Is Your Password Hacker Proof?

I'd be interested in what you think about LastPass too. I've been using Keepass synced with Dropbox but I like LastPass better. It's better at saving new passwords as I enter them in websites.

Using Lastpass for everything other than banking sites which live securely on my PC.

A great source for long comples passwords is https://www.grc.com/passwords.htm

What is your opinion of online password generators such as http://www.angel.net/~nic/passwd.html

In addition to the above-mentioned apps one may also want to try Keyscrambler. It is a Firefox and IE plugin which scrambles characters as you type on your computer's keyboard. Everything is ScRaMbLeD including those all-important passwords!

All information that is inputted and leaves your computer to go to an online bank for example is encoded while in transit. Thus, if someone with ill intent decides to intercept your information he/she will see only scrambled information. However, when the information reaches its intended destination (online bank) then the inputted information is UN-Scrambled.

I love this Software - - and so will YOU!

TheRube

Kee Pass for me. Love it.

My policy is to combine the date with the company/organization - i.e. I sign up on eBay on the 10th of December 2010. A possible password might be eB121010.

My favorite movie character (there are a bazillion of them, so no way you can guess) and a number combination I can remember that I change every six months - started out with 1.... won't tell you where I am now.

I'm using LastPass (for about 5 months now) and am happy with it. It's great for organizing and upgrading my password format and styles. It's also helping me find sites I registered on and don't use.

As to the master password, (this is the only one I have to remember), yes; upper/lower case, digits/special characters, at least twelve characters plus I toss in a couple of ASCII characters. I'm just starting to convert to LastPass' encrypted passwords for minor sites. For my important sites, I generate an encrypted password then toss in a couple ASCII characters. ALL generated passwords are stored and locked on LastPass so I don't have to remember them. I change my master pw every two months and my minors less frequently.

For security question(s), one word, by my master password rules and the same question(s) everywhere. All this is actually pretty simple to maintain so I do maintain it.

I'm wondering how many passwords for financial sites have actually been hacked by brute force techniques. My experience is that nearly all, if not all, of these sites lock your account after 3 or 4 attempts. The site may auto-unlock after a period of time or only by your calling and identifying yourself. Either way, wouldn't this make it extremely difficult for a brute-force attack to succeed, even with the weakest of passwords?

I use Roboform and 15 character passwords, using all 4 character types.

I have been using KeePass for many years now (at least four, probably more). I highly recommend it. I like it because:
o it is portable (it can be carried on an USB stick and runs on Windows systems without being installed).
o it doesn't store anything on your system. The program doesn't create any new registry keys and it doesn't create any initialization files (INI) in your Windows directory.
It is available in two versions, KeePass 1.x which runs on Windows 98, 98SE, ME, NT, 2000, XP (Home & Pro, 32-bit & 64-bit), 2003, Vista and 7 without requiring any additional libraries and KeePass 2.x which requires .NET framework or Mono.
I use KeePass 1.x (currently 1.8) because I can keep it on a flash drive which I can take to the office or when I go on vacation and run it without needing any additional software or leaving any footprints. While the 2.x version has additional capabilities and is updated more frequently I opted for 1.8 because it is so very portable and requires no external libraries.
I recently installed a version of it on my Windows Mobile phone, so now I can have it with me even if I forget to bring my flash drive.

I've used KeePass for many years. Password managers clearly improve security, compared with manual methods. However, there are still two weak links: The master password, and backups.

As you say, if you can remember your master password, it's too weak. And now your master password is guarding ALL your family jewels. With KeePass, I keep the master password in a file (a "keyfile") which lives only on a secure Sony Puppy fingerprint identity token, a USB flash drive locked by an on-board microprocessor. My fingerprint causes the microprocessor to unlock it. No attacks on or from the PC can unlock it.

If the USB device containing your encrypted password file is eaten by the dog, you've lost everything. That's why you need to back up the password file. Full disclosure: I'm the author of Another Backup Plugin for KeePass.

Just recently I tried to access an online account and I couldn't remember the EXACT password. Two failed attempts and the account, itself, was permanently closed. I had to start all over again to create a new account. Some sites allow 3 or 4 failed attempts before locking the account from future attempts. So, brute force crackers are not the boogeyman. It's one thing to leave your "car keys" in plain sight, but quite another to hiring a full contingent of highly trained commandoes and layered vaults to protect your keys.

Contrary to what is being protrayed, bad guys are NOT sitting in county dumps sifting each piece of paper from among the coffee grounds and rotting leftovers to find some information. They're pretending to be the company asking you to verify your account info and password, and many are willingly giving it.

howsecureismypassword.net is a (very safe) tool which tells you how long it would take to hack your password. Mine takes about 2 trillion years!

Really surprised you didn't include "Perfect Passwords" from Steve Gibson's site. https://www.grc.com/passwords.htm

(Jeeze, got a little scripting on this page?)

These days, everyone has forgotten the most ultimate of hacker-proof "tools" - a piece of paper and a pen! I create impossible-to-remember, random-character-inclusive, stupidly secure passwords, e.g. "d+5=h1Gz4&pW", for example, then, shock horror, write them down on a piece of paper... ah, you say, but what if the paper is found? Well, I'd be surprised, since it's kept inside an unremarkable old paperback book, which is itself located in a different room from the computer, in amongst hundreds of similar books in a large bookcase, so it would take a dedicated burglar to seek it out! And it's more than a little difficult to access over the Net, no matter HOW good a remote hacker might be! :D

I have lots of passwords, as most people do. One 'trick' that was recommended to me is to use 'false' answers to the standard questions. For instance, 'what is your mother's maiden name' could be answered with "Peter, Paul and Mary," or any other silly thing completely unrelated to the question.

I use a simple password for all the places that really shouldn't require a password anyway, news sites, etc. Then I use something very different for important sites like financial ones.

The keepers of important sites could prevent hacking problems by only allowing a few wrong tries before locking the account for 5 or 10 minutes. Most of the ones I use do this. Why don't they all?

i forget my password

EDITOR'S NOTE: I forgot your password, too.

Mandylion Password Manager - what happens when it's damaged, or lost or stolen? How do you recover your passwords then?

A daft idea, it seems to me.