Hearing so much about people not wanting to keep all their eggs in one basket lately, I’m wondering how these people actually store their eggs. I don’t use a basket, but all of the eggs in my apartment are stored together, and seem pretty safe that way.
I see opposition to password managers based on the idea that they might be hacked as similar to opposition to seat belts because your car might plunge into a lake and the seat belt might jam preventing you from escaping. Yes, by taking the action (using a PM/buckling your seat belt) you are introducing a scenario where you will be worse off (PM stolen and decrypted/car in lake with seat belt jammed), but you are also protecting yourself in other situations (passwords compromised on remote site/normal car accident) that are a lot more likely to actually occur.
I heard someone (can’t remember who, but someone reputable) lately suggest to keep your passwords in your wallet - because you’re good at securing your wallet.
I use a password manager app on my smartphone - I think probably the biggest risk is in choosing which one to trust - you might pick an app written by some Fred in a shed, that just leaks all your private data back to the mothership.
While the password you use to Login to LastPass itself is probably hashed and salted, they can’t possibly hash and salt your passwords to other sites - they have to get the actual password back to you and thus the password is, at best encrypted, not hashed. So a lastpass hack could theoretically expose all your passwords.
I personally prefer a combination of Dropbox and Password safe, which is not as easy to use but relies less on 3rd parties security.
The biggest thing with using any password manager is that the password should be complicated and something you have NEVEREVEREVER used before, and never ever use anyplace but the password manager.
Can anyone recommend a password manager that does not offer a cloud option?
Ideally, I want something I can load on my phone, and sync with my desktop, as well as download to a spreadsheet. That’s it.
I have no plans to keep a cloud version. If I was a hacker going for maximum accounts+passwords, I’d totally be trying to find a way to hack a cloud based version of one of these. My chances of having a cloud account hacked seem much higher than someone breaking into my house and spending time search my hard drive, or even the top of my desk.
Also, how do we know that LastPass’s security policies are “guaranteed to be safer”? I mean, I’m fairly confident that LastPass know what they’re doing, considering the up-front way they dealt with that possible (I stress “possible”) security breach they had a couple of years ago, and I would use their services myself, but there are no guarantees. What’s to say they don’t get bought out by a company less concerned with security?
Having read that article, I’m reasonably convinced that my passwords are secure enough that I wouldn’t benefit significantly from using a password manager. For starters, my actual passwords are longer and less predictable than the examples I used, though they aren’t actually random. (I suppose I could create a truly random “base” password to make them more secure.) More importantly, though, even using a password manager doesn’t make your passwords 100% secure–someone using a password manager for the SDMB would still need to change their password now that the SDMB has been hacked. From what I can tell, the benefits of a manager are twofold: first, they create truly random passwords that are harder to crack (but still not impossible when the site you’re using it on has poor encryption), and second, they allow you to use a different random password on every site. I am certain I could achieve a comparable level of security by using a single strong password that I memorize and then customize for each site using a simple but non-obvious technique (like a rot-cyphered tag inserted in the middle) and/or changing all passwords when any is hacked.
This is a good point. The advantage of the password manager (or your own means of coming up with unique and hard-to-crack passwords, assuming they are truly hard to crack) is that it is unlikely someone can crack your password faster than you can change it, and in the event that the break-in is undetected, there’s a better chance that they won’t crack at it all. But note I say “better”, not “good” chance - you of course want to change your password if you know the site was hacked, no matter how good you think your password was.
It’s a bit like the joke about the bear and the two hikers - you don’t have to run faster than the bear, you just have to run faster than the other hiker. Your passwords will never be completely impervious to being cracked, but the odds are on your side if yours is one of the hardest in the database to crack. The diminishing returns means the hackers crack the easy ones and forget about the last 5%.
I still think you’re playing with fire. It’s trivially easy for crackers to add new rules to their software, and it’s something they do all the time. Sure, they might miss your rule, but are you sure? I think it’s much, much safer to just assume that any scheme that is easy enough to remember is also easy enough to crack.
I just checked my password manager and I have over 70 different logins. Many of those are for sites I hardly if ever visit. Without a manager, if I want to be really safe, I need to keep a list of those sites, and once I’ve done that, well, I’m sort of building my own password manager.
I tried various schemes in the past, but really password managers offer the best balance of security and usability. Sure, it’s a single point of failure, but it also means that you only need to focus your efforts on protecting that single point.
If I bury a lightly encrypted tag (TENC for SDMB) in the middle of a truly random 10 character password, you really think there is any “rule” that a hacker would realistically follow to access my bank account before I get around to changing the password anyway? I mean, it’s possible, but I think it’s less likely than the password manager getting hacked, or me reciting my paswords in my sleep while dozing on public transportation.
Sure. One of your passwords gets stored in plaintext somewhere (see Rock You!) and now your random sequence is out in the open. Someone does statistical analysis of the trove, finds a ROTed token in your password (easy because you get it from the website name) and retrieves your “random” base.
It’s better than what most people use but still weaker than a properly used password manager.
If you don’t sync via the cloud, then in order to access you password manager, a hacker would need both access to one of your devices and crack the encryption. With a good strong password, not even the NSA could realistically manage it in reasonable time.
A lightly encrypted tag in the middle of a random 10 character (preferably more) is probably fine. A tag at the end of a common word like “swordfish” in your earlier example is less so, even with a couple digits added on. I realize that was probably just a simple example and your real one is likely better.
You’re right, there’s still a risk. But it’s pretty low. Unless the hacker is specifically targeting you, they aren’t going to look at password patterns individually and try to infer what you might use on other sites. There are plenty of people who use the same passwords everywhere, and hackers will have more than enough targets with those.
As for sites that store passwords in plain text, it’s a good idea to have different schemes for the important commerce sites versus something like a bulletin board. The latter are more likely to have poor security or unencrypted passwords, so in the very unlikely event that a hacker does try to derive your rule, they still can’t do much damage.
I have just done a bit of an audit on my passwords (as well as a bit of reading on the current ability of hackers and their techniques). I am reasonably happy with my practices although I realise that the “correct horse battery staple” approach that I kind of like has certain limitations.
My biggest problem at this stage is one that a password manager won’t be able to help me with – when there are limitations on the kinds of passwords that are allowed. One site that I would love to have more secure limits passwords to 8 alphanumeric characters. That means that there are just over 62[sup]8[/sup] allowable combinations. If what I read is correct, with some encryption algorithms that puts it within the realms of an exhaustive brute-force attack with a 100% harvest rate.
So, what are the options with sites like this? I have written a letter, but I am pretty much at the mercy of their security policies.
More precisely, it cannot be hacked unless someone gains access to the files, which would require either access to the thumb drives or backdoor the computer where you use them. That said, even if someone does gain access to the files, it’s almost certainly impossible to read the password database unless you used a weak password.
I can think of a fairly straightforward way that these could be done en masse: What if two sites Alan uses are compromised at the same time (or years apart, but the first one is never discovered so no one knows that they need to change passwords)? Then it is obvious what the “base” password is, and what the varying characters are, and that there are only a few of them no matter where they occur. That would make it easy to brute force on the next compromise.
The “root with a few varying chars” pattern is common enough that I’m certain that given two dumps, it is worthwhile to automatically scan for it. Just look for corresponding accounts with passwords that are the same except for a few chars.
I agree that your scheme will probably keep you safe but it’s not even close to being as secure as using a good PW vault. It’s a calculated risk on your part but if you think it’s as good (or better) than a vault then you are not basing your calculations on correct data.
Ok, I’ll grant you that. That still relies on a 10+ character random password being decoded successfully on two separate occasions, but that’s liklier than a password manager getting compromised, especially one that stores passwords locally.
[ul]
[li]Steal the keepass.info domain (this can happen)[/li][li]Starting with the existing open-source code, publish a ‘new version’ of KeePass containing new code that covertly sends the decrypted version of your stored data back to the hacker[/li][li]Versions 1.05 and later of KeePass automatically check for updates - so these are at risk[/li][/ul]
