John Connor
Lifer
Because you're in control. It's not someone else's server. Simple as that. You think that's getting hacked?
-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
Potent LastPass exploit underscores the dark side of password managers
Page 2 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Because you're in control. It's not someone else's server. Simple as that. You think that's getting hacked?
Red Squirrel
No Lifer
I run my own web based password manager off one of my servers. I could not trust cloud especially not to store passwords. I could not find a web based solution at the time I wanted to switch from PINs (a windows based manager) so I just wrote my own. It's very basic but gets the job done.
Essentially it just stores them in an encrypted DB and presents the password in a form where the letters are same color as background so I can copy and paste it to whatever I'm logging into. Given it's local I didn't bother with SSL though but if I had more people using my network then that's something I would want to do.
I can access it from home and from work only. From work I can VPN in.
I want to setup some kind of secure way to temporarily open up the VPN port from anywhere but not really a priority. I used to leave the VPN port open to all IPs so I can VPN in from anywhere using my phone, but after heart bleed I realized that was perhaps a bad idea. As a precaution after heart bleed I fully rebuilt that VM and added the firewall rule so only my work's IP can access it.
Essentially it just stores them in an encrypted DB and presents the password in a form where the letters are same color as background so I can copy and paste it to whatever I'm logging into. Given it's local I didn't bother with SSL though but if I had more people using my network then that's something I would want to do.
I can access it from home and from work only. From work I can VPN in.
I want to setup some kind of secure way to temporarily open up the VPN port from anywhere but not really a priority. I used to leave the VPN port open to all IPs so I can VPN in from anywhere using my phone, but after heart bleed I realized that was perhaps a bad idea. As a precaution after heart bleed I fully rebuilt that VM and added the firewall rule so only my work's IP can access it.
I'm checking out Keepass, looks like it can sync with most cloud providers (if not natively, then with a plug-in). I suppose I could use sftp or similar to sync when I want via my file server if I wanted more security. I haven't looked yet, but I'd imagine that there is an app for iOS. Also need to check out automated password update - it's a nice feature that commercial password managers support - not sure about KeePass, lots to read still.
No.
Red Squirrel
No Lifer
Rarely. When I do it's because I'm at work, and it's for personal stuff, like I want to login to my bank or something. Ex: I could do without it.
lxskllr
No Lifer
I use my phone and KeepassDroid. It uses the same database as the desktop clients. I always sigh a little inside when I have to use it though. My database password is... extensive, and it's tedious typing it on a touch screen.
iPhone - yes. iPad - if on vacation, otherwise no.
Brainonska511
Lifer
I use Keepass too. In the past, I used to keep a copy of the database on my USB drive on my keys along with a self-contained copy of Keepass. Lately, I haven't needed any passwords away from home beyond the important few I have memorized.
John Connor
Lifer
John Connor
Lifer
ch33zw1z
Lifer
So for those of us who don't run a pc 24x7, or a VPN server, not an option on the go necessarily
A guy in here reviewed keepass android app pretty well, and one app at least supports some cloud services.
https://sourceforge.net/p/keepass/discussion/329220/thread/7823021f/
A guy in here reviewed keepass android app pretty well, and one app at least supports some cloud services.
https://sourceforge.net/p/keepass/discussion/329220/thread/7823021f/
Last edited:
ch33zw1z
Lifer
Yea, my password is also extensive. Safe in cloud desktop makes you type it in all the way the first time you run it after boot, but it has a "quick" setting you can turn on to only enter the last or first 4 of the password after that
Safe in cloud on droid, Samsung S5 here, will accept fingerprint to unlock....which I use quite often to open it.
My phone and SD card are both encrypted already, but safe in cloud encrypts the dB either way.
There are tons of apps or plugins for Keepass. It's almost crazy!
Muse
Lifer
I do something similar. I do record hints (that I understand) but not something someone would know what to do with, in my local data.
I need to do something better, I think, and what I'm doing necessitates my having to look up my hints when I don't remember what hints apply to a specific site.
I bookmarked this article today:
New York Times -- Protecting Your Digital Life in 9 Easy Steps
John Connor
Lifer
The best way you can create a password is with music lyrics. Take your favorite song or any song and say, use the first part of the lyrics. Like the song Paint It Black by the Rolling Stones. So you have the first part of the song that goes like this:
I see a red door and I want it painted black
No colours anymore, I want them to turn black
So what you would do is take the first letter of each word to form a password and throw in some numbers and symbols.
ISARDAIWIPBNCAIWTTTB-1234!@#$
It doesn't have to be that long though.
This is the bases of my password generation and my passwords are damn long and complicated. My computers that are all encrypted use this scheme and the password is well over 20 characters long using upper case and lower case letters, numbers and symbols.
I see a red door and I want it painted black
No colours anymore, I want them to turn black
So what you would do is take the first letter of each word to form a password and throw in some numbers and symbols.
ISARDAIWIPBNCAIWTTTB-1234!@#$
It doesn't have to be that long though.
This is the bases of my password generation and my passwords are damn long and complicated. My computers that are all encrypted use this scheme and the password is well over 20 characters long using upper case and lower case letters, numbers and symbols.
Ichinisan
Lifer
Great! Let's all start doing that until those passwords are statistically common and end up in every password dictionary.
Wait...
John Connor
Lifer
If you should know. Not only did I come up with that idea, but so did Bruce Schneier.
https://en.wikipedia.org/wiki/Bruce_Schneier
https://en.wikipedia.org/wiki/Bruce_Schneier
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
