Page 2 of 6 FirstFirst 1234 ... LastLast
Results 11 to 20 of 53

Thread: Are Password Managers Really Worth It?

  1. #11
    Join Date
    Dec 2011
    Location
    The Netherlands
    Beans
    1,092
    Distro
    Ubuntu 11.10 Oneiric Ocelot

    Re: Are Password Managers Really Worth It?

    Quote Originally Posted by CharlesA View Post
    I don't understand what is so hard about adding a special character to a password. I guess it has something to do with the backend database or something.

    I don't know for sure, so take that with a kilo of salt.
    My guess?
    They don't escape the pass for DB queries... Which inherently means that it's stored in plaintext (or that the hashing is done by the db).

    I'm switching to using ubuntu SSO (although they should've called it Canonical SSO) wherever possible.
    I store my passwords in a text file on an encfs with encryption set to paranoia and the password is the sha2 hash of the "real" password.
    "Everything that has a beginning, has an end." --an unexpectedly wise wallpaper

  2. #12
    Join Date
    Nov 2011
    Beans
    1,812
    Distro
    Ubuntu Development Release

    Re: Are Password Managers Really Worth It?

    I tried a password manager for a short time a few years ago. I gave up on it due to the lack of a uniform experience across all the devices I used. Specifically, the passwords the manager generate are impossible to remember. So, when I needed to log on using a device without the manager, I was at a loss.

    Currently, I use two passwords. One is not especially strong. I use it on on low- or no-risk sites. I use a long and rather strong password on financial and other sites. It's derived from a mnemonic phrase that I've memorized (and won't forget), with the addition of odd characters in fixed places.

    I'm considering a scheme to alter that long password on a site by site basis, following some consistent pattern that's keyed to a fixed element at each site, like the site's name or URL. Something simple that I could do in my head to generate a string of characters that I would add to the base password. That would allow me to use a unique password at each site and avoid using a password manager or needing to record my passwords in any fashion
    .

  3. #13
    Join Date
    Feb 2011
    Location
    Somewhere...
    Beans
    1,559
    Distro
    Ubuntu 14.10 Utopic Unicorn

    Re: Are Password Managers Really Worth It?

    I use Firefox's built-in password manager, encrypt it using a master password (which is really long), and then use Sync to sync it across machines, which requires a password (which is also really long) AND a sync key.

    If I have spare hard drive space, I would even encrypt the home folder. Now that's a lot of protection.

  4. #14
    Join Date
    Nov 2011
    Beans
    1,812
    Distro
    Ubuntu Development Release

    Re: Are Password Managers Really Worth It?

    Of course, no security measures we take will help if soneone else permits our password to be stolen.

  5. #15
    Join Date
    Mar 2008
    Location
    Birmingham, UK
    Beans
    Hidden!

    Re: Are Password Managers Really Worth It?

    Quote Originally Posted by CharlesA View Post
    I don't understand what is so hard about adding a special character to a password. I guess it has something to do with the backend database or something.

    I don't know for sure, so take that with a kilo of salt.
    My guess is that it is much easier to protect the DB from e.g. SQL injection and whatnot if symbols are just flat out not allowed. Though a similar amount of salt should be considered with that - just a guess.

    I use LastPass, it works on everything - would be completely lost without it.
    Desktop: Phenom 955 BE | GA-MA790XT-UD4P | 8GB TG Elite 1600 | BFG GTX 275
    Conky Screenshots | Last.fm | New to Ubuntu?

  6. #16
    Join Date
    Jan 2008
    Beans
    1,534

    Re: Are Password Managers Really Worth It?

    I just write them down on my hands. Then if I see a suspicious looking person I ball my hands into fists so they can't see them. This method is also convenient if I need to do any punching.

  7. #17
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Are Password Managers Really Worth It?

    Quote Originally Posted by roelforg View Post
    My guess?
    They don't escape the pass for DB queries... Which inherently means that it's stored in plaintext (or that the hashing is done by the db).
    That would by me guess too.

    Isn't Ubuntu SSO just using OpenID?

    Quote Originally Posted by m_duck View Post
    My guess is that it is much easier to protect the DB from e.g. SQL injection and whatnot if symbols are just flat out not allowed. Though a similar amount of salt should be considered with that - just a guess.
    I guess that makes sense too. I would have thought it would be easier to just sanitize your db inputs.

    http://xkcd.com/327/

    Quote Originally Posted by Simian Man View Post
    I just write them down on my hands. Then if I see a suspicious looking person I ball my hands into fists so they can't see them. This method is also convenient if I need to do any punching.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  8. #18
    Join Date
    Jun 2012
    Beans
    12

    Re: Are Password Managers Really Worth It?

    I find using the same password I've been using since the AOL days for every single conceivable account I have adds a certain 'thrill' to everyday life...I probably need to fix that.

  9. #19
    Join Date
    Mar 2008
    Location
    Birmingham, UK
    Beans
    Hidden!

    Re: Are Password Managers Really Worth It?

    Quote Originally Posted by CharlesA View Post
    I guess that makes sense too. I would have thought it would be easier to just sanitize your db inputs.

    http://xkcd.com/327/
    Very true, but I just assume that everybody is lazy (myself included).

    That's genius, Simian Man.
    Desktop: Phenom 955 BE | GA-MA790XT-UD4P | 8GB TG Elite 1600 | BFG GTX 275
    Conky Screenshots | Last.fm | New to Ubuntu?

  10. #20
    Join Date
    Feb 2011
    Location
    Somewhere...
    Beans
    1,559
    Distro
    Ubuntu 14.10 Utopic Unicorn

    Re: Are Password Managers Really Worth It?

    Quote Originally Posted by Simian Man View Post
    I just write them down on my hands. Then if I see a suspicious looking person I ball my hands into fists so they can't see them. This method is also convenient if I need to do any punching.
    Where are my drugs and 5$ wrench?

Page 2 of 6 FirstFirst 1234 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •