Mainstream android password managers have had critical security flaws !!UPDATE THEIR APPS ASAP!!

[tlink]

2 minutes ago, Red Hardware said:

Hi

I know most of people have a lot of accounts and passwords to remember but I don't know why do they use these apps? ?

They can simply use Google Smart Lock that's built-in to the chrome. 

My Google account , Microsoft account and Samsung account are accounts that I always remember their password, everything else has a super long password and it's saved in Google Smart Lock or I log in by my Google account.  Even if these don't work , I can reset my password with my email so 

 

((Is there a place for these apps ??))

 

because that locks you down to google products and our google corporate overlords. google smart lock is just a fancy password manager, it suffers from the same security flaws all password managers suffer from. single point of failure.

[Guest Kloaked]

This just in: software has flaws.

 

Also, the sky is blue. Water is wet.

[LAwLz]

It is sad to see so many people who are ignorant about security recommend against using what is arguably the best method of keeping you safe, password managers.

 

Using a (proper) password manager and using it well is very important to having proper security.

[alexyy]

5 minutes ago, LAwLz said:

It is sad to see so many people who are ignorant about security recommend against using what is arguably the best method of keeping you safe, password managers.

 

Using a (proper) password manager and using it well is very important to having proper security.

People try to justify not using one and them having the same password for everything or something similar.

 

Password managers are extremely useful is used correctly and safely.

[captain_to_fire]

14 hours ago, SansVarnic said:

Still quite pleased I chose not to use Android.

The perks of using an iPhone and an iPad. Sucks for you Android users. ??

[LAwLz]

14 hours ago, SansVarnic said:

Still quite pleased I chose not to use Android.

27 minutes ago, hey_yo_ said:

The perks of using an iPhone and an iPad. Sucks for you Android users. ??

Chances are iOS password managers also have security issues (or in the case of WP, the apps probably don't even exist to begin with).

These are not Android specific issues, they are issues with how the programs were written.

[tlink]

3 minutes ago, LAwLz said:

Chances are iOS password managers also have security issues (or in the case of WP, the apps probably don't even exist to begin with).

These are not Android specific issues, they are issues with how the programs were written.

 

the main problem of the android apps was that they tried to be complex. integrated browsers, automatic password form filler etc. complexity is always harder to make secure. but maybe IOS has similar functionality and this analysis is bullshit, i don't use it so i don't know.

[Linus_torvalds]

22 hours ago, zMeul said:

the alternative would be to

• have mostly same password to all sites
• to have a notepad in a safe bolted on the floor/wall; too heavy to carry; to complicated to break into

Or you could have some kind of format to create your password. lets say based on the domain of the site mixed with your name or the name of your pet etc. with some fixed numbers at the end. this way you just have to remember the rules youuse to create password, not the passwords themselves

[tlink]

1 minute ago, mate_mate91 said:

Or you could have some kind of format to create your password. lets say based on the domain of the site mixed with your name or the name of your pet etc. with some fixed numbers at the end. this way you just have to remember the rules youuse to create password, not the passwords themselves

this is exactly how password crackers crack your password. its not a good password. a hacker would do background research about your pets and things like that, input them, and some rainbow tables for the most common words and names and stuff. a hacker is trying to figure out your thought process when you created your password. so an obvious thing to try is things like the name of the website in it, your pets, age, favorite club, city, etc. etc. they just input whatever they can find about you.

[Trixanity]

Using a strong master password and 2FA on your password manager goes a long way for security. It isn't perfect but it's probably better than the alternative (weak passwords, using the same password on multiple sites, trying to remember complicated password schemes or writing them down on paper etc)

[FratStar]

On 3/1/2017 at 0:19 PM, Sauron said:

Keepass ftw

Yup I use keepass. I was worried that it was going to be on the list. Phew

[Derangel]

3 hours ago, mate_mate91 said:

Or you could have some kind of format to create your password. lets say based on the domain of the site mixed with your name or the name of your pet etc. with some fixed numbers at the end. this way you just have to remember the rules youuse to create password, not the passwords themselves

Any password that is easy to remember is easy to crack. Regardless of what you use to create a password if you can remember it easily a cracker can crack it.

[SansVarnic]

9 hours ago, hey_yo_ said:

The perks of using an iPhone and an iPad. Sucks for you Android users. ??

Neither do I use Apple. *shrugs*

[Linus_torvalds]

10 hours ago, Derangel said:

Any password that is easy to remember is easy to crack. Regardless of what you use to create a password if you can remember it easily a cracker can crack it.

I do not remember passwords i remember rules i used to create password.

Let's say i use site domain and my birth year - 21 in place of dot.

every second letter is big (continuse after inserting numbers)

example:

LiNuStEcHtIpS1956cOm

I do not think passwords like this is easy to crack. It will take aaaaages to crack this kind of password.

[Derangel]

37 minutes ago, mate_mate91 said:

I do not remember passwords i remember rules i used to create password.

Let's say i use site domain and my birth year - 21 in place of dot.

every second letter is big (continuse after inserting numbers)

example:

LiNuStEcHtIpS1956cOm

I do not think passwords like this is easy to crack. It will take aaaaages to crack this kind of password.

By brute force it might take time, but with a little social engineering? Not so much. You'd be surprised how easy it is to use social engineering to gain info on a person. Most personal hacking is done using social engineering methods.

[tlink]

2 hours ago, mate_mate91 said:

I do not remember passwords i remember rules i used to create password.

Let's say i use site domain and my birth year - 21 in place of dot.

every second letter is big (continuse after inserting numbers)

example:

LiNuStEcHtIpS1956cOm

I do not think passwords like this is easy to crack. It will take aaaaages to crack this kind of password.

really trust me, you telling this alone makes it way easier to crack. with social engineering you basically extract every bit of data they can find about you and throw it into a password cracker that will try a lot of different spellings (changing the e for a 3 a for a 4, capitalization, adding special tokens in between etc). things about you that are not private will be easy to crack. especially birthdays, age, anniversary's, pet names, place names etc.

[Linus_torvalds]

40 minutes ago, tlink said:

really trust me, you telling this alone makes it way easier to crack. with social engineering you basically extract every bit of data they can find about you and throw it into a password cracker that will try a lot of different spellings (changing the e for a 3 a for a 4, capitalization, adding special tokens in between etc). things about you that are not private will be easy to crack. especially birthdays, age, anniversary's, pet names, place names etc.

I know but i do not use that things in my passwords. Also this was just an example. My real rules are much more complicated

[Trixanity]

3 hours ago, mate_mate91 said:

I do not remember passwords i remember rules i used to create password.

Let's say i use site domain and my birth year - 21 in place of dot.

every second letter is big (continuse after inserting numbers)

example:

LiNuStEcHtIpS1956cOm

I do not think passwords like this is easy to crack. It will take aaaaages to crack this kind of password.

That's an awful password and using the same scheme across multiple websites means you're vulnerable. Unless you device a scheme for each website... which has the same problem as having a unique password: it's hard to remember.