Best Practices for Choosing a Password

(06-08-2021, 10:46 AM)d4ggm4sk Wrote:

[To see links please register here]

(06-08-2021, 10:23 AM)mothered Wrote:

[To see links please register here]

(06-08-2021, 09:53 AM)d4ggm4sk Wrote:

[To see links please register here]

and you get antivirus for free.

Same with Windows Defender antivirus that's native on Windows 10.

That aside, I certainly agree with this:

(06-08-2021, 09:53 AM)d4ggm4sk Wrote:

[To see links please register here]

you should run linux. linux is much more safe than windows and mac.

This thread Is over 10 years old but given It's actively receiving replies, I'll leave It open for now.

cool. I think youre the coolest mod/admin tbh.

Thank you for your kind words.

(06-08-2021, 11:57 AM)mothered Wrote:

[To see links please register here]

(06-08-2021, 10:46 AM)d4ggm4sk Wrote:

[To see links please register here]

(06-08-2021, 10:23 AM)mothered Wrote:

[To see links please register here]

Same with Windows Defender antivirus that's native on Windows 10.

That aside, I certainly agree with this:

This thread Is over 10 years old but given It's actively receiving replies, I'll leave It open for now.

cool. I think youre the coolest mod/admin tbh.

Thank you for your kind words.

I also like @Jiggly-Chan very much. she (?) is very kind to me every time, great person. but I think I sort of have a connection to you, M,
cuz you were talking to me alot in the beginning and helping me get into the forum and learn more about hacking.

thank you for sharing this with us.

use linux is more sucurety

The best practice for choosing a password is to simply not choose one. Let your computer decide for you. I've been using

[To see links please register here]

for about a year now after transitioning from

[To see links please register here]

. With a password manager you can have different passwords for each account, and each password is randomly generated. And having your passwords stored locally (with a backup) is even more secure than using an online password manager like Bitwarden.

(04-13-2022, 07:07 PM)Drako Wrote:

[To see links please register here]

The best practice for choosing a password is to simply not choose one. Let your computer decide for you. I've been using KeePassXC for about a year now after transitioning from Bitwarden. With a password manager you can have different passwords for each account, and each password is randomly generated. And having your passwords stored locally (with a backup) is even more secure than using an online password manager like Bitwarden.

Using a password manager of anykind is great advice. It amazes me how many people don't create unique passwords and use the same email and password combo for everything. Bad Opsec. Password Managers really are a god send.

Just curious, why did you transition away from Bitwarden? I use KeePass myself also but I usually recommend new users start with Bitwarden.

(04-15-2022, 04:24 PM)yorinobu Wrote:

[To see links please register here]

(04-13-2022, 07:07 PM)Drako Wrote:

[To see links please register here]

The best practice for choosing a password is to simply not choose one. Let your computer decide for you. I've been using KeePassXC for about a year now after transitioning from Bitwarden. With a password manager you can have different passwords for each account, and each password is randomly generated. And having your passwords stored locally (with a backup) is even more secure than using an online password manager like Bitwarden.

Using a password manager of anykind is great advice. It amazes me how many people don't create unique passwords and use the same email and password combo for everything. Bad Opsec. Password Managers really are a god send.

Just curious, why did you transition away from Bitwarden? I use KeePass myself also but I usually recommend new users start with Bitwarden.

It's simple. Bitwarden stores passwords in an online account. KeePassXC stores them locally. That means, someone would need access to my computer, and know my password to compromise all of my passwords. With Bitwarden, all it takes is one error from the developers for thousands of accounts to be compromised.

(04-13-2022, 07:07 PM)Drako Wrote:

[To see links please register here]

The best practice for choosing a password is to simply not choose one. Let your computer decide for you. I've been using

[To see links please register here]

for about a year now after transitioning from

[To see links please register here]

. With a password manager you can have different passwords for each account, and each password is randomly generated. And having your passwords stored locally (with a backup) is even more secure than using an online password manager like Bitwarden.

I'll have to check that out. Never used a password manager outside of Chrome.

(04-15-2022, 11:33 PM)Canadian Moose Wrote:

[To see links please register here]

Never used a password manager outside of Chrome.

Same here.

In over three decades, I've never had the use for a password manager. I store mine In a text file on an encrypted drive.

(04-16-2022, 04:44 AM)mothered Wrote:

[To see links please register here]

(04-15-2022, 11:33 PM)Canadian Moose Wrote:

[To see links please register here]

Never used a password manager outside of Chrome.

Same here.

In over three decades, I've never had the use for a password manager. I store mine In a text file on an encrypted drive.

I do use a paid password manager/VPN but I barely use the VPN even though it's free. I use a separate VPN to compartmentalize but that's probably not necessary. Solely because I need a password manager to keep my passwords safe, I don't use the actual generator available using the app or desktop/web things. I use this:

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

The part with github is just because I saw a need for cloning git repos for local privilege escalation tools and hiding the repos from the HISTFILE. Yes, you can `export HISTFILE=/dev/null`, but that's meh. I like to automate some level of anti-forensics and I'm a nerd about it, so what?

This may not be viable for other people but it works for me and outputs very strong, secure passwords. It saves me from an actor, exploiting possible browser vulnerabilities, from catching the characters output from the overlay. It's one of the few must-haves for me on all my devices. Your threat model may vary. A password manager is important for many reasons but I'm not shilling them, just stating facts as I know them. The argument is that the RNG within /dev/random and /dev/urandom do not contain true random. But my argument for generating passwords myself is because the entropy within /dev/urandom (PRNG) is efficient to generate characters with high entropy. /dev/random stalls for entropy which can be annoying if you generate keys and it takes 5 minutes to create input. To solve this problem, /dev/random is actually used to create the seed behind the PRNG held within /dev/urandom to save time. Thus, if /dev/random is sufficient enough for key generation (SSH, GnuPG, etc.). I wouldn't use it for personal passwords. But even that would be better than using the pwdgen behind my password manager's code which I can't verify.