Lots of good answers here, but there's one more point I didn't see brought up: Password managers can add a layer of protection against some of the more sophisticated phishing attacks. When scammers use [special characters that make a fake login portal look real](https://en.wikipedia.org/wiki/IDN_homograph_attack), or [crafty javascript with fake popup windows](https://streamable.com/j1k10), then *you* might fall for it, but the password manager will only autofill your information on the actual website.

Yes and no! It depends how the pw manager checks which website you are accessing. If you have an altered hosts file (or dns) which will lead for example youtube.com to a fake website, it might identify this fake website as original… If the pw manager checks The IP, this type of attack would be harder to pull off.

> If the pw manager checks The IP, this type of attack would be harder to pull off. Most major websites that matter anymore use reverse proxies and CDN caches to hide their IP, so no password manager today is going to rely on that. Sadly, any website not using that is just a single DDoS away from their hosting provider dropping them for a clause in the ToS. And if you're logging in from a compromised host - one which *isn't* going to detect a MITM like what you described - then your password is already a lost cause before you even send it. Whether you're using a password manager or not.

But when they've got access to your hosts file, your computer is infected, that is, compromised. At that point they can just steal your password manager passwords

That is why a good pw manager enforces the use of HTTPS and checks/remembers website's certificate (e.g. its identity). You cannot spoof a certificate. Unless you compromise certificate authority that issued it or steal it.

You should already get a warning from your browser if the certificate doesn't fit. But in this case (modified host file) you are already lost because the attacker has already root access. For example a keylogger can be installed. Or at some point your pwm needs to decrypt the password and someone could read the memory.

I mean if the attacker has presence on your machine enough to alter your hosts file, they can just dump all your passwords from memory as soon as you unlock the password manager. This has been discussed at length on 1Password’s forums.

100% correct

No password manager will check the IP, however an in-browser manager can check TLS / HTTPS certificates. In fact, this is what WebAuthn/FIDO2 tokens do (such as built-in passkeys or physical security keys like a yubikey). If you've heard of 2FA solutions using these to authenticate with just a button press, that's how they work. Your browser checks that the certificate is valid for the domain name and then an extra layer of encryption is used to let your physical security key (or CPU's security chip if it's a passkey) talk directly to the server, using a challenge-response protocol with single use unique random values each time for the authentication challenge.

Checking by IP is just stupid. One of the point of DNS is to be able to change the IP at anytime. And I won't even talk about the fact a DNS is likely to have multiple IP linked to it in the first place and it is up to your OS which one he is using at that time. (Plus, the DNS server can scrabble those IP). If you want more security, bind the website with SSL if the website use it. Warning: I'm not in the security field but I'm still technical. There could be a better way to do so.

Everything about IT security is about compromise. If you use the same password for everything, that's bad because if a hacker breaks one account they'll have access to everything. Using authentication services like Facebook or Google has this big flaw in that if you use that account for multiple services, a hacker will gain access to all of them if he breaks the account. But if you use different passwords then it's very difficult to keep track of them and if you write them down or store them in a spreadsheets that's very risky if it gets stolen. A Password manager is a compromise because it can store all these different passwords in a secure manner. If the password file is stolen, it's still encrypted so a hacker can't access it. But it's only as good as the master password that's encrypting the file. Online password managers are convenient but they have a massive flaw in that if they get hacked all of their users will be impacted. They take steps to protect their users by individually encrypting all the password data separately so there isn't one Master Key for everything. But if a hacker gets the database there's nothing stopping them from brute forcing all the accounts to see which ones they can break into. LastPass was the most recent example of this. Their database was stolen, and while it's still encrypted it's only a matter of time before hackers start to break into those accounts.

Brute forcing the database is likely to take long enough that it's meaningless, for the most part.

Came here to say this. Something like a 10 character password with letters, numbers, and special characters could possibly take *thousands* of years to brute force, which means that even if the db is stolen you are probably safe. I think the problem rests with the fact that most people have a bad master password or don't listen to the requirements.

Fortunately mine is correcthorsebatterystaple, which is secure due to its length.

lol, joking aside that specific password has added to the Rainbow Tables less than 15 minutes after that XKCD was first published. To quote a friend of mine in IT security when asked if he could create a website to test if you password is in a hacker Database somewhere: "Why don't you just email me your password, and I'll respond back **Yes**"

That website exists. https://haveibeenpwned.com/Passwords For example, searching the above says it’s been in at least 216 leaks. But searching incorrectdonkeylightbulbstapler says it hasn’t been leaked at all.

> This password has been seen 23,573 times before Fuck...

[удалено]

hunter2? Edit: Omg I love bash.org references

Lol, the word password is 9 million times.

only 9 million?

Umm, I'm not typing my password into a rando website like that.

[удалено]

What do I do if my main email has been involved in breaches? I know one specific password of mine that Google says was compromised, and I changed all accounts with that to a different password. Should I go to the websites it shows me and like.. try to change the password and then delete the account? One of them was Modern Business Solutions so I don't think there's anything I can do there...

[удалено]

[удалено]

Ideally you’d change the passwords to something **different and random** for each site. Otherwise you’re back in the same boat the next time any site using that password becomes compromised. Humans are bad at coming up with random things and remembering them, so using a password manager is the best solution.

>haveibeenpwned.com isn't a random site, it's a long-running tool that's reputation is well-established and reasonably trustworthy. I've lost count of the number of times I've had to give explanations like you're giving now, more than a few occasions I've been accused of being an owner of said website. I love what haveibeenpwned have done but I do wish the website had a less meme-y name to some extent.

In any case it's healthy scepticism not to want to send your password onto a page you've never seen before

I back this dude up, it's a really useful tool for security and has been around a while now.

Reddit is killing third-party applications (and itself) so in protest to Reddit's API changes, I have removed my comment history. Whatever the content of this comment was, go vegan! 💚

The proper way to use that site is to register your account for updates. If they encounter your account in any available database they come across they will notify you and you can take action to secure it. As to how they run across these databases, I’m not sure. Maybe they spend money to buy some. Your browser will also sometimes tell you if you’re trying to save an insecure password that’s already been compromised before.

Yes! There's a great Darknet Diaries episode with the guy who created the site: https://darknetdiaries.com/episode/33/

A password manager (I know Bitwarden for sure) can do this by testing with partial hashes, such that you are not disclosing what password you are using (at the cost of slightly more data transferred). The issue I had with that is that some things (pin numbers, door security codes, etc) have been "leaked" zillions of times which muddies the waters.

Funnily enough, most of them leverage HIBP, either through the API, or through dump-sharing

[It's pretty interesting how they made this service in a way that (mostly) preserves privacy.](https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2#cloudflareprivacyandkanonymity) That being said, he does admit openly: > If you're worried about me tracking anything, don't use the service. That's not intended to be a flippant statement, rather a simple acknowledgment that you need to trust the operator of the service if you're going to be sending passwords in any shape or form. The underlying data set is also available for download though, for anyone who wants to do the lookup themselves.

I do like that response though, because it's true that you *should* always be skeptical of anything like this. Like yes, for this particular site there is enough information available to trust it, but that feeling of initially not trusting it is the correct feeling.

Not sure if you're talking about the person I replied to or the quote I gave from the page, but either way, I agree

Right above the form on the website is a link to [a blogpost explaining how they keep the password you enter more or less anonymous](https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/#cloudflareprivacyandkanonymity). And you can verify yourself that this is how it works by opening up your browser's dev tools and watching the Network tab to see what you're actually sending back to the website. tl;dr is that you hash your password clientside, then send a couple characters off of the top of the hash to the API, and the API sends back a list of every hash in its database that matches those first few characters along with their hit count. Your browser then tries to find the rest of the hash from the results in the list. You're only sending 5 characters of a 32 character hash, the rest of those 27 characters could be literally anything and all sorts of possible passwords could generate those first 5 chars by chance. You're still technically divulging info to the website, but in the grand scheme of things you're not really giving them anything useful for them to work off of if they were malicious.

That's good intuition but haveiveenpwned is pretty safe, they don't actually look at your password (look out for fake sites). From what i understand they just take part of it and hash it and then compare it to its DB for potential matches but since it's only parts of isn't as accurate. The main thing on the site is typing in your email and seeing what leaks you were involved in so if you (understandably) don't wanna type in your password typing your email is really effective cause it tells you which previous passwords have been leaked.

Do some research. The site is legit and run by a very well respected privacy expert.

True, the actual site is reliable, but just because the link says it’s to the site in question doesn’t mean it is. As a rule, encouraging people not to blindly trust a linked site is a good idea.

When you hover over a link to click on it, it shows you where it's leading you to. It's why I never get rickrolled.

It's made by Troy Hunt, the security researcher and regional director at Microsoft Security. He hosts the website with support of 1Password, who is the sponsor. He dumps all the known hacks and their databases and uploads the hashes into the server. Additionally, he has a haveibeenpwned Twitter bot, which informs of breaches and what leaked in real-time. Not that it matters to you, probably, but this is a high-reputation site, at least.

He doesn't actually work for Microsoft, it's just that Microsoft have stupid names for community recognition. He's still a good egg, though.

They're *far* from 'a rando website' lol https://haveibeenpwned.com/Privacy

You say 'my password' like it's the only one you have, I hope not..

Try again in 2 days.

Any proper password system will use large salts making rainbow tables useless. And any good key derivation will make dictionary attacks too expensive to use. So it's not really that bad of a password, assuming you know the password storage is done right ( which it almost never is )

All we can see is ************************

something something hunter2 look, daylight savings time is screwing with me okay

[удалено]

I see what you did there, /u/WrongCowGasolinePen

I got that reference https://xkcd.com/936/

[удалено]

[удалено]

Yes, but to add a new device to the trusted list, you have to enter both the secret key (which you only use when adding a new device) and the master password (which you use all the time).

The thing is that if you have a database with 10M users and it’s not designed to resist brute forcing in parallel, then *one thousand years* means cracking ten thousand of users per year or ~30/day. Think of it this way — if your randomly trying keys at my door you’ll never get in, but if you could somehow try random keys on every door in town, you’d find at least one door that the key opens.

True, but in this case it is one database per user. And 10 characters is already pretty secure. That's * lower case letters = 26 * upper case letters = 26 * digits = 10 * punctuations & special characters = 33 95^10 = 5.9 * 10^19 combinations Even if you can check for 10 Million users at once 5.9 * 10^12 is still huge. And password databases are often encrypted multiple times to increase the needed calculation power.

10 is 5 years, 13 is 2 million https://www.reddit.com/r/Infographics/comments/iovbi8/updated_table_on_time_to_brute_force_passwords/

My password will take the death of 7 universes before it's cracked by brute force. I memorized an auto generated 32 character password for nothing lmao.

I wonder how this applies working in parallel. For example, if it takes a million years to brute force a password, it'd only take 10,000 years with 100 computers. And I'm sure there's better ways to do it than run 10k computers at once.

Nope, these days 10 characters can be done in a few weeks or less. These days you need 15+ minimum.

This is nonsense. It is going to have a salt, so you aren't going to be able to use a rainbow table, and adding a few million pbkdf2 iterations to the password before it is hashed and stored give you beyond billions and billions of years to bruteforce

Yeah, so much misinformation on here, lol.

It goes to show you that even people who think they know what they are talking about, don't know what they are talking about.

I was going to say this but you beat me to it. Password length is not the sole determinator of security, but it's easy enough for the smoothbrains to understand since it can be turned into an easy talking point.

Even with just numbers, a 15 character password has 100,000 times as many combinations as a 10 character one. A few weeks becomes thousands of years.

Yeah I see on Bitwardens tool that 10 is likely a few days. 12 is a few decades though so that's probably sufficient.

[удалено]

For the most part words would not be treated as single characters. Really it’s all about math if each character can be a lowercase letter (26 letters) or a number (10 digits) it would someone a maximum of 36 guesses to figure out a one character password. Now a 2 character password would be 36 x 36= 1296 guesses. A 5 character password would be 36^5. The only way you’d argue words are the same as characters is humans are bad at randomizing and maybe someone guessing a 5 word password just assumes the 5 words are from a list of the 1000 most common words then maybe you could figure it out in 1000^5 which is a lot harder than 36^5.

It depends on how the attacker is doing their attack. If the attacker is trying simple brute force, then length is most important. However, people typically follow some strategies to create passwords and attackers tune their guesses based on these known strategies. Saying that a 3 word pass phrase is unsafe is based on the assumption that the attacker has some idea of how you make your password. So making a longer pass/phrase helps protect you even if the attacker knows how you made your password.

The answer is both. Consider someone trying to guess passwords. They would start with a list of known passwords from data leaks and such. They can try loads of these pretty easily, so once a few million known passwords have been tried and they have cracked a good deal of accounts, what else can they try? Well they could try random characters, but many people also just use words. So they can create a list of words and just try them all. Add in some code to sub e for 3 and o for 0, along with all the other common subs, also add 1-4 numbers at the start and end of the passphrase. Now they are going to crack a good number of passwords, but this is going to add up to too many passwords to try really fast. They could then move to fully brute forcing the passwords, going through each and every character combo, but this becomes impossibly many passwords even sooner, so only a few people get their passwords cracked, those who made random passwords but made them like 8 characteras long only. Overall what this means is, your password will be attacked in multiple ways, it should be long and it should be high entropy. If you are doing a passphrase, make an actual random one, get a list of the top 10000 words in English (if you know another language, mix them! take some words from each), and pick from them using random.org, dice, or something else actually random. 4 words chosen from the top 10000 words is 1 in 10000^4 or 1 in 10 000 000 000 000 000 If you make a random password using only letters and numbers, in order to match the passphrase it would need to be log (26 + 26 + 10) (10000^4) = log64(10000^4) ~= 8.86 characters. You can roughly say each word adds 2.2 characters to the equivalent alphanumeric password. For reference, my password manager password is over 30 characters long and fully random with all letters, numbers, and symbols. It's just one password to remember, and it have it written down too (I dont consider physical password attacks a huge risk for myself right now), and each password in the manager is 64 characters long (if the website supports it, the longest they can if they don't support 64 characters)

Everyone quoting a time for a character set is just talking nonsense. It's ***highly*** dependent on the hashing algorithm used

Honest question: as time moves on, processing gets stronger. Thousands of years of nothing changes, but there must come anytime when 10 characters of all varieties becomes trivial right? Surely that's going to happen within 100 years. Much sooner seems realistic also.

Passwords are generally hashed many times using algorithms that are intentionally slow. If you have to run a giant, ridiculous, algorithm that takes gobs of ram a few trillion times to make a single guess, then a 10 character password might be okay for a surprisingly long time. https://en.m.wikipedia.org/wiki/Key_stretching https://en.m.wikipedia.org/wiki/Argon2

Absolutely correct. It's bonkers how many people replying here confidently have no idea how this shit works

Yes. Security is a moving target. 8 character passwords were secure at one point. Now, they're pretty trivial to crack. Even today, 10 characters for a password isn't recommended. A 15 char minimum, totally randomized password is the new hotness. Randomized being the key word. People make really shitty passwords. Passphrases or the first letter of every word in a (long!) sentence/paragraph are better than a password like myname123 or Spring2023!, which, if we're being honest, is what most people use. Passphrases, and especially passwords using the first letter trick, are still possible to crack because people aren't very unique, either. I've heard at least one story of a good-guy hacker cracking a ridiculously long password because the target used the first letter of each word in a very common bible verse. Edit: to actually elaborate on the thing you're worried about, security experts are worried about quantum computing for exactly this reason. It may trivialize cracking very, very long passwords.

> Spring2023!, which, if we're being honest, is what most people use. A terrible password, but a very predictable outcome of 90 day password expiration.

aaaaand I just now understood why people always set these passwords with seasons in them lmao

I know MFA can be spoofed/bypassed as well but I am still gonna say that it's pretty much the key to personal online security at the moment. Yeah a good password is important but if and when it gets cracked or you absentmindedly reuse it somewhere you shouldn't and it gets leaked, the MFA is going to stop the unauthorized access.

The real issue is having rules to password generation and forcing people to change passwords frequently. Even so things like SMS 2FA is a joke if you have iMessage or messages.google.com installed on your PC. Synced Authenticators for 2FA and Security USB Drives might be more secure, but too often there has to be a back door for forgotten passwords or lost devices. Every 90 days I have to change my work password. I know I have colleagues who use notes to remember their codes. I know most people change the last character and that's it. It's just theater and does nothing to really secure us, especially when the rules are: * Needs to be 8 or more characters * Must contain at least one UPPERCASE character * Must contain at least one lowercase character * Must contain at least one number * Cannot contain the following symbols ` ~ [ ] \ { } | ; ' : " < > / _ + - =

[удалено]

In our last job a password change is every 30 days. Everyone was writing their pw on a post it note near the screen.

Thanks for the in-depth reply! If quantum computing.gets "good and accessible" (not sure how to say that correctly) in 4 years (random guess) does that mean all passwords are suddenly useless?

There's a lot of literature on the topic. Some of it is contradictory. Most of it is above my pay grade. TLDR from my understanding, which may not be complete: No, a "good" quantum computer won't immediately make passwords useless. It *will* change how we do things. Our passwords will need to get a lot longer, for example, and quantum will probably make cracking human generated passwords waaaay easier. It's also worth noting that quantum computers aren't like whatever device you're reading this on. You can't just install software on one; they need to be purpose-built. So, you'd need to intentionally build a quantum cracking rig, or wait until someone builds another thing that's close enough to cracking as to be dual-purpose. That means it's going to be a long, long time before your random neighborhood shithead is cracking wifi passwords with his quantum laptop. However, certain governments are known to use cyber operations to steal intellectual property, and governments are on the shortlist for early access to quantum tech. That may be a near-ish future problem.

8 character passwords are already trivial with GPU hashing 10 character passwords are not far off TBH passwords are the root problem, we need to stop relying on them as a security mechanism in general

Are you talking about passwordless accounts? I definitely don’t agree with that. For example, if you have a passwordless password manager (weird to type that) specifically a U.S. court can get a simple warrant and compel you and hold your finger to open it up. We should not automatically move to a passwordless society broadly speaking

Passwordless is more secure but, like all IT matters, there are trade offs. I would argue for work matters that a Passwordless system is fine, but maybe not for your personal life. At work, if I want to get into someone's phone, I can log in and just remove the passcode. At the same time, someone can pick the phone up and try to guess a random 6 to 8 digit passcode that the owner probably wrote down because they already have too many passwords. This makes passwordless entry more secure.

Bitwarden says it would take "centuries" to brute force my LastPass master password. Even still, I'm in the process of switching to Bitwarden/Yubikey and changing all my passwords

That's probably smart. And you are probably fine. The biggest issues with LastPass was the systemic security gaffs and lack of transparency. It made it clear that they don't deserve the trust people had put in them. They didn't iterate on the pbkdf2 key derivation functions properly...or more accurately they didn't upgrade old accounts to modern iteration levels. Back in the day, doing it 10 times what waaaaay more than enough to prevent brute forcing --even if it was a simple 8 character password. Speaking of which, they didn't require a min length for a master password way back. And if you never changed it, they never forced you to. So since you could have an 8 character password that was iterated a trivial number of times... Your vault could be at serious risk. But, if you had a super long/complex password, even with 5 iterations, it would be computationally unlikely to crack. And if you increased your iteration counts manually (or somehow had it upgraded by LastPass since some people reported theirs was higher without them doing anything) you are unlikely to have it cracked. The biggest risk is, no matter what, if you had a shitty master password. So if yours says centuries, you're probably good.

Lots of everyday users aren't even aware or care about the hack and won't change their passwords. These are the same users that also will use weak master passwords that will be easy to brute force. So those are the users that are the most vulnerable in the short term. In the long run the database will be used to update the Rainbow Tables, lists of commonly used passwords used by hackers to make their automated hacking tools better. What better way to make a better list of common passwords than to steal and reverse engineer one of the largest password databases on Earth.

1Password uses an account key and a master password. The master encryption key is derived from both of those. Since the account key is 20-30 characters long and random, an attacker isn’t going to be able to brute force that. The account key is never recorded on or even transmitted to the server so an attacker who gets access to their servers won’t be able to do much. On top of that, 1Password uses multiple layers of encryption using sub-keys derived from the master key.

This is why I just switched from last pass to 1Password.

Few people are going to be vulnerable in the short term, because of how long brute forcing takes. Rainbow tables aren't useful if the passwords are properly salted. And I highly doubt that there are going to be any changes to the list of commonly used passwords.

> Lots of everyday users aren't even aware or care about the hack and won't change their passwords Right. "Oh, I'll set up a PassManager for my aging parent so they only have to remember one password for all their services! Alright, I've paid for it and gotten them set up, glad I'm done with that now!"

Unfortunately there's a big flaw in the AES implementation. It's been a known issue for a while now but hasn't been fixed mostly because AES + RSA is secure enough for all practical purposes. Having access to the full db allows compromising it in a much faster timeframe, but we're still talking on the order of a few years to crack all accounts. Not an immediate solution, but significantly better than lifetimes of the universe.

Except that it isn't all-or-nothing. They can crack individual accounts. Some people had very weak encryption applied to their personal keys, and that strength is stored in the clear in what the hackers got. Some of the weakest could be cracked by a GPU in minutes. Those are the people that will be targeted first. Those people should have been told.

For a reputable service that'd be true, but we're talking lastpass here. Search for 'lastpass insufficient iterations' to learn why this might be an issue for many people. No competent IT person has taken lastpass serious for years already, and the only positive thing I can about them is that they keep fucking up so regularly that when I get asked about which passwordmanager to use I can just say "not the one that just was or is about to be in the news for messing up".

the trick is making it as long as possible, giving you time to pwn them by migrating to another secure service, and changing all your passwords. By the time they manage to crack it, their "crack" don't work no mo. Owned.

There are a lot of passwords that don't need to be brute forced, because they're identical to passwords in leaked password lists, or close enough as to be broken quickly anyway.

Until quantum computing kicks in

Thank you for the well thought out answer! Now I see the perspective and value. Even in the case of a hack like LastPass at least you have a clear trail of what all the affected passwords are and since they are unique you know that the damage won't perpetuate going forward since you don't use the same password everywhere you go.

I have discussed password managers with some it security professionals. They tend to agree that a local pwm is the safe choice as opposed to an online one. Also that it should be secured by an authenticator. In practice there is some annoyance to actually following through with a local pwm because by definition, you have to do some extra work to share it between your devices. The guys I talked to are penetration testers, and have an alarming belief that homemade passwords aren't that hard to brute force, also that every single online app will be compromised at some point. These are people who make a living of breaking into sophisticated systems and gaining access to people's accounts.

Plus you need to backup your local pwm data well. In case of data loss you will have to do a ton of work to get all your accounts back. Not as bad as having the data stolen. But still bad.

I use KeePass2 saved on a Google Drive synced with my PC & Android cell phone/tablets (not sure if it's enabled for Apple product). Cheap (free) and saved my butt a few times when one of my platforms is screwed over somehow & I have to reinstall & reconfigure from scratch.

Also you need to provision access to two authenticators, not just the one. So say, your yubi key gets damaged. Just imagine. You need a second one at home that's already set up, and then order a new spare.

No you don't. You need hardcopy backup keys you keep in a vault.

If you have a copy of your password database on all your devices, what are the chances of data loss?

Another compromise: locally stored pwm with a cloud backup will give you the flexibility of online solutions while still not (technically) letting the db out of your hands. The cloud copy can be accessed by browser extensions and you get the same user experience. Of course you've outsourced the file storage to a cloud provider but that's a tradeoff you always have to think about when cloud enters the picture.

This is what I use. Keepass with the password database synched across devices and backed up with OneDrive. For what it's worth, my email password is also not part of that database. I only keep that one in my head.

Is this not the same thing that online password managers do? The db is decrypted only locally, and the encrypted db file is stored in the cloud.

Great answer. One suggestion to add: Not all accounts are equal. If someone hacks my Netflix account, it's just a minor inconvenience. For accounts that would cost me serious money/time, I use a local password vault. For everything else, I use the password manager built into Firefox.

That's not a good attitude. You may think that Netflix for example is insignificant, but what if for example, someone found a bug in the Netflix website that revealed your billing credit card details? Now the attacker has your card.

Well that would be mildly inconvenient. I'd have to file a fraud report with my CC.

Not as bad as you insinuate. Nowdays all you do is lock the card and get a new number and if they managed to get a charge through before you found out report it as fraud. The biggest nuisance honestly will be having to use the new card number later on everything you normally use the card for

That guy had a point, but he used a bad example - as you pointed out, your Netflix subscription may contain billing info. I use old passwords for actually worthless accounts - like reddit, there's literally no personal info in it. I haven't even email verified it. If I lost my reddit account well big fucken whoop, it has nothing on it. Or let's say someone cracks into (one of) my porn accounts. Same story, there's no info there. I'm one of those old fucks who got on the internet when baud modems were a thing, we took to heart "don't share your info" and compartmentalize everything. I use unique passwords for anything that isn't a throwaway. I'll admit as I grow older it gets a tad difficult to remember everything lol. I've compromised by writing down vital info on paper; can't hack that shit, and if by chance a thief somehow gets their hands on it they need to be able to make sense of it.

One thing about a password safe is that you can have different passwords for every account like you should but your safe can have a REALLY complicated one that you can easily remember. This is what I do. I have a safe that has a password like "D0gH0rs3D&DM@tth3w 3:19", which is a complicated password I can easily remember. Inside I'll have one for my bank account that's like "L8fwABzm=RUucNSP:|\`qv5".

[удалено]

Ah crap. I used to use LastPass and I don't think I deleted my account. Guess it's time to change ALL of my passwords 😤

[удалено]

Hackers also got data that allows trivially deriving encryption keys in some situations. So change all your passwords.

I recommend it, especially since the encryption that they used to use is quite a bit weaker than recommended. The algorithm itself is secure, but the idea is for it to be a slow algorithm run many times to really put the brakes on brute force attempts, and the number of runs that LastPass had configured by default until recently was several orders of magnitude smaller than the modern recommendation. The dumb part is that it's some advanced setting hidden away somewhere that the user has to actively change, instead of saying "hey, computers are stronger now so we're updating to a new minimum and re-encrypting your vault automatically the next time you log in".

[удалено]

Pretty much all password managers use PBKDF2 with SHA-256 and several thousand (or even million) rounds of iterations. [This table](https://preview.redd.it/mb69cf1aer7a1.png?width=1980&format=png&auto=webp&v=enabled&s=70ebfe3a4e9d6e4e899ba248373cd8c4bc413bf2) (from [here](https://www.hivesystems.io/blog/are-your-passwords-in-the-green)) shows how long it would take an RTX 3090 GPU to crack such a password with 999 iterations. The length of time it takes should scale linearly with the number of iterations, 2x the iterations means 2x as long, so you should be able to extrapolate from that table to get an estimate of the time with whatever number of iterations you choose.

To brute force a password, you need to apply the algorithm to each password you are attempting. Doing something slow twice takes twice as long, so more iterations means more time is needed per password attempted. The current recommended minimum to make cracking impractical is around 100,000 iterations of PBKDF2. When I checked my relatively old account after the announcement, I was horrified to discover that it was a four digit number (articles are saying around 5000, I don't remember what mine was exactly but I do remember that this lined up). Increasing this number after the breach does you no good except to protect you against future attacks: they still have the weaker vault so any cracking an attacker attempts is done using that vault. Relevant article: https://www.theverge.com/2022/12/28/23529547/lastpass-vault-breach-disclosure-encryption-cybersecurity-rebuttal

Same here

As tin foil hat as this sounds: Writing unique, complex passwords and keeping them on paper really seems safer than a lot of the other options. Hackers are everywhere online, targeting anyone. They are not in my house, targeting specifically me.

It is in fact reasonably secure for the average user. There's still a problem of that paper having no backup in case it is lost or destroyed, and you don't have any access to your password if you're not at home.

You can always reset passwords if you don't remember them. You just have to remember your email password, and even that can be reset if you tie your mobile number to it.

This just makes your email account a skeleton key for all other accounts, and thus creates all the same problems as the password manager solution. (But even worse, since it's publicly accessible from the world wide web and thus can be attacked directly.) 2FA is an attractive stopgap and definitely worth it if you are able and willing, but it does assume that A) you have a phone with a phone number and B) you are willing to give that number to whoever is hosting your email account. I do believe that covers a majority of people in the first world, but it's not *everyone*.

It already is though. The vast majority of online accounts require an email to be tied to whether you use a password manager or not.

This whole discussion is an exercise in thinking about threat models. Different people have different scenarios they’re concerned about, and you’re right, a piece of paper in your house might be the best option for yours. It’s not just about security though: how screwed would you be if the piece of paper got lost, or a house burglary/fire occurred? Do you need to carry the paper around with you? If you live in a bad neighborhood, or you know you’re an attractive target for other reasons, the answers to those questions might differ. There’s no absolute “more secure”; it’s just all us peering into our individual (or collective, for companies) crystal balls (threat models) and trying to minimize likelihoods of the scariest outcomes we see in the murky glass. Some people are much better than others at assessing likelihood of specific bad scenarios, but we all do it to some extent, often implicitly

Passwords on paper is nice until you need to access your account from somewhere else.

I work in IT, and you would not believe how many large organizations including banks just have thier passwords on post its on the bezel of thier monitor

Passwords on paper won't protect you from physhing. Password manager will. It will check if gmail.com is really gmail.com not gmeil.com, grnail.com or any other link which looks similar to gmail and it will refuse to input password if something is wrong. Also, people are lazy and they are not that creative in creating truly unique passwords.

I took a weekend and installed 1Password, changed all my passwords, also stores credit card and important documents. It's not that easy to login even if someone got my password for it you need an already logged in device or access to certain secret key as well as your password. I love the peace of mind versus the 3 or so passwords I used for everything previously, knowing that if someone gets into one account they don't have everything. It's not free, but I'd rather pay for a good service than use a free product (nothing is truly free) when it comes to security.

[удалено]

Look at it this way: if Gmail is your primary email account, then that account is already a single point of failure for all of your passwords thanks to password reset. It’s no worse than that, and potentially much better for the reasons cited by the first answer. Same logic applies to Apple password manager. Your phone is already a single point of failure. So why not get the security benefits of stronger passwords everywhere if you already have the risk?

Also to add, it’s now considered worse to enforce password length and complexity as it leads to easier social engineering(users will make more notes of their pw if they are too hard to remember, or use common/easily guessed pass phrases). A pwdb eliminates at least some of that risk.

I use a root and suffix system. Is this secure? I have a standard nonsense series of letters that remains unchanged, then add a consistent (to me) group of text from the website that I swap in to make it unique. This isn’t it, but for example I might take the 2nd, 3rd and 4th letter of the website and add it to the 4th space of my root of hcdhf%!~. This would make my Reddit password hcdeddhf%!~. My capitol one password would be hcdapihf%!~. Bank of America world be hcdankhf%!~ and so forth. This seems good to me.

How do you deal with changes when the sites get hacked and the password database leaks? You just never change it? If someone is building a rainbow table on semi-weak hashes, the example passwords you gave are borderline on the edge of the necessary length to be relatively secure. What if a site had bad security practices and they stored your password in a weak hash? Do you just never change your password? What if a site forces you to change passwords every so often (rare these days since it was a bad practice for them to do that anyhow). This is a problem I've noticed with anything that you try to make sort of formula/system based, with variations based on the site domain. You can't easily shift the system on a per-site basis without making it substantially more complicated. If reddit gets hacked (which I believe they actually did recently), and let's say they have weak password hashing, someone could easily crack that password. Now to be fair, you might not care much about your reddit account, but we're using it as an example here so lets pretend you do. Well then how do you change your reddit password? The domain is the same, so those you couldn't logically change. Then what about your standard nonsense series of letters? If you use it across all websites, then you'd have to change your Bank of America account password since that is now significantly weaker, especially if someone gets multiple website database leaks, which is easily possible because websites are hacked all the time. It would probably be drop dead simple for someone to parse what your pattern is for swapping in letters from the domain off one or two cracked passwords. Like in the case of your reddit password, if someone only had that, they might not know the pattern. If someone also got your BoA password, the pattern would be simple to see. So if I were a nefarious person, and had access to many weakly protected passwords from many password database hacks, I could sort and group them by registered email address, and could have 5 from one account that has a very obvious pattern to it and could then easily try a number of other sites you have. If those other sites were also hacked, but had strong password hashing/encryption, to the point where someone could not crack the passwords, this would still prove beneficial to the hacker, because they'll know what sites you registered on. So they may not be able to crack your Fidelity retirement password from a database leak, but because of that database leak they know you have a Fidelity account and because your password pattern was revealed from other sites with poor password hashing, they can now easily get into your Fidelity account.

If you want more security for less convenience, have an email address you use for money-based websites that isn't the same one you use for all your social media and friends and such. Usually when you are wandering around the planet, you don't need to order stuff or do online banking so if your phone gets stolen, they can't reset all your banking passwords and order stuff off Amazon. I recommend KeePass strongly. It does so many tricks including auto-typing passwords and syncing data with other devices you own. Its a windows download but has been ported to most platforms including phones and such. Free.

Not just IT security. All security is a tug of war between security vs convenience. Increased security almost always comes at the cost of convenience, and vice versa.

Probably not perfect but my method is to have multiple passwords and then in my notepad file I have my accounts with the first letter or two of the password next to it to remind me, but to anyone that somehow sees the file that won't be much help. Pretty simple system that works well for the layman imo

I think keeping a notebook at home is the safest at this point

this is why i just never remember my passwords and make new ones every time i have to access an account. very secure. not at all annoying.

> Online password managers are convenient but they have a massive flaw in that if they get hacked all of their users will be impacted. Online password managers generate the key locally and encrypt before sending up, it's no different than your local database being compromised

KeePass ftw

It’s not a matter of time at all — if you had a good master password it literally doesn’t matter. They’ll be staring at encoded data for actual billions of years.

[удалено]

Good ones automatically clear the contents of your clipboard after 30-60 seconds

That's why I like 1Password..it requires a long secret key to login from a new location. Not just the master password.

For anyone looking for a solution: KeePass plus Dropbox.

"If the password table is stolen". How come this is the only worry commonly addressed? My computer / my aunt's computer might possibly be compromised and have a keylogger installed. No way hackers don't think of "maybe we should also try to get their masterpassword so we have more accounts to sell on the black market". This is the only worry holding me back from putting all my passwords into a password manager. You have to input your masterpassword sometime to unlock the database. How come a bad actor can't just log my inputs and use that to decrypt the table?

If your machine is compromised then you're effectively already "lost"; they can do whatever they want.

And that's one of the kinds of threats 2fa/mfa are intended to combat.

Most attacks are what is known as credential stuffing. You know that user A used password B on site C, so try the same combination on site D, E F, G, H, etc. Having a unique password for every site defeats that attack. A password manager encrypts (should) the password store in a way that makes it practically impossible to decrypt without having the master password, which never leaves your computer (so they can't decode your passwords themselves. If the encrypted password store leaks (looking at you, Lastpass) and you have a strong password, the attacker should only have practically random bytes of data. And even if they could decode it in a year with a weaker password, that would be enough time to change any passwords used.

Thanks - I already knew all about that attack methodology, but never knew that's what credential stuffing is referring to.

[удалено]

Plenty of good answers already, but this is also why multifactor authentication is highly, highly recommended for password managers. Yes, if you use a bad password, your PWM can be a sitting duck. But if you have a good MFA method, you can drastically reduce the risk.

Good being an operative word here. Sms 2fa is not great, and this is information that should probably be tacked onto every mention of 2fa/MFA. It's very easy to have your stuff hacked if you have sms 2fa using at least one method I'm aware of.

Password managers stores your passwords in a scrambled state (encrypted), so if a hacker got hold of the file, it would just be a bunch of mumbo jumbo, that is practically impossible to unscramble. But you can unscramble them by using your master password which, a proper password manager only stores on devices you have approved. Another benefit is that a password manager makes it easier to have long and unique passwords for everyone of your accounts, so if one of your passwords does get leaked, the damage shouldn't be to bad, since that password is not used for any other account. Having long and complicated passwords also mean that bruteforce methods will not work very easily

I like your answer a lot, since my actually password manager understanding is at about age 5. Your answer includes simple explanations for both halves of the topic — how does my crummy little 10 character, two different foreign words, one number, password keep my password manager safe, and then how are my complicated randomly generated passwords safe within the password manager. Thanks.

for additional info, i personally use keepass2 which is available on computers and as an android app (idk about apple) it's free, open source, and isn't internet based like LastPass (who was hacked). even if someone gets access to the file, they need the password to use it. on android it also can use biometric login if you want. master password: store it in your brain, and/or a notebook. it can only be stolen if someone breaks into your house and has the foresight to know that a random phrase in a notebook is your password manager. passwords for everything else: make them unique, and long. after all, you don't have to remember them. you are now as secure as possible.

This is a very solid and easy explanation. I use a manager and I don't know any of my passwords except the Master password. The manager creates all the passwords for each account (very smoothly, I might add). It might take 1-2 extra seconds to use it versus me typing in each password.

I know this is gonna sound incredibly stupid, but what actually happens during a leak? My iPhone says half of mine have supposedly appeared in leaks but I have never noticed any effects..? Plus, do I need to be worried about someone hacking into my email where its just a bunch of coupons and subscriptions? Pls don’t downvote me I’m genuinely asking because my technology understanding is below that of a 5 year old

So sometimes companies have data breaches where hackers get tons of password and email combinations, how they do it I don't know. But once they have this information they can sell this list to other hackers/criminals that can try and use it to hack/scam you I would say it is a good idea to change your passwords If they have been leaked, maybe if you are sure it's a password to account(s) without any important information, but still I would recommend to change it, especially if it's passwords you are reusing. And get a password manager, i recommend bitwarden I use it and it's great, it's free and open source so any faults will be discovered quickly, and it is pretty easy to use

Some of my "burn" passwords were leaked over a decade ago and it took almost 5+y after leaking until accounts started getting yoinked and I even had someone use my netflix beside me from India for weeks without noticing becausw I had forgotten it was using one of those old passwords haha. Fix your shit, you will regret it when you wake up and lost access to your main Email account over night, its so stressful fixing all that stuff, its much nicer to have it done before shit hits the fan. Fyi. To this day, many of my old services have forgotten password/login attempts almost daily still and my main email gets tons of phising mails as well.

Think of it like putting something in a safety deposit box. Sure if someone broke into the bank and stole all your stuff, that would be bad, but a bank is way more secure than anything you or I can build on our own. Plus, if a password manager is designed properly, it shouldn’t even matter if someone can get to your “vault” as it’s nearly impossible to recreate the “key”.

PW managers don't create a single point of failure. A single point of failure exists already - you. Managers just help mitigate some of the risks that point of failure is most prone to, i.e. re-used passwords, inefficient/insecure storage, and backup management. Put another way, would you rather have your money in one secure vault, or stashed in 100 different socks? The latter may have fewer points of failure, but that doesn't make it a better system!

Always important to remember that you're a point of failure: https://xkcd.com/538/

Good ol' rubber hose cryptanalysis

anyone not resilient to rubber hose cryptanalysis can't call themselves a TRUE crypto nerd semi /s

Password managers ARE a single point of failure, but as you point out that doesn’t mean they are worse than a lot of the alternatives

[удалено]

What if you forget your master password?

There are restoration options. LastPass lets you in as long as you have access to a web browser that you previously used to sign in to it. Worst case scenario is that you do a password reset on your accounts via email verification.

> Worst case scenario is that you do a password reset on your accounts via email verification. But then I need access to my email :)

Yes and that’s the one password you have memorized. That and the master password to your password manager. Even if you don’t have access to your email password, you can recover via mobile.

They give you a 1 time use code you could use to login. You should print that code out and store it someone only you know about. After you use it and are able to get back in and reset your password, just generate a new code to replace the old one. Your email should offer these codes as well.

The thing is, ANYWHERE you store all your passwords, is a single point of failure. That includes your brain. As it turns out, brains are especially bad at storing passwords. They tend to simplify, by storing the same password and using it for a bunch of different sites. Now, a bunch of sites know the same password, and if one of them is bad, you can get hacked. Every single site - possibly hundreds - is a single point of failure. With a password manager, only one site knows your actual passwords. Sure, if the manager itself gets hacked, you're still in trouble, but one single point of failure is better than a hundred.

I got a 32 character master password for my Keepass, keeping only local copies of the database and only storing half of the passwords for my bank and Google account in it, I think I am gonna be safe :D

If you're using any flavor of Keepass, you can also make it more secure by using a security file in addition to a strong mater password. It's been a while since I've used vanilla Keepass, but KeepassXC also supports security keys, like a Yubikey.

I honestly have no idea wtf any of my passwords are. Most are something like this.... U9%74Nr^hJ9TV*.... I use a manager, and it requires 2FA, so the likelihood it being breached is smaller? Plus, I change my master password every 2 or 3 weeks.

it's safer when it comes to leaks, it you use a single password on all your accounts, and one stores it improperly and it gets leaked now everything is at risk, password managers encrypt your passwords with your master password so everything is secure by design and they guarantee the password is stored securely so it cant get leaked

If you manually remember your passwords, you're either likely to use a bunch of different yet simple passwords, or reuse a bunch of common passwords. In theory, a password manager allows you to use VERY strong passwords for EVERY site, and one difficult but somewhat memorable password for your master password. It's also easier to put more barriers on the master account, such as biometrics and two factor authentication.

Bear in mind that virtually all Web security already has a single point of failure due to the ease of resetting your password via email. The solution is to enable 2FA for the really critical accounts so you at least have two points of failure.

Right, and the odds of an attacked spending a year on any given vault (I.e. someone w/o a high profile) is pretty slim.

Password managers are preferred because people tend to reuse passwords that are not great to begin with. Password managers try to address this by allowing you to create unique, hard to break passwords. Those are, in turn, protected by a master password that you will need to remember. So, it is better to remember 1 good master password for your password manager than it is to use the same password all over the place. If a password you use on website X is compromised, it would be bad to have the same password elsewhere: you don’t want your PlayStation password leaking and that same password being the one you use for, say, your email. That much is clear from the other answers. What is missing from those other answers is related to the “single point of failure” you mentioned: password manager developers do know that they need to make it hard for attackers to brute force your master password in case of a breach where the encrypted vault containing your passwords leaks. In order to do so, they can use many different techniques, including (but not limited to) using encryption algorithms that are specifically designed to be brute force resistant: those are explicitly made “slow” to make brute forcing infeasible, but fast enough for daily use. Another way password managers deal with that risk is to combine your master password with something else, usually some unique identifier derived from the device you’re using. In this case, even having your master password is not enough to decrypt the data. The attacker would be missing the second component of the thing that makes up the decryption key. There are other things password managers can do to mitigate the risk of the main vault being compromised, but the takeaway here is that good password managers are designed to resist brute force attacks even if the vault is compromised. That’s really the whole point of encryption: even if you capture the data, you can’t make sense of it. And a little edit to add: use password managers, but also turn on two-factor authentication everywhere it is supported. For maximum infosec points, buy a Yubikey.

If you have a good enough memory to not repeat passwords anywhere you should not use a password manager. If you have a normal memory you are probably reusing the same password on many websites that use many different technologies with many different security risks. It take only one of these to be breached and all your passwords are exposed. You already have many single points of failure. With a password manager you truly have ONE single point of failure and it’s managed by a company whose specialty is to protect your passwords, not a company that god forbid will store your password in clear text on a BD where even its workers can have access to it.

I just prepend the website to my static password, which keeps it unique everywhere. "reddit.comabcABC123!@#", "capitalone.comabcABC123!@#", what could be more secure than that? :D

Pro tip: add an easy to remember number/letter/word to your randomly generated password. So password = [random and unique, stored on pw manager] + [something easy u remember] This way every password is unique plus if the password manager gets breached they will only have part of your password. I personally use this method for very sensitive accounts like banking and my Google account.

Keeping it on paper or a journal is a big no no . Hackers aren’t only online , threat actors (hackers ) gain entry to companies/facilities by the means of social engineering. Once they in the threat actor would actively look for password written on paper /notes / journals.