New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Random chars password generated and saved with KeePassX.
Not even reload, plain /etc/init.d/ssh restart never caused a problem for me, and the connected session does not break (not sure how, must be magic).
For hosts I log in very often I use public key authentication. I edited SolusVM Access Key script according to my needs and host it on my server along with my public key/md5, so it's super easy to install.
For others, I either use 1Password, or Password phrases.
I usually go with something like bacon[hostname]vanillaliverpool kind of password phrases
I prefer Keepass.
Notepad and stored in a true crypt hidden volume which is unmounted anytime I leave my computer. Backed up on external which is also true crypt encrypted
@Fusioned_George
Not very useful against dictionary words based guesses though
Nah.. it will takes ages to crack until they get the right order of the right words (plus there's the hostname). It's pretty safe
I'm just using my Excell to save my billing info, my vps details, with each vps have their own password with 20chars
I have an access database which holds data on the providers, the server specs, and hostnames, ip addresses, what it's used for, etc.
Although I do keep forgetting to update it, there's a few yearly boxes I've probably forgotten about until I get reinvoiced next year.
For anything that isn't production use, I use the same ssh key to access the server.
GMail with 2FA. I understand that's not a good thing for production systems*.
*Wait, what production system would I have?!
SecureCRT
Keypair authentication, with password auth via SSH turned off. Everywhere. No exceptions.
For all my other passwords (billing panel, etc.), KeePass.
Seriously, there is no valid reason not to use KeePass / KeePassX. If you're reusing passwords anywhere, install and use KeePass instead. You do not want to get burned by password reuse, trust me.
im new to keepass and password management. so if i install on my desktop, what if my desktop got corrupted or malfunction one day?
You can safely backup your KeePass database file remotely, assuming the password/keyfile you used for it is strong enough. All data is encrypted. The ideal solution imo would be a strong master password, and a backup of your KeePass database to a thumbdrive, as well as some VPS.
This takes advantage of one of the main benefits of encryption: you don't have to trust your storage/network provider
@jcaleb I personally put my password manager's data files into my Dropbox folder which syncs and backups the data with my other computers. that way if one of my computers has issues I'll still have my passwords.
~/.ssh/config and email invoice reminders
Before keepass or passwordmanagers I used to do this:
$ echo "mypassword+address.of.server.org" | shasum
a784dab573dfa1efbfbeb0fdcfb8f8c7b1921cc5 -
My secret password, plus the domainname or the server address. Works quite well, had it in a GPG encrypted text file...
@Raymii
That's pretty much exactly what I do, I even wrapped it up in a little script for convenience. Seems to work alright and I don't have to worry about keeping any files secured.
Tatoo-ed the credentials on my P*nis
hey @DotMG that doesn't leave a lot of room does it?
@24khost ATM it is sufficient for the number of VPS I do have. As I'll purchase more and more VPS (like @ErawanArifNugroho), I think I'll then consider these spams about pills, surgery, books, ...
i use a certain web script for my SolusVM logons. the reset are stored in a encrypted container.
1Password usually works well for me
a784dab573dfa1efbfbeb0fdcfb8f8c7b1921cc5 -
That's pretty much exactly what I do, I even wrapped it up in a little script for convenience. Seems to work alright and I don't have to worry about keeping any files secured.
That's actually not much better than just reusing a password. If someone were to bruteforce that hash, he would have your master password, meaning he has access to all sites you use anyway.
Might as well just reuse one password everywhere then.
I pull a random subset of a string from the GRC password tool and store it in keepass (password and key) in a dropbox folder.
https://www.grc.com/passwords.htm
I'm not quite sure that using GRC is more secure than using the built-in password generator in KeePass. Using GRC, there is the possibility, however minimal, that they save the generated passwords. You have no way to check.
Its a little more secure than that:
First off, I reencode the binary hash using base64, not only making it a stronger password but it also no longer looks like a hash.
Secondly, I usually don't use the full hash, just the first sixteen digits.
And finally, someone would have to be targeting me specifically to bother going to all that work cracking the hash and guessing the other services its used on. At that point, there would probably be much easier ways to get into my (mostly worthless) stuff.
The whole idea is just to avoid being an easy target if someone hacks a provider and dumps my login info onto the net.
No, it doesn't. Using a common key-less algorithm to encode your data will add practically zero security.
Security through obscurity is not a valid form of security. Not to mention that base64 is incredibly easy to recognize.
Or have a lot of computing power (say, someone with a Bitcoin mining grid) and just run through everything that looks like a hash. Incredibly easy to automate, and cracked in no time.
Then use a proper method that isn't prone to the above vulnerabilities/weaknesses, like storing passwords in Keepass. It's not like it's really any more effort.
@joepie91
Its very true, but my goal was simple and convenient security, not something up to NSA standards. And its more convenient to me to use a 48 line shell script than a graphical program with all its dependencies.
Plus storing a list of passwords on my system means that IF it were compromised, say, by a keylogger or rubber hose, not only would the attacker have all of my passwords, he would also have a list of all the services they are tied to.
So depending on how you're being targeted, Keepass could be less secure than a simple hash generator.
NSA standards would be quite a bit more extreme. This is just proper password security.
http://sourceforge.net/projects/kpcli/
Not really. If someone were to keylog your machine, they could just as easily monitor the input you give to that shell script. It actually gives them more useful information - instead of just getting a list of services, they get a list of services you actively use.