![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
How To Keep Passwords Safe from Hackers
- Thread starter HardOCP News
- Start date
octoberasian
2[H]4U
- Joined
- Oct 13, 2007
- Messages
- 4,082
From Imgur:
You guys do understand that this has nothing to do with how you keep track of your personal passwords, right? It's about how the systems you sign into store everyone's encrypted passwords for authentication purposes.
So,
1. It's not a giant pain in the ass for a company to license RSA's scheme. All they need are two databases and money.
2. It doesn't help you to have your passwords tattooed on the back of your dog's neck if your bank's database gets cracked.
Type able passwords for sites i need log into and for sites only going to be using on my pc or phone you get this áÀb)6ÅG·HæÐÏÛ`¹??ô (if the site lets me use full 255 ANSI that is) but way longer on sites i know i am not going to need to type to log into, every site i use has an different password so one site gets keydumped its not an issue if they did there job correctly they never crack the password unless it was stored in plain text (easy way to find out if its stored in Pain text is press forgot password if they email you your password its stored in plain text or reversible hash but thats the same as plain text) http://plaintextoffenders.com/
disqus is the best one that has no limits on passwords i made an 10,000 password for the fun of it and it accepted it (even let me login with it, i had to lower it as my blackberry did not like that long of password was taking 30 second+ to open it)
keepass (with Keyfile USB for 2 factor login) + dropbox to store the password file (keyfile stored on USB never Place the keyfile on dropbox as you can recover deleted files from dropbox if you know the filename)
use it on my blackberry (pc version needs to be 1.20 or it not open on BB keepass) and Android phone as well
just lazy that people do not use password managers (yes thats me to) once you read stuff like thishttp://arstechnica.com/security/2012/08/passwords-under-assault/ and an bunch of other stuff
does any one know of an device that can store passwords but has an USB keyboard support as well(plug it into the pc and the device types the password into the box)
last pass is easy way but if last pass some how got compromised or some one gets your password for last pass they have all your passwords that they can export in 4 clicks (mostly mitigated if you have 2 factor login enabled that last pass supports 3 types of 2 factor login)
disqus is the best one that has no limits on passwords i made an 10,000 password for the fun of it and it accepted it (even let me login with it, i had to lower it as my blackberry did not like that long of password was taking 30 second+ to open it)
keepass (with Keyfile USB for 2 factor login) + dropbox to store the password file (keyfile stored on USB never Place the keyfile on dropbox as you can recover deleted files from dropbox if you know the filename)
use it on my blackberry (pc version needs to be 1.20 or it not open on BB keepass) and Android phone as well
just lazy that people do not use password managers (yes thats me to) once you read stuff like thishttp://arstechnica.com/security/2012/08/passwords-under-assault/ and an bunch of other stuff
does any one know of an device that can store passwords but has an USB keyboard support as well(plug it into the pc and the device types the password into the box)
last pass is easy way but if last pass some how got compromised or some one gets your password for last pass they have all your passwords that they can export in 4 clicks (mostly mitigated if you have 2 factor login enabled that last pass supports 3 types of 2 factor login)
From Imgur:
xkcd's version was better
Also add turn on 2 factor login for yahoo and google mail, paypal, facebook even dropbox,
if they get into your email they can access all sites tided to that email (you can do it via google auth app or text message code) hotmail is the wourst at the moment (password limited to 16 chars no 2 factor login support)
I messed up last post with the link (no space so need to copy paste)
if they get into your email they can access all sites tided to that email (you can do it via google auth app or text message code) hotmail is the wourst at the moment (password limited to 16 chars no 2 factor login support)
I messed up last post with the link (no space so need to copy paste)
I get what it is for, and it's still a giant pain in the ass. It's also unnecessary if you stop getting hacked yourself and losing all the seeds for your 2 factor scheme.