02-10-2016, 10:16 AM
|
#1
|
First Line Centre
|
Password Management Methods
I recently bought the 1password management software which is very good. But now I must find a really good master password that I cannot lose because even the software maker cannot recover it.
In the past, my passwords are variants of the same one like "applecoreXXX", "applecoreYYY" etc. But I want to use a cryptic one this time.
Some suggested phrases like "OscysBdel" (oh say can you see by dawn's early light). You can add a date to it to make it harder to guess.
The big question is how do you recover your password if you don't remember it. The only way I can come up with is to save it in two places, "OscysBdel" in your home and the number in your office. Any other suggestions?
Last edited by darklord700; 02-10-2016 at 10:26 AM.
|
|
|
02-10-2016, 10:25 AM
|
#2
|
Norm!
|
Why don't you use the same code as the one that you use on your luggage
__________________
My name is Ozymandias, King of Kings;
Look on my Works, ye Mighty, and despair!
|
|
|
The Following 4 Users Say Thank You to CaptainCrunch For This Useful Post:
|
|
02-10-2016, 10:28 AM
|
#3
|
Franchise Player
|
Write it on a piece of paper and put in somewhere safe. Then don't forget where you put it....
|
|
|
02-10-2016, 10:29 AM
|
#4
|
Powerplay Quarterback
Join Date: Aug 2002
Location: Mayor of McKenzie Towne
|
Quote:
Originally Posted by darklord700
I recently bought the 1password management software which is very good. But now I must find a really good master password that I cannot lose because even the software maker cannot recover it.
In the past, my passwords are variants of the same one like "applecoreXXX", "applecoreYYY" etc. But I want to use a cryptic one this time.
Some suggested phrases like "OscysBdel" (oh say can you see by dawn's early light). You can add your a date to it to make it harder to guess.
The big question is how do you recover your password if you don't remember it. The only way I can come up with is to save it in two places, "OscysBdel" in your home and the number in your office. Any other suggestions?
|
I use a similar system except I add in a couple 'wildcard' digits to give each site a unique password and therefore don't use a password 'locker' site.
Eg. OscysBdel -> Oscys**Bdel
So I might choose for my algorithm the 3rd and 3rd last letter of the website so the password for Calgary Puck would be:
OscysluBdel
Of course I'd also add a number and a symbol to the original phrase so my final password would become something like:
OscysluBd3!
While password for HockeyFuture would be:
OscyscuBd3! etc.
Of course my initial phrase isn't OscysBdel ;-)
__________________
"Teach a man to reason, and he'll think for a lifetime"
~P^2
|
|
|
The Following User Says Thank You to firebug For This Useful Post:
|
|
02-10-2016, 11:00 AM
|
#5
|
Franchise Player
|
send your passwords to me as backup. i will store them in a cloud of some type.
no real tips other than suggesting things like your street address where you grew up as a kid, perhaps the liscence plate number of your vehicle.
If your password is going to be crypitic, tie it to something you see every day in your life so you won't forget.
there will likely always be a day when you struggle to remeber - like those days when you come back tot eh office after lunch and you struggle to recall your current network password, even though you used 20 times that week
__________________
If I do not come back avenge my death
|
|
|
The Following User Says Thank You to Northendzone For This Useful Post:
|
|
02-10-2016, 11:10 AM
|
#6
|
The new goggles also do nothing.
Join Date: Oct 2001
Location: Calgary
|
For a master password the longer the better, so a passphrase might be better than just a password. I avoid any kind of pattern based scheme as password hackers have crazy good algorithms for patterns that people think are really obscure, and they all share them. So a 30 character passphrase would be good, and passphrases are usually easier to remember. But don't choose your favorite super hero quote, that'll probably be in the hacker's lists.
https://en.wikipedia.org/wiki/Passphrase
Though the good news is for something like 1Password, they use hashing algorithms that take relatively more time to calculate, so to try a password might take a few milliseconds. This is good because if someone was trying to crack your master password, they could only try hundreds or thousands or maybe tens of thousands of passwords per second. Weaker hashing algorithms take less time and allow for millions or billions of password tests per second.
I use KeePass where I can configure this, I have it set so it takes like a second to try one password, so it's unlikely anyone would ever be able to crack my file with a brute force or dictionary attack. I also have a 25 character password.
As for storing it, if it's the master password you'll probably be typing it every day at least (don't have your browser remember your 1Password password!!), so remembering it really doesn't become an issue.
However if you really want a backup, then written on a paper and put in a safety deposit box maybe (may seem overkill but this would have banking, credit card, email, etc passwords in it). Or pick spot in your house and write it down (like under the stairs on a stud or inside the furnace panel, someone may see it but not know what the heck it means, bonus it will confuse future generations) possibly?
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
|
|
|
The Following User Says Thank You to photon For This Useful Post:
|
|
02-10-2016, 11:18 AM
|
#7
|
First Line Centre
Join Date: Aug 2003
Location: Toronto, ON
|
If you look at 1Password's website, they encourage you to use a phrase with no meaning between the words, for example "Calgarypuck Awesome Time Vortex" wouldn't be good as those words intuitively go together.
Also, since I synced with Dropbox, I gradually determined I needed to remember two passwords, 1password and dropbox. That way if I lost everything and found myself at a computer anywhere in the world, I could still log into my email/life.
|
|
|
02-10-2016, 11:18 AM
|
#8
|
Franchise Player
|
I used a random set of digits/numbers that I wrote down and memorized. Then destroyed the paper. It's literally the only one you have to remember, so an 8-character password that you use every day really isn't too bad.
Secondly, buy a small fireproof safe. Write it down and put it in there.
|
|
|
02-10-2016, 11:19 AM
|
#9
|
Franchise Player
Join Date: Oct 2010
Location: Calgary
|
Obviously people are not paranoid enough here. You need to change your master password and then encrypt it using one time cryptographic pads which you commit to memory every time.
https://en.wikipedia.org/wiki/One-time_pad
No one will ever break your password then. :P
/tinfoilhat
|
|
|
02-10-2016, 11:33 AM
|
#10
|
First Line Centre
|
Quote:
Originally Posted by photon
I also have a 25 character password.
|
A 25 character password is fine on a real keyboard. But don't you find it hard to type on a smart phone keyboard?
|
|
|
02-10-2016, 11:38 AM
|
#11
|
Franchise Player
Join Date: Jun 2004
Location: SW Ontario
|
Quote:
Originally Posted by darklord700
A 25 character password is fine on a real keyboard. But don't you find it hard to type on a smart phone keyboard?
|
Not sure what phone you are using or about 1Password, but some will allow a PIN to be used on the phone once you log in, or some will allow the fingerprint sensor (if your phone has it) to be used instead of the master password.
Would also recommend setting up two factor authentication for 1Password log ins.
|
|
|
02-10-2016, 11:43 AM
|
#12
|
First Line Centre
|
Quote:
Originally Posted by PeteMoss
Not sure what phone you are using or about 1Password, but some will allow a PIN to be used on the phone once you log in, or some will allow the fingerprint sensor (if your phone has it) to be used instead of the master password.
Would also recommend setting up two factor authentication for 1Password log ins.
|
I use Nexus5 and I set 1password to time out every hour so I'll have to re-enter the password every hour. I can also set it not to time out and use a 4 digit pin. But I'm paranoid if my phone was lost, a 4 digit numeric password isn't going to cut it.
Haven't used the two factor authentication yet but will try now, thanks.
|
|
|
02-10-2016, 11:56 AM
|
#13
|
Franchise Player
|
I've been slowly putting together strings of obscure dates or numbers unrelated to me. Those password requirements are getting crazy. (Oh, hey, 2 letters from your first and last name? Rejected!)
For instance, a password based on parent's phone number, address or birthday or initials vs your own. A completely bizarre and obscure date like the date (or just Month and year of purchasing a laptop or something) could also work I'm guessing.
Another option: Dvorak keyboard. Type in something impossible to forget (ie: Your name + birthday month, day, year.) Look up the characters on a Dvorak keyboard and see what it is. For instance, February2016 could potentially become complete gibberish (EDIT: Output would be U.xpgapf2016). Memorize that string. If you ever forget, you can look it up.
EDIT: For funsies: Darklord700's password = Eaptnrpe700-o laoo,rpe
http://wbic16.xedoloh.com/dvorak.html
I've also on occasion kept offline documents of a riddle that end up with a garbled version of my password that I wouldn't have too many trouble ungarbling without leaving hints on how to ungarble it in the riddle.
But I feel like that is me starting to go through a tin foil hat phase.
Honestly, if someone wants to get at your stuff, they will. Making it annoying for them to get your stuff without keeping yourself out is all you can really hope for.
Agree with Russic below. If you're going that far to keep people out, you have to let them in in the event you can't log in and they have to get in.
Last edited by DoubleF; 02-10-2016 at 12:21 PM.
Reason: Dvorak output
|
|
|
The Following User Says Thank You to DoubleF For This Useful Post:
|
|
02-10-2016, 12:05 PM
|
#14
|
Dances with Wolves
Join Date: Jun 2006
Location: Section 304
|
This might be a bit dark, but consider a method that your loved ones can get ahold of it in the event of your death. It's likely not a necessity, but it could make things far easier on a spouse should something happen. The safety deposit box probably wouldn't be a bad idea.
As for you, one less secure method might be to tape it to something annoying to get to, but somewhere you'll remember. Perhaps go the walter white route and put it behind the faceplate of a wall socket?
Truthfully I just came up with one that was long but not hard to type. I forced myself to type it about 50 times in a row, and I set 1password to lock every time my screensaver turned on. That ensured that I have to type it out at least 10x a day. It's just muscle memory now.
|
|
|
The Following User Says Thank You to Russic For This Useful Post:
|
|
02-10-2016, 12:09 PM
|
#15
|
First Line Centre
Join Date: Oct 2010
Location: Deep South
|
The Dvorak keyboard idea is genius - might have to do this myself as my "master" password might be getting a bit stale.
__________________
Much like a sports ticker, you may feel obligated to read this
|
|
|
02-10-2016, 12:29 PM
|
#16
|
The new goggles also do nothing.
Join Date: Oct 2001
Location: Calgary
|
Quote:
Originally Posted by darklord700
A 25 character password is fine on a real keyboard. But don't you find it hard to type on a smart phone keyboard?
|
Not hard, but yeah tedious. If the app supports a fingerprint sensor then that can help.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
|
|
|
02-10-2016, 12:47 PM
|
#17
|
First Line Centre
Join Date: Aug 2009
Location: Coquitlam, BC
|
I used a hockey player for my LastPass master password. For example, if your favorite player growing up was Steve Yzerman, the password could be something like SteveYzerman#19
Long, has upper and lower case,symbols, numbers, easy to remember. Dictionary attack wouldn't work.
|
|
|
02-10-2016, 01:35 PM
|
#18
|
First Line Centre
|
Many good suggestions thanks.
Question to the expert: would a password like "applecore2015" or "2015applecore" be easier to brute force crack than one like "a2pp0lec1or5e"?
|
|
|
02-10-2016, 01:44 PM
|
#19
|
Franchise Player
Join Date: Nov 2006
Location: Supporting Urban Sprawl
|
Have a super complex password, and then write it down somewhere, but leave off a chunk which makes it impossible to guess.
Like: OscysBdel but then leave the Os off the front, so you just need to remember those 2, or add a bunch on the end that you know is fake (this isn't quite as good) so you can just remove them,like :OscysBdel2016CP.
__________________
"Wake up, Luigi! The only time plumbers sleep on the job is when we're working by the hour."
|
|
|
02-10-2016, 01:51 PM
|
#20
|
Atomic Nerd
Join Date: Jul 2004
Location: Calgary
|
Length is everything.
https://xkcd.com/936/
For master passwords, I recommend using something you will never forget but other people could never know or even guess from the internet - like things from your early childhood that are burned into your brain.
Last edited by Hack&Lube; 02-10-2016 at 01:54 PM.
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -6. The time now is 05:09 AM.
|
|