General password security talk


#1

Yes, indeed. @BHydden is most likely correct about your nagging prompts and very correct about improving security by not using your browser to store your passwords but rather by using something like LastPass or KeePassX !!


Keep getting this password saving dialog
#2

It sure isn’t. but that just means that the browser detects a password being verified, which may or may not be caused by OGS.

I respectfully disagree with the security advice. Storing your passwords in someone elses cloud may be just as dangerous as saving them locally via browser. The only safe way is to remember your passwords. However in any case I would not be too paranoid about your OGS account :smiley: :stuck_out_tongue:

EDIT:
it is an old article, but just to illustrate that it is not all sugar and honey with online securities:https://thehackernews.com/2017/02/password-manager-apps.html


#3

### OFF TOPIC OF OP BUT STILL IMPORTANT ###

The danger is normally that when one tries to remember all their passwords, they invariably end up using the same password in multiple locations. Otherwise, how would you remember which password was for which site? This is the most dangerous password practice there is as all it takes is to use your email/password combo on one infected site and they can access many of your other accounts (usually including your email itself).

If you can remember 500 unique passwords for every single site you’ve ever signed up for, more power to you! But for us mortals, encrypted password managers behind huge layers of security is infinitely better than storing your passwords in exploit ridden browsers that sync to everything they can find.


#4

Using KeePassx does not store your passwords in anyone’s cloud: they are stored in encrypted form on your own computer (or on an external USB stick, if you prefer).

Much better security is also made possible by the automatically generated passwords that can be very complex (up to 64 characters, special characters, etc). :secret:


#5

That is an unfair exxagaration :stuck_out_tongue: you do not need anywhere close to 500 variants. Admitadely for several sites I do not care about (OGS not included) I share the same pass. The rest is a good mental exercise :smiley:

I am sorry, but you can’t possibly know that. AFAIK Lastpass is a closed-source software, and as proven over and over with most softwares it usually turns out that what was called uncrackable by one was cracked by someone who was not told it is uncrackable. I certainly admit that lot of the functions sound super nice, but for me the simple fact remains that you are giving all your passwords to someone you know nothing about, which I personally cannot get over.
Matter of taste and trust in humanity I guess… :smiley:

I know nothing about KeePass, so excuse my potential ignorance, but does that mean you cannot log in from anywhere if you do not have your USB stick with you? That sounds super inconvenient :open_mouth:


#6

I would not consider myself a power online user, but I have over 100 unique passwords that average over 13 characters long as you can see in the below image. I could not remember such an assortment without help, LastPass may not be perfect but I believe them far better that my trying to go it alone.


#7

The only safe way to use the internet is to not use it at all.


#8

This is true. Nothing is truly safe. But there is a rather long sliding scale between mostly safe and using lime wire :sunglasses:


#9

First of all, KeePassX is open source and cross-platform as well. For more info: go to www.keepassx.org.

As far as accessing the password database from anywhere: you can do that with a master password (that you then need to remember, of course :smile:) – but for really sensitive sites I would suggest not using just any old wifi network (such as at a bar, coffee house, etc) that might be totally insecure itself! Granted, OGS is not (IMO) necessarily in such a sensitive category.