re: Best password keeper app?

quote:

---

BEST possible place you could keep it lemme tell ya....

for instance.....

---

That's the event that finally caused me to give up and go that route.

Come up with a "base" password that includes upper and lower case, numerals and special characters - make it something that you can remember, but is long enough, I'd say at least 8 to 10 characters up to 20 or more. Then for each account add the first 3 or 4 letters of the accounts name to the base password and you have a unique password for each account that is easily remembered. The only difficulty that I've encountered were with a very few accounts that either limit the length or the use of special characters, the US Post Office being one!

quote:

---

any password manager that hooks into the cloud is a BAD idea. convenience is not worth identity theft, account compromise, etc....

---

That's what I thought, but I'm dealing with constant updating and stability anymore so KeePass is out (I tried to get out of the Open Source game because I can never keep up).

That leaves what, 1Password and Enpass from all I see. And both are vastly different.

quote:

---

Come up with a "base" password that includes upper and lower case, numerals and special characters - make it something that you can remember, but is long enough, I'd say at least 8 to 10 characters up to 20 or more. Then for each account add the first 3 or 4 letters of the accounts name to the base password and you have a unique password for each account that is easily remembered. The only difficulty that I've encountered were with a very few accounts that either limit the length or the use of special characters, the US Post Office being one!

---

This was my thing for YEARS.

Then came the limitations on special characters. Then the limitation on length. Then not being able to use a password from 3 months ago when you ultimately forget it.

It's too much to track now and my system has kind of fallen apart under that weight. I used to have everything tucked away under a nice set of consistent pieces (phrase+numbers+special character) + shorthand website info

Now, all gone.

1password

I use meldium but i hear lastpass is great

quote:

---

quote:

---

Another KeePass user, with my database file saved in dropbox.

---

BEST possible place you could keep it lemme tell ya....

---

Here's the thing about the dropbox hack... the attackers were able to grab the hashed passwords for millions of users. From what I understand, about half of them were sha1 and half were bcrypt. All were salted, but the (weaker) sha1 hashes were missing the salts, which makes cracking those passwords harder. The bcrypt hashes had the salts, but those should be hard to crack regardless. That said, most of the common passwords that people use have probably been cracked, but the medium to hard passwords probably have not.

Now, assuming your dropbox password has been cracked, and assuming you store your password file there, and assuming someone was able to access your account before you changed the password, the attacker(s) would then have to crack the master password on your password file. Is it worth it for them to try to do this for every password file they find, or is it better to just check the already known username/password combos on other websites?