Password Management (attn: Woodruff, et. al.)

\\OFF-TOPIC// conversations about everything that has nothing to do with Conquer Club.

Moderators: Global Moderators, Discussions Team

Forum rules
Please read the Community Guidelines before posting.

Re: Password Management (attn: Woodruff, et. al.)

Postby nietzsche on Wed Jul 10, 2013 12:43 am

I use Keepass and have the file on dropbox. I'm not sure if there are apps for android but i've seen one for iphone, tho i didn't buy it.

Im sure there are options that have apps in both android and iphone.

my Keepass and Dropbox password is all i have to remember, or even only the Keepass password if i make the file public on dropbox
Image

Image
User avatar
Major nietzsche
 
Posts: 1395
Joined: Sun Feb 11, 2007 1:29 am
Location: Fantasy Cooperstown
Medals: 40
Standard Achievement (4) Doubles Achievement (2) Triples Achievement (2) Quadruples Achievement (1) Terminator Achievement (2)
Assassin Achievement (2) Manual Troops Achievement (2) Freestyle Achievement (3) Polymorphic Achievement (1) Nuclear Spoils Achievement (2)
Fog of War Achievement (4) Trench Warfare Achievement (2) Speed Achievement (4) Teammate Achievement (2) Cross-Map Achievement (2)
Battle Royale Achievement (1) Ratings Achievement (3) General Contribution (1)

Re: Password Management (attn: Woodruff, et. al.)

Postby saxitoxin on Wed Jul 10, 2013 1:04 am

nietzsche wrote:I use Keepass and have the file on dropbox. I'm not sure if there are apps for android but i've seen one for iphone, tho i didn't buy it.

Im sure there are options that have apps in both android and iphone.

my Keepass and Dropbox password is all i have to remember, or even only the Keepass password if i make the file public on dropbox


Does this mean you have to download the file from Dropbox everytime you want to login? Could I use Keepass plus a USB? Also is there two factor authentication with Keepass? I've had complex passwords broken so many times I don't sneeze without two factor authentication these days.
User avatar
Sergeant saxitoxin
 
Posts: 1327
Joined: Fri Jun 05, 2009 1:01 am
Location: the American Riviera
Medals: 12
Standard Achievement (3) Nuclear Spoils Achievement (1) Fog of War Achievement (2) Speed Achievement (3) Cross-Map Achievement (1)
Ratings Achievement (2)

Re: Password Management (attn: Woodruff, et. al.)

Postby BigBallinStalin on Wed Jul 10, 2013 2:06 am

saxitoxin wrote:
nietzsche wrote:I use Keepass and have the file on dropbox. I'm not sure if there are apps for android but i've seen one for iphone, tho i didn't buy it.

Im sure there are options that have apps in both android and iphone.

my Keepass and Dropbox password is all i have to remember, or even only the Keepass password if i make the file public on dropbox


Does this mean you have to download the file from Dropbox everytime you want to login? Could I use Keepass plus a USB? Also is there two factor authentication with Keepass? I've had complex passwords broken so many times I don't sneeze without two factor authentication these days.


I'd be concerned about letting it float over Dropbox. Seems like you're risking greater chances of having your files being intercepted---relative to simply keeping things on local USBs + word doc.
User avatar
Colonel BigBallinStalin
 
Posts: 3577
Joined: Sun Oct 26, 2008 10:23 pm
Location: crying into the dregs of an empty bottle of own-brand scotch on the toilet having a dump in Dagenham
Medals: 48
Standard Achievement (3) Doubles Achievement (3) Triples Achievement (3) Quadruples Achievement (3) Terminator Achievement (1)
Manual Troops Achievement (1) Freestyle Achievement (1) Nuclear Spoils Achievement (1) Fog of War Achievement (4) Trench Warfare Achievement (1)
Teammate Achievement (2) Random Map Achievement (1) Cross-Map Achievement (3) Beta Map Achievement (1) Ratings Achievement (4)
Tournament Achievement (5) General Achievement (1) Clan Achievement (10)

Re: Password Management (attn: Woodruff, et. al.)

Postby Metsfanmax on Wed Jul 10, 2013 5:41 am

saxitoxin wrote:
Metsfanmax wrote:
saxitoxin wrote:
Metsfanmax wrote:
saxitoxin wrote:
Metsfanmax wrote:LastPass


just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume


Well, I kind of expected you'd value your comfort over your security, so no big deal.


What if there is a fire where I live and my computer burns up? Then I am locked out of every site in existence forever. That doesn't seem very secure.


You wouldn't be locked out as long as you committed your master password to memory.


How would you not be locked out? I thought LastPass stored your passwords locally?


No, that would be too insecure. LastPass doesn't store your password anywhere. What happens is that your master password basically acts as a hashing function, and the only thing stored on their server is the hash. Your master password acts as a key that allows them to decrypt that into a real password, but basically the only way for anyone to get the real passwords is to use your computer when you're logged in.
User avatar
Lieutenant Metsfanmax
Head Thinker
Head Thinker
 
Posts: 3679
Joined: Wed Apr 11, 2007 11:01 pm
Location: NY
Medals: 40
Standard Achievement (3) Doubles Achievement (2) Triples Achievement (1) Quadruples Achievement (1) Terminator Achievement (1)
Assassin Achievement (1) Manual Troops Achievement (2) Freestyle Achievement (1) Nuclear Spoils Achievement (1) Fog of War Achievement (3)
Trench Warfare Achievement (1) Speed Achievement (3) Teammate Achievement (1) Random Map Achievement (1) Cross-Map Achievement (1)
Battle Royale Achievement (1) Ratings Achievement (2) Tournament Achievement (1) General Achievement (6) Clan Achievement (2)
General Contribution (5)

Re: Password Management (attn: Woodruff, et. al.)

Postby Woodruff on Wed Jul 10, 2013 5:56 am

saxitoxin wrote:just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume


I'm pretty sure that's a setting in your web browser causing that request to remember the password. I don't recall the specifics, but I think it happens when you have a setting that allows cookies (perhaps...I could be misremembering, as Unix is my strength, not Windows).
...I prefer a man who will burn the flag and then wrap himself in the Constitution to a man who will burn the Constitution and then wrap himself in the flag.
User avatar
Corporal 1st Class Woodruff
 
Posts: 4881
Joined: Sat Jan 05, 2008 9:15 am
Medals: 27
Standard Achievement (4) Quadruples Achievement (1) Terminator Achievement (2) Manual Troops Achievement (1) Fog of War Achievement (3)
Speed Achievement (3) Teammate Achievement (1) Random Map Achievement (1) Cross-Map Achievement (3) Ratings Achievement (4)
Tournament Contribution (4)

Re: Password Management (attn: Woodruff, et. al.)

Postby Woodruff on Wed Jul 10, 2013 5:58 am

isaiah40 wrote:
AndyDufresne wrote:
No system is foolproof. But Dashlane notes that it doesn’t ever see your passwords or your credit card information. They’re all stored on your own computer, encoded by the AES-256 encryption method, an open-source standard approved by the National Security Agency.



I have a problem with a program approved by the NSA. It just means the NSA can easily gain access your private info, just like they gained access to your phone records.


Yeah, that certainly won't happen unless the program is approved by the NSA. Definitely not. Ever.
...I prefer a man who will burn the flag and then wrap himself in the Constitution to a man who will burn the Constitution and then wrap himself in the flag.
User avatar
Corporal 1st Class Woodruff
 
Posts: 4881
Joined: Sat Jan 05, 2008 9:15 am
Medals: 27
Standard Achievement (4) Quadruples Achievement (1) Terminator Achievement (2) Manual Troops Achievement (1) Fog of War Achievement (3)
Speed Achievement (3) Teammate Achievement (1) Random Map Achievement (1) Cross-Map Achievement (3) Ratings Achievement (4)
Tournament Contribution (4)

Re: Password Management (attn: Woodruff, et. al.)

Postby Woodruff on Wed Jul 10, 2013 6:00 am

saxitoxin wrote:
rishaed wrote:Sure you pull up a Word doc. Put your passwords on it then encrypt and Password it (unsure of security from Word docs with such things). Choose a passphrase thats easy to remember hit save as and save it on your four flash drives and Voila.


That seems like the best idea yet. Would this work? Woodruff?


I have no idea what Word's security capabilities are, but my guess is that Word wouldn't be a particularly strong method of storing them. Would it work? If it has those capabilities...sure. Would it be strong security? I would suspect not, though I don't know.
...I prefer a man who will burn the flag and then wrap himself in the Constitution to a man who will burn the Constitution and then wrap himself in the flag.
User avatar
Corporal 1st Class Woodruff
 
Posts: 4881
Joined: Sat Jan 05, 2008 9:15 am
Medals: 27
Standard Achievement (4) Quadruples Achievement (1) Terminator Achievement (2) Manual Troops Achievement (1) Fog of War Achievement (3)
Speed Achievement (3) Teammate Achievement (1) Random Map Achievement (1) Cross-Map Achievement (3) Ratings Achievement (4)
Tournament Contribution (4)

Re: Password Management (attn: Woodruff, et. al.)

Postby Woodruff on Wed Jul 10, 2013 6:01 am

BigBallinStalin wrote:
saxitoxin wrote:
nietzsche wrote:I use Keepass and have the file on dropbox. I'm not sure if there are apps for android but i've seen one for iphone, tho i didn't buy it.

Im sure there are options that have apps in both android and iphone.

my Keepass and Dropbox password is all i have to remember, or even only the Keepass password if i make the file public on dropbox


Does this mean you have to download the file from Dropbox everytime you want to login? Could I use Keepass plus a USB? Also is there two factor authentication with Keepass? I've had complex passwords broken so many times I don't sneeze without two factor authentication these days.


I'd be concerned about letting it float over Dropbox. Seems like you're risking greater chances of having your files being intercepted---relative to simply keeping things on local USBs + word doc.


Agreed.
...I prefer a man who will burn the flag and then wrap himself in the Constitution to a man who will burn the Constitution and then wrap himself in the flag.
User avatar
Corporal 1st Class Woodruff
 
Posts: 4881
Joined: Sat Jan 05, 2008 9:15 am
Medals: 27
Standard Achievement (4) Quadruples Achievement (1) Terminator Achievement (2) Manual Troops Achievement (1) Fog of War Achievement (3)
Speed Achievement (3) Teammate Achievement (1) Random Map Achievement (1) Cross-Map Achievement (3) Ratings Achievement (4)
Tournament Contribution (4)

Re: Password Management (attn: Woodruff, et. al.)

Postby Woodruff on Wed Jul 10, 2013 6:02 am

Metsfanmax wrote:No, that would be too insecure. LastPass doesn't store your password anywhere. What happens is that your master password basically acts as a hashing function, and the only thing stored on their server is the hash. Your master password acts as a key that allows them to decrypt that into a real password, but basically the only way for anyone to get the real passwords is to use your computer when you're logged in.


Interesting idea with using the LastPass password as the hash itself.
...I prefer a man who will burn the flag and then wrap himself in the Constitution to a man who will burn the Constitution and then wrap himself in the flag.
User avatar
Corporal 1st Class Woodruff
 
Posts: 4881
Joined: Sat Jan 05, 2008 9:15 am
Medals: 27
Standard Achievement (4) Quadruples Achievement (1) Terminator Achievement (2) Manual Troops Achievement (1) Fog of War Achievement (3)
Speed Achievement (3) Teammate Achievement (1) Random Map Achievement (1) Cross-Map Achievement (3) Ratings Achievement (4)
Tournament Contribution (4)

Re: Password Management (attn: Woodruff, et. al.)

Postby thegreekdog on Wed Jul 10, 2013 7:05 am

Given what Saxi uses his email for, I'm shocked anyone would care what his passwords were. I suppose there are some "Shipping Wars" fanatics out there who would like nothing more than to stick it to someone who is badgering their idols.
Image
User avatar
Corporal 1st Class thegreekdog
 
Posts: 6217
Joined: Thu Jul 17, 2008 6:55 am
Location: Philadelphia
Medals: 38
Standard Achievement (3) Doubles Achievement (2) Triples Achievement (2) Quadruples Achievement (3) Terminator Achievement (2)
Manual Troops Achievement (3) Freestyle Achievement (1) Nuclear Spoils Achievement (2) Fog of War Achievement (3) Speed Achievement (1)
Teammate Achievement (2) Random Map Achievement (1) Cross-Map Achievement (3) Ratings Achievement (4) Tournament Achievement (1)
General Achievement (1) Clan Achievement (2) General Contribution (2)

Re: Password Management (attn: Woodruff, et. al.)

Postby BigBallinStalin on Wed Jul 10, 2013 11:28 am

Saxi thinks he's a spy or an enemy of the state, so in order to heighten that feeling, he needs to use many different passwords for many accounts.
User avatar
Colonel BigBallinStalin
 
Posts: 3577
Joined: Sun Oct 26, 2008 10:23 pm
Location: crying into the dregs of an empty bottle of own-brand scotch on the toilet having a dump in Dagenham
Medals: 48
Standard Achievement (3) Doubles Achievement (3) Triples Achievement (3) Quadruples Achievement (3) Terminator Achievement (1)
Manual Troops Achievement (1) Freestyle Achievement (1) Nuclear Spoils Achievement (1) Fog of War Achievement (4) Trench Warfare Achievement (1)
Teammate Achievement (2) Random Map Achievement (1) Cross-Map Achievement (3) Beta Map Achievement (1) Ratings Achievement (4)
Tournament Achievement (5) General Achievement (1) Clan Achievement (10)

Postby 2dimes on Wed Jul 10, 2013 11:43 am

He's on a fixed income and doesn't want you stealing his credit card number to buy pr0n after he gets a new pair of swimming trunks off www.spedo.com
User avatar
Corporal 2dimes
 
Posts: 3748
Joined: Wed May 31, 2006 1:08 pm
Location: Just out for a rip!
Medals: 6
Standard Achievement (1) Doubles Achievement (2) Triples Achievement (1) Quadruples Achievement (1) Teammate Achievement (1)

Re: Password Management (attn: Woodruff, et. al.)

Postby waauw on Wed Jul 10, 2013 11:48 am

you could use a more complicated system of patterns
for example:
  • first 2 letters= last two letters of email-address
  • codenumbers for cathegory= 01 for job, 02 for family & friends, 03 for junk
  • 3 constant letters= pgh
  • 2 letters= 4th and 6th letter of email-address
  • 1 number= 1st number in emailaddress

so if email were to be saxitonin58@blabla.com
password: in03pghio5

==> can sound annoying at first, but once you're used to it, it's real easy and it's not exactly making sense to anybody who doesn't understand the pattern
and you could ofcourse make it even more complicated if you say 3rd letter expressed NATO-letters(a ==>alpha), or 4th number is number of letters in email x number of numbers in email, etc.
Image

George Santayana: Those who do not remember the past are condemned to repeat it.
User avatar
Cook waauw
 
Posts: 619
Joined: Fri Mar 13, 2009 1:46 pm
Location: Physically in Belgium, mentally lost in his fantasy world
Medals: 50
Standard Achievement (3) Doubles Achievement (2) Triples Achievement (1) Quadruples Achievement (2) Terminator Achievement (2)
Assassin Achievement (1) Manual Troops Achievement (2) Freestyle Achievement (3) Nuclear Spoils Achievement (2) Fog of War Achievement (3)
Trench Warfare Achievement (2) Teammate Achievement (2) Random Map Achievement (2) Cross-Map Achievement (3) Beta Map Achievement (2)
Ratings Achievement (4) Tournament Achievement (4) Tournament Contribution (10)

Re: Password Management (attn: Woodruff, et. al.)

Postby saxitoxin on Wed Jul 10, 2013 12:38 pm

waauw wrote:you could use a more complicated system of patterns
for example:
  • first 2 letters= last two letters of email-address
  • codenumbers for cathegory= 01 for job, 02 for family & friends, 03 for junk
  • 3 constant letters= pgh
  • 2 letters= 4th and 6th letter of email-address
  • 1 number= 1st number in emailaddress

so if email were to be saxitonin58@blabla.com
password: in03pghio5

==> can sound annoying at first, but once you're used to it, it's real easy and it's not exactly making sense to anybody who doesn't understand the pattern
and you could ofcourse make it even more complicated if you say 3rd letter expressed NATO-letters(a ==>alpha), or 4th number is number of letters in email x number of numbers in email, etc.


I just checked this method through the Mandyion Labs brute force attack tester (http://www.mandylionlabs.com/PRCCalc/BruteForceCalc.htm). The sample password you came up with only produces 8 trillion combinations so could be cracked in 10 seconds if 100,000 desktop computers were working on it and in less than one day if just 10 computers were working on it!

My current password produces 30 quintrillion combinations so (supposedly) would take 100,000 computers working 1 year to crack it, or 10,000 years if 10 computers were working on it (this is assuming Woodruff's AFR unit wasn't mobilized just to crack ol' Saxi's password due to complaints from Chris & Robbie). The problem is I can only remember one of those kind of passwords and it's to my email account so what if someone uses a key logger to get it or leans in and looks over my shoulder when I'm typing? Then they could reset all my passwords. :| Second issue is that the email program I use offers two methods of password reset ... text to phone or father's middle name. I put a fictitious middle name for my father's middle name so people couldn't try to reset my password using a public records search (like they did to Sarah Palin) but that still leaves me completely vulnerable if someone steals my phone. :|
Last edited by saxitoxin on Wed Jul 10, 2013 12:53 pm, edited 1 time in total.
User avatar
Sergeant saxitoxin
 
Posts: 1327
Joined: Fri Jun 05, 2009 1:01 am
Location: the American Riviera
Medals: 12
Standard Achievement (3) Nuclear Spoils Achievement (1) Fog of War Achievement (2) Speed Achievement (3) Cross-Map Achievement (1)
Ratings Achievement (2)

Re: Password Management (attn: Woodruff, et. al.)

Postby waauw on Wed Jul 10, 2013 12:53 pm

saxitoxin wrote:
waauw wrote:you could use a more complicated system of patterns
for example:
  • first 2 letters= last two letters of email-address
  • codenumbers for cathegory= 01 for job, 02 for family & friends, 03 for junk
  • 3 constant letters= pgh
  • 2 letters= 4th and 6th letter of email-address
  • 1 number= 1st number in emailaddress

so if email were to be saxitonin58@blabla.com
password: in03pghio5

==> can sound annoying at first, but once you're used to it, it's real easy and it's not exactly making sense to anybody who doesn't understand the pattern
and you could ofcourse make it even more complicated if you say 3rd letter expressed NATO-letters(a ==>alpha), or 4th number is number of letters in email x number of numbers in email, etc.


I just checked this method through the Mandyion Labs brute force attack tester (http://www.mandylionlabs.com/PRCCalc/BruteForceCalc.htm). The sample password you came up with only produces 8 trillion combinations so could be cracked in 10 seconds if 100,000 desktop computers were working on it and in less than one day if just 10 computers were working on it!

My current password produces 30 quintrillion combinations so (supposedly) would take 100,000 computers working 1 year to crack it, or 10,000 years if 10 computers were working on it (this is assuming Woodruff's AFR unit wasn't mobilized just to crack ol' Saxi's password due to complaints from Chris & Robbie). The problem is I can only remember one of those kind of passwords and it's to my email account so what if someone uses a key logger to get it or leans in and looks over my shoulder when I'm typing? Then they could reset all my passwords. :|


well it was only an example, I'm sure you can make a lot more complex and a lot longer passwords using the same method.
Also to understand such a password you need to understand the patterns. For this you need to know at least 2 email accounts with passwords. But even with 2 it wouldn't be as obvious yet, a person would probably need a lot more to just notice that there are patterns(best leave out constants for this reason). So it's highly doubtful that someone would crack all your email-addresses without hacking.
Image

George Santayana: Those who do not remember the past are condemned to repeat it.
User avatar
Cook waauw
 
Posts: 619
Joined: Fri Mar 13, 2009 1:46 pm
Location: Physically in Belgium, mentally lost in his fantasy world
Medals: 50
Standard Achievement (3) Doubles Achievement (2) Triples Achievement (1) Quadruples Achievement (2) Terminator Achievement (2)
Assassin Achievement (1) Manual Troops Achievement (2) Freestyle Achievement (3) Nuclear Spoils Achievement (2) Fog of War Achievement (3)
Trench Warfare Achievement (2) Teammate Achievement (2) Random Map Achievement (2) Cross-Map Achievement (3) Beta Map Achievement (2)
Ratings Achievement (4) Tournament Achievement (4) Tournament Contribution (10)

PreviousNext

Return to Whose Forum is It Anyway?

Who is online

Users browsing this forum: IcePack, kahunah, The Bison King and 5 guests

Login