New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
A bit of an unsolicited advice here on how you can remember passwords to different accounts. I have different passwords for all of my accounts and I never forget them. I just use a pattern.
like
First n number of all letters of all passwords are the same, last n number of mixed special characters are the same. And n number fixed in the middle are characters taken from the website.
For example.
1st 4 letters - hello
last mixed special characters - &*(
fixed - 2nd to 3th character of website
Lenovo
helloen&*(
Samsung
helloam&*(
Onedrive
hellone&*(
I actually use just use Enpass for TOTP, not to store passwords. I do not like storing passwords anywhere, I'd rather make a reliable system to easily remember all of them.
I also classify the complexity of the pattern depending on the importance of the website to me. So you can use 2 or more patterns instead of keeping one. Easier patterns for throwaway accounts, more complex patterns for important services.
The spam is real
I have actually thought that it may be time to get a 2nd email address to use for everything non-critical but at this stage, I can't see that it will reduce that issue on my main email.
See, that is what I was doing but at 50+ logins and those are the ones I have remembered it's just too much of a chore to still try and remember the pattern for so many.
I am sure it works for you but I didn't just need the solution for me, it was my wife also.
Using LastPass for last 2 years, works well for me. Their android app has improved a lot lately.
You can try their free version and if you like it, you can get the premium plan with some encrypted storage.
Damn, you sounded sexy saying that...
With no disrespect intended, there are many reasons why this is NOT a good idea.
Let's start here:
https://en.wikipedia.org/wiki/Key_space_(cryptography)
It is in theory, but maybe that is not always the case. AFAIK, any account of mine have never been password hacked (yet) and I have been doing this for about 20 years now so all's good. If it ever does happen, I have TOTP in place for that. May still get social (engineering) hacked though.
People often tell me "I have never been hacked" or "My computer is not infected." I wonder how they know with such confidence? It is effectively impossible to prove.
Suffice it to say that edoarudo is giving poor advice. I may have some small experience in this area. Follow his advice or not; it is your choice. I do not visit LET often enough to get into an involved discussion with edoarudo, so that is all I have to say on this topic.
I am not confident. Just stating my experience. I had my computer infected many times and I have definitely been hacked. It was specific - password hacked. I will know because I mostly manage corporate accounts which have security in place if the system has indeed been password hacked. Decent systems at least, will always have firewalls and logs in place that will report any kind of security penetration, etc. What works for me might not sound good to you and that's alright. I am a part of this community so I just thought of sharing what's good to me might be good to others here - which is not necessarily good for everybody.
It goes both ways. It can also be impossible to disprove my claim. Nothing is absolute. It may be effectively impossible to prove that I've never been password hacked, but I have evidence (like logs) to backup my claim. And sorry for giving poor advice, if you have a better advice, then share it here.
@edoarudo5
@emg is right. keyspace and key-phrase length are mathematically relevant factors.
There're so many peoples voted BitWarden but discussion very limit.
Using bitwardenrs, it works.
He is right, I did not say otherwise. I just presented my use-case. Nothing is hack-proof, and with the advent of quantum computing, modern cryptography may soon become obsolete. When someone really wants to hack your system, they will find a way. I'm just sharing simple, practical solutions. Not something based on maths/theories. I know that what I suggested would not suffice for everyone here, there are far more sophisticated ways to generate passwords and store them all at the same time - they have their cons too. I'm just sharing something simple that works for me, seeing that it might work for others, too.
No. Most of todays crypto will hold quite well. And even pubkey crypto (RSA, ECC) will not somehow magically be "totally broken". What quantum computers - if they ever happen to exist with reasonable and useful word width plus necessary environment (e.g. storage) anytime soon - will do is to (very much) minimize the time needed to break e.g. RSA.
Short reminder: crypto is not about "uncrackable", it is about complexity which translates to (non-)feasibility. The "high end" is to have algorithms (more precisely one way functions) that are in NP which boils down to "cracking is virtually impossible but proving/verifying a solution is feasible easily (in low polynomial time)".
Classical example (RSA): it's extremely hard to factorize sufficiently large numbers. But it's easy to verify that F1 times F2 == given large number (because that's just multiplying two large numbers).
What quantum computers (with specialized algorithms) are said to be able to do is to do certain things ( quite limited set) like e.g. factorization faster - but not like "Bang! All RSA keys are cracked". More like "cracked it in 7 CPU weeks instead of in 700 CPU months".
Btw, and why I wrote this lengthy answer: One of the things that quantum computers will be capable to do much faster is pattern recognition, which means that your password system will be cracked even faster than it can be done already.
You should have listened to and thought about @emg's advice.
Just quoting myself here. I'm not saying that my "pattern system" prioritizes security, rather, it helps me easily remember all of them. It is simple, secure enough for my use, and it works for me. YMMV. Each of us will have different requirements. For those that do not require passwords for authentication, I don't use passwords. I am fully aware that it will be fairly easy to crack using a dictionary/brute force attack but it hasn't happened yet. If it did, I wouldn't be recommending it here.
I will not delve into further discussions/argue regarding quantum computing, superpositions, entanglement as it is already out of the topic. Theoretically (if you studied quantum mechanics), it will break every known modern cryptography (we would need new cryptography technologies like QKD cryptography if ever it happens) but that is another topic altogether. Interestingly, it will not work on blockchains because of absolute integrity checks.
Yet you can't resist to spread BS.
Hint: avoid obtrusively talking about subjects you know at best from some wikipedia reading.
I was fishing for this comment because I know exactly how people like you would react. Sometimes it makes you think who's spreading BS.
@edoarudo5
Simple rule: don't debate about things you don't know with people who do know, then you don't look like a fool. Sorry, you had enough friendly warnings.
Even you have quantum computer, you still need algorithm for the crypto rules. I am not so deep into Advanced maths but even Shor's algorithm itself is not good enough to destroy the RSA system.
Well, I admit to the BS I made up that it will break every known modern cryptography (because I was fishing for jsg's comment) and that modern cryptography may soon become obsolete. You need to chill. jsg's comment @ 7:20 is absolutely correct.
I just felt the "hostility" towards my unsolicited advice and reacted.
You bitches can fight elsewhere. Help our dear friend @Lee in finalizing the password manager eh
I settled on 1Password, does the job fine
Here is a line from the poem "A Garland of Precepts" by Phyllis McGinley:
"Argue with no true believers."
Edit: Do a search and read the entire poem.
So we have gone from passwords, to encryption, and now to poems. Which proves? Nothing. Because we will never find about absolute truth if it ever exists at all, we are severely limited by our lifetime, resources, knowledge and a lot of other things. So I would argue that while you may be correct, you will never be absolutely correct. And what you know is severely limited by theories/axioms in place strengthened by your confirmation bias. We wouldn't even know if absolute truth, relative truth, or both of them exists. Your reality is different from mine and your reality will always be limited by your thoughts - the same goes for me.
"Some of the sensible substances are generally admitted to be substances, so that we must look first among these. For it is an advantage to advance to that which is more knowable. For learning proceeds for all in this way-through that which is less knowable by nature to that which is more knowable; and just as in conduct our task is to start from what is good for each and make what is without qualification good good for each, so it is our task to start from what is more knowable to oneself and make what is knowable by nature knowable to oneself. Now what is knowable and primary for particular sets of people is often knowable to a very small extent, and has little or nothing of reality. But yet one must start from that which is barely knowable but knowable to oneself, and try to know what is knowable without qualification, passing, as has been said, by way of those very things which one does know."
What a pile of BS. ^^^^^
I stand by my comments.
Say that to Aristotle. Whatever floats your boat.
Hmm, wasn't this thread supposed to be about suggestions for password managers?
Furthermore, the OP (= @Lee ) has found one that works for him.
Indeed, and I can just say as well that for a forum full of Tech Nerds and a thread full of boo hiss, don't use LastPass or 1Password. Nearly 50% voted for them.
What's wrong with Google suite+chrome password manager? It even works with Android mobile and Android tv
I don't even know where to start with this..