Results 1 to 14 of 14
Like Tree20Likes
  • 3 Post By Yelta
  • 4 Post By Dimal
  • 2 Post By Andy
  • 1 Post By Jackster
  • 2 Post By Javaphile
  • 2 Post By Andy
  • 1 Post By pamount
  • 1 Post By Rockford
  • 2 Post By speleomike
  • 2 Post By speleomike

Thread: Password generators

  1. #1
    Senior Member
    Join Date
    Feb 2014
    Location
    Adelaide, S.A.
    Posts
    214

    Password generators

    Gene Cafe Coffee Roaster $850 - Free Beans Free Freight
    Hi folks,

    I see a lot of talk about the need to use good password generators now days. A couple of questions.

    1. Are these apps etc secure?...I see some need your email address and a password to enter so if all your passwords are stored in one spot wouldn't be just a matter of cracking one password then the hacker has a nice little list and passwords for all your protected sites?

    2. What apps are the best in your opinion? So far I can see a couple.

    Dashlane
    LastPass

    3. Why would you choose a particular app over another?

    Cheers.
    Last edited by bigdaddy; 7th April 2018 at 02:38 PM. Reason: Grammer

  2. #2
    Senior Member Yelta's Avatar
    Join Date
    Jun 2009
    Location
    Moonta SA.
    Posts
    7,122
    Have to smile at password generators, an online app, supplying passwords your online security depends on, don't think so.

    I still have the ability to put together a handful of alphanumeric characters, symbols and numbers without any effort, simple process.
    Dimal, pamount and chokkidog like this.

  3. #3
    Mal Dimal's Avatar
    Join Date
    Oct 2004
    Location
    Warwick, QLD
    Posts
    17,207
    I agree Yelta...

    Far better to have a personal tool that does this for you that can be "Synced" with other personal devices if that is necessary.
    Have been using "Keepass" for many years now, right from my Linux days to Windows 7 and beyond and it is very secure, resides on the device(s) you are using and does not depend on online storage of any kind.

    Mal.
    fg1972, Yelta, magnafunk and 1 others like this.

  4. #4
    Senior Member
    Join Date
    Feb 2014
    Location
    Adelaide, S.A.
    Posts
    214
    One bit of advise given to me recently was not to use a web based generator...

    They used 1Password...So I'll add that to the list along with Keepass.

    Cheers.

  5. #5
    CoffeeSnobs Owner Andy's Avatar
    Join Date
    Mar 2004
    Location
    Internet
    Posts
    17,087
    So many passwords can be hard to remember, particularly the ones that are machine generated.

    I was told by a security dude a million years ago (in a past life) that passphrases are easier to remember and typically are more secure.


    Gee I hate typing my password in on this site all the time.

    becomes:

    GIhtmpiotsatt.

    That's a pretty secure password and easy to remember too!
    Dimal and bigdaddy like this.

  6. #6
    Senior Member Jackster's Avatar
    Join Date
    Nov 2017
    Location
    Maddington, Perth. Wa
    Posts
    1,015
    Andy, your crazy that you use the same passphrase for your banking
    Andy likes this.

  7. #7
    Super Moderator Javaphile's Avatar
    Join Date
    Dec 2004
    Location
    Earth!
    Posts
    15,924
    Nah, if it's his bank he adds some juicy $&%*!# cuss words.


    Java "$&%*!#ing money grubbers!" phile
    Andy and Dimal like this.
    Toys! I must have new toys!!!

  8. #8
    CoffeeSnobs Owner Andy's Avatar
    Join Date
    Mar 2004
    Location
    Internet
    Posts
    17,087
    Yeah, I can't type my bank password here, the moderators will get me for sure!
    Dimal and Javaphile like this.

  9. #9
    Senior Member
    Join Date
    Sep 2010
    Location
    Melbourne, Victoria
    Posts
    246
    The reason we need such strangely spelt passwords is because in the past some bright spark grabbed a dictionary and converted every word to it's hash equivalent. Each equivalent was stored, so as to be able to decode any normal word used as a password.
    bigdaddy likes this.

  10. #10
    Senior Member
    Join Date
    Sep 2017
    Posts
    116
    They are secure, the only way someone could get to them is usually via social engineering or via Malware on your machine (if you have that, they are already in trouble irrespective of what you use, keyloggers pick up your keystrokes, analyse your browser autocomplete caches etc). Even if the hacker has console access to where your passwords are stored online, they are all encrypted so it would take years to crack them if you have been using the inbuilt pw generator (12+ characters, upper/lowercase, extended characters, numbers).


    However… the Master password is the one you need to make long and not easy to guess. I'd advise using a pass phrase with spaces, and punctuation etc. "In 1982 I found coffee!!" this is, as they say, the key to the kingdom, don’t write this down or store it anywhere. And yes if you forget it, you are stuffed – there is no resending a new one it to your Email address or a link to create the new one as all the pw stored are encrypted using that pw, once it is gone the system (Dashlane) will wipe all your stored passwords.

    Anyone who says they can manage their own passwords is probably not being entirely honest. At last count I have 135 sites in my Password Store. So can anyone honestly say they have 135 different passwords that they haven't written down and haven't put in a file on their computer? The problem here is people start using the same password at each site and this is where the bigger issue arises. If one site is compromised out of the 135 and has your pw in plain text then the hackers will try all the usual sites with your Email (which is probably in the next column along in the database) on Apple, Amazon, Facebook, Gmail etc, etc.


    Dashlane is a free download and I’d run it on your system just to show yourself how many sites are using the same password. (even this little bit of housekeeping is good). It can be a bit obtrusive sometimes admittedly as it tries to fill in forms and login pages for you.
    bigdaddy likes this.

  11. #11
    Senior Member speleomike's Avatar
    Join Date
    Nov 2005
    Location
    Sydney
    Posts
    948
    Hi

    > They are secure, the only way someone could get to them is usually via social engineering or via Malware on your machine

    Lastpass which is one of the bigger and best of the online password managers has been breached at least thrice; 2011, July 2016 and March 2017. Others have been breached or hacked also. Lastpass is still one of the better ones out there. I would suggest choosing carefully.

    Mike
    Dimal and bigdaddy like this.

  12. #12
    Junior Member
    Join Date
    Apr 2018
    Posts
    15
    Plus 1 for 1Password. Sync it with Dropbox or iCloud and you are good to go.

  13. #13
    338
    338 is offline
    Senior Member
    Join Date
    Mar 2017
    Location
    Sydney
    Posts
    918
    Quote Originally Posted by nicholas1121 View Post
    Plus 1 for 1Password. Sync it with Dropbox or iCloud and you are good to go.
    Hi Nicholas, not trying to be argumentative, just wondering how you came up with syncing with dropbox or icloud and how you choose between them? Is syncing with either recommend for security? It has been a couple of years since either were mass hacked, Dropbox had 68M compromised users and iCloud 40M, assuming Apple has more users probably makes iCloud the safer option - unless you are one of the 40M! Maybe a usb drive or two hidden in the house or garage would be a safer option?
    ,

  14. #14
    Senior Member speleomike's Avatar
    Join Date
    Nov 2005
    Location
    Sydney
    Posts
    948
    Hi

    The safest option and what the world is moving towards is 2FA. Something you have (usually some USB based thingo like a Yubikey or others) plus something you know (like a pass phrase) together. Passwords are being phased out and in 5 years these web based online password managers will mostly be gone. Google, Microsoft, Amazon Web Services, Linode, Cloudflare and all the big places support 2FA of some sort. Uptake is slow but will increase. It's like http to https, slow then a rush as it becomes easier and a necessity.

    Mike
    bigdaddy and 338 like this.



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •