Author Topic: One password for everything  (Read 25051 times)

Offline an613

  • Dansdeals Platinum Elite
  • ****
  • Join Date: Apr 2010
  • Posts: 319
  • Total likes: 2
  • DansDeals.com Hat Tips 1
    • View Profile
Re: One password for everything
« Reply #20 on: January 08, 2015, 09:52:00 AM »

How do you guys know who is behind these programs I don't get it. Its the easiest way to get all your passwords without working for a second you may just be paying them to have all your passwords

That's the part that makes me scared of using lastpass and others like it that store them online- it's a single point of failure and too large of a target for hackers. It's not a question of if they're going to get hacked, it's a question of when. No one is secure enough to keep out hackers who are determined.

1password and keepass keep the passwords locally on your computer so much less of a risk. Granted there is still a risk someone will hack your computer but the benefit of having strong unique passwords for my accounts makes it worth it.

Offline AnonymousUser

  • Dansdeals Presidential Platinum Elite
  • ********
  • Join Date: Feb 2013
  • Posts: 3001
  • Total likes: 13
  • DansDeals.com Hat Tips 0
    • View Profile
Re: One password for everything
« Reply #21 on: January 08, 2015, 10:34:23 AM »
That's the part that makes me scared of using lastpass and others like it that store them online- it's a single point of failure and too large of a target for hackers. It's not a question of if they're going to get hacked, it's a question of when. No one is secure enough to keep out hackers who are determined.

1password and keepass keep the passwords locally on your computer so much less of a risk. Granted there is still a risk someone will hack your computer but the benefit of having strong unique passwords for my accounts makes it worth it.
I don't know for sure, but I assume that the passwords are stored online in an encrypted form. They probably don't even have the decryption key; it can only be unlocked by your master password.

Offline Yaalili

  • Dansdeals Lifetime 10K Presidential Platinum Elite
  • *******
  • Join Date: Jul 2009
  • Posts: 12764
  • Total likes: 473
  • DansDeals.com Hat Tips 157
  • Gender: Male
    • View Profile
  • Location: Crown Heights, NY
Re: One password for everything
« Reply #22 on: January 08, 2015, 10:41:32 AM »
Do you mean your Staples account has the same password as your Ink card?
Not really safe. If one weak website gets hacked, everything is in danger.

+1. And different websites have different requirements, letters, numbers, how many, caps, symbols etc..

Offline etech0

  • Dansdeals Lifetime 10K Presidential Platinum Elite
  • *******
  • Join Date: Dec 2013
  • Posts: 12861
  • Total likes: 3316
  • DansDeals.com Hat Tips 1
    • View Profile
  • Location: not lakewood
  • Programs: DDF
Re: One password for everything
« Reply #23 on: January 08, 2015, 10:45:22 AM »
    +1 me too. cant get hacked deleted etc.
Can get stolen or destroyed though
Workflowy. You won't know what you're missing until you try it.

Offline srap

  • Dansdeals Presidential Platinum Elite
  • ********
  • Join Date: Dec 2013
  • Posts: 2819
  • Total likes: 202
  • DansDeals.com Hat Tips 4
    • View Profile
Re: One password for everything
« Reply #24 on: January 08, 2015, 10:57:56 AM »
I have a low tech version.  It's not portable, so it only works on my home PC.
http://www.staples.com/Staples-Perforated-Notepad-Narrow-Ruled-White-5-x-8-12-Pack/product_163873
;D You are a riot!!

I don't trust any online entity (surprise) nor myself to keep @ckmk47's low tech version safe.  I have one 'password' for everything, but my password is a pattern.  I correctly reinvent each of my hundreds of passwords each time I use them.  Your pattern can be simple (not smart) or quite sophisticated with multiple parts.

Offline an613

  • Dansdeals Platinum Elite
  • ****
  • Join Date: Apr 2010
  • Posts: 319
  • Total likes: 2
  • DansDeals.com Hat Tips 1
    • View Profile
Re: One password for everything
« Reply #25 on: January 08, 2015, 11:11:22 AM »

I don't know for sure, but I assume that the passwords are stored online in an encrypted form. They probably don't even have the decryption key; it can only be unlocked by your master password.

Yep they probably are but because everything has to communicate with their servers, it introduces lots of new vectors to be attacked that just don't exist if everything is Iocal. E.g, http://siliconangle.com/blog/2014/07/14/password-managers-hacked-researchers-find-critical-vulnerabilities/

Don't get me wrong, it's million times better than nothing or using same password everywhere but still more vulnerable than then the local ones

Offline an613

  • Dansdeals Platinum Elite
  • ****
  • Join Date: Apr 2010
  • Posts: 319
  • Total likes: 2
  • DansDeals.com Hat Tips 1
    • View Profile
Re: One password for everything
« Reply #26 on: January 08, 2015, 11:21:01 AM »

I don't trust any online entity

+1. I don't use mint for this reason

Offline yesitsme

  • Dansdeals Lifetime Presidential Platinum Elite
  • *********
  • Join Date: Dec 2014
  • Posts: 5020
  • Total likes: 2237
  • DansDeals.com Hat Tips 4
  • Gender: Male
    • View Profile
Re: One password for everything
« Reply #27 on: January 08, 2015, 11:59:59 AM »
How do you guys know who is behind these programs I don't get it. Its the easiest way to get all your passwords without working for a second you may just be paying them to have all your passwords

no one is immune no one is safe you have to choose the safest option you have there are [3] basic option
  • to  store all passwords in one central encrypted database, risk once they decrypt it they have everything
  • have the same 2-3 passwords for everything, risk they get you once they got everything EX: dansdeals.com doesn't have ssl etc
  • not central + different passwords for everything, risk very low but probebly have a hard time to remember each & every password

if they hack your computer to get your password from last pass they can the same @ chase.com
["-"]

Offline yesitsme

  • Dansdeals Lifetime Presidential Platinum Elite
  • *********
  • Join Date: Dec 2014
  • Posts: 5020
  • Total likes: 2237
  • DansDeals.com Hat Tips 4
  • Gender: Male
    • View Profile
Re: One password for everything
« Reply #28 on: January 08, 2015, 12:08:51 PM »
TIP
if you ever get a email with a link to sign in dont click the link just enter it manually in the browser
Today my friends email was hacked i received the following:

Quote
Hello,

View the documents i have attached for you using Drop Box. Please let me know your opinion.

Click here to view http//dropbox .com/login/documents log on with your email for immediate access to view.

Regards,

the link was actually sending me to http://www .deltagroup .com .my/deltagroup/images/les/fox/dropbox/index .php

it looks just like dropbox when you submit the redirect you to dropbox.com after they got all your info (i spaced the link it shouldn't be accessible )

looks like the domain name is .com and deltagroup is the sub domain interesting
« Last Edit: January 08, 2015, 12:24:30 PM by yesitsme »
["-"]

Offline AJK

  • Dansdeals Lifetime 20K Presidential Platinum Elite
  • ********
  • Join Date: Jun 2011
  • Posts: 25419
  • Total likes: 721
  • DansDeals.com Hat Tips 15
  • Gender: Male
    • View Profile
  • Programs: United Concierge Key; Delta Global Services; American Chairman; US Airways 1K; Hilton Sapphire; Hyatt Tritium; Marriott Californium; Starwood Kryptonium; Hertz Plutonium; National Adamantium, Avis Executive Proactanium
Re: One password for everything
« Reply #29 on: January 08, 2015, 12:16:53 PM »
Keepass. Free and open source.

+1

Use it daily, have the database stored in my gDrive and accessible from anywhere, home PC, work PC, and mobile. Stores password, CC info, etc. Encrypted with Advanced Encryption Standard, which became effective as a U.S. Federal government standard and is approved by the National Security Agency (NSA) for top secret information.

Am able to use password generator to generate passwords that comply with whatever the website requirements (like: x&7f45C#n) and not have to remember anything except a single, albeit very complicated, password.
« Last Edit: January 08, 2015, 12:20:40 PM by AJK »
2015: 116K bkd | 1.6M brnd | F: OZ,NH,AA,EK | J: UA,CA,TK,DL,TN,AF,VA | LIH,NRT,ROR,PEK,CNS,BOB,MEL,TLV & Pacific Hopper

Offline yesitsme

  • Dansdeals Lifetime Presidential Platinum Elite
  • *********
  • Join Date: Dec 2014
  • Posts: 5020
  • Total likes: 2237
  • DansDeals.com Hat Tips 4
  • Gender: Male
    • View Profile
Re: One password for everything
« Reply #30 on: January 08, 2015, 12:38:31 PM »
Am able to use password generator to generate passwords that comply with whatever the website requirements (like: x&7f45C#n) and not have to remember anything except a single, albeit very complicated, password.


Password: mynameisnotyoursby12
is stronger then
Password: !@#DTh282=/

easy to remember and stronger
["-"]

Offline etech0

  • Dansdeals Lifetime 10K Presidential Platinum Elite
  • *******
  • Join Date: Dec 2013
  • Posts: 12861
  • Total likes: 3316
  • DansDeals.com Hat Tips 1
    • View Profile
  • Location: not lakewood
  • Programs: DDF
Re: One password for everything
« Reply #31 on: January 08, 2015, 12:40:25 PM »
Another option is to have different levels of passwords, based on how much security you need for that site. Then you can have 1 passwor for all the lowest level things, and passwords/patterns for the other level(s).
Workflowy. You won't know what you're missing until you try it.

Offline Yaalili

  • Dansdeals Lifetime 10K Presidential Platinum Elite
  • *******
  • Join Date: Jul 2009
  • Posts: 12764
  • Total likes: 473
  • DansDeals.com Hat Tips 157
  • Gender: Male
    • View Profile
  • Location: Crown Heights, NY
Re: One password for everything
« Reply #32 on: January 08, 2015, 12:41:14 PM »
Another option is to have different levels of passwords, based on how much security you need for that site. Then you can have 1 passwor for all the lowest level things, and passwords/patterns for the other level(s).

Thats what I do.

But then you still get stuck with some low level security that require high level passwords.

Online avromie7

  • Dansdeals Lifetime Presidential Platinum Elite
  • *********
  • Join Date: Feb 2014
  • Posts: 8188
  • Total likes: 2713
  • DansDeals.com Hat Tips 6
    • View Profile
  • Location: Lakewood
Re: One password for everything
« Reply #33 on: January 08, 2015, 12:42:51 PM »

Password: mynameisnotyoursby12
is stronger then
Password: !@#DTh282=/

easy to remember and stronger
-1 there is more than one way to hack a password it's definitely harder to crack with brute force but there are other ways to hack that your first one is easier to crack
I wonder what people who type "u" instead of "you" do with all their free time.

Online avromie7

  • Dansdeals Lifetime Presidential Platinum Elite
  • *********
  • Join Date: Feb 2014
  • Posts: 8188
  • Total likes: 2713
  • DansDeals.com Hat Tips 6
    • View Profile
  • Location: Lakewood
Re: One password for everything
« Reply #34 on: January 08, 2015, 12:45:12 PM »
Thats what I do.

But then you still get stuck with some low level security that require high level passwords.
A friend of mine has 3 passwords one for things that don't really need a password and he would almost publicize it another for things that need a password but are not extremely important and a third for banks and really important stuff which he changes every few months
I wonder what people who type "u" instead of "you" do with all their free time.

Offline yesitsme

  • Dansdeals Lifetime Presidential Platinum Elite
  • *********
  • Join Date: Dec 2014
  • Posts: 5020
  • Total likes: 2237
  • DansDeals.com Hat Tips 4
  • Gender: Male
    • View Profile
Re: One password for everything
« Reply #35 on: January 08, 2015, 12:56:39 PM »
-1 there is more than one way to hack a password it's definitely harder to crack with brute force but there are other ways to hack that your first one is easier to crack

i have some news for you http://xkcd.com/936/


« Last Edit: January 08, 2015, 01:07:34 PM by yesitsme »
["-"]

Offline skyguy918

  • Dansdeals Presidential Platinum Elite
  • ********
  • Join Date: Mar 2011
  • Posts: 3810
  • Total likes: 826
  • DansDeals.com Hat Tips 1
  • Gender: Male
    • View Profile
  • Location: Queens, NY
Re: One password for everything
« Reply #36 on: January 08, 2015, 01:44:31 PM »
i have some news for you http://xkcd.com/936/



Except that a ton of websites wouldn't even let you use the horse password. Which is backwards of course, but whatever...

Offline yesitsme

  • Dansdeals Lifetime Presidential Platinum Elite
  • *********
  • Join Date: Dec 2014
  • Posts: 5020
  • Total likes: 2237
  • DansDeals.com Hat Tips 4
  • Gender: Male
    • View Profile
Re: One password for everything
« Reply #37 on: January 08, 2015, 01:59:02 PM »
Except that a ton of websites wouldn't even let you use the horse password. Which is backwards of course, but whatever...

what websites let you do isn't מכריע what's right
["-"]

Offline dudi

  • Dansdeals Lifetime Platinum Elite
  • *******
  • Join Date: Nov 2013
  • Posts: 1621
  • Total likes: 5
  • DansDeals.com Hat Tips 10
    • View Profile
  • Programs: Star Alliance Gold, Skyteam Elite Plus
Re: One password for everything
« Reply #38 on: January 08, 2015, 02:05:18 PM »
In my hble understanding what these programs are doing are sotoring your passwords on your computer probably in a excel file and the program is just a UI well in that case a hacker that knows how the program works would just search for the right name and he has all your passwords. Instead why not create your own unidentified excel sheet and you can even put a password on it

Offline yesitsme

  • Dansdeals Lifetime Presidential Platinum Elite
  • *********
  • Join Date: Dec 2014
  • Posts: 5020
  • Total likes: 2237
  • DansDeals.com Hat Tips 4
  • Gender: Male
    • View Profile
Re: One password for everything
« Reply #39 on: January 08, 2015, 02:09:02 PM »
In my hble understanding what these programs are doing are sotoring your passwords on your computer probably in a excel file and the program is just a UI well in that case a hacker that knows how the program works would just search for the right name and he has all your passwords. Instead why not create your own unidentified excel sheet and you can even put a password on it

In my hble understanding that you don't understand the basics of encryption
["-"]