of my debit card, it won't let you do any transactions without phone confirmation thing.

So what now? Why do you still need secure passwords and their manager?
[Image: llqsMqz.jpg][Image: llqsMqz.jpg][Image: llqsMqz.jpg][Image: llqsMqz.jpg]
Reply
Thanks given by:
#3
There's sabotage which you can only prevent with paying a ransom, for example. Your google drive, emails ..etc are all in danger. What will you do?

Nothing?

I can screw you up and your phone if you're logged in to your google account:
https://support.google.com/accounts/answ...0500?hl=en
[Image: signature.png]
A-Engine: A new beat em up game engine inspired by LF2. Coming soon

A-Engine Dev Blog - Update #8: Timeout

Reply
Thanks given by:
#4
a friend of mine started using password phrases instead of regular passwords, like full sentences with proper grammar and stuff.
they are easier to remember and still hard to crack for most malware.

i myself used only three different passwords for all my online stuff, mostly because all financial actions still required my bank tan or my phone.
quite some time ago though i got my mail account (i think it was gmail) hacked and had to unbook some payments. nothing lethal, just some clash of clans money.
i then redid ALL my passwords, starting with the most vital ones like email (since most password changes would still be worth nothing if the hacker can simply log into your email account and request a password reset).
im still using pretty unsecure passwords for nonvital accounts like LFE (no financial benefit from hacking it whatsoever).
i also created a junkmail account for not so secure looking sites (hello pron).
i want to start using a manager some time, right now i simply have an encrypted archive on my devices. its a bit of a hassle to read out my passwords, but i kinda got used to it and usually i dont need them that often.
Reply
Thanks given by:
#5
(07-26-2016, 08:20 PM)A-Man Wrote:  There's sabotage which you can only prevent with paying a ransom, for example. Your google drive, emails ..etc are all in danger. What will you do?

Nothing?

I can screw you up and your phone if you're logged in to your google account:
https://support.google.com/accounts/answ...0500?hl=en

maybe it is because i am a simple innocent person but if hacker actually asked me nicely i would probably share more info than he could ever find in my mailbox. There is nothing ransom worthy I have on internet. i dont send my nudes to people lol.

by phone i meant phone number. not an android device. both google and Microsoft have strong policies against suspicious logins to e mails and even more stronger preventions against password changes If you protect it with phone number.

all internet services and cloud are basically "saving things on someone else's computer" and this is why you shouldn't put anything embarrassing there.
[Image: llqsMqz.jpg][Image: llqsMqz.jpg][Image: llqsMqz.jpg][Image: llqsMqz.jpg]
Reply
Thanks given by:
#6
https://xkcd.com/936/

http://rumkin.com/tools/password/passchk.php
Ultimately, my constant dissatisfaction with the way things are becomes the driving force behind everything I do.
[Image: sigline.png]
LF2 IDE - Advanced visual data changer featuring instant data loader
LF2 Sprite Sheet Generator - Template based sprite sheet generator based on Gad's method
[Image: sigline.png]
There is no perfect language, but C++ is the worst.
Reply
Thanks given by: Bamboori
#7
Bamboori Wrote:i also created a junkmail account for not so secure looking sites (hello pron).
That's a good plan. I have a couple of junk emails too for less important purposes, but I usually have them forward emails they receive to my main one to avoid the hassle of logging in to other emails when needed.

mfc Wrote:There is nothing ransom worthy I have on internet.
You live in the 21st century, and even if you don't have something now, you're bound to use the internet for lots of things soon. The greatest use of cloud storages in my opinion, especially if you've got a fast internet connection, is backups. And losing backups CAN be a very big deal.

As for changing a gmail's password (supposing gmail is what you use), check this out:
https://support.google.com/mail/answer/41078?hl=en

Knowing your phone number can never be more difficult than acquiring your passwords. Your phone number is a public id after all.

NX Wrote:https://xkcd.com/936/

http://rumkin.com/tools/password/passchk.php
I've seen that one before XD. But yes, these are good passwords, I guess. But it's still difficult to memorize and map a bunch correctly to your accounts. And when you choose to change them (which one should do periodically).. well, that's when things start to look like hodgepodge. With a password manager, you'd just have to generate a new one and store it in place of the old one.


Edit: It might sound like I'm overthrowing both memorizing passwords and relying on managers. The thing is that both ways have their advantages and disadvantages, and that is what I'm trying to discuss here to help myself and others better evaluate which would be better to use.
[Image: signature.png]
A-Engine: A new beat em up game engine inspired by LF2. Coming soon

A-Engine Dev Blog - Update #8: Timeout

Reply
Thanks given by:
#8
(07-27-2016, 10:31 AM)A-Man Wrote:  
mfc Wrote:There is nothing ransom worthy I have on internet.
You live in the 21st century, and even if you don't have something now, you're bound to use the internet for lots of things soon. The greatest use of cloud storages in my opinion, especially if you've got a fast internet connection, is backups. And losing backups CAN be a very big deal.

As for changing a gmail's password (supposing gmail is what you use), check this out:
https://support.google.com/mail/answer/41078?hl=en

Knowing your phone number can never be more difficult than acquiring your passwords. Your phone number is a public id after all.

1) Don't store critical stuff on cloud. You have external hard drives for that.
2) No matter what century you are living in, don't leave embarrassing stuff on someone else's pc(cloud, internet)
3) It's not about knowing the phone number. It's about SMS verification. This means you need to physically steal my sim card from me in order to do anything.
4) If you really want to try, I PM'ed you my gmail account name and password. Try logging in, before planing to change the password lol.

Edit: Also not to forget the password change process. It let's you recover the account by typing your previous password.
So, even if you changed the password, I would recover it by typing my password.
And nothing sneaky can be done because I get notifications for suspicious logins and critical stuff
[Image: xGOYyqg.png]
[Image: llqsMqz.jpg][Image: llqsMqz.jpg][Image: llqsMqz.jpg][Image: llqsMqz.jpg]
Reply
Thanks given by:
#9
(07-27-2016, 10:46 AM)mfc Wrote:  1) Don't store critical stuff on cloud. You have external hard drives for that.
A portable harddrive can be lost and bricked. You can lose your bag in which your PC and portable harddrive are stored, and you've lost it all. There are so many other ways this can happen (theft, a fire or even an earthquake). Clouds have your files stored in a safe, easily accessible space, and they perform regular backups in case the unexpected happens.

Quote:2) No matter what century you are living in, don't leave embarrassing stuff on someone else's pc(cloud, internet)
Is "embarrassing stuff" your only idea of what's important? O_o

Quote:3) It's not about knowing the phone number. It's about SMS verification. This means you need to physically steal my sim card from me in order to do anything.
But wouldn't that put you in trouble if you lose your phone or get it stolen instead? What if you miss a time-sensitive payment while a replacement sim card is being issued?

Quote:4) If you really want to try, I PM'ed you my gmail account name and password. Try logging in, before planing to change the password lol.
LOL, I received your pm. But what do I do with it? It feels like you're arguing that passwords needn't ever be secure.. Is that the point you're trying to make?

Edit: Just to make this clear, I didn't login to the gmail account you provided nor changed your password.
[Image: signature.png]
A-Engine: A new beat em up game engine inspired by LF2. Coming soon

A-Engine Dev Blog - Update #8: Timeout

Reply
Thanks given by:
#10
(07-27-2016, 11:04 AM)A-Man Wrote:  
(07-27-2016, 10:46 AM)mfc Wrote:  1) Don't store critical stuff on cloud. You have external hard drives for that.
A portable harddrive can be lost and bricked. You can lose your bag in which your PC and portable harddrive and stored, and you've lost it all. There are so many other ways this can happen (theft, a fire or even an earthquake). Clouds have your files stored in a safe, easily accessible space, and they perform regular backups in case the unexpected happens.

Well, you dont bring your external hdd to everywhere. Cloud is for daily stuff. A copy of all the sensitive files should be on your pc. And time to time backups for external storage. Also if a fire or earthquake happens, I have more important stuff to worry about than my files, lost my house yo.
And same goes for theft.

(07-27-2016, 11:04 AM)A-Man Wrote:  
Quote:2) No matter what century you are living in, don't leave embarrassing stuff on someone else's pc(cloud, internet)
Is "embarrassing stuff" your only idea of what's important? O_o

Yes. What else are they going to threaten me for? I delete all the things from my mails after storing useful info to somewhere else. I leave nothing else than trashy and noncritical stuff there. And interesting that you can trust this whole cloud thing.

(07-27-2016, 11:04 AM)A-Man Wrote:  
Quote:3) It's not about knowing the phone number. It's about SMS verification. This means you need to physically steal my sim card from me in order to do anything.
But wouldn't that put you in trouble if you lose your phone or get it stolen instead? What if you miss a time-sensitive payment while a replacement sim card is being issued?

See, no. If I lose or get stolen my phone or sim card, Google is a big company.
[Image: 5TEumMt.png]
Guys already thought about it, there is always a way unless you take control of my body. Or lock me in your basement while impersonating me.


(07-27-2016, 11:04 AM)A-Man Wrote:  
Quote:4) If you really want to try, I PM'ed you my gmail account name and password. Try logging in, before planing to change the password lol.
LOL, I received your pm. But what do I do with it? It feels like you're arguing that passwords needn't ever be secure.. Is that the point you're trying to make?

Well It's just to demonstrate there is nothing (i care) a hacker can do by knowing my passwords.
Therefore generic passwords are just a general big barrier of security.

If hacker passes it, there is a so much more harder barrier behind it which cannot be passed without killing the actual human behind it. And don't store critical stuff on cloud, only use it as a up-to-date copy of your actual files on your pc.

And backup your pc at home to a external hdd that you don't move around in month to month intervals.
(this is protection for losing your laptop which never happened to me, that is why it has big intervals.)

And this is why you don't need a password manager thing.
[Image: llqsMqz.jpg][Image: llqsMqz.jpg][Image: llqsMqz.jpg][Image: llqsMqz.jpg]
Reply
Thanks given by:




Users browsing this thread: 3 Guest(s)