Password "Vaults"

[Uehm]

So,

 

I've been looking to boost up my security a little bit by changing my passwords for my logins in stuff. People say that you should have a different password for every site, and that they should be 8 characters+ and have random things in it. So, I was wondering what you use. I'm a member of a multitude of websites, and seeing as my memory already sucks, would have a terrible hard time remembering random 8 character passwords. So, this brings me to my main question: how do you/what do you use to remember your passwords?

 

I've looked at different programs, such as KeePass, Dashlane, and the Chrome browser extention LastPass. Does anyone use any of these? I was looking at Dashlane a bit more than the others since it has a really nice interface which is right off the bat very appealing to me. 

 

Which of the three applications would be the most secure? I read that Dashlane / LastPass keep your passwords in the cloud (or the could communicate with their home servers every now and again). I know nothing is ever safe completely, but I'd always like that extra sense of security seeing as my security up to this point hasn't been the best.

 

PS (Do you cool cats still use that these days?): I've used the traditional notepad document where I keep some of my passwords. But the thing is whenever I have to re-log in to a program (such as Steam when it fails to connect randomly) I have to go into that notepad file manually and it's kind of a hassle.  

 

Also, I wasn't sure if I was supposed to put this in this forum. I assumed since this would mainly be on the software side it may go in here. Thanks,

 

Uehm

[madscientist56]

i just use the same password for everything, its a good password tho

[Uehm]

i just use the same password for everything

 

I've...I've been doing the same. Thing is about that security experts have been saying that you should have a unique password for every site. Kinda wanna move to a more security-minded PC (stronger passwords is a good first step) so wanna use multiple ones. 

[Tmh85]

I've...I've been doing the same. Thing is about that security experts have been saying that you should have a unique password for every site. Kinda wanna move to a more security-minded PC (stronger passwords is a good first step) so wanna use multiple ones. 

There is a very slim chance VERY SLIM CHANCE that someone will figure out your password and if they do you can usually change it on different accounts before they do any damage

Have the same password for games and stuff like that but for Bank accounts and stuff like that use different very personal passwords

[madcow]

I've been using lastpass for a while. No issues so far. I have a few important passwords such as the one time recovery for gmail and  lastpass itself in an encrypted text file on dropbox. I use 2 factor auth where ever possible.

[Uehm]

There is a very slim chance VERY SLIM CHANCE that someone will figure out your password and if they do you can usually change it on different accounts before they do any damage

Have the same password for games and stuff like that but for Bank accounts and stuff like that use different very personal passwords

 

Thanks for the information. 

 

I ended up going with Dashlane. The thing is with this is that it's a trial account, so I'm more than likely going to have to either purchase it (negative part) or switch to something else. I'm more than likely going to also have KeePass running since it looks like it's free and open source.

 

Thank you all for the help!

[Cwazywazy]

I use the same password for everything online, even my bank account. Buttbutt1234.

[Uehm]

One more question: Do you guys usually select the 'save password' button on chrome / other browsers? Saved passwords aren't too hard to find and check out through Chrome.

[NaftaLord]

I use a little truecrypt container with 20+ character password on it

and in it i just have a simple text file with my passwords.

 

Sure as you say it can be a hassle to open it every time

to log in to sites but it is secure and security can be a pain in the ass some times

But with trucrypt my passwords will be safe even if my computer is stolen or some one

gets the file.

 

I personally would not use programs that call home to save my passwords in,

unless you are 100% sure that it is safe to do so.

[neon]

When I was choosing a password manager there were three main points I was looking for, 1. completely and totally offline, I do not trust the encrypted database file anywhere other than in my hands, 2. free and open source, where people have complete freedom to audit it, and 3. there were applications that can run on almost everything, (but number 1. was by far the point I was looking for), Keepass was the one that fitted the bill so I use that and it's great, yes it is a bit of a hassle to open it and then copy and paste (autotype is easier), but security isn't 'easy' you will always have some minor inconvenience if you want good security.

 

Before I used Keepass I used to use the good old pen and paper method along with some 'patterns' for easy remembering of passwords, whereas good passwords on pen and paper are secure using 'patterns' are definitely not, but I did use different patterns for the 'importance' of a site, but still it's bad.  For example forums might have the !8832 in common, for LTT the password would be linustechtips!832 for another forum it could be forumname!832 that LTT password is 17 characters long (18 centuries it would take to crack) yet it is a terrible password, any offline brute force will add a prefix of 'linustechtips' because they know the site the list came from (along with other common ones LTT, linus, linusTT, ect.) this reduces the password to a pathetic length of just 5.

Now with Keepass it generates a password to my specification, symbols, numbers and letters, the only criteria that I have to change is the length and that is only for poor decrepit sites that impose a '15 character limit' otherwise it's 30+ minimum. Different password on every site and all I need to do is remember just one (very good) password.

 

One thing to say with a 100% offline password manager is treat you password database file like any other, this means back it up, if you lost it then you are screwed, the good thing is that it is encrypted so you can put it on your phone, USB key and it will be fine (as long as you use a very good password to encrypt it), most likely you will want it on your phone or tablet so you can log into sites on there.

One more question: Do you guys usually select the 'save password' button on chrome / other browsers? Saved passwords aren't too hard to find and check out through Chrome.

 

no never, I do sometimes select the 'stay signed in' option on the specific site in question, but only Keepass saves my passwords.

 

 

i just use the same password for everything, its a good password tho

 

yeah one site gets hacked and takes a few hours (more like a few days) before they announce it so you can change your one password that's even providing you can drop everything to log in and out of every single website you use to change it, in that time your email and all other sites are very possibly compromised, same password for everywhere is never good.

Worst case scenario I know but that is want happens in the real world year in year out.

[Grave]

How bad of an idea would it be to store your passwords in an audio file? Like, rip an mp3 from OBS/Hypercam or something else that's free that you've recorded yourself saying all your passwords on, or maybe just one password per mp3..

[1823alex]

I usually have the same passwords for most of my stuff, but every now and then I start using a new password for all my new accounts. So I have 3-4 different passwords.

[LogicalDrm]

I use LastPass but if you want ultimate security thats not right place. It makes stuff easier but what if that gots hacked? Then you are screwd. Currently I use 7 different passwords with 3 emails and several login variants. Most secure of them are for PayPal and Google. But with Google I use same password for all three amail accounts.

 

If I would do the safe thing it would be like @neon and @NaftaLord do it. By having encrypted offline safe in USB for them. Maybe divide them with multiple USBs. One with not-so-important and carry that with me and other with the important ones hidden at home. Thats pretty much how my bank account access is right now. I've memorized the login code and have changing passcodes at home. There's no use of passcodes unless someone figures my access code (which I even can't tell because its in muscle memory).