With a password manager, your attack surface is your email, and the password to the manager. You can focus your efforts on securing those two things with 2fa, a hardware device, etc. Every other password can be extremely difficult, and only grant access to an individual service.

Compare it to an algorithm, where your attack surface is "every service." If one password is compromised, they all are. Then you have to change them all manually, and remember what's been changed, when.

In an age of great open source options like bitwarden, Keepass, and unix pass, there's no excuse for using an algorithm anymore.

The point of an algorithm as opposed to a single shared password is that this isn't true. With a basic algorithm, you can avoid automated attacks based on password dumps. With a more complex algorithm, even a determined attacker targeting you would have a really hard time figuring it out. Regardless, it probably would need to be a few passwords, not just one. Also, any good web service will implement rate limiting and other protective measures, so brute force attacks are unlikely to work.

The counterargument to "minimize attack surface" is "avoid single points of failure", and that includes both attacks and accidentally losing access to all of your passwords. What if I drop my phone and/or laptop in a lake? What if I forget my master password somehow? What if someone installs a keylogger and gets my master password? What if I accidentally install a malware version of the password manager client that steals my password?

Not that I necessarily think that an algorithm is better overall than a password manager, but I think it's not as obvious a decision as you're claiming.

I see an algorithm as a single point of failure of its own, in the case where a determined bad actor has direct access to your algorithm. At that point you've traded potentially complex passwords for intentionally weak and guessable passwords. Yes, rate limits and other protections may mitigate the threat, but once an attacker has access to your algorithm, they quite possibly have a much easier password cracking game to play.

From that perspective, and from the other direction, most algorithms that I've seen make me a single point of failure. I still have to remember a set of weak passwords for every site I use. The algorithm may work to step up the overall complexity and entropy of the weak passwords I use, but I still have to rely on somewhat faulty memory for a series of passwords. Even if that information is easily accessible there's still a lot of variables and forgetfulness that can take place and sometimes it would be me trying to password crack my own passwords (Did I use "facebook" or "fb" or maybe it was "facebook.com"? Was this was password rotation number 12 or 13 or second quarter 2015?). Add in the encoding difficulties to make sure that you can generate a password within the arbitrary complexity requirements of sites themselves (I need a weak password that generates a strong password with no SQL keyword symbols, but at least one capital letter, one emoji, and at least one platitude to an elder god), and you really are just trading one set of complex passwords for an equally arbitrary set of weak passwords (to get the right output I had to use "facebook@2015", transpose odd characters into the Unicode astral plane by divination, and truncate the output to the first 12 code points).

A benefit to a password manager is that my own faulty memory isn't itself a part of the threat model. I don't have to maintain a list of weak passwords and/or additional "clean up steps" to feed to an algorithm.

On the flipside, I don't know anything about my Facebook password inside my password database. I just copy and paste it when it is needed. There are threat models where that is a benefit. If I'm asked, on the spot, in a location without access to devices which I trust to produce my Facebook password, I cannot, because I honestly do not know it. A judge or over zealous customs agent can't make me remember what I don't know. How likely of a threat that is, I don't know, but it's a threat model that an algorithm can't pass if a judge considers your weak password and knowledge of your algorithm as a password that you know and must divulge. That's of course entirely speculation, there's no US precedent on that yet, but on the flipside there are US precedents protecting "I don't have the right device on me", and most bets are off when your threat model includes a government actor specifically threatening you. But it's still a fringe benefit to certain threat models, ymmv.

Not to make a long comment unnecessarily longer, but there are mitigations available based on your threat model to keep a password manager from being a single point of failure:

* Use multiple databases with different master passwords for different threat models/risk level assessments/use cases.

* Explore options for synchronization systems based on your threat models. For instance, I might have a low risk database synchronized with OneDrive/GDrive/Dropbox, but keep riskier databases in various combinations of Keybase file shares, or Resilio Sync encrypted shares, or a lone self-destructible USB thumb drive primarily kept in a safety deposit box. Similarly many file sharing systems allow you the means to explicitly manage which devices have which files/shares, and you can use that to your advantage as well.

(I've stuck with KeePass over the years because it offers a lot of flexibility in how I maintain and sync my constellation of password databases.)

Unless you are a high value target, there is a pretty good chance no one is sitting specifically bruteforcing your passwords.

Your biggest source of attack is then a password dump, where you are one of the many millions compromised and now your other accounts (if you reused the same password) are now vulnerable to automated attacks. Even in this case, no one is going to sit around trying to figure out your password algorithm.

Even when it comes to compromised accounts, not all of them are equal. For most people, their primary email, banking and social media accounts are paramount, because they are fundamentally linked to their identity (I would be horrified if my FB or GMail were to be compromised, but only mildly miffed if my etsy account where I have made one purchase were to be compromised).

All in all, it seems that the most important thing to do is to never reuse a password for ANY of your primary accounts (email, finance, social media, other forms of identity). Ideally for those, don't use an algorithm either. And set up 2FA for these.

And for other accounts, preferably never reuse passwords. Whether you use a password manager to manage them or an algorithm should not make too much of a material difference.

So, that is totally a legit concern.

What happens when you run into a site that won’t accept your algorithmic generated passwords?

Do you fall back to a traditional password manager?

If so, then you’ve just increased your attack surface area by an order of magnitude.

What happens when you need to change your master password because of a compromise, and now all of your passwords have to change at the same time?

You maintain a public file that has metadata that is meaningless to an attacker. Metadata such as min/max length restrictions, etc.

If the algorithm is not reversible, "one password is compromised, they all are" isn't true. Only if the master password is compromised, then all your passwords are (but this is exactly the same with any password manager.)

The one thing that personally I don't like about vaults is availability of my passwords. You need your password manager (i.e. the app) to get your passwords. I've had multiple situations, typically when traveling, where I didn't have access to my devices, and thus I didn't have the app.

With a vault, if you ever “leaked” your vault file, it’s the same. To me, it’s hard to think to a realistic case where your master password is leaked, but you’re 100% sure your vault file is not.

https://github.com/magkopian/keepassxc-debian

My password for Amazon is "f3cfcb6ZUZ^". What's my algorithm?

https://lowe.github.io/tryzxcvbn/

https://blog.codinghorror.com/your-password-is-too-damn-shor...

On Linux I use the pass command, on Windows I use QtPass [2], and on Android I use Password Store [3] and OpenKeychain [4] (for the PGP key).

My "master password" is the password for the PGP key, and I type it each time I want a password. Git keeps everything in sync. If one of my devices is compromised, you still need the password for the PGP key. If my git server is compromised, you'd need the PGP key (which isn't on the server).

[1]: https://www.passwordstore.org/

[2]: https://qtpass.org/

[3]: https://github.com/zeapo/Android-Password-Store

[4]: https://www.openkeychain.org/

1. Memorize some base password 2. Memorize a way in which you mutate that password based on the name/type/other of the service logging in to.

Eg. Hunter2 becomes eHunterG8 Because my example algorithm cares about Google's first letter, length, and service type: email.

It allows every password to be different but you only memorize two things. It is meant to be a "good enough" solution that is much better than using the same password for everything, but naturally is worse than using significantly different passwords.

I've used this for a few years to great success. The one issue I have is I sometimes have to try multiple times when one account is many types of services.

That's why I like using LessPass (even though people talk a bit of shit about it whenever it's mentioned on HackerNews). I have a single master password, the rest of my passwords aren't compromised if I accidentally expose one of them, and I can log in to any site from any device with a browser. Of course, use 2FA when you can, but it's nice to have a secure first layer of defense.

If you’re a high value target then you shouldn’t do this

I've been trying to understand password managers for a while. My workplace forces us to use one.

But what you've said doesn't make sense. If your "master password" used in the password manager is discovered, then all your passwords are compromised.

If my laptop or phone gets stolen and someone knows the password from my password manager, then I'm done for.

I choose to follow the algorithm approach too. Even though it's BS.

I also have it set to 2FA with google authenticate, so I need to have my phone everytime I log in. It takes longer to login but its worth it

So even if my password were compromised by a keylogger / brute force, you would still need to have access to my phone.

I don't use lastpass on my phone so that's not a nonissue for me. I don't link my phone to my computer at all (airdroid, teamviewer, etc). You would need to have

- My master lastpass password

- My unique phone password and my phone

Both events are kind of unlikely to happen. I worry more about lastpass leaking passwords than me being hacked at any point, since this is the major disadvantage of using lastpass over keepass.

lastpass is nice since I can just make autogenerated throwaway passwords and have a way to take notes on passwords I change over time

I hate the stupid restrictions sites place on passwords. There should be almost no restrictions.

What's your solution for annoying sites that require changing your password every 3-12 months, and not reusing previous passwords? If eHunterG8 becomes eHunterG9 and then eHunterG10, how do you remember the number you are up to?

Good question. I just start with 2 (yes, that's weird) and then increment every time or choose the symbol so I eventually exhaust. This is the same question for unique password per different types/groups of websites. The good thing is more websites have abandoned the annoying security question/answer when it comes to forgot password/forgot username. Just straight to SMS/email. For example I cannot remember my cable provider's online account password. The policy is just ridiculous, so I use "forgot password" every single time. Email only, quick and simple.

Please for everyone reading this - please abandon security questions as a requirement and stop being so hard on password requirement such as limiting the length (Twilio I am looking at you, yes). Just ask for a long password and give hints to users how to choose a good password. While the argument for complex password is to increase the search entropy, let's spend more time on securing your server and mitigating common attacks. Users will probably just append a number. So "myAwesomePassword$" is easy to try once "myAwesomePassword" is compromised from another service. Educate your users.

Let user be responsible; I have my "secure" complex rules for password, let me be in control, I don't want to bend to meet your requirement.

Another alternative is always ask for a one-time password (but a lot of users will find that very inconvenience). Choose one.

Unless you are enough of a celebrity or public figure to be personally targeted, nobody will bother. A password leak is going to have 100 million accounts in it, at least 50% of these reused without modification at other websites. Any automated bots and spammers will just try the exact passwords on other sites. If it doesn't work, they move on to the next account and password, instead of trying to guess modifications of non-working passwords.

Does your threat model include anything NOT bulk, ie where a human would see a password and guess the pattern?

Have you tried any of the password managers that have integrations, to automate password changes in case of failure?

Have you ever heard of the security concept of minimizing your attack surface?

I have no opinion on password managers. It's just something I don't want to commit time to. My solution is easy and requires no management on my part. Ie. no software or hardware or anything to maintain.

KXl2h!H (H)

That would tell me that the password is KX12h! plus whatever the base password for H is. My hope is that unless someone was really targeting me, I would be skipped over as not worth the effort.

This way, even if someone broke into 1Password or one of my other password managers, they still wouldn't have the password.

The part I struggle with most, is how/where to store these & Authy/Google Authenticator tokens in a manner that they can be delivered to specific people in the case of my death without decreasing security.

Something I've often wondered about...

In my case, I am using Google Drive as my Backup Storage. If I were to put my Gmail Password in the manager I'd be locked out in the worst case and would not have access to my backup.

* salt to make stupid password rules happy and to make it somewhat safe to write down passwords. e.g. "mysecretsalt42$". This gets appended to all passwords and doesn't get written down anywhere.

* encrypted text file, used rarely when I forget a password. e.g. `vim -x socialmedia.txt`. I find this a bit better than Keepass or pass because it's not one obvious attack target (both the file and app).

* optionally, a paper backup

Not a panacea, but significantly minimizes the length of a theoretical breach.

Wish I had more time to spend on it.

A real problem I ran into is that a full browser is required for many operations, now. Instagram.com, for example, is completely opaque to non-DOM+JS browsers. Right down to the shamefully empty `<noscript>` block.

Please don't get me wrong, it would be great to have a service to centralize all your passwords including rotation, but this already exists. It's Google/Facebook if you choose to use oauth to sign in into other sites.

If this kind of api/js would exist and work, an attacker could exploit it to automatically change user's password.

Note that changing password is often used also as a simple mechanism to log out all the sessions (simple = easy to understand for the end user).

In summary, I really hope all website would do all they can do to protect their change password endpoints from automatic tools.

For me, passwords need to exist and need to be remembered, because if this is not the case, then many other security assumptions fail. With this I don't want to say that the current state of affairs is good, I definitely think that we need to invest in more mechanisms to help users remember their passwords, or reuse them in secure ways.

0. https://github.com/SirCmpwn/pass-rotate

I’m not sure what you mean by “as well as your master”, though. If your master password is programmatically changed, how would you be able to access any of your stored passwords?

sha256("password"+domain)

The problem is, the login form doesn't remind that a) a special character was required and b) what characters that particular site thinks are "special".

(Data: I have 72 logins currently cached in Firefox. Every single one of those sites accepts 10-character mixed case alphanumeric passwords with no extra special character requirements. About once a year I come across a site that needs one.)

Still, I'd say it's inconvenient to have "special cases" to remember about. Even if they're something important, like banking.

---

Someone had mistaken downvote with "I disagree" rather than "unhelpful". Upvoted you, as I think your comment was helpful and contributed to the discussion.

But this is going off-topic (and discussing votes is something we should refrain from)

[1] https://hackernoon.com/mempa-a-modern-deterministic-password...

    $ perl -e 'use Digest::SHA "sha256_base64"; print sha256_base64("master_password mail.google.com"), "\n";'
    g/sOxZfr2DFE12r8Gs/D0bhwat5kku41L+kFmuCCQOo

For the special chars, I chose the Safari way of encoding, i.e. I only extract alpha-numberics from base64, and add a "-" every 3 chars. This also improves readability. I assume that if Apple chose this way of doing, either they studied it and/or sites will conform to that.

It works very well from my experience.

If you use git to store your passwords you can use that to see the age of entries neatly too:

https://blog.steve.fi/rotating_passwords.html

I have a file of the first word that comes to mind for every letter in the alphabet. Then my password is created based on some features of the site.

I.e. eBay has 4 letters so I could choose: 'Elephant_4_Yankee'

The delimiter is up to you and you could just as easily choose every second letter or whatever.

Yes, it does mean my Netflix password is a bitch to put in but I know it off by heart.

For each site you have to consider; what is the worst thing that could happen if somebody gain access to that account? Do you have a meaningful online presence on the website? Did you enter private information that you don't want to go out? Did you provide your credit card to the site? It would actually be useful if sites where classified by the type of information and access that they require.

Another short answer would be: memorize your computer, email and password-manager passwords. Use the password manager for day-to-day sites. Add a second factor for juicy targets like net banking. For all the other sites, generate a random string and throw it away. Use password reset the next time you want to log into it.

I need to remember just 1 good password (that I don't use anywhere else). I use it to encrpyt different passwords for different uses (gmail, banking, etc). I put the url with encrypted password in my bookmarks and a google doc (to share with my wife).

To hack me, the attacker would need get both the link (from my laptop's bookmarks) or from the google doc ... and then would need to guess the password to decrypt it.

Yes, it's a single point of failure (probably more, depending on how you choose to define them) but it is invariably more secure than me remembering my super-nifty password algorithm.

It's not perfect, but I trivially generate very long passwords for every service, and have to remember the master password only of my email and my 1password account.

If anything is truly important, it will have 2 factor authentication.

If someone has access to my unlocked physical machine and an unlocked 1password UI, I'm screwed. Additionally, they could use the wrench approach [0] to gain my credentials.

This is not a use-case I'm actively trying to prevent. Nor is protection against state-level actors targeting me in particular.

Further benefit of 1password: my wife and I both use certain shared logins to access things like credit card accounts.

Instead of me having to get her on board with my password book, or special algorithm, I can just move a login into our shared password vault.

I suspect most people reading this are in a similar boat - we're more than happy to pay a few dollars to hire millions of dollars of specialized security knowledge to outsource this problem for us.

This is just too mundane a solution for most people to comment on.

Long live 1Password!

[0] https://xkcd.com/538/

When I did the export/import it ruined tons of passwords because if it had an ampersand symbol (&) it turned it into &amp; resulting in me editing tons of passwords manually. It sucks at saving passwords too, lastpass just worked.

Plus no check on password integrity or strength or leaks. It was nice to do a scan and check on what passwords should be updated, what my duplicates are (if any), mass update, etc. So, basically I went from free but kinda ugly to pretty but broken and more $. This has been the worst trade deal in the history of trade deals, maybe ever.

YMMV but I wish I didn't switch and to move back would be another annoyance that I might do if I didn't just pay for the year.

re: password generation in-browser - this is working just fine for me. [0]

And re: pw integrity or strength - this might not be everything you're looking for, but it's close.

under a 'Security Audit' tab, it has categories for:

- Watchtower (logins associated w/sites that are known vulnurable/exploited)

- Weak Passwords

- Duplicates

- 3+ year old PWs

- 1-3 year old pws

- 6-12 month old pws.

I'm not trying to be a 1password apologist, but I find it to cover my day-to-day use _very_ well. To be sure, I still tweak things in the UI at times. It doesn't capture login URLs perfectly all the time. Etc. But it's pretty good.

[0] https://cl.ly/07072T0e1P2C/Add_Comment___Hacker_News.jpg

I don't have any of these other options either. If I click on generate password the box just goes away. Maybe I should scrap the extension and just use the mac/windows application? I was reading a number of reports about not syncing between these. If I have both on maybe it'll cause issues?

[0] https://imgur.com/a/msydX

I'd delete the extension and re-install from AgileBit's website, and make sure the 1password app on mac is talking to the extension.

This is odd, but good luck! Obv. their support team would help square things away way better than this random internet stranger could!

1Password used to be better at this. Generating a password was pretty obvious, it was consistent across mobile/desktop, and the save workflow was better. It’s been several versions since that was the case (v. 3, maybe?). Now I have to hunt for the functionality and then it gets put someplace with no reference to what it is.

Plus no check on password integrity or strength or leaks. It was nice to do a scan and check on what passwords should be updated, what my duplicates are (if any), mass update, etc

I know the Mac version will give you all of this. Compromised sites, dupes, weak passwords, old passwords, there’s a filter for each, and I think you can make your own. It does not appear that you get this on mobile, though.

I use 1Password for not only credentials but as a document vault for everything from passports, birth certificates, anything else that falls under "needed after the house burns down". It's one of the most elegant pieces of software I've ever used.

The newest version of the Windows app doesn't support creating or opening local vaults, only storing data in their cloud.

They also no longer offer perpetual/non-subscription licenses, including for the older version that supports local vaults.

At the very least the first would be a requirement for any sort of "self hosted" setup.

I ask because I use iCloud heavily. Nearly 1TB of photos/videos and now use 1Password with iCloud sync.

Has Apple made mistakes when designing iCloud, allowing unauthorized access to accounts? Yes.

It was not an elegant process, and the friction kept me from following through for more than a few months.

I finally pulled the trigger, spent the time and hassle migrating everything, and am now glad that I did.

1) passwords are a serious stuff, so you want serious people to to some serious work behind your PM (AKA, it can't be free); 2) passwords are a too fundamental tool of our digital existences to have a monthly-based subscription. The idea of being locked out of your services when you can't afford to pay the monthly fee is just horrible.

That said, over the time horizon of many years, $40 doesn't cover much at all. For the reasons you mentioned, I felt a sense of relief when I moved over to the monthly model.

I'd happily pay them $5/mo to continue using their product as I've been using it - with local vaults, not with their cloud product.

I won't take their product for free if it comes with a forced "upgrade" to the cloud service.

We do a lot of travel and financial witchcraft so having full access to each other’s into at the unlock of a thumbprint is extremely convenient.

We also have a team vault at FarmLogs which is hugely helpful for sharing access to singular accounts.

It’s such a valuable tool that I don’t even think about paying for it.

* passports

* drivers licenses

* birth certificates

* visas

* proof of residency

* vaccination records

* bank paperwork

* etc

We're in the same boat. We travel a lot, often for extended periods of time, and both work fully remotely. Any document anyone could want from me, for any reason, lives in 1password.

They could double the price, and I'd gripe a little, but would never imagine walking away from the tool.

(er, 1password, don't double your prices, if you're reading this.)

edit: formatting

1: https://chriszarate.github.io/supergenpass/

https://play.google.com/store/apps/details?id=info.staticfre...

I use SGP for the bulk of my throwaway accounts.

1. Generate a long random password.

2. Use that password once, but don't make any effort to store or remember it.

3. When you need access to the service, use the Forgot Password flow. Return to Step 1.

This is admittedly inconvenient, especially on mobile, and it won't work well if you routinely use devices that cannot access your email. But...it is an alternative approach that removes the need for a password manager.

In my personal experience, this approach has worked well for services I use rarely, especially those with good Forgot Password flows or long remember-me session times.

See also: Passwordless[0] is a Node library that discusses a similar approach to authentication from the service's perspective.

[0] https://passwordless.net

I used to have a little notebook with everything, tucked 'securely' out of the way. I mean, even in a robbery somebody isn't going to rifle through some junk on a shelf right? I came to think though, that in that situation of course a list of passwords is not the target but if the robber has a small amount of technical knowledge (getting more likely, these days) then the risk is that they recognize the value of something like a book of passwords and just take it along. All of a sudden, their technology aware friend has access to my bank account!

So, I use Keepass now with a long passphrase, and syncthing keeps copies of the database distributed across several devices in several locations for me and I have access from all the various operating systems that I use. I am thinking about giving the passphrase to a friend also, as I have known him for 30+ years but I do not work with him or live near him and see him only yearly or less.

It would be great if someone added this feature into Keepass so that you didn't have to use an additional tool. Each instance of a database would have its own key and set of linked databases. When you open the database it would sync with every one of its linked databases that is also open. This would (hopefully?) get around the problem of adding new passwords to different databases before syncing. I expect one issue might be that people tend to only log into one instance of their database at a time.

It has problems on sites that have shitty password rules. But for those sites, i just mash the keyboard then rely on the forgotten password link.

If you're concerned, you could use separate files for different levels of security, which would give you the theoretical ability to compartmentalize the loss. But again, if you're compromised to that extent it's game over, there is nothing you can do that will allow you to operate securely on untrusted hardware/OS, you simply can't let that happen.

It's not like that's an unreasonable goal, the combination of Ublock Origin, Windows Defender, and common sense have kept my systems clean for 10 years now.

But with a password manager - they get 100% of usernames + passwords to every site you've ever used, even if you dont visit it after the compromise...

Never got too deep into this idea, but it shouldn't be extremely hard to implement. Need to create some mechanism to allow the web browser to ask the RPi for a password for a certain site, and use GPIO to connect a LED Matrix display (16x2) plus some input method to allow the user to physically confirm the password request (possibly PIN entry or a simple yes/no button for simplified usage)

My implementation still has lots of security breaches and I don't want to publish something so fragile. I still need to implement fingerprint and time-based authentication. Therefore it still is vulnerable to MITM attacks.

As soon as I have something more robust I'll post it here.

Do you have more ideas to suggest?

You won't have to worry about the security and integrity of your Bluetooth connection and the risk of an external sniffer -- but you'll have consider if you trust the computer you're plugging it in to.

0. https://github.com/whs/K2AUSBKeyboard/

However, a problem I have with KeePass is that I can't get my wife to use it. It is too complicated for her. Even the idea of plugging the smartphone through USB is already a "no" for her. With Bluetooth she might not even need to take the phone out of her pocket.

An example line in the text file looks like this:

    facebook password: [base64:U2FsdGVkX1/T8CoWmfDOoaapE5lGj/fqHE3s8NohnriGajnPrCzWikCneU/u7]

    echo "$data" | openssl enc -d -aes-256-cbc -a -salt -pass env:MY_PASS

Since the text file is encrypted, I store it on Dropbox. Then I can access this from any computer where I log into Dropbox, provided I know my main password for decryption.

Later I can type 'get facebook pass' on the command line and the get script will retrieve the best matching entry, decrypt the value, and put it in my copy paste buffer ready to paste.

The biggest problem with this system is sometimes when two or more entries are a close match to whatever keywords I input, it may pick the wrong match. I need to improve it to show a list to pick from in those cases, or work on better ways to remember the right keywords for each item. Also my matching heuristics could be improved.

I use this in conjunction with a command line script for generating strong passwords. Most accounts have different passwords at this point and they are all strong. One problem with the script is I sometimes have to tweak the resulting password by hand to match whatever (generally dumb) rules are in place at a new site... when I say dumb, I mean for example, '!' not allowed, etc.

For sharing web passwords with my phone, I just allow Safari to remember them and then trust iCloud, for better or worse.

Overall this is not a pain, and pretty successful. But if someone got terminal access in my account on my computer, it would be game over... so I try not to allow that.

No. Entropy does not change by adding redundant bits.

You really are confused about this stuff.

You also seem completely unaware that many sites have password rules that require special characters that don't exist in your scheme... lol!

I'm using ForgotIt? [1] because I'm its author. It doesn't have a browser interface and doesn't have a mobile version. I would make a version for iOS if I used an iPhone, but I have never planned to make an Android version, because Android devices are just too insecure. (They are theoretically secure but in practice most of them don't get enough security updates.)

That being said, ForgotIt? also has some weaknesses that are laid out in its documentation. It doesn't lock memory, so you should use encrypted swap or disable it, and its keystretching algorithm compromises a higher security margin for speed.

Depending on your threat scenario you can also keep some of your passwords written on paper in your wallet. You could also keep them in a physically secured place like a wall safe. If you're worried about targeted attacks, that's in fact the best choice for most people, since no current operating system, no PC, no tablet, and certainly no phone is currently safe from a targeted attack by a dedicated adversary.

[1] http://peppermind.com

I have a function which is easily computable by hand but uses information only known to myself, which converts the website into a pseudo-random password.

Obviously I can't tell you the actual function I use as this would reveal all my passwords, but for example, you could use ROT13 on odd numbered characters in the domain name and then add a fixed string to make up the password length.

I still use the browser password store with non-critical websites for speed, but can still get into any site where I have an account from any machine by re-calculating the password in my head.

Of course, this isn't secure enough if you're someone who might be individually targeted by hackers (eg: if you work at a large company or in government) - if they obtained a few of your passwords, they could reverse engineer your password function and get into the rest of your accounts. You can mitigate this by separating the sites you use into different 'security clearance' levels (eg: those with access to your money, those with access to your personal info, etc) and having different password functions for each level.

Regarding the user interface don't get me started on keepass. It was recently forked into keepassxc but the chromeipass/ foxipass integration does not work all the time. Also love it if a website just shows your username already and you have to fill out the password and can't use hotkeys. (I am looking at you google) Lastpass can do it successfully, but keepass...

The Android interface was last tested a few years ago by me and it only had a notification area you had to always show. I don't know if it is much better at the moment.

Regarding your password security: Lastpass itself encrypts your passwords and hashes them thousand times. You can also manually adjust the hashrate to even more. So even if lastpass would get cracked. You would have to try out every possible hashing number with every possible password combination. So thats a plus. Well compromising your pc and installing root would be your least concern. It would be easier to steal your phone, get your fingerprint and unlock your database this way.

You can never be 100% secure. But have to choose your best way of doing it.

Also i am open to suggestion regarding a great password manager for android. Will have to try out keepass and dashlane again.

[0] https://bitwarden.com/

LastPass Firefox Toolbar Version: 4.2.3 Built: Mon Dec 04 2017 13:51:36 GMT-0500 (EST)

Binary Component: true (Native Messaging version 4.1.44, built Nov 16 2017 23:33:27)

Is it broken upstream in the nightly build, but not in the stable build?

I don't know about mobile (especially Android), but at least on Google's authentication page, even though it only visually presents the username field, the password field is already there and is filled out by 1Password.

Bluink Key is a secure (nontypical) password manager that encrypts your passwords locally on your smartphone and automates logins on your computer via a Bluink Key USB device. Nothing is ever stored in the cloud.

Bluink Key is impractical for attackers to target because they need physical access to your phone, they need to know your phone's PIN, and they need to know your master password to Bluink Key. This is very difficult to pull off assuming you usually have your phone with you and have a decent PIN/master password.

Bluink Key is also relatively unprofitable for attackers to target because a successful attack would only yield passwords from one individual, whereas a successful attack on a traditional, cloud-based password manager would yield passwords from millions of users.

Bluink Key is a two-factor authenticator as well (FIDO U2F and OTP).

Here's the website if you're interested: https://bluink.ca/key

This way you only need to remember one password (master) to re-generate your password for any given service, and nobody can replicate the resulting service passwords without knowing BOTH your master password and your salt.

I wrote a proof of concept a few years ago, it's pretty outdated and generating word phrases would be better than just hashes, but it conveys the idea: https://github.com/wyqydsyq/ysnp

Using MemPa (which is basically one line of JavaScript), your passwords are always hard to crack, retrievable with one password and yet never stored anywhere so there's no tempting honeypot for hackers to target.

The original article is here: https://hackernoon.com/mempa-a-modern-deterministic-password... (There are links to iOS and Android MemPa apps, too.)

I've also wrapped the algorithm in a single-page web app that you can copy to your own site or thumbdrive to make using the MemPa algorithm easier. https://codepen.io/jones1618/full/eeqBNG/

http://ssl.masterpasswordapp.com/

In theory it's solid but in practice, websites with arbitrary (and foolish) password requirements means your generated pass is likely to not be accepted. You can add fields for tuning the presence of non-alpha and capitalised characters but then that needs syncing and at that point - the benefits aren't really there.

I recently blogged about the algo I use [1], it's a simple deterministic base64(sha256(.)), which is easy to remember and apply everywhere.

The post was pretty successful compared to my usual views/comments, and with a group of friends (all former researcher in security) we started building a MemPa [2], which we just released for iOS/Android.

[1] https://hackernoon.com/how-i-manage-my-passwords-technical-v...

[2] https://hackernoon.com/mempa-a-modern-deterministic-password...

This said, you can use the counter. The counter isn't necessary an incremental int, you can also for example use yymm if you want to "auto renew" your password every month.

So far we haven't implemented anything in MemPa, but we were discussing this last option. Would be great to hear what do you think.

You can find a web version here: https://milliways.cryptomilk.org/passhash.html You can save the page locally (it's only a piece of javascript), or extract the functionality to build your own command line tool with nodejs from it, like I did.

(not my code, and I shamelessly grabbed the pieces from the js code for my own fork of it)

This way I have a new password for every use case but only need to remember one master password, which should be pretty hard to reverse engineer. I hope.

A script lists all files through fzf[1] which lets me find and select the right one very quickly, then copy to clipboard (expires after a few s). In a laptop the whole process of switching to terminal and grabbing a password takes a couple seconds, slightly longer on an ipad due to app switching.

Downside: no access via mobile (though I could have).

[1] https://github.com/junegunn/fzf/

  #!/bin/bash
  secrets_source='/home/colo/.path_to_secrets_file'
  [[ -z ${1} ]] && {
      echo "Missing subject."
      exit 1
  }
  
  [[ ${1} = -e ]] && exec /usr/bin/vim "${secrets_source}"
  exec /usr/bin/awk 'tolower($0) ~ /^= .*'"${1}"'/,/^$/' "${secrets_source}"

  = some identifier
  free text
  more free text
  blah blah foobar
  
  = another identifier
  more free text
  fizzbuzz
  

`secret <some-regexe>` performs a regex search over all identifiers and prints all matching records found. `secret -e` invokes my editor to add new records/view all records in vim.

If someone were to extend this with GPG, they could have encrypted data at rest while the host is up with the LUKS volume's contained fs mounted. I don't feel a pressing need for that, however.

If you're not expecting to be specifically targeted, then "modify a single password per service" can be surprisingly secure. Don't just add "tw" "fb", but memorize a more complicated algorithm that's not obvious from inspecting two or three leaked passwords. e.g. Basic Caesar Cipher on the odd characters of the passwords using some part of the service name (fb, tw) as a key. Memorize a single algorithm that you can do mentally. Use something completely different for primary accounts (probably bank + main email that allows you to reset other accounts' passwords).

Some people will disagree and say "just use a secure password manager", but there is a valid argument that managers are not necessarily the best solution, depending on your use case.

[0] https://xkcd.com/538/

What is that argument?

However, I agree that for some people existing password managers seem either too complicated (KeePass) or expensive (1Password). In that case, I recommend:

1. Generate a password randomly using a 'diceware' type methodology

2. Use a standard prefix in front of all your passwords.

3. Write the password without the prefix in a notebook that you carry everywhere.

It's still not as good as 1Password because the passwords are not encrypted. But it's better than using a predictable algorithm that you have to remember. And of course, it's better than the system this often replaces - using the same 8 character password everywhere.

But I still strongly recommend paying for 1Password. How much do you pay for a padlock for your bike, or a burglar alarm for your house?

Yes, it has its own attack vectors, but they don't include things like ads stealing your info from your password manager [0] and apps stealing your passwords from your clipboard [1], both of which are legitimate reasons why you might want an alternative to a password manager.

"home-grown solution" has very negative connotations in infosec and rightfully so. I don't like seeing it in these kind of contexts as it blurs an important distinction between "Don't write your own random number generator if you're creating an app like Signal" (don't do it) vs "Find a solution to deal something as shitty as passwords in a way that works for you" (do it).

Your recommended method might also suit some people better (e.g. people who already carry a notebook around everywhere and guard it carefully).

There are no silver bullets out there. Work out what your needs are and then find a reasonable solution. It might be a password manager. It might not be.

[0] https://www.theverge.com/2017/12/30/16829804/browser-passwor...

[1] https://arstechnica.com/information-technology/2014/11/using...

And if you use a password manager, please store your master password in a well-sealed envelope in a safe place for your loved ones to open in a worst-case scenario. All your passwords may be compromised if it's stolen, but at least you would know it happened and can change them.

It's quite a lot of work to set it up though.

See also best practices for backing up OpenPGP keys.

Though typically your machine gets compromised and doesn't really matter if you type something from memory or copy paste it from a password manager, you are screwed. A proper way to restore your access that only you can do seems more safe. A password or login can be compromised, but as long as you have a way to regain (sole) access to your account, I think that is more valuable.

Create a few aliases in your shell and you have a very convenient, easy-to-use (for the HN crowd, anyways) tool.

[0]: https://github.com/lastpass/lastpass-cli

Has actually worked really well for me, though the annoying part comes when you need to login to something on your phone and the cypher program is on your desktop PC.

Though this likely wouldn't be an issue if I had an android phone and could easily make a small application for it.

A password alone is never secure.

Obviously that it not an option for every site but access to my password manager, alone, will not provide access to my email (which lets me rest all my accounts) or my bank etc

Of course I use two factor on the manager too.

It doesn't completely solve the problem but I haven't found a better alternative (that works for me)

1. I don't care if somebody gains access to my account

2. I do care if somebody gains access to my account

I use the same password for all the websites on the first category. It should be at least 8 characters long, consists of a made up word with some numbers and characters. Example: 7%Frifells. I drop the special character on websites that don't allow them in passwords and then it's a matter of failing to log in once and trying without it.

I use a different "xkcd" password (https://www.xkcd.com/936) for every website on the second one. Those are essentially catchphrases which I end up associating with the website I use them for. They consist of several words with numbers and special characters (using the example in xkcd, mine would be correctHorse?1batterystaple!).

So, I have to memorise about 8 passwords, all which make sense to me. In addition I have a password reminder file which consists of the website URL and the first two/three characters of the password. I don't bother adding completely unimportant websites from the first category.

If my password from category 1 gets compromised then it's a bit of a hassle to change the password on all the websites on the files, but no harm done. If a password from category 2 gets compromised then it doesn't affect the other websites.

---

I wish a lot of websites would realise they can be password-less. Pinterest is a good example. I have never posted anything, they don't have any personal or financial information from me and if and the only reason I registered was because I wanted to search something there once, and they made me register for that. Same goes to Quora and many other websites. I think all those should allow registering without a password but limit the functionality of those accounts.

---

Edit: formatting

Each account an attacker can gain control of, is more information they can glean and potential leverage points to gaining access to the accounts you do care about.

Something like that for a base password and then for each website mutate it a bit. Other people in the thread described methods they use.

I also use lastpass(paid personal), keepass+chromepass(work). Where I normally save the base password(and added mutations) yearly to change the base; or save the mutated password as I use it more for convenience.

I do not save certain financial and banking related sites.

And recently actually had a bit of a panic attack as I forgot my master password for a hour or so. Realised I need a fail save if I forget it again. Something like telling a close friend or sticky note to the monitor.

Still deciding, any suggestions would be appreciated?

[0]: https://www.xkcd.com/936

I'd rather propse to use a self-hosted password manager on a VPS or in a cloud service.

As long as that password manager is hosted securely, VPS for example, and uses your login password to help decrypt the stored passwords.

Perhaps some HMAC required too.

Anyone know if this exists in the open source world?

[0]: https://www.vaultproject.io/

[1]: https://thycotic.com/products/secret-server/

Most folks would just give up and punch 1111 or some such. Instead I used the address where I'd parked. Didn't have to remember; didn't have to invent anything; different code fore every place I went.

I recently got one for my parents (as they use and keep loosing post-it’s) and it has fields for username, password, secret question and notes.

1. To generate a password i use randompass, which pulls stuff out of /dev/urandom, massages it and dumps it onto the screen.

2. I add that password to a plaintext login : password file located on an encrypted disk on my laptop

3. My password search tool is "grep"

I've started using LastPass as a replacement for this, and have been happy with it.

I let Keychain (MacOS) remember the passwords, so I never really think about them.

Note: as TC has been discontinued, using VeraCrypt would be a good idea.

As I can't salt the hashes the attacker can precompute all the passwords he wants to try. If that takes 1 minute, it will take 1 minute for a database with 1 billion passwords and 1 minute for a database with 2 passwords.

Eight character random mixed alphanumeric password, hashed with say, sha256: crackable in hours with a GPU cracking rig.

Eight character random mixed alphanumeric password, hashed with scrypt using aggressive settings: could take years or decades to crack.

There is absolutely a large class of passwords that will be cracked if the hashing is fast, but not if it's hashed with a time and memory hard function.

You can make an attackers job literally over a million times harder at minimal cost.

This wouldn't work, as the attacker should know both from the database.

Anyway: If the user really wants, he can already add his email or name to one of the input fields. A salt is just another input to the hash function so this would be the same.

> Eight character random mixed alphanumeric password, hashed with say, sha256: crackable in hours with a GPU cracking rig.

Let's say by "several" you mean two. Then if

    62^8 = 2 hours

    62^12 = ~3374 years

And to do it the other way around (let's say that "years or decades" is 20 years):

    62^8 = 20 years
    62^5 = ~44 minutes

> scrypt using aggressive settings

Keep in mind that if a breach happens, the database is also hashed. And salted! So the attacker would need to crack that first anyway.

You mentioned pregenerated lookup tables in a previous comment. Using email address as salt prevents that attack. Salts come with the database too.

> Anyway: If the user really wants, he can already add his email or name to one of the input fields. A salt is just another input to the hash function so this would be the same.

The proportion of people who would supply it as a salt is much greater than those who would otherwise prepend/append that data to the password.

> Meaning that a 12 character random mixed alphanumeric password would already take longer than the scrypt approach thanks to the way the exponential function works :)

Yes, but then the user has a more difficult password to memorize, so that argument is irrelevant. You should be thing about what actual humans actually do, rather than assume your users are technically sophisticated and willing to put in the effort to do the right thing.

> That's why I don't like to advertise with an "uncrackable hash function". In the end this might lead users to choose a shorter password, which is way worse!

Don't advertise it as such, but do it anyway, and explain the details in an FAQ.

> Keep in mind that if a breach happens, the database is also hashed. And salted! So the attacker would need to crack that first anyway.

It is entirely unreasonable to expect anything better than MD5.

Ah right, didn't think of that!

I will think of adding a preference where one can add a salt value :)

> Yes, but then the user has a more difficult password to memorize, so that argument is irrelevant.

But while the password-remembering difficulty scales linearly, the difficulty to crack it scales exponentially ;)

Hopefully sites use their own salted, better hash algorithms anyway.

https://www.qwertycards.com/

dl the file from dropbox and decrypt it via termux /s

At work, and with shared family accounts, I use 1Password; it works nicely and has a Web interface so I can use it from FreeBSD.

My personal workflow though is heavily Emacs-centric; I use Emacs for editing, programming, IRC, email, file management, PIM (orgmode), and (soon) Slack.

Anyway I want to change to a paperless variant due to the increasing amount of "important" services.

The only issue is when I try to do shit on my phone, but that's never been critical as I'm in front of computers 12-16 hours a day.

Lastpass has the same functionality. This is actually a feature open source tools like keepass and so on needs. That and easy cloud/mobile integration.

If I need to see the password for some reason you can find it from browser settings.