Have fun when one site you use the password on is breached and turns out to be using unsalted MD5 or plaintext passwords.
I personally use KeePass though and just host my own instance of it on a NAS (which I can access over VPN if needed). I keep backups of the database so I don't lose it, and worst case I always memorize critical passwords for things like e-mail so I can always reset my accounts if I somehow lose access to it all.
google password manager is the best thing that ever happened, no brainer, just like me
easy access to the manager from web browser and android, integrated autofill on both mentioned.
always keeps in sync, I don't have to manage my keepassxc-meme db manually between my devices.
I'm only worried if it will work in the same way once I switch to sent from iPhone.
I do not use it for most sensitive things, for important and less sensitive there is still 2fa.
Great idea idiot. Someone will steal your gay little password book, or you will leave it at a hotel or something, then your life is a major pain in the ass for the next 3 years until you manage to hack your way into everything
not to mention if you get arrested you can't even use the fifth amendment since all your passwords is on your person
don't even post if you are this fricking dumb
I mix pen&paper with password managers.
I have master passwords written down in clues for each letter that only I can understand. Those master passwords open up password managers.
i do, because my steam account got broken into and i decided that was too scary so from then on i bit the bullet and started using long unique and random passwords for everything
i use keepass and sync the db to several machines using syncthing
Yeah, password managers are not useful at all. I mean, we all remember our 16 character password for each and every site right? I mean, It's not like there are bots out there trying to brute force accounts, right?
This is kinda bullshit, I was just trying out cracking software today and I was managing 9gh/s on md5 which with 12 numbers only that's 10^12/9gh or 111 seconds worst case. Assuming 50% luck thats 55 seconds to crack, not 2
2 sec would take 500gh/s worst case or well in my case 55 gtx 1650 gpus, assuming half that still you're looking at more than a few 3090ti or whatever gpus, for just md5 which is piss easy to crack.
Salted md5 or even worse would take something stupid like fricking thousands of the fastest gpu on the market to do it in 2 seconds.
And that amount of hardware is why people build botnets.
For that kind of processing power you're either looking at a pretty decent sized bill from azure/aws or a ridiculously expensive setup dedicated for cracking hahes.
The methodology link is right there and it's based on 8xA100 on a single $30/hr EC2 instance.
They justify using MD5 saying that a lot of shitty sites use it, people tend to reuse passwords, and they wanted a worst case scenario, but have tables for other hashes
I don't get the idea. So it's basically a text database behind a master password, right? So what if you forget that password or lose the database?
And aren't most passwords for websites? My browser manages them for me and all passwords are resettable.
You're right. Password managers do have that flaw. if you loose the password to your database you're fricked but there's no perfect solution, just ways to reduce and mitigate risk. I'd rather have that potential single point of failure for all my passwords than have to worry about all the different accounts.
>So what if you forget that password or lose the database?
It's hard to lose them if you store them in multiple places. For example if you have a desktop and a laptop, you probably have your passwords on both, and then an extra copy on a USB stick. You could even upload them to google drive or dropbox if you dare.
Aside from Lastpass, has there ever been a password breach? Even lastpass didn't lead to anyone getting pwned iirc.
Meanwhile any breach of any daisy chained password is disastrous, and looking at my bitwarden vault right now, I have over 300 passwords saved, which means that not daisy chaining is impossible.
among the reputable password managers? no, never. it's all FUD. IQfy idiots as usual are completely wrong about password managers and everything else they talk about. you should NEVER listen to advice from idiots on here. people on here don't even know how to use linux or the command line or write simple scripts, it's just autistic morons with uninformed opinions. password managers are the only way to go. they allow you to store an infinite number of passwords, all different, all complex and long, and all behind 2fa
>you should NEVER listen to advice from idiots on here >writes advice
Impressive. >they allow you to store an infinite number of passwords, all different, all complex and long, and all behind 2fa
Wrong. Only a finite amount of passwords can be stored. And i don't think you understand how 2fa works.
You could store infinite number of passwords if you don't store the name. You can have master password, a unique name and use those to derive a unique password. Not so useful since you'd have to remember the name though. So I don't think password managers even have that option.
2fa does work with password managers.
2 years ago
Anonymous
>You could store infinite number of passwords if you don't store the name.
Only on a non-existent perfect turing machine. >2fa does work with password managers
That is not what is discussed here. The claim that is wrong is >and all behind 2fa
Common Multi-factor authenticaton can only be used to grant you access to a resource, in this case logging into your account at a given password manager service. The database itself cannot be encrypted with a OTP value for obvious reasons. If the post i was referring to wasn't made by a google moron one could have argued that he was referring to a keyfile, however since this isn't the case this means that he's referring to OTP authentication which mean squat for the actual encryption of the passwords on googles servers.
>Impressive.
what i meant was no one should listen to fricking morons like you, you fricking moronic piece of DOG SHIT >Wrong. Only a finite amount of passwords can be stored.
WRONG AGAIN YOU FRICKING STUPID PIECE OF IQfy DOGSHIT >And i don't think you understand how 2fa works.
wrong again you fricking STUPID homosexual piece of absolute bird shit homosexual TRANS FREAK. don't bother explaining it to me, but go ahead and make me laugh, tell me why you think I don't understand 2fa, homosexual.
2 years ago
Anonymous
>WRONG AGAIN YOU FRICKING STUPID PIECE OF IQfy DOGSHIT
No you fricking moron in a finite universe there are only a finite amount of states we can encode, it's not that complex your moronic motherfricker, and especially your shitty hard drive can not save an infinite amount of passwords, neither can Google's servers. >wrong again you fricking STUPID homosexual piece of absolute bird shit homosexual TRANS FREAK. don't bother explaining it to me, but go ahead and make me laugh, tell me why you think I don't understand 2fa, homosexual.
In case of your Google account it's fricking OTP or sms/telephone authentication, so it does not actually protect your passwords on googles servers, which aren't saved as hashes btw. but as the actual passwords for obvious reasons. Meaning subhuman trash like you not only store their authentication information for various sites conveniently formatted in googles database but also kindly inform google to which site they belong and when you log into these sites, all while spewing shit like "behind 2fa" like it would matter. Calling you Black person cattle would be too kind, Black folk are too stupid to understand what's going on but midwit tards shilling for globohomosexual company x because they incorrectly assume they understand what they're doing are unironically worse. So get your trans-obsessed homosexual ass off my board and keep licking Sundar Pichai diarrhea stricken butthole somewhere else.
Yes. Should have asked what else is there. The rest is just keys, not passwords >SSH keys >VPN keys >filesystem encryption keys
Password managers like keepassxc support ssh keys as well, meaning the encrypted ssh key will be added to your ssh agents only while the password manager is unlocked. Quite convenient tbqh.
Moved to manager around 2015 and it made logging so much more comfortable. There's still pc programs I need so KeePass > Google manager. I do use Google manager too for things I don't care about since it's a lot easier.
Never going back to remembering passwords. How do people keep doing that after hearing about password managers?
I use a password manager, it's called my brain. I only use one password.
Have fun when one site you use the password on is breached and turns out to be using unsalted MD5 or plaintext passwords.
I personally use KeePass though and just host my own instance of it on a NAS (which I can access over VPN if needed). I keep backups of the database so I don't lose it, and worst case I always memorize critical passwords for things like e-mail so I can always reset my accounts if I somehow lose access to it all.
>implying
google password manager is the best thing that ever happened, no brainer, just like me
easy access to the manager from web browser and android, integrated autofill on both mentioned.
always keeps in sync, I don't have to manage my keepassxc-meme db manually between my devices.
I'm only worried if it will work in the same way once I switch to sent from iPhone.
I do not use it for most sensitive things, for important and less sensitive there is still 2fa.
>google
>password manager
ISHYGDDT
>I don't have to manage my keepassxc-meme db manually between my devices
You really are Black person-cattle if you don't manage to get that automated.
Based, schizos will make you think you need to do 10x the work for no real security benefits
Well it's either this or 1 password for everything. Choose your poison.
third option is pen and paper
Great idea idiot. Someone will steal your gay little password book, or you will leave it at a hotel or something, then your life is a major pain in the ass for the next 3 years until you manage to hack your way into everything
not to mention if you get arrested you can't even use the fifth amendment since all your passwords is on your person
don't even post if you are this fricking dumb
I mix pen&paper with password managers.
I have master passwords written down in clues for each letter that only I can understand. Those master passwords open up password managers.
Or you can just remember more than 1 password.
not my problem works on my machine
i do, because my steam account got broken into and i decided that was too scary so from then on i bit the bullet and started using long unique and random passwords for everything
i use keepass and sync the db to several machines using syncthing
>>He uses a password manager
why yes, i do. all those who don't are homosexual pedophiles. enjoy. bye bye
Yeah, password managers are not useful at all. I mean, we all remember our 16 character password for each and every site right? I mean, It's not like there are bots out there trying to brute force accounts, right?
This is kinda bullshit, I was just trying out cracking software today and I was managing 9gh/s on md5 which with 12 numbers only that's 10^12/9gh or 111 seconds worst case. Assuming 50% luck thats 55 seconds to crack, not 2
2 sec would take 500gh/s worst case or well in my case 55 gtx 1650 gpus, assuming half that still you're looking at more than a few 3090ti or whatever gpus, for just md5 which is piss easy to crack.
Salted md5 or even worse would take something stupid like fricking thousands of the fastest gpu on the market to do it in 2 seconds.
And that amount of hardware is why people build botnets.
For that kind of processing power you're either looking at a pretty decent sized bill from azure/aws or a ridiculously expensive setup dedicated for cracking hahes.
The methodology link is right there and it's based on 8xA100 on a single $30/hr EC2 instance.
They justify using MD5 saying that a lot of shitty sites use it, people tend to reuse passwords, and they wanted a worst case scenario, but have tables for other hashes
nobody uses md5 anymore
>he doesn't use a password manager
I don't get the idea. So it's basically a text database behind a master password, right? So what if you forget that password or lose the database?
And aren't most passwords for websites? My browser manages them for me and all passwords are resettable.
>My browser manages them for me
That's called a password manager
You're using one
Yes. Should have asked what else is there. The rest is just keys, not passwords
>SSH keys
>VPN keys
>filesystem encryption keys
You're right. Password managers do have that flaw. if you loose the password to your database you're fricked but there's no perfect solution, just ways to reduce and mitigate risk. I'd rather have that potential single point of failure for all my passwords than have to worry about all the different accounts.
>So what if you forget that password or lose the database?
It's hard to lose them if you store them in multiple places. For example if you have a desktop and a laptop, you probably have your passwords on both, and then an extra copy on a USB stick. You could even upload them to google drive or dropbox if you dare.
I just use pgp encrypted text file that I check if I don't remember the password
Honestly, switching to Bitwarden has been the highlight of my year so far. Even leaving aside security its just so god damn useful.
Aside from Lastpass, has there ever been a password breach? Even lastpass didn't lead to anyone getting pwned iirc.
Meanwhile any breach of any daisy chained password is disastrous, and looking at my bitwarden vault right now, I have over 300 passwords saved, which means that not daisy chaining is impossible.
among the reputable password managers? no, never. it's all FUD. IQfy idiots as usual are completely wrong about password managers and everything else they talk about. you should NEVER listen to advice from idiots on here. people on here don't even know how to use linux or the command line or write simple scripts, it's just autistic morons with uninformed opinions. password managers are the only way to go. they allow you to store an infinite number of passwords, all different, all complex and long, and all behind 2fa
>you should NEVER listen to advice from idiots on here
>writes advice
Impressive.
>they allow you to store an infinite number of passwords, all different, all complex and long, and all behind 2fa
Wrong. Only a finite amount of passwords can be stored. And i don't think you understand how 2fa works.
You could store infinite number of passwords if you don't store the name. You can have master password, a unique name and use those to derive a unique password. Not so useful since you'd have to remember the name though. So I don't think password managers even have that option.
2fa does work with password managers.
>You could store infinite number of passwords if you don't store the name.
Only on a non-existent perfect turing machine.
>2fa does work with password managers
That is not what is discussed here. The claim that is wrong is
>and all behind 2fa
Common Multi-factor authenticaton can only be used to grant you access to a resource, in this case logging into your account at a given password manager service. The database itself cannot be encrypted with a OTP value for obvious reasons. If the post i was referring to wasn't made by a google moron one could have argued that he was referring to a keyfile, however since this isn't the case this means that he's referring to OTP authentication which mean squat for the actual encryption of the passwords on googles servers.
>Impressive.
what i meant was no one should listen to fricking morons like you, you fricking moronic piece of DOG SHIT
>Wrong. Only a finite amount of passwords can be stored.
WRONG AGAIN YOU FRICKING STUPID PIECE OF IQfy DOGSHIT
>And i don't think you understand how 2fa works.
wrong again you fricking STUPID homosexual piece of absolute bird shit homosexual TRANS FREAK. don't bother explaining it to me, but go ahead and make me laugh, tell me why you think I don't understand 2fa, homosexual.
>WRONG AGAIN YOU FRICKING STUPID PIECE OF IQfy DOGSHIT
No you fricking moron in a finite universe there are only a finite amount of states we can encode, it's not that complex your moronic motherfricker, and especially your shitty hard drive can not save an infinite amount of passwords, neither can Google's servers.
>wrong again you fricking STUPID homosexual piece of absolute bird shit homosexual TRANS FREAK. don't bother explaining it to me, but go ahead and make me laugh, tell me why you think I don't understand 2fa, homosexual.
In case of your Google account it's fricking OTP or sms/telephone authentication, so it does not actually protect your passwords on googles servers, which aren't saved as hashes btw. but as the actual passwords for obvious reasons. Meaning subhuman trash like you not only store their authentication information for various sites conveniently formatted in googles database but also kindly inform google to which site they belong and when you log into these sites, all while spewing shit like "behind 2fa" like it would matter. Calling you Black person cattle would be too kind, Black folk are too stupid to understand what's going on but midwit tards shilling for globohomosexual company x because they incorrectly assume they understand what they're doing are unironically worse. So get your trans-obsessed homosexual ass off my board and keep licking Sundar Pichai diarrhea stricken butthole somewhere else.
Password managers like keepassxc support ssh keys as well, meaning the encrypted ssh key will be added to your ssh agents only while the password manager is unlocked. Quite convenient tbqh.
lol I use a .txt file to store usernames and paswords.
Moved to manager around 2015 and it made logging so much more comfortable. There's still pc programs I need so KeePass > Google manager. I do use Google manager too for things I don't care about since it's a lot easier.
Never going back to remembering passwords. How do people keep doing that after hearing about password managers?
I use KeePassXC with multiple backups of the password file, I think I'm good.
>create backups of database
It's this easy. The database itself is encrypted so even if someone stole a backup they couldn't access your passwords.
>my password manager is just a .txt with all my passwords
>my password is the domain name
I remember doing this as a kid lmao big brain hours.
>Password is just my username