User Controls

Password managers

  1. #1
    AngryOnion Big Wig [the nightly self-effacing broadsheet]
    Who uses them and why?
    I believe I need one at this point- this shit is just out of FUCKING control.
    16 digit bullshit and special upper and lower case letters and numbers fuck this shit I'm out.
    Next thing you know they will want a personal NFT or some shit.
  2. #2
    Sophie Pedophile Tech Support
    16 digit upper/lower case plus special character, preferably scrambled as in randomized is pretty good password policy. If i ran systems in an enterprise setting i would force workstation level users to use a similar policy just to get permission jailed user session going. Gotta log into anything else? 2 factor auth with a time based/HMAC one time key, every time.

    An inescapable problem with saving passwords even in encrypted form is that when your master password gets popped you're basically fucked.

    Password managers automate password generation, and will remember the passwords for you and even store them securely. But you'll probably have a master password you ought to make hard to crack and that one you need to store in your brain.
    The following users say it would be alright if the author of this post didn't die in a fire!
  3. #3
    AngryOnion Big Wig [the nightly self-effacing broadsheet]
    Ya I know tonight I had to come up with three passwords for one company log in bullshit.
    One for punching in one for training and one for workday bullshit.
    This shit is just not manageable.
    And this was just for a new part time job WTF?
    I also have to keep track of my other jobs login bullshit to.
  4. #4
    Kafka victim of incest
    I keep mine in a little lamb notebook and pick things from random books I read a decade ago or quirky things my hs teachers used to say.
  5. #5
    Sophie Pedophile Tech Support
    Originally posted by AngryOnion Ya I know tonight I had to come up with three passwords for one company log in bullshit.
    One for punching in one for training and one for workday bullshit.
    This shit is just not manageable.
    And this was just for a new part time job WTF?
    I also have to keep track of my other jobs login bullshit to.

    As a compromise you could get an app, a text editor that can encrypt the textfiles you write with it. Then just keep a set of text files like: CompanyA pass1 pass2 pass3 and a separate one for CompanyB etc. This way all your passwords are neatly organized, and decently safe -if the text editor employs the crypto API properly-.
  6. #6
    aldra JIDF Controlled Opposition
    I don't really like them but in practical terms there's really no reason not to use one.

    For personal use I don't like the idea of having to rely on a device, but given how many secure passwords you have to remember (especially if you work in IT or run services) it becomes necessary to store them somehow.

    As a sysadmin it beats having retards write them down and stick them to the monitor or some shit... in theory... but they often just end up writing the password manager's key down and stocking it to their monitor
  7. #7
    Sophie Pedophile Tech Support
    Originally posted by Kafka I keep mine

    As a rule you don't want to share how you do passwords. All the information about how you structure passwords can be used to configure something called a mutator. A mutator will take a long list of words and change each word according to a set of rules/patterns i give it. The more i know about your passwords the better the rules will be; increasing my chances of cracking your password.
    The following users say it would be alright if the author of this post didn't die in a fire!
  8. #8
    aldra JIDF Controlled Opposition
    Originally posted by Sophie As a compromise you could get an app, a text editor that can encrypt the textfiles you write with it. Then just keep a set of text files like: CompanyA pass1 pass2 pass3 and a separate one for CompanyB etc. This way all your passwords are neatly organized, and decently safe -if the text editor employs the crypto API properly-.

    I used to split the passphrase for keepass into 2 segments and hide it in an ebook
  9. #9
    Sophie Pedophile Tech Support
    Originally posted by aldra I used to split the passphrase for keepass into 2 segments and hide it in an ebook

    Security through obscurity is not really best practice.
  10. #10
    Sophie Pedophile Tech Support
    You need to have it hashed and salted at the very least.
  11. #11
    aldra JIDF Controlled Opposition
    yeah, but when you're using keys to protect keys one of them will eventually have to be stored plain and I couldn't memorize a 32 char mix of upper, lower, symbols and numbers.

    I guess I could've stored it on a usb stick or something but didn't want to risk losing it
  12. #12
    The best way is don't log in at all. Click "Reset My Password" instead, you receive a temp password. Then you log in with the temp password. Then the next time you come, click the "Reset My Password" button again. Repeat as required. You never have to remember your password.
  13. #13
    Kafka victim of incest
    It’s actually the simpler passwords I forget, I’d make more of an effort to remember the long ones.
  14. #14
    Sophie Pedophile Tech Support
    Originally posted by aldra yeah, but when you're using keys to protect keys one of them will eventually have to be stored plain and I couldn't memorize a 32 char mix of upper, lower, symbols and numbers.

    I guess I could've stored it on a usb stick or something but didn't want to risk losing it

    Passphrase as compromise, you can very easily remember a sentence that has more than 32chars, also, use special chars and upper/lower case according to a little scheme. For instance first letter is always capitalized, skip changing the next three then capitalize or if it's an A change it to an @.

    Obviously more vulnerable to mutations than totally random but you can remember it. Which is infinitely better than storing it as plaintext.
  15. #15
    Sophie Pedophile Tech Support
    Originally posted by Kafka It’s actually the simpler passwords I forget, I’d make more of an effort to remember the long ones.

    Passphrases to the rescue.
  16. #16
    I remember those Totse threads where someone would make a thread with the title POST YOUR PASSWORD AND IT WILL DISAPPEAR, then people would post their password to try it and get their account pinched. Pretty funny that people are that stupid.
Jump to Top