I unironically don't understand this meme

Gabriel Ross
Gabriel Ross

of course goy, instead of having remembering your passwords you put them all together with a single point of failure master password, safety first!

I unironically don't understand this meme.

All urls found in this thread:

johndcook.com/blog/2014/09/25/mental-crypto/

Aaron Parker
Aaron Parker

It's not hard to understand. People are idiots

Liam Roberts
Liam Roberts

dont forgot
and make sure to store all your passwords on our server goy! for your convenience of course!

Cameron Taylor
Cameron Taylor

KeePass is offline. Your DB is encrypted and useless without the password.

James Young
James Young

you're unironically retarded

Gavin Lee
Gavin Lee

THIS!!
Based Apple will save this retared shit with face recognization.

Justin Cooper
Justin Cooper

Another thing regarding this is Google Chrome and its saved passwords thing which it's supposed to be secure but you can see them on settings without any problem

Charles Johnson
Charles Johnson

single point of failure doesn't matter when failure is impossible

Jose Foster
Jose Foster

It's a "single point of failure" that's auditable and therefore something you can trust. It's also kept offline and encrypted. Since your "single point of failure" password is the only thing you have to memorize, you can make it incredibly complex and practically unhackable without fear of losing it because it's one of dozens of passwords.
Truly random passwords are better than having a memorized password "system" because getting a password on one site compromised gives an attacker approximately fuck-all information about your passwords on other sites. The biggest attack vector against passwords is the simple fact that humans have to remember them or generate them using a set of memorized rules, which will always introduce systemic weaknesses, no matter how clever you think you're being. Of course, the only way you can use truly random passwords and avoid this is if you don't have to memorize them, which is where password managers come in.
Now, if it were LastPass, then I'd agree. I will never understand cloud-provided password services. Too much to trust blindly, and too much of a juicy target for attackers. KeePass, meanwhile, is an encrypted file fully within your own control. It's not some web endpoint that needs to be defended against hackers. The code is open-source and you can build it yourself without having to trust binaries someone else made. Seems perfectly sane to me.

Gavin Scott
Gavin Scott

/thread

David Fisher
David Fisher

not using pass
It's like you want your shit to get fucked

Joseph Wood
Joseph Wood

and then you shave your beard or your face changes with age and you can't log into anything

you still have the single point of failure, it's just been moved, and it's more fragile and unreliable than a password

Jayden Adams
Jayden Adams

This

Nathaniel Carter
Nathaniel Carter

How do you use passwords on your phone I dont get it desu

Julian Ross
Julian Ross

You use a Keepass client which then copy/pastes the PW for you based on which site you're using. Some have browser plugins.

Owen Taylor
Owen Taylor

Can you recommend me what you use senpai

Easton Ward
Easton Ward

put encrypted password db on phone
use it on phone with whatever mobile applications works best for you

I like using syncthing to synchronize my password db between my computers and phone. It's not perfect, I've had to manually resolve conflicts on a couple occasions in the last year.

Keepass2Android seems fine, it's what a friend of mine uses. I use KeePassdroid

Gabriel Martinez
Gabriel Martinez

How are we inferior biological computers remember 20 passwords, each 32 character long ? Password managers are /comfy/ and as long as your PC doesn't get physically attacked or you run Windows, the list will be safe.

Lincoln Thompson
Lincoln Thompson

See:

Noah Rogers
Noah Rogers

I think I'd rather encrypt a file at that point.

Are the password databases stored in a universal file or integrated into the program

Xavier Green
Xavier Green

I use it and I'm thinking of writing all the passwords down on paper and keep it somewhere in my room. Nobody is going to break into my house to steal some passwords and if they do they're dead

Kevin Brooks
Kevin Brooks

what is a strong password
what is not writing your master password down anywhere
what is only storing the password database locally
what is encryption
OP needs to go back to /v/

Nolan Cruz
Nolan Cruz

I just use last past and I don't give a fuck

Wyatt Price
Wyatt Price

If you don't give a fuck why introduce another time-wasting step to your facebook management instead of making every password qwerty123456? The level of security provided is comparable.

I bet you thought you bragging about using lastpass was somehow impressive rather than incredibly dumb and naive.

Ethan Parker
Ethan Parker

JUST ONE QUESTION:
can anyone show me a website proving that a
strong-password protected keepass archive has ever been broken into?
Show me where it says keepass is hackable using some kind of password cracker

Tyler Powell
Tyler Powell

password reuse is literally a non problem granted the service provider does not fuck up and you picked a decent pw to start with

Jaxon Peterson
Jaxon Peterson

Ι use keepassx with an 8 word passphrase and a key file of pseudorandom characters which I change every month, and store literally everything on it, it helps because I produce 200bit entropy passwords for everything
Explain to me how im in danger

Brayden Watson
Brayden Watson

of course goy, gives us your number, 2fa is secure, we won't abuse our ... err, I mean your data

yours truly, Zuck

Ayden Young
Ayden Young

Defending your entire digital life with a single password isn't that bad

Luke Wright
Luke Wright

Why do you give so many fucks?

Christopher Watson
Christopher Watson

explain me how were you in danger before you started using a shitware

Angel Bell
Angel Bell

I have around 60 accounts on different things ranging from PTs to uni services
I cant keep track of all the passwords in my head AND have secure passwords AND not reuse the same password
If you need it for like 3 services then sure, all is well, no need to use it
But any more and its necessary

Wyatt Garcia
Wyatt Garcia

ah, now we see this is a security services thread - who you work for, buddy? Having difficulty with keepass ? hahahahahaha try harder to persuade people not to use it hahahaha

Camden Gonzalez
Camden Gonzalez

Type it, don't trust your shitty phone

Jayden Powell
Jayden Powell

so what was the danger then?

granted no one can crack it, that is the absolute best way indeed. What do you think login with facebook does? What, you don't trust FB and Google security?

Dominic Roberts
Dominic Roberts

As I said, using the same password in everything GUARANTEES it is common knowledge
You cant do anything about it other than use different passwords
I cant remember 60 passwords of random strings

Jason Harris
Jason Harris

casting perls infront of swine
this guy
you are on the wrong platform, nobody here (roughly 99%) cares.

Chase Nelson
Chase Nelson

I would think that was more like 99.9999%

Joshua Taylor
Joshua Taylor

Sorry I don't know what FB and Google is or does.

Kayden Martinez
Kayden Martinez

meanwhile you can just encrypt a simple text file and store it on whatever system or cloud platform you wish

lay off the pearls buddy

Parker Williams
Parker Williams

Even if you type it, you can't trust your shitty phone.

If you insist on using a "smart"phone, you should probably just give up and put your passwords into a plain text file. You can't magically make something secure on an inherently insecure device.

Robert Rodriguez
Robert Rodriguez

I perfectly understand, it is very common to hold strong opinions on issues where you have no idea how they work

Chase Cooper
Chase Cooper

Been using keepass for a while now. Everything requires a password and I'm not about to remember 80 different unique and secure passwords. I got tired of logging in by resetting my password every time. Now I get to remember a single 28 character strong password.

If someone is going to steal your password, it's usually because they can guess it or because the site got hacked and the email/password you used was reused on another site. Keepass eliminates this most common vector of attack by allowing you to use unique strong passwords for every site. Almost nobody has their account stolen because someone cracked their strong unique password

Carson Young
Carson Young

Almost nobody has their account stolen because someone cracked their strong unique password

so what's the point of security placebo when suffering a csrf attack is much more likely while being logged in with a giga password

Noah Richardson
Noah Richardson

you're missing a part of your brain, aren't you?

Thomas Price
Thomas Price

Hi fbi

Mason Reed
Mason Reed

Are you honestly retarded or just new to crypto?
Every password you will ever think of is not random, it has something of you in it, so to speak
So even if you do have 80 different accounts with 80 different passwords, if at some point in the future Isukcokz.ru gets hacked by straight activists, it will leak literally 0 information about your main mail account long as you use proper OPsec and a password manager

Jonathan Bell
Jonathan Bell

Of course you'll never eliminate all attack vectors, but the point is that if someone gets access to one of your accounts, they don't also get access to others. Specifically for csrf, I never check "remember me" and always log off after using the site. No point in having a strong unique password if someone just has to type gmail.com on your computer and your inbox pops open.

Evan Stewart
Evan Stewart

I just use the sane modifications on about:config and dont even have to do that either

Dominic Smith
Dominic Smith

johndcook.com/blog/2014/09/25/mental-crypto/
Thoughts?

Zachary Miller
Zachary Miller

I am 12 and what is this?

Nolan Miller
Nolan Miller

What's a computer?

Josiah Fisher
Josiah Fisher

I just think its better to be realistic about the security of what you put on a smartphone rather than being delusional and having a false sense of security.

Brandon Long
Brandon Long

A claim that you can remember a key/pepper/seed and then essentially securely cryptographically hash that in your head using a website name as salt, giving secure passwords that can be "remembered" in ~10 seconds (with practice) provided you memories the pepper

Blake Anderson
Blake Anderson

a single point of failure
How can you have more than one?

Adam Ross
Adam Ross

2 F A M E M E S

Luis Hill
Luis Hill

Which is fine, but all you've done there is create another password manager.

Eli Garcia
Eli Garcia

The value from this comes from:
1. Your master password doesnt suck.
2. All the passwords in the database are completely random.

Charles Hernandez
Charles Hernandez

and then you shave your beard or your face changes with age and you can't log into anything

Know how I know you have no idea what you're taking about?

Aiden Cooper
Aiden Cooper

And you need to stop bumping obvious bait threads, but we can't all get what we want.

Matthew Sullivan
Matthew Sullivan

if someone punches you in the nose and it swells up, face recognition won't work and you'll never be able to log in again

Mason Wright
Mason Wright

selling a text file as a password manager is some next level marketing shit

btw that blows both local and hosted options out of the water

Jace Johnson
Jace Johnson

(YOU)

Robert Green
Robert Green

not having your password on a paper in a box with a lock on

Michael Smith
Michael Smith

2fa
not secure

Wyatt Fisher
Wyatt Fisher

not printing your passwords out

Noah Clark
Noah Clark

run local password manager
host db on owncloud
host it p2p between your machines
host it on fucking google drive who cares
ezpz

Hunter Adams
Hunter Adams

which will always introduce systemic weaknesses, no matter how clever you think you're being
It is a fact of maths that there are way too many methods capable of generating strong passwords for ANY brute force + dictionary to ever attack.
Period.
Stop listening to dumb memes.

Even using fucking DiceWare is secure enough for the next century of expected computational growth if you use 5 words.
You add a non DiceWare word in there? You shit on every dictionary that uses it.
Add a non-word word in there? You break every dictionary.

Just as you said, if you have a generation method that is random, it reveals fuck-all about your passwords on other services.
You can easily do that with manually generated passwords if you aren't an idiot.
Since they don't have a clue what your password is like, they cannot use a dictionary with it.

You seriously over-estimate how good computers are at brute-forcing, even when they use dictionaries.
Dictionaries aren't some fucking magical pill. They are for simple password strings, quotes, popular memes and other shit like that.
They don't work on generic English sentences someone pulls out their ass and mangles a single word.

The only reasonably secure system is 2 or 3FA.

Samuel Flores
Samuel Flores

have 5 physical dictionaries, 4 which are less popular languages I'm moderately fluent with
use polyhedral dices to roll numbers for a page, and then for w word on that page
5 words from 5 different languages
capitalisation of a first letter in each word determined by a coin toss
01-99 number at the end
have a piece of paper to put in on
remember 3 or 4 most used passwords
sometimes I also
roll 1d6 for number of special character I put in

hurr durr what is a dictionary attack
you don't know what are you talking about

Brandon Howard
Brandon Howard

entire life contained in keepass database
on a seagate external hdd several years old
with no backups

I live on the edge, but literally.

Robert Perez
Robert Perez

I know it must be hard to be a retard, but understand that KeePass is open source and stored offline. I don't even keep mine on a computer, it's stored in a USB drive inside a fireproof safe.

Jonathan Torres
Jonathan Torres

Nigga, I know it's bait but I'm bored and suffering from insomnia.

Andrew King
Andrew King

iamverysmart

Joshua Price
Joshua Price

I keep my DB on Google Drive to sync across my comps and phone.

Disable AdBlock to view this page

Disable AdBlock to view this page

Confirm your age

This website may contain content of an adult nature. If you are under the age of 18, if such content offends you or if it is illegal to view such content in your community, please EXIT.

Enter Exit

About Privacy

We use cookies to personalize content and ads, to provide social media features and to analyze our traffic. We also share information about your use of our site with our advertising and analytics partners.

Accept Exit