XIM Community

General Category => General Discussion => Topic started by: abc123 on 04:05 PM - 03/18/14

Title: Password Security/Management Application
Post by: abc123 on 04:05 PM - 03/18/14
Currently i'm using 1Password (https://agilebits.com/onepassword), but I was wondering what does the xim community use?
Title: Re: Password Security/Management Application
Post by: Ryoga on 06:45 PM - 03/18/14
I use "MyBrain". It's secure and no one can hack it.
Title: Re: Password Security/Management Application
Post by: toqy on 06:51 PM - 03/18/14
keepass+skydrive
Title: Re: Password Security/Management Application
Post by: RookCheck on 08:34 PM - 03/18/14
I use a simple little system, where I have an easy to remember, but long (16+ character), and then tag on two or three characters that are unique to the URL or application.

 So:

myreallylongpassword!xim

 Studies have shown that we make passwords harder than they need to be to remember, but easy to break by brute force.

myreallylongpassword!xim > p4s$w0rD

String four or so words together, randomly, or just a short sentence. Add special character. Done.
Title: Re: Password Security/Management Application
Post by: RookCheck on 08:37 PM - 03/18/14
To add to that, I love this little site.

https://howsecureismypassword.net/

It's not a gold standard for security, but it gets you close enough.

myreallylongpassword!xim would take 4 sextillion years.
p4s$w0rD would take 3 days.
Title: Re: Password Security/Management Application
Post by: toqy on 09:30 PM - 03/18/14
To add to that, I love this little site.

https://howsecureismypassword.net/

It's not a gold standard for security, but it gets you close enough.

myreallylongpassword!xim would take 4 sextillion years.
p4s$w0rD would take 3 days.

Yeah but I could beat your password out of you, in 4 minutes
Title: Re: Password Security/Management Application
Post by: RookCheck on 11:53 PM - 03/18/14
To add to that, I love this little site.

https://howsecureismypassword.net/

It's not a gold standard for security, but it gets you close enough.

myreallylongpassword!xim would take 4 sextillion years.
p4s$w0rD would take 3 days.

Yeah but I could beat your password out of you, in 4 minutes

The only thing you could beat is the fat guy to the front of the BK line.
Title: Re: Password Security/Management Application
Post by: abc123 on 12:03 AM - 03/19/14
so far i'm loving 1password, other than the cost.
Title: Re: Password Security/Management Application
Post by: roads on 12:05 AM - 03/19/14
I am on 1password and dont intend to change it, it synchronizes nicely over my devices. Whats the problem with it?
Title: Re: Password Security/Management Application
Post by: Phil Ashio on 12:34 AM - 03/19/14
Could have used this before. Forgot my password to these forums and my old hotmail account isn't receiving email from xim.
Title: Re: Password Security/Management Application
Post by: roads on 01:29 AM - 03/19/14
One tends to use the same password at several sites. 1password prevents this.
Title: Re: Re: Password Security/Management Application
Post by: RookCheck on 06:28 AM - 03/19/14
One tends to use the same password at several sites. 1password prevents this.

Very true.

But if you used a similar system to what I suggested, you wouldn't need 1password.

I'm just hesitant to trust my security to anyone else other than the company or organization with whom I'm interacting. Not to mention it forces a sort of reliance on 1password. What happens if I can't use there service? I'm stuck needing to use their access.
Title: Re: Password Security/Management Application
Post by: abc123 on 07:09 AM - 03/19/14
One tends to use the same password at several sites. 1password prevents this.

Very true.

But if you used a similar system to what I suggested, you wouldn't need 1password.

I'm just hesitant to trust my security to anyone else other than the company or organization with whom I'm interacting. Not to mention it forces a sort of reliance on 1password. What happens if I can't use there service? I'm stuck needing to use their access.

you aren't using their service...

The database of passwords is stored locally/dropbox/icloud and then encrypted with your master password...then it stores all password data...
CzQAXstyeKEVspKuDphaHc93ksmfAks#[email protected]
mATD&hgBPbzZMvJvyCQb2DGQcqNqmmuHVhosc<irfkvjz7UoVp
YbH9.GuUsMtddZVWnTqnnBiatyMjGmxHWrTF?7VPJBhmeyCehu
fC["Km$:a{[email protected];FQ#%MHr+EoTLom4MMK9gr
vofLfLrHtXpPpwbLpALPGBaCvqAG7VHZ2UqdpoErsduQFvJbTk

Example passwords ^^

You choose the number of symbols, digits you want in the password and the number of characters.

wala
Title: Re: Password Security/Management Application
Post by: toqy on 07:13 AM - 03/19/14
KeePass is free
Title: Re: Password Security/Management Application
Post by: RookCheck on 07:15 AM - 03/19/14
One tends to use the same password at several sites. 1password prevents this.

Very true.

But if you used a similar system to what I suggested, you wouldn't need 1password.

I'm just hesitant to trust my security to anyone else other than the company or organization with whom I'm interacting. Not to mention it forces a sort of reliance on 1password. What happens if I can't use there service? I'm stuck needing to use their access.

you aren't using their service...

The database of passwords is stored locally/dropbox/icloud and then encrypted with your master password...then it stores all password data...
CzQAXstyeKEVspKuDphaHc93ksmfAks#[email protected]
mATD&hgBPbzZMvJvyCQb2DGQcqNqmmuHVhosc<irfkvjz7UoVp
YbH9.GuUsMtddZVWnTqnnBiatyMjGmxHWrTF?7VPJBhmeyCehu
fC["Km$:a{[email protected];FQ#%MHr+EoTLom4MMK9gr
vofLfLrHtXpPpwbLpALPGBaCvqAG7VHZ2UqdpoErsduQFvJbTk

Example passwords ^^

You choose the number of symbols, digits you want in the password and the number of characters.

wala


I understand how it works. My point is that you need their program if you want to access any site or application that uses their generated password data. It forces reliance when it isn't, IMO, necessary.
Title: Re: Password Security/Management Application
Post by: BionicTbag on 07:37 AM - 03/19/14
so here is the solution i found most useful as it has a lot of features and apps for phones and different web browsers...


https://lastpass.com/ (https://lastpass.com/)


also, using something like this can assist you as well


password = ISYOTDSOTM = I see you on the dark side of the moon
Title: Re: Password Security/Management Application
Post by: abc123 on 12:07 PM - 03/19/14
so here is the solution i found most useful as it has a lot of features and apps for phones and different web browsers...


https://lastpass.com/ (https://lastpass.com/)


also, using something like this can assist you as well


password = ISYOTDSOTM = I see you on the dark side of the moon

this was the only tool i was thinking of using other than 1password... didn't see anything negative
Title: Re: Password Security/Management Application
Post by: RookCheck on 12:20 PM - 03/19/14
Bionic, here's your password:

(http://i.imgur.com/pG9UzFS.png)
Title: Re: Password Security/Management Application
Post by: abc123 on 05:11 PM - 03/19/14
Bionic, here's your password:

(http://i.imgur.com/pG9UzFS.png)

can i get the link? want to make people cry that are family.
Title: Re: Password Security/Management Application
Post by: RookCheck on 06:39 PM - 03/19/14
https://howsecureismypassword.net/

Fun little script.
Title: Password Security/Management Application
Post by: toqy on 06:44 PM - 03/19/14

Bionic, here's your password:

(http://i.imgur.com/pG9UzFS.png)

His user name would take a year though so he should swap them
Title: Re: Password Security/Management Application
Post by: BionicTbag on 07:08 AM - 03/20/14
Bionic, here's your password:

(http://i.imgur.com/pG9UzFS.png)


first off that was a simple example broski. and that is a neat little tool...but im going to go ahead and say.. that website is bogus and provides bogus times. as as a 7 character varied between letters and numbers and special characters will take 22 seconds...  = BS


secondly, every time you post @#$% like that to me... all i hear is the sound of a basketball going through a hoop and that sound is (douche)


sorry everyone for the temp derailment.
Title: Re: Password Security/Management Application
Post by: colb on 07:52 AM - 03/20/14
Actually it's "swoosh".


Tomato / to-mah-to
Title: Re: Password Security/Management Application
Post by: tuffrabit on 07:55 AM - 03/20/14
http://www.youtube.com/v/cySX4ybdoYo&hd=1

Seriously though... take it easy fellers.
Title: Re: Password Security/Management Application
Post by: RookCheck on 09:28 AM - 03/20/14

first off that was a simple example broski. and that is a neat little tool...but im going to go ahead and say.. that website is bogus and provides bogus times. as as a 7 character varied between letters and numbers and special characters will take 22 seconds...  = BS


secondly, every time you post @#$% like that to me... all i hear is the sound of a basketball going through a hoop and that sound is (douche)


sorry everyone for the temp derailment.


/sigh

I said the site was fun (source (http://www.xim3.com/community/index.php?topic=31741.msg407025#msg407025)) and certainly not any gold standard (source (http://www.xim3.com/community/index.php?topic=31741.msg406557#msg406557)). -1 for reading comprehension.

When I used your password I said "Bionic, here is your password", and then provided a screenshot. There was nothing aggressive, insinuating, implied, hinted, mean spirited, or otherwise, in the post. -1 for poor inference.

As to the site itself, a 7 character password with letters (assuming both lower and upper case), numbers, and special characters would take ... an hour. Not sure where you got 22 seconds. Each time you add a variation in character selection (upper, lower, number, special, or punctuation) it increases the possible combinations. It's working off of a few assumptions, yes, but generally speaking the math is solid. -1 for website usage.

!2qwerT                  = 1 hour (7 characters, 77 character combinations)
qwertyuiopas           = 276 days (12 characters, 26 character combinations)
qwertyui!2               = 344 days (10 characters, 51 character combinations)
Qwerty!2[               = 5 years  (9 characters, 96 character combinations)
Amorecomplexkey!2] = 3 quintillion years (18 characters, 96 character combinations)


If one were truly concerned about security, one would have more than just a well thought password/phrase, one would include two-step verification, ensure password hashes were salted, use biometrics, and so on. If you take most passwords today and throw a rainbow table at them, they will take very little time to crack. We aren't super worried about that, of course. Since the likelihood that anyone of us will be focused for a brute force is low. And if you are focused in a brute force attack, having a semi-decent password goes a long way. That website is a good tool in getting there.


Now, as to this hostile little spat of passive aggressiveness - put your big boy pants on.
Title: Re: Password Security/Management Application
Post by: BionicTbag on 10:26 AM - 03/20/14
so anyway... last pass is IMO a great tool, lost of good tools around :) nawateyemeanz
Title: Re: Password Security/Management Application
Post by: abc123 on 02:48 PM - 03/20/14
first off that was a simple example broski. and that is a neat little tool...but im going to go ahead and say.. that website is bogus and provides bogus times. as as a 7 character varied between letters and numbers and special characters will take 22 seconds...  = BS

Actually it isn't that far off...

Here's how it works...
1. They are assuming you have the password hash (not brute forcing a website/app/client/etc)
2. They are assuming likely GPU hashing (1000 cores running math = extremely fast)
3. They are using some other password cracking assumptions (try words first, try words with numbers second)

I can provide you with some real password cracking sites that take a password hash in and give you the resulting password.  They are normally 4 GPU clustered using CUDA to crack the password, this is how modern WPA cracking is done.

Other than it missing:
password123
Title: Re: Password Security/Management Application
Post by: toqy on 02:56 PM - 03/20/14
so anyway... last pass is IMO a great tool, lost of good tools around :) nawateyemeanz

I tried it out. Then they got hacked that one time and i just started using keypass
Title: Re: Password Security/Management Application
Post by: abc123 on 03:52 PM - 03/20/14
https://xato.net/passwords/should-you-ditch-lastpass/#.UytirK1dWKo

was a good read, glad i paid for 1password still loving it.
Title: Re: Password Security/Management Application
Post by: Incognito on 10:33 PM - 04/04/14
Late to the party here.  I've been using LastPass for about four years with no issues.  As far as LastPass getting hacked, all that was *potentially* stolen were hashes of passwords which does the "hackers" no good.  Everything is encrypted on your PC before it is sent to the LastPass servers so unless your LastPass master password is weak the attackers can't do anything with your password hash.  Even if they had stolen the encrypted data it still wouldn't do them any good.  Finally, it was never confirmed that they were even hacked - LastPass devs just noticed an abnormal traffic spike that suggested it was possible someone could have stolen password hashes and alerted everyone that it might be a good idea to change your master password.

I use KeePass as an offline backup in the (very) unlikely case that LastPass shuts down.  I've been using KeePass for about ten years and it's top notch software and I highly recommend it.
Title: Re: Password Security/Management Application
Post by: abc123 on 10:39 PM - 04/04/14
Late to the party here.  I've been using LastPass for about four years with no issues.  As far as LastPass getting hacked, all that was *potentially* stolen were hashes of passwords which does the "hackers" no good.  Everything is encrypted on your PC before it is sent to the LastPass servers so unless your LastPass master password is weak the attackers can't do anything with your password hash.  Even if they had stolen the encrypted data it still wouldn't do them any good.  Finally, it was never confirmed that they were even hacked - LastPass devs just noticed an abnormal traffic spike that suggested it was possible someone could have stolen password hashes and alerted everyone that it might be a good idea to change your master password.

I use KeePass as an offline backup in the (very) unlikely case that LastPass shuts down.  I've been using KeePass for about ten years and it's top notch software and I highly recommend it.

I hear you, however, the company RSA (a leader in corporate security) was hacked and they hash everything as well.

They got so far as to invalidate a lot of RSA token generators...

With passwords I just can't ever be too careful, my passwords guard more than just me they guard my company.

Article:
http://arstechnica.com/security/2012/06/securid-crypto-attack-steals-keys/