Hacker News new | comments | ask | show | jobs | submit login
Ask HN: Does anyone use an alternative to a password manager?
113 points by BinaryIdiot on Jan 2, 2018 | hide | past | web | favorite | 241 comments
As time goes on I find myself, both in my professional and my personal life, adding more and more usernames and passwords I need to remember. I have over a 100 accounts I need to keep track of and access typically access at a whim.

Since it's insecure to both use the same password over and over or to modify a single password per service (e.g. appending "fb" or "tw" etc to a password when using a different service) I have found that a password manager is literally the only thing working for me.

However, as break-ins become more and more frequent, I am concerned that my single point of failure, my password manager, could become compromised. I mean it seems almost inevitable, right? An attacker wouldn't even need to compromise the service or app you're using but your phone instead to gather the same data.

So I'm curious to those of you who use something other than a typically password manager: what do you use and has it been successful or a pain?

I am shocked to see a tech literate audience recommending a single algorithm based password. This is pretty basic stuff. Minimize attack surface!

With a password manager, your attack surface is your email, and the password to the manager. You can focus your efforts on securing those two things with 2fa, a hardware device, etc. Every other password can be extremely difficult, and only grant access to an individual service.

Compare it to an algorithm, where your attack surface is "every service." If one password is compromised, they all are. Then you have to change them all manually, and remember what's been changed, when.

In an age of great open source options like bitwarden, Keepass, and unix pass, there's no excuse for using an algorithm anymore.

> If one password is compromised, they all are.

The point of an algorithm as opposed to a single shared password is that this isn't true. With a basic algorithm, you can avoid automated attacks based on password dumps. With a more complex algorithm, even a determined attacker targeting you would have a really hard time figuring it out. Regardless, it probably would need to be a few passwords, not just one. Also, any good web service will implement rate limiting and other protective measures, so brute force attacks are unlikely to work.

The counterargument to "minimize attack surface" is "avoid single points of failure", and that includes both attacks and accidentally losing access to all of your passwords. What if I drop my phone and/or laptop in a lake? What if I forget my master password somehow? What if someone installs a keylogger and gets my master password? What if I accidentally install a malware version of the password manager client that steals my password?

Not that I necessarily think that an algorithm is better overall than a password manager, but I think it's not as obvious a decision as you're claiming.

The keylogger risk is an issue for both password managers as well as those who generate passwords based on an algorithm applied to a single master password.

Threat model analysis is a complex topic and not everyone has the same threat model to take into account, so there are plenty of aphorisms on every side and the best advice will almost always be "your mileage may vary" and "take with a grain of salt".

I see an algorithm as a single point of failure of its own, in the case where a determined bad actor has direct access to your algorithm. At that point you've traded potentially complex passwords for intentionally weak and guessable passwords. Yes, rate limits and other protections may mitigate the threat, but once an attacker has access to your algorithm, they quite possibly have a much easier password cracking game to play.

From that perspective, and from the other direction, most algorithms that I've seen make me a single point of failure. I still have to remember a set of weak passwords for every site I use. The algorithm may work to step up the overall complexity and entropy of the weak passwords I use, but I still have to rely on somewhat faulty memory for a series of passwords. Even if that information is easily accessible there's still a lot of variables and forgetfulness that can take place and sometimes it would be me trying to password crack my own passwords (Did I use "facebook" or "fb" or maybe it was "facebook.com"? Was this was password rotation number 12 or 13 or second quarter 2015?). Add in the encoding difficulties to make sure that you can generate a password within the arbitrary complexity requirements of sites themselves (I need a weak password that generates a strong password with no SQL keyword symbols, but at least one capital letter, one emoji, and at least one platitude to an elder god), and you really are just trading one set of complex passwords for an equally arbitrary set of weak passwords (to get the right output I had to use "facebook@2015", transpose odd characters into the Unicode astral plane by divination, and truncate the output to the first 12 code points).

A benefit to a password manager is that my own faulty memory isn't itself a part of the threat model. I don't have to maintain a list of weak passwords and/or additional "clean up steps" to feed to an algorithm.

On the flipside, I don't know anything about my Facebook password inside my password database. I just copy and paste it when it is needed. There are threat models where that is a benefit. If I'm asked, on the spot, in a location without access to devices which I trust to produce my Facebook password, I cannot, because I honestly do not know it. A judge or over zealous customs agent can't make me remember what I don't know. How likely of a threat that is, I don't know, but it's a threat model that an algorithm can't pass if a judge considers your weak password and knowledge of your algorithm as a password that you know and must divulge. That's of course entirely speculation, there's no US precedent on that yet, but on the flipside there are US precedents protecting "I don't have the right device on me", and most bets are off when your threat model includes a government actor specifically threatening you. But it's still a fringe benefit to certain threat models, ymmv.

Not to make a long comment unnecessarily longer, but there are mitigations available based on your threat model to keep a password manager from being a single point of failure:

* Use multiple databases with different master passwords for different threat models/risk level assessments/use cases.

* Explore options for synchronization systems based on your threat models. For instance, I might have a low risk database synchronized with OneDrive/GDrive/Dropbox, but keep riskier databases in various combinations of Keybase file shares, or Resilio Sync encrypted shares, or a lone self-destructible USB thumb drive primarily kept in a safety deposit box. Similarly many file sharing systems allow you the means to explicitly manage which devices have which files/shares, and you can use that to your advantage as well.

(I've stuck with KeePass over the years because it offers a lot of flexibility in how I maintain and sync my constellation of password databases.)

It doesn't make sense to talk of an attack surface without talking about the kind of attack.

Unless you are a high value target, there is a pretty good chance no one is sitting specifically bruteforcing your passwords.

Your biggest source of attack is then a password dump, where you are one of the many millions compromised and now your other accounts (if you reused the same password) are now vulnerable to automated attacks. Even in this case, no one is going to sit around trying to figure out your password algorithm.

Even when it comes to compromised accounts, not all of them are equal. For most people, their primary email, banking and social media accounts are paramount, because they are fundamentally linked to their identity (I would be horrified if my FB or GMail were to be compromised, but only mildly miffed if my etsy account where I have made one purchase were to be compromised).

All in all, it seems that the most important thing to do is to never reuse a password for ANY of your primary accounts (email, finance, social media, other forms of identity). Ideally for those, don't use an algorithm either. And set up 2FA for these.

And for other accounts, preferably never reuse passwords. Whether you use a password manager to manage them or an algorithm should not make too much of a material difference.

No, but there is malware out there that specifically targets your password manager files.

So, that is totally a legit concern.

>Unless you are a high value target, there is a pretty good chance no one is sitting specifically bruteforcing your passwords.

But... I don't want advice from plebs, I want advice from big winners!

you are getting advice from big winners... for plebs :D

Algorithmic password generation from a single master password works fine up to the point where it doesn’t.

What happens when you run into a site that won’t accept your algorithmic generated passwords?

Do you fall back to a traditional password manager?

If so, then you’ve just increased your attack surface area by an order of magnitude.

What happens when you need to change your master password because of a compromise, and now all of your passwords have to change at the same time?

> What happens when you run into a site that won’t accept your algorithmic generated passwords?

You maintain a public file that has metadata that is meaningless to an attacker. Metadata such as min/max length restrictions, etc.

I think you're assuming that the algorithm must be reversible, but I don't see why. For example, hash(site|strong_master_password) isn't reversible under reasonable assumptions.

If the algorithm is not reversible, "one password is compromised, they all are" isn't true. Only if the master password is compromised, then all your passwords are (but this is exactly the same with any password manager.)

The one thing that personally I don't like about vaults is availability of my passwords. You need your password manager (i.e. the app) to get your passwords. I've had multiple situations, typically when traveling, where I didn't have access to my devices, and thus I didn't have the app.

In your scenario, what happens if you need to change strong_master_password? I’m assuming you now need to change every password on every single site or else remember your new strong password and your old.

If you have to change your master password, you have to change all passwords.

With a vault, if you ever “leaked” your vault file, it’s the same. To me, it’s hard to think to a realistic case where your master password is leaked, but you’re 100% sure your vault file is not.

Absolutely! I've been using Keepass soccer 2011 and I would highly recommend it to anyone. It's available for Windows, Android (Keepass2Android), Ubuntu Linux (Keepass2) and I have the encrypted database synchronised via Google. Seamless setup and operation. A must have in this modern age.

On Linux I have recently switched to KeePassxc because it is screaming fast, doesn't require hundreds of megabytes of mono libs, and it is maintained.


> Compare it to an algorithm, where your attack surface is "every service." If one password is compromised, they all are.

My password for Amazon is "f3cfcb6ZUZ^". What's my algorithm?

Doesn't really matter because it's too short. Crackable in 10 seconds if the password hashing is poorly implemented. (I assume Amazon implements good hashing, but that's besides the point. Your algorithm generates passwords that are just a bit too short.)



I use Linux, Windows, and Android. I decided on Pass [1] and it's been working really well for me. I have a dedicated PGP key that encrypts all my passwords, and they're stored on my own git server.

On Linux I use the pass command, on Windows I use QtPass [2], and on Android I use Password Store [3] and OpenKeychain [4] (for the PGP key).

My "master password" is the password for the PGP key, and I type it each time I want a password. Git keeps everything in sync. If one of my devices is compromised, you still need the password for the PGP key. If my git server is compromised, you'd need the PGP key (which isn't on the server).

[1]: https://www.passwordstore.org/

[2]: https://qtpass.org/

[3]: https://github.com/zeapo/Android-Password-Store

[4]: https://www.openkeychain.org/

Why use a PGP key instead of symmetric encryption (either with a random key encrypted with your master password, or a key derived from your master password)?

Insertion/generation don't prompt you for your password.

An OpenPGP key can be stronger and securely carried around on a smart card (e.g. YubiKey).

I use an algorithm. In short:

1. Memorize some base password 2. Memorize a way in which you mutate that password based on the name/type/other of the service logging in to.

Eg. Hunter2 becomes eHunterG8 Because my example algorithm cares about Google's first letter, length, and service type: email.

It allows every password to be different but you only memorize two things. It is meant to be a "good enough" solution that is much better than using the same password for everything, but naturally is worse than using significantly different passwords.

I've used this for a few years to great success. The one issue I have is I sometimes have to try multiple times when one account is many types of services.

Doesn't this compromise all of your passwords if one of your passwords is discovered? Sure, it would take a bit of thinking to realize what each part refers to and even realize that your password has some sort of generation algorithm, but it would be a bit more secure to hash that password in some way.

That's why I like using LessPass (even though people talk a bit of shit about it whenever it's mentioned on HackerNews). I have a single master password, the rest of my passwords aren't compromised if I accidentally expose one of them, and I can log in to any site from any device with a browser. Of course, use 2FA when you can, but it's nice to have a secure first layer of defense.

It’s very unlikely anyone will take the time to figure out your pattern unless you’re a high value target. If your password just gets exposed as part of a credential dump among 100 million others then the thieves will automate their attempts to try your password other places and it will fail.

If you’re a high value target then you shouldn’t do this

Lesspass is the bomb and the way forward. Never had an issue with it and never had to give any internet bassed app or distrubted app my "master password/s". So strongly recommend.

You can always enhance the algorithm. For example, use multiple base password, and arrange them based on the servicename. So hunter2 for everything that starts with h or a-c or a-k or with 5 characters. It's your choice how complicated it becomes. Additionally you can mutate the servicepart. Like break it up every n characters, or every syllable and add some service-specific value in. Maybe use the lenght of the servicename multiplied with the number of syllables plus 4. You could also use a random characterstring, lets say the ones from numberrow, and calculate entrys whith those numbers. Like, move by n syllables for every char you add. It's not really hard to make a rather complicate algirithm with the tools you have around you. It's just cumbersome to remember and execute it in case you need it. So unless you really fear to be personal targeted, it's not worth the pain.

> Doesn't this compromise all of your passwords if one of your passwords is discovered?

I've been trying to understand password managers for a while. My workplace forces us to use one.

But what you've said doesn't make sense. If your "master password" used in the password manager is discovered, then all your passwords are compromised.

If my laptop or phone gets stolen and someone knows the password from my password manager, then I'm done for.

I choose to follow the algorithm approach too. Even though it's BS.

Yes, but that master password should a) be incredibly secure (mine is longer than 32 characters) b) only be used for your password manager and nothing else. If, instead, you reuse a password in several places, you're only as secure as the weakest link in that chain.

I run lastpass, I only use a unique password for that application. I also rotate that password every few months.

I also have it set to 2FA with google authenticate, so I need to have my phone everytime I log in. It takes longer to login but its worth it

So even if my password were compromised by a keylogger / brute force, you would still need to have access to my phone.

I don't use lastpass on my phone so that's not a nonissue for me. I don't link my phone to my computer at all (airdroid, teamviewer, etc). You would need to have

- My master lastpass password

- My unique phone password and my phone

Both events are kind of unlikely to happen. I worry more about lastpass leaking passwords than me being hacked at any point, since this is the major disadvantage of using lastpass over keepass.

lastpass is nice since I can just make autogenerated throwaway passwords and have a way to take notes on passwords I change over time

I do basically the same thing, and have for years also. My only frustration with this is that with some sites, due to arcane password restrictions, the algorithm either isn't implementable, or is only implementable in such a way I won't remember. So 90% of the time the strategy works great, and in 10% of the time it fails due to idiosyncracies of the sites involved.

I hate the stupid restrictions sites place on passwords. There should be almost no restrictions.

I have the same issue. My full password is over 20 characters, but some websites restrict to less than that or don't accept the special character that I use.

I take that as a warning sign not to use such a site.

re: most banks

I have the exact same issue, mine also being over 20 characters which used to be above the length limit on a Microsoft account used to be 16 characters, so glad they changed that

The Algorithm is a great solution - breaking the pattern would require password leaks from 3-4 different sites, and a human to spend time puzzling over it. For automated bots the passwords look unique.

What's your solution for annoying sites that require changing your password every 3-12 months, and not reusing previous passwords? If eHunterG8 becomes eHunterG9 and then eHunterG10, how do you remember the number you are up to?

> What's your solution for annoying sites that require changing your password every 3-12 months, and not reusing previous passwords? If eHunterG8 becomes eHunterG9 and then eHunterG10, how do you remember the number you are up to?

Good question. I just start with 2 (yes, that's weird) and then increment every time or choose the symbol so I eventually exhaust. This is the same question for unique password per different types/groups of websites. The good thing is more websites have abandoned the annoying security question/answer when it comes to forgot password/forgot username. Just straight to SMS/email. For example I cannot remember my cable provider's online account password. The policy is just ridiculous, so I use "forgot password" every single time. Email only, quick and simple.

Please for everyone reading this - please abandon security questions as a requirement and stop being so hard on password requirement such as limiting the length (Twilio I am looking at you, yes). Just ask for a long password and give hints to users how to choose a good password. While the argument for complex password is to increase the search entropy, let's spend more time on securing your server and mitigating common attacks. Users will probably just append a number. So "myAwesomePassword$" is easy to try once "myAwesomePassword" is compromised from another service. Educate your users.

Let user be responsible; I have my "secure" complex rules for password, let me be in control, I don't want to bend to meet your requirement.

Another alternative is always ask for a one-time password (but a lot of users will find that very inconvenience). Choose one.

Ehh. Any password cracker worth their salt would be able to use rules to break hashes created by "The Algorithm", especially easier once the base word has been figured out or supplied by a single plain-text leak.

Yes, the algorithm is breakable with a few examples to figure out the base word and the pattern. But this requires human attention at your personal algorithm.

Unless you are enough of a celebrity or public figure to be personally targeted, nobody will bother. A password leak is going to have 100 million accounts in it, at least 50% of these reused without modification at other websites. Any automated bots and spammers will just try the exact passwords on other sites. If it doesn't work, they move on to the next account and password, instead of trying to guess modifications of non-working passwords.

What do you do for forced password change requirements?

Does your threat model include anything NOT bulk, ie where a human would see a password and guess the pattern?

Have you tried any of the password managers that have integrations, to automate password changes in case of failure?

Have you ever heard of the security concept of minimizing your attack surface?

My algorithm gives me flexibility to increment the password. I've had to do this before and almost all the time, I use it enough that I simply remember, "oh this banking site is incremented twice".

I have no opinion on password managers. It's just something I don't want to commit time to. My solution is easy and requires no management on my part. Ie. no software or hardware or anything to maintain.

I'm a fan of mixing this idea with something like 1Password. Obviously depending on the application, the security increases or decreases. My approach is to memorize multiple base passwords though & then mix it with some random gibberish. So I might write my password down like this:

KXl2h!H (H)

That would tell me that the password is KX12h! plus whatever the base password for H is. My hope is that unless someone was really targeting me, I would be skipped over as not worth the effort.

This way, even if someone broke into 1Password or one of my other password managers, they still wouldn't have the password.

The part I struggle with most, is how/where to store these & Authy/Google Authenticator tokens in a manner that they can be delivered to specific people in the case of my death without decreasing security.

>The part I struggle with most, is how/where to store these & Authy/Google Authenticator tokens in a manner that they can be delivered to specific people in the case of my death without decreasing security.

Something I've often wondered about...

I recommend reading about Shamir Secret Sharing. You could have a system setup such that (for example) you give 16 friends each a code and 9 of your 16 trusted friends all have to work together in order to get the original secret.

I use the same algorithm and am very happy with it.

This is very very similar to what I do and it works out great!

I'm a bit surprised at all of the people suggesting "remember one password, and mutate it with an algorithm based on the website name". That means that if you have to invalidate one password for any reason, you have to change all of them. On every service that you use. Do people really do this?

Yes, I really do this. No one said that this method isn't without its disadvantages.

Yes. There are some passwords that I have to remember since putting them into a password manager is not possible.

In what situation would putting them in a password manager be impossible?

You need to somehow have access to the backup of your database (in my case KeePass) in case you lose it. If you put the password of the access itself in the manager you are in a deadlock. It is much easier to end up in a deadlock situation like this than one might think. So carefully play through restoring your backups in the worst case scenario.

In my case, I am using Google Drive as my Backup Storage. If I were to put my Gmail Password in the manager I'd be locked out in the worst case and would not have access to my backup.

You most likely already have another single point of failure: the email account that you use for "forgot your password" resets. So, I make that the only point of failure by choosing long, secure passwords and not really trying to remember them, resetting the password every time I need to log in to a rarely used account

* descriptive, long passphrases, that I usually have no trouble remembering. e.g. Facebook could be "I talk to my friends".

* salt to make stupid password rules happy and to make it somewhat safe to write down passwords. e.g. "mysecretsalt42$". This gets appended to all passwords and doesn't get written down anywhere.

* encrypted text file, used rarely when I forget a password. e.g. `vim -x socialmedia.txt`. I find this a bit better than Keepass or pass because it's not one obvious attack target (both the file and app).

* optionally, a paper backup

I might adopt this strategy. I really like most aspects of it.

If you use service from time to time (or have to login rarely, facebook, for example) then be careful, you'll forget that passphrase.

We really need passchange.js: an open source collection of headless JS scripts that can programmatically change your password on a given website. Then you would continuously rotate _all_ your managed passwords as well as your master.

Not a panacea, but significantly minimizes the length of a theoretical breach.

I have been working on-and-(mostly-)off on something like this for a while: https://github.com/scoates/celobox

Wish I had more time to spend on it.

This is a fantastic idea, just a simple config file which describes how to change a password for a site, which different programs can then interpret differently.

Thanks. Yeah; that's the idea for bootstrapping. At some point, I'd love it if sites themselves published APIs or at least manifests (similar to /robots.txt or favicon or a URL in a HTTP header, etc.) of how to programmatically change passwords.

A real problem I ran into is that a full browser is required for many operations, now. Instagram.com, for example, is completely opaque to non-DOM+JS browsers. Right down to the shamefully empty `<noscript>` block.

I don't think this is a good idea.

Please don't get me wrong, it would be great to have a service to centralize all your passwords including rotation, but this already exists. It's Google/Facebook if you choose to use oauth to sign in into other sites.

If this kind of api/js would exist and work, an attacker could exploit it to automatically change user's password.

Note that changing password is often used also as a simple mechanism to log out all the sessions (simple = easy to understand for the end user).

In summary, I really hope all website would do all they can do to protect their change password endpoints from automatic tools.

For me, passwords need to exist and need to be remembered, because if this is not the case, then many other security assumptions fail. With this I don't want to say that the current state of affairs is good, I definitely think that we need to invest in more mechanisms to help users remember their passwords, or reuse them in secure ways.

pass-rotate[0] by @Sir_Cmpwn does this, is open source (Python), and accepts pull requests to add more services.

0. https://github.com/SirCmpwn/pass-rotate

This would be a great feature for 1Password to adopt.

I’m not sure what you mean by “as well as your master”, though. If your master password is programmatically changed, how would you be able to access any of your stored passwords?

Dashlane can change your password on a lot of sites. Unfortunately they do it server-side.

I used a small script to generate my passwords : I choose a simple password, I append the domain and I hash the string. I take the first 15 characters of the hash as a password. I find it quite convenient and easy to remember !


This seems like one of the simpler solutions on here, what's your process of dealing with sites that require special characters etc?

I add a special character at the end when it's needed

This works, but doesn't scale.

The problem is, the login form doesn't remind that a) a special character was required and b) what characters that particular site thinks are "special".

FWIW, it's really rare for a mixed-case alphanumeric password to be rejected. Typically it's only banks and corporate logins. Those are sufficiently special-case to make an exception.

Downvoted! :) Amusing for actual lived experience to be denied!

(Data: I have 72 logins currently cached in Firefox. Every single one of those sites accepts 10-character mixed case alphanumeric passwords with no extra special character requirements. About once a year I come across a site that needs one.)

I've checked my password manager and I think your stats roughly match what I see - about 1 in 100 sites seem to have smartass requirements to passwords, others (correctly) don't care.

Still, I'd say it's inconvenient to have "special cases" to remember about. Even if they're something important, like banking.


Someone had mistaken downvote with "I disagree" rather than "unhelpful". Upvoted you, as I think your comment was helpful and contributed to the discussion.

But this is going off-topic (and discussing votes is something we should refrain from)

You may want to have a look at MemPa (also commented above) [1]. Please LMK what do you think, info in my profile.

[1] https://hackernoon.com/mempa-a-modern-deterministic-password...

So... your passwords are 15 characters of the combination 0-9, a-f?

Yes. But I do add a special characeter and/or a maj at a certain place when it is needed

Smart of you to use a throwaway account :)

Why not use base64 instead? 64 random characters are much better than 16.

    $ perl -e 'use Digest::SHA "sha256_base64"; print sha256_base64("master_password mail.google.com"), "\n";'

That's what I ended up for MemPa (described above). The idea is that I can't read binary sha256 output, and everything I know that can translate in hex can also translate in base64 leading to shorter secrets.

For the special chars, I chose the Safari way of encoding, i.e. I only extract alpha-numberics from base64, and add a "-" every 3 chars. This also improves readability. I assume that if Apple chose this way of doing, either they studied it and/or sites will conform to that.

Use KeePass. It's FOSS, has a great extension for FF, and stores your passwords in a local, encrypted file. No cloud necessary.

I also use Keepass, with a complex master password that I've memorized. I keep the file in my Nextcloud instance so that it's synced between my two Android devices and four Linux machines.

Similar setup, MacPass (a new implementation of keepass for the mac), ChromePass for autologins, and KeePass2Android on my phone. Works well, not perfect but enough for what I want.

This is what I use, but also use Syncthing to sync it between my laptop, phone, and raspberry pi and fileserver (for backup).

It works very well from my experience.

I use Keepass also, more specifically https://www.keepassx.org

I also use pass and sync it with my android phone using OpenKeychain to manage GPG keys and PasswordStore as the actual password browser. Copy/pasting randomised passwords on both desktop and mobile is easy once these are set up.

I use the same, stored with git to allow me to share the "store" across a small number of hosts.

If you use git to store your passwords you can use that to see the age of entries neatly too:


I decided to try pass a few months back. Absolutely love it. It is so simple, and builds off existing & proven tech of gpg & git. Can't recommend enough!

I use a simple 'cipher' that makes new passwords easy to remember and remains relatively secure without the need of a book/service.

I have a file of the first word that comes to mind for every letter in the alphabet. Then my password is created based on some features of the site.

I.e. eBay has 4 letters so I could choose: 'Elephant_4_Yankee'

The delimiter is up to you and you could just as easily choose every second letter or whatever.

Yes, it does mean my Netflix password is a bitch to put in but I know it off by heart.

Second this. Domain should generate chiper for a password. You get unique password for every website and you dont have to remember it

If I’m understanding your suggestion correctly, it contains an attack vector where Provider B can obtain your password for Provider A by getting you to sign up for a new account and presenting the same “cipher” as Provider A.

Only problem is this would allow some pretty simple dictionary attacks if you use the method described.

"Just use a password manager" is actually a simplification for doing proper threat modelling because most people don't bother thinking about it.

For each site you have to consider; what is the worst thing that could happen if somebody gain access to that account? Do you have a meaningful online presence on the website? Did you enter private information that you don't want to go out? Did you provide your credit card to the site? It would actually be useful if sites where classified by the type of information and access that they require.

Another short answer would be: memorize your computer, email and password-manager passwords. Use the password manager for day-to-day sites. Add a second factor for juicy targets like net banking. For all the other sites, generate a random string and throw it away. Use password reset the next time you want to log into it.

I use https://securemypw.appspot.com (because I wrote it).

I need to remember just 1 good password (that I don't use anywhere else). I use it to encrpyt different passwords for different uses (gmail, banking, etc). I put the url with encrypted password in my bookmarks and a google doc (to share with my wife).

To hack me, the attacker would need get both the link (from my laptop's bookmarks) or from the google doc ... and then would need to guess the password to decrypt it.

I know it doesn't answer the question, but it does hit at the heart of the issue. I use Enpass - the only password manager I could find that doesn't store your info for you--because I was also concerned about breakins and single points of failure. I am able to keep my entire password collection on my local hard drive and in whatever online storage tools I'm using currently (onedrive, google drive, etc). This seems to fit well while removing the issue with online password managers.

I'm surprised at how little advocacy there is for 1password.

Yes, it's a single point of failure (probably more, depending on how you choose to define them) but it is invariably more secure than me remembering my super-nifty password algorithm.

It's not perfect, but I trivially generate very long passwords for every service, and have to remember the master password only of my email and my 1password account.

If anything is truly important, it will have 2 factor authentication.

If someone has access to my unlocked physical machine and an unlocked 1password UI, I'm screwed. Additionally, they could use the wrench approach [0] to gain my credentials.

This is not a use-case I'm actively trying to prevent. Nor is protection against state-level actors targeting me in particular.

Further benefit of 1password: my wife and I both use certain shared logins to access things like credit card accounts.

Instead of me having to get her on board with my password book, or special algorithm, I can just move a login into our shared password vault.

I suspect most people reading this are in a similar boat - we're more than happy to pay a few dollars to hire millions of dollars of specialized security knowledge to outsource this problem for us.

This is just too mundane a solution for most people to comment on.

Long live 1Password!

[0] https://xkcd.com/538/

I switched to this after being a long time lastpass user, I'm regretting it. It's visually a lot better but it is terrible at generating passwords and saving them. On both windows and mac with chrome I click the 1pass icon and click generate (nothing happens). If something happens it shows up as a new entry if I go into the vault with no site or anything just a random string that I then maybe copy paste? (ugh). There also is nothing that pops up that lets me alter the specifications for the randomly generated password. Lastpass did an amazing job of this, 1password just seems broken all over the place.

When I did the export/import it ruined tons of passwords because if it had an ampersand symbol (&) it turned it into &amp; resulting in me editing tons of passwords manually. It sucks at saving passwords too, lastpass just worked.

Plus no check on password integrity or strength or leaks. It was nice to do a scan and check on what passwords should be updated, what my duplicates are (if any), mass update, etc. So, basically I went from free but kinda ugly to pretty but broken and more $. This has been the worst trade deal in the history of trade deals, maybe ever.

YMMV but I wish I didn't switch and to move back would be another annoyance that I might do if I didn't just pay for the year.

Hm. I just checked on both of these comments, and it seems 1password manages both quite well.

re: password generation in-browser - this is working just fine for me. [0]

And re: pw integrity or strength - this might not be everything you're looking for, but it's close.

under a 'Security Audit' tab, it has categories for:

- Watchtower (logins associated w/sites that are known vulnurable/exploited)

- Weak Passwords

- Duplicates

- 3+ year old PWs

- 1-3 year old pws

- 6-12 month old pws.

I'm not trying to be a 1password apologist, but I find it to cover my day-to-day use _very_ well. To be sure, I still tweak things in the UI at times. It doesn't capture login URLs perfectly all the time. Etc. But it's pretty good.

[0] https://cl.ly/07072T0e1P2C/Add_Comment___Hacker_News.jpg

Wow, this is not at all what my screen looks like. Maybe it's the extension itself that's lacking? [0]

I don't have any of these other options either. If I click on generate password the box just goes away. Maybe I should scrap the extension and just use the mac/windows application? I was reading a number of reports about not syncing between these. If I have both on maybe it'll cause issues?

[0] https://imgur.com/a/msydX

whoa. Something is not right indeed.

I'd delete the extension and re-install from AgileBit's website, and make sure the 1password app on mac is talking to the extension.

This is odd, but good luck! Obv. their support team would help square things away way better than this random internet stranger could!

Thanks wonder_er! Apparently that did the trick. I'll give this a fair shake now and maybe my harsh comments will be irrelevant soon. :)

it is terrible at generating passwords and saving them

1Password used to be better at this. Generating a password was pretty obvious, it was consistent across mobile/desktop, and the save workflow was better. It’s been several versions since that was the case (v. 3, maybe?). Now I have to hunt for the functionality and then it gets put someplace with no reference to what it is.

Plus no check on password integrity or strength or leaks. It was nice to do a scan and check on what passwords should be updated, what my duplicates are (if any), mass update, etc

I know the Mac version will give you all of this. Compromised sites, dupes, weak passwords, old passwords, there’s a filter for each, and I think you can make your own. It does not appear that you get this on mobile, though.

I've been happily using 1Password 4 for many years, my credentials are encrypted and synced via Dropbox. But I hear the latest versions require you to use their cloud service, the self-hosted version is no longer available. Is that true?

I use 1Password for not only credentials but as a document vault for everything from passports, birth certificates, anything else that falls under "needed after the house burns down". It's one of the most elegant pieces of software I've ever used.

Whilst they do have a cloud-hosted subscription service, the self hosted version is still available.

How are you defining "self hosted" here?

The newest version of the Windows app doesn't support creating or opening local vaults, only storing data in their cloud.

They also no longer offer perpetual/non-subscription licenses, including for the older version that supports local vaults.

At the very least the first would be a requirement for any sort of "self hosted" setup.

And self-hosted can put the files in Apple's iCloud service, making it accessible on your phone. At least, that's how my own is still working.

Your weakest link is probably now iCloud, considering how easily and often it gets hacked...

Which is never, right? Has iCloud actually been “hacked” in the “Yahoo” sense of the word?

I ask because I use iCloud heavily. Nearly 1TB of photos/videos and now use 1Password with iCloud sync.

Has there been a large dump of iCloud credentials, allowing unauthorized access to accounts? Maybe, but it isn't publicly known.

Has Apple made mistakes when designing iCloud, allowing unauthorized access to accounts? Yes.

Indeed. But as the file is encrypted beyond what Apple implements, it is probably at least as safe as if it were on 1Password's own cloud.

This is accurate. I migrated to the cloud service when I wanted to add my wife to my account.

It was not an elegant process, and the friction kept me from following through for more than a few months.

I finally pulled the trigger, spent the time and hassle migrating everything, and am now glad that I did.

Also, you don't want the freemium business model because:

1) passwords are a serious stuff, so you want serious people to to some serious work behind your PM (AKA, it can't be free); 2) passwords are a too fundamental tool of our digital existences to have a monthly-based subscription. The idea of being locked out of your services when you can't afford to pay the monthly fee is just horrible.

agreed! In their defense, the old model wasn't freemium, it was a one-time fee. (I think it was $40 or $50 when I bought it.)

That said, over the time horizon of many years, $40 doesn't cover much at all. For the reasons you mentioned, I felt a sense of relief when I moved over to the monthly model.

I totally understand why they need/want to change their pricing model, and support it even. I don't understand why they've bundled a change in the product along with it and that's what I take issue with.

I'd happily pay them $5/mo to continue using their product as I've been using it - with local vaults, not with their cloud product.

I won't take their product for free if it comes with a forced "upgrade" to the cloud service.

My wife and I do the same which is hugely convenient. You can store more than website logins as well, such as credit card numbers, drivers license details or our passport information.

We do a lot of travel and financial witchcraft so having full access to each other’s into at the unlock of a thumbprint is extremely convenient.

We also have a team vault at FarmLogs which is hugely helpful for sharing access to singular accounts.

It’s such a valuable tool that I don’t even think about paying for it.

precisely! I make heavy use of 1pass document storage to keep high-quality PDFs of:

* passports

* drivers licenses

* birth certificates

* visas

* proof of residency

* vaccination records

* bank paperwork

* etc

We're in the same boat. We travel a lot, often for extended periods of time, and both work fully remotely. Any document anyone could want from me, for any reason, lives in 1password.

They could double the price, and I'd gripe a little, but would never imagine walking away from the tool.

(er, 1password, don't double your prices, if you're reading this.)

edit: formatting

I've used supergenpass[1] with some success, but the fact that some websites have special requirements for passwords means that I still have to memorize more than one password.

1: https://chriszarate.github.io/supergenpass/

The idea is awesome but i think it lacks usability on mobile.

On Android, it's possibly more usable than on the desktop: you send a link to the current page to the app, and it copies the resulting password to your clipboard.


I use SGP for the bulk of my throwaway accounts.

If you're worried about storing your passwords somewhere where they could be compromised, one alternative is to simply not store them:

1. Generate a long random password.

2. Use that password once, but don't make any effort to store or remember it.

3. When you need access to the service, use the Forgot Password flow. Return to Step 1.

This is admittedly inconvenient, especially on mobile, and it won't work well if you routinely use devices that cannot access your email. But...it is an alternative approach that removes the need for a password manager.

In my personal experience, this approach has worked well for services I use rarely, especially those with good Forgot Password flows or long remember-me session times.

See also: Passwordless[0] is a Node library that discusses a similar approach to authentication from the service's perspective.

[0] https://passwordless.net

I have a file on the local drive of my office computer and a sheet of paper near my home computer (used by me and my wife). When the sheet of paper is full of handwriting, I bring it to office to synchronize both list.. When my house has been robbed last year they have not found the sheet, but if they had, I could have changed all passwords very quickly. In case of fire, the backup is safe in a remote location. It is easy to carry, duplicate or destroy. The security at office is ensure by the IT service. This may be imperfect, but I think my list of password would not be the main target of an attack. At home, my wife is often present and would quickly notice if a burglar steal the list. When I go on holidays, I take the home list with me. I think it is quite successful.

> I think my list of password would not be the main target of an attack.

I used to have a little notebook with everything, tucked 'securely' out of the way. I mean, even in a robbery somebody isn't going to rifle through some junk on a shelf right? I came to think though, that in that situation of course a list of passwords is not the target but if the robber has a small amount of technical knowledge (getting more likely, these days) then the risk is that they recognize the value of something like a book of passwords and just take it along. All of a sudden, their technology aware friend has access to my bank account!

So, I use Keepass now with a long passphrase, and syncthing keeps copies of the database distributed across several devices in several locations for me and I have access from all the various operating systems that I use. I am thinking about giving the passphrase to a friend also, as I have known him for 30+ years but I do not work with him or live near him and see him only yearly or less.

Keepass-plus-syncthing is my weapon of choice also. Using your phone as one of the devices gets around the whole "bring your sheet of paper to work day".

It would be great if someone added this feature into Keepass so that you didn't have to use an additional tool. Each instance of a database would have its own key and set of linked databases. When you open the database it would sync with every one of its linked databases that is also open. This would (hopefully?) get around the problem of adding new passwords to different databases before syncing. I expect one issue might be that people tend to only log into one instance of their database at a time.

The actual attack to be worried about is that an adversary copies the sheet of paper without your knowledge. There's no need for an attacker to remove the physical list or to be a burglar. It could be someone you know.

Yes. I carefully lock my screen when I leave my office and the sheet of paper is not in plain sight.

I use a formula that I can figure out in my head and I just remeber that. I don’t know any of my passwords, but I can figure out my password when I need it.

It has problems on sites that have shitty password rules. But for those sites, i just mash the keyboard then rely on the forgotten password link.

If your PC is compromised it's pretty much game over, using a password manager does not really worsen the damage in that scenario At that level of compromise they can probably add a root cert, MITM your connections, and grab your passwords anyway.

If you're concerned, you could use separate files for different levels of security, which would give you the theoretical ability to compartmentalize the loss. But again, if you're compromised to that extent it's game over, there is nothing you can do that will allow you to operate securely on untrusted hardware/OS, you simply can't let that happen.

It's not like that's an unreasonable goal, the combination of Ublock Origin, Windows Defender, and common sense have kept my systems clean for 10 years now.

The problem is if your computer is compromised - they might get a few sites that you visit after the compromise (and before you realise/format etc).

But with a password manager - they get 100% of usernames + passwords to every site you've ever used, even if you dont visit it after the compromise...

An idea for a side project I had for some time: Use Raspberry Pi Zero connected to the PC as a password manager . Explanation: RPi Zero supports OTG and can emulate USB keyboard (in other words, it can "type" your passwords for you).

Never got too deep into this idea, but it shouldn't be extremely hard to implement. Need to create some mechanism to allow the web browser to ask the RPi for a password for a certain site, and use GPIO to connect a LED Matrix display (16x2) plus some input method to allow the user to physically confirm the password request (possibly PIN entry or a simple yes/no button for simplified usage)

Funny, I am doing something like that now, but using an smartphone with a fingerprint reader, instead of a Pi and sending the password through Bluetooth (adding USB might be a good idea, though). My problem with the Pi is that it is another bulky device to carry or loose, even the Pi Zero.

My implementation still has lots of security breaches and I don't want to publish something so fragile. I still need to implement fingerprint and time-based authentication. Therefore it still is vulnerable to MITM attacks.

As soon as I have something more robust I'll post it here.

Do you have more ideas to suggest?

Since you're already using a phone for this, why not just use Keepass2Android USB Plugin [0] which emulates a keyboard and "types" the password. Requires Android, and probably a device with kernel modules for USB HID.

You won't have to worry about the security and integrity of your Bluetooth connection and the risk of an external sniffer -- but you'll have consider if you trust the computer you're plugging it in to.

0. https://github.com/whs/K2AUSBKeyboard/

I love and use KeePass on my PC, although not on Android. Will try it, thanks for the tip.

However, a problem I have with KeePass is that I can't get my wife to use it. It is too complicated for her. Even the idea of plugging the smartphone through USB is already a "no" for her. With Bluetooth she might not even need to take the phone out of her pocket.

I have a couple scripts, 'add' and 'get', which respectively add or get an entry associated with some keys to a text file.

An example line in the text file looks like this:

    facebook password: [base64:U2FsdGVkX1/T8CoWmfDOoaapE5lGj/fqHE3s8NohnriGajnPrCzWikCneU/u7]
Anyone thinking of trying to crack that, well good luck. I removed and twiddled a few characters from it, as if it wasn't hard enough already. Oh but here's how to decrypt if you really want to try:

    echo "$data" | openssl enc -d -aes-256-cbc -a -salt -pass env:MY_PASS
That's not a script, it's just an excerpt. You'll have to guess the password. You should probably do something else with your time.

Since the text file is encrypted, I store it on Dropbox. Then I can access this from any computer where I log into Dropbox, provided I know my main password for decryption.

Later I can type 'get facebook pass' on the command line and the get script will retrieve the best matching entry, decrypt the value, and put it in my copy paste buffer ready to paste.

The biggest problem with this system is sometimes when two or more entries are a close match to whatever keywords I input, it may pick the wrong match. I need to improve it to show a list to pick from in those cases, or work on better ways to remember the right keywords for each item. Also my matching heuristics could be improved.

I use this in conjunction with a command line script for generating strong passwords. Most accounts have different passwords at this point and they are all strong. One problem with the script is I sometimes have to tweak the resulting password by hand to match whatever (generally dumb) rules are in place at a new site... when I say dumb, I mean for example, '!' not allowed, etc.

For sharing web passwords with my phone, I just allow Safari to remember them and then trust iCloud, for better or worse.

Overall this is not a pain, and pretty successful. But if someone got terminal access in my account on my computer, it would be game over... so I try not to allow that.

I do something similar: passwords created by a script, stored in an encrypted file that's only unwrapped when I'm fetching or storing something. It's important that the entire file is protected, requiring a password every single time. Like you, my biggest gripe is sites with special snowflake "make it hard to remember but keep it low entropy" password policies that preclude the original generated password. IMO we as a community need to start shunning such sites the same way we do for rogue SSL/TLS cert providers. As long as they exist, it's harder for even security-aware sites to move forward.

Why generate symbols that are not permitted anyway? You'd lose nothing by emitting the base16 encoding of the symbol.

The problem is that there is no character-type pattern - most especially not your base16 suggestion - that will satisfy every site. Many sites require special characters. Others forbid them. It's literally impossible to satisfy both with a single non-parameterized generator, and as soon as you start adding parameters those effectively become hidden parts of the domain name. Worse, many sites don't even tell you what the requirements are on normal entry (only on change). If you can't remember what particular tweaks were necessary then it's back to the good old "forgot my password" dance - making your email password your effective password for all such sites. It's easy for app developers to be careless or "clever" about their password rules, but it's a pain for users and it's bad for security.

Have you even used the internet much? Some sites do require symbols. And some sites have ridiculous rules that your suggestion would also not help with. Also, restricting yourself to the 16 characters in hex encoding makes your passwords that much easier to guess.

> Also, restricting yourself to the 16 characters in hex encoding makes your passwords that much easier to guess.

No. Entropy does not change by adding redundant bits.

The bits are not redundant. When you have a larger alphabet, you get more possibilities for the same length of password. Sure you could also have a password that consists only of 1 and 0, but then you would have an unreasonably long password. Just as you would also have for a hex password, to a lesser degree. To carry it to an extreme you could have your password consist of just one character repeated a secret number of times, and yeah, sure, in your little theory world the amount of entropy could still be the same, but practically speaking it's a stupid idea, just like using hex characters.

You really are confused about this stuff.

You also seem completely unaware that many sites have password rules that require special characters that don't exist in your scheme... lol!

Remember that your email is part of your password. When sites are compromised your email is never encrypted and when you use the same email across every site a hacker now has part one of your login. For those unlucky to use the same password across many sites, once the password is obtained it can now be used at other sites. If you have a unique email (login) to every site then using the same password becomes less of an issue as the hacker now only knows 1 part of the authentication values. Still best to use different passwords though.

I agree that browser-based password managers and password managers on Android are insecure. These platforms have huge attack surfaces.

I'm using ForgotIt? [1] because I'm its author. It doesn't have a browser interface and doesn't have a mobile version. I would make a version for iOS if I used an iPhone, but I have never planned to make an Android version, because Android devices are just too insecure. (They are theoretically secure but in practice most of them don't get enough security updates.)

That being said, ForgotIt? also has some weaknesses that are laid out in its documentation. It doesn't lock memory, so you should use encrypted swap or disable it, and its keystretching algorithm compromises a higher security margin for speed.

Depending on your threat scenario you can also keep some of your passwords written on paper in your wallet. You could also keep them in a physically secured place like a wall safe. If you're worried about targeted attacks, that's in fact the best choice for most people, since no current operating system, no PC, no tablet, and certainly no phone is currently safe from a targeted attack by a dedicated adversary.

[1] http://peppermind.com

Pen and paper. I keep a small notebook wedged under my desk and a back-up in a fire safe.

A system I've used happily for many years is as follows:

I have a function which is easily computable by hand but uses information only known to myself, which converts the website into a pseudo-random password.

Obviously I can't tell you the actual function I use as this would reveal all my passwords, but for example, you could use ROT13 on odd numbered characters in the domain name and then add a fixed string to make up the password length.

I still use the browser password store with non-critical websites for speed, but can still get into any site where I have an account from any machine by re-calculating the password in my head.

Of course, this isn't secure enough if you're someone who might be individually targeted by hackers (eg: if you work at a large company or in government) - if they obtained a few of your passwords, they could reverse engineer your password function and get into the rest of your accounts. You can mitigate this by separating the sites you use into different 'security clearance' levels (eg: those with access to your money, those with access to your personal info, etc) and having different password functions for each level.

I am at the moment also trying out password managers and searching for the best one. Lastpass so far has the best features, great password generation. But on Android it lacks a good and decent integration in finding and selecting the correct password for an app. Seriously bad. 1Password is better in this regard, but you can not swipe the 1password "click here to fill out with 1password" away. So also definetly a dealbreaker. But 1password is great at only showing the correct password for your app, after selecting it once.

Regarding the user interface don't get me started on keepass. It was recently forked into keepassxc but the chromeipass/ foxipass integration does not work all the time. Also love it if a website just shows your username already and you have to fill out the password and can't use hotkeys. (I am looking at you google) Lastpass can do it successfully, but keepass...

The Android interface was last tested a few years ago by me and it only had a notification area you had to always show. I don't know if it is much better at the moment.

Regarding your password security: Lastpass itself encrypts your passwords and hashes them thousand times. You can also manually adjust the hashrate to even more. So even if lastpass would get cracked. You would have to try out every possible hashing number with every possible password combination. So thats a plus. Well compromising your pc and installing root would be your least concern. It would be easier to steal your phone, get your fingerprint and unlock your database this way.

You can never be 100% secure. But have to choose your best way of doing it.

Also i am open to suggestion regarding a great password manager for android. Will have to try out keepass and dashlane again.

I would suggest Bitward[0]. I used Lastpass (premium) for 3 years but when I switched from Chrome to Firefox Nightly a few months ago I learnt that Lastpass didn't have a web-extension for Firefox (it was the old extension which wasn't compatible anymore). I waited a few months hoping they would release it quickly since there's very little difference between a Chrome and Firefox extension but nope. So I canceled my plan, exported my data to Bitwarden and went with it instead. I haven't been disappointed.

[0] https://bitwarden.com/

There is a lastpass extension, including the binary version, for firefox:

LastPass Firefox Toolbar Version: 4.2.3 Built: Mon Dec 04 2017 13:51:36 GMT-0500 (EST)

Binary Component: true (Native Messaging version 4.1.44, built Nov 16 2017 23:33:27)

Is it broken upstream in the nightly build, but not in the stable build?

> a website just shows your username already and you have to fill out the password and can't use hotkeys. (I am looking at you google)

I don't know about mobile (especially Android), but at least on Google's authentication page, even though it only visually presents the username field, the password field is already there and is filled out by 1Password.

Chromipass/Foxipass is pretty bad, but Kee for Firefox is amazing.

I used an algorithm previously, which was a hassle at times and probably not as secure as I was telling myself. This was until I joined Bluink and discovered Bluink Key.

Bluink Key is a secure (nontypical) password manager that encrypts your passwords locally on your smartphone and automates logins on your computer via a Bluink Key USB device. Nothing is ever stored in the cloud.

Bluink Key is impractical for attackers to target because they need physical access to your phone, they need to know your phone's PIN, and they need to know your master password to Bluink Key. This is very difficult to pull off assuming you usually have your phone with you and have a decent PIN/master password.

Bluink Key is also relatively unprofitable for attackers to target because a successful attack would only yield passwords from one individual, whereas a successful attack on a traditional, cloud-based password manager would yield passwords from millions of users.

Bluink Key is a two-factor authenticator as well (FIDO U2F and OTP).

Here's the website if you're interested: https://bluink.ca/key

Don't store your passwords anywhere, have them be determined by generating a unique password based on the service name and a master password with an added salt, this is similar to other proposed algorithm methods except more secure because your unique salt is used in addition to your master password, so even if someone guessed/learned your master password (e.g. social engineering) they would not be able to generate the same result passwords for services without your unique salt that's only located on your device(s) which should (hopefully) be physically secure.

This way you only need to remember one password (master) to re-generate your password for any given service, and nobody can replicate the resulting service passwords without knowing BOTH your master password and your salt.

I wrote a proof of concept a few years ago, it's pretty outdated and generating word phrases would be better than just hashes, but it conveys the idea: https://github.com/wyqydsyq/ysnp

As someone else did (deep in a comment thread), I'd recommend MemPa, an algorithmic password generator that uses one master password plus the site and your username to generate (or recover) your password.

Using MemPa (which is basically one line of JavaScript), your passwords are always hard to crack, retrievable with one password and yet never stored anywhere so there's no tempting honeypot for hackers to target.

The original article is here: https://hackernoon.com/mempa-a-modern-deterministic-password... (There are links to iOS and Android MemPa apps, too.)

I've also wrapped the algorithm in a single-page web app that you can copy to your own site or thumbdrive to make using the MemPa algorithm easier. https://codepen.io/jones1618/full/eeqBNG/

I thought this was a great idea to the point where I put together a Chrome extension to try it out a few years ago.

In theory it's solid but in practice, websites with arbitrary (and foolish) password requirements means your generated pass is likely to not be accepted. You can add fields for tuning the presence of non-alpha and capitalised characters but then that needs syncing and at that point - the benefits aren't really there.

I think I share your same concerns: I don't want to rely on any single application for my entire security (and some passwords are my entire security).

I recently blogged about the algo I use [1], it's a simple deterministic base64(sha256(.)), which is easy to remember and apply everywhere.

The post was pretty successful compared to my usual views/comments, and with a group of friends (all former researcher in security) we started building a MemPa [2], which we just released for iOS/Android.

[1] https://hackernoon.com/how-i-manage-my-passwords-technical-v...

[2] https://hackernoon.com/mempa-a-modern-deterministic-password...

What do you do for situations where a service has force-expired your password?

In my personal case I have no such passwords.

This said, you can use the counter. The counter isn't necessary an incremental int, you can also for example use yymm if you want to "auto renew" your password every month.

So far we haven't implemented anything in MemPa, but we were discussing this last option. Would be great to hear what do you think.

I use a script that generates passwords based on a master password and a "site tag" (originally used for web based logins, but the site tag can be any word really, eg "somepieceofsoftwareyouuse").

You can find a web version here: https://milliways.cryptomilk.org/passhash.html You can save the page locally (it's only a piece of javascript), or extract the functionality to build your own command line tool with nodejs from it, like I did.

(not my code, and I shamelessly grabbed the pieces from the js code for my own fork of it)

This way I have a new password for every use case but only need to remember one master password, which should be pretty hard to reverse engineer. I hope.

This might sound like I'm trolling (honestly not) or trying to seem superior (Again, really not), but I try to simply use long passwords and memorize them. I'm fighting back against what I perceive to be the erosion of memory by my increasing dependence on modern technology. We don't need to remember stuff anymore, we just use this algorithm or that password manager. In the past I've used keepass, and I keep that as a backup for rarely used things, but increasingly I just try to memorise long passwords or pass-phrases for the key services that I use every day. My credentials for google, paypal, amazon, github, dropbox, onedrive, online banking and more are all just memorized rather than stored.

I have a folder with encrypted text files containing a password for each service. It is available locally and backed up to the cloud (with another layer of encryption). The key is in my head, no backup.

A script lists all files through fzf[1] which lets me find and select the right one very quickly, then copy to clipboard (expires after a few s). In a laptop the whole process of switching to terminal and grabbing a password takes a couple seconds, slightly longer on an ipad due to app switching.

Downside: no access via mobile (though I could have).

[1] https://github.com/junegunn/fzf/

I have a plain-text file storing various important information, amongst it passwords, on an encrypted LUKS volume at a server running in my basement that I can access via SSH from anywhere in the world. The "password manager" for that is a simple bash wrapper around an awk one-liner that's called `secret` and placed in my $PATH.

  [[ -z ${1} ]] && {
      echo "Missing subject."
      exit 1
  [[ ${1} = -e ]] && exec /usr/bin/vim "${secrets_source}"
  exec /usr/bin/awk 'tolower($0) ~ /^= .*'"${1}"'/,/^$/' "${secrets_source}"

The ad-hoc format for records stored in the secrets_source is:

  = some identifier
  free text
  more free text
  blah blah foobar
  = another identifier
  more free text

An empty line (or EOF) concludes a record.

`secret <some-regexe>` performs a regex search over all identifiers and prints all matching records found. `secret -e` invokes my editor to add new records/view all records in vim.

If someone were to extend this with GPG, they could have encrypted data at rest while the host is up with the LUKS volume's contained fs mounted. I don't feel a pressing need for that, however.

Which encryption do you use?

AES256 using the system’s `OpenSSL`. I’d like to move to a self-contained executable with a more modern cipher but am wary of introducing too many home-brewed parts.

Always going to be a security/convenience tradeoff to some extent. If you expect to be targeted by The Baddies (tm), you want to tradeoff convenience for security. Spend some time every day memorizing long random strings and hope you never get hacked using the Wrench method[0].

If you're not expecting to be specifically targeted, then "modify a single password per service" can be surprisingly secure. Don't just add "tw" "fb", but memorize a more complicated algorithm that's not obvious from inspecting two or three leaked passwords. e.g. Basic Caesar Cipher on the odd characters of the passwords using some part of the service name (fb, tw) as a key. Memorize a single algorithm that you can do mentally. Use something completely different for primary accounts (probably bank + main email that allows you to reset other accounts' passwords).

Some people will disagree and say "just use a secure password manager", but there is a valid argument that managers are not necessarily the best solution, depending on your use case.

[0] https://xkcd.com/538/

> there is a valid argument that managers are not necessarily the best solution

What is that argument?

"Depending on your usecase" - e.g. you use many devices, need your passwords on all of them, and don't trust any of the current password managers to do their job (which is valid due to the many breaches and vulns).

Is the reality that your home-grown solution is genuinely going to be more secure than one of those current password managers? I doubt it.

However, I agree that for some people existing password managers seem either too complicated (KeePass) or expensive (1Password). In that case, I recommend:

1. Generate a password randomly using a 'diceware' type methodology

2. Use a standard prefix in front of all your passwords.

3. Write the password without the prefix in a notebook that you carry everywhere.

It's still not as good as 1Password because the passwords are not encrypted. But it's better than using a predictable algorithm that you have to remember. And of course, it's better than the system this often replaces - using the same 8 character password everywhere.

But I still strongly recommend paying for 1Password. How much do you pay for a padlock for your bike, or a burglar alarm for your house?

I never claimed it was more secure than a password manager. Just 'surprisingly' secure. You get something easy to remember with a lot of entropy that's difficult even for someone targeting you to exploit and which mitigates against the more common attack of cracking passwords en-masse from a leak and retrying them.

Yes, it has its own attack vectors, but they don't include things like ads stealing your info from your password manager [0] and apps stealing your passwords from your clipboard [1], both of which are legitimate reasons why you might want an alternative to a password manager.

"home-grown solution" has very negative connotations in infosec and rightfully so. I don't like seeing it in these kind of contexts as it blurs an important distinction between "Don't write your own random number generator if you're creating an app like Signal" (don't do it) vs "Find a solution to deal something as shitty as passwords in a way that works for you" (do it).

Your recommended method might also suit some people better (e.g. people who already carry a notebook around everywhere and guard it carefully).

There are no silver bullets out there. Work out what your needs are and then find a reasonable solution. It might be a password manager. It might not be.

[0] https://www.theverge.com/2017/12/30/16829804/browser-passwor...

[1] https://arstechnica.com/information-technology/2014/11/using...

I am working towards a two-tiered system. First tier is kept on a physical PasswordCard and muscle memory, and cycled annually. This is for the sensitive passwords. Second tier is handled entirely with a password manager. The password manager generates, stores, and fills them in for me. These are not sensitive and cycled/recycled as needed. I still have this nebulous "third tier" of leftover passwords that haven't migrated on the new system, where I basically use variations of the same two semi-secure passwords. I hope to eventually get rid of this tier.

Please consider the prevalence of high resolution cameras when using paper or even a clear-text document for password storage. A page from your list could be exposed to a security camera, compromised IoT device, or the sneaky person behind you with a cell phone, and you would be unlikely to know it happened.

And if you use a password manager, please store your master password in a well-sealed envelope in a safe place for your loved ones to open in a worst-case scenario. All your passwords may be compromised if it's stolen, but at least you would know it happened and can change them.

I use https://www.grc.com/passwords.htm to generate passwords and save the passwords in a text file stored in a pendrive.

For me, https://www.passwordstore.org/ and a Yubikey is the best setup I've tried.

It's quite a lot of work to set it up though.

So, how does this work on a smart device? Do you plug the Yubikey into an OTG, or do you just not access anything on your phone?

Typically you can load the key (from the ubikey) into google authenticator too on your phone

YubiKey via USB, OpenKeychain, and zeapo/Android-Password-Store.

What if you lose your Yubikey?

The same thing that happens when you lose any other key; either 1) dig up the spare, 2) break the lock, or 3) lose access.

See also best practices for backing up OpenPGP keys.

I believe putting all your eggs in a single basket isn't typically regarded as the most safe approach.

Though typically your machine gets compromised and doesn't really matter if you type something from memory or copy paste it from a password manager, you are screwed. A proper way to restore your access that only you can do seems more safe. A password or login can be compromised, but as long as you have a way to regain (sole) access to your account, I think that is more valuable.

LastPass users: note that "lastpass-cli" [0], a utility for managing your LastPass database entries from a terminal, exists and is (for me, at least) very handy when doing anything outside of a web browser.

Create a few aliases in your shell and you have a very convenient, easy-to-use (for the HN crowd, anyways) tool.

[0]: https://github.com/lastpass/lastpass-cli

I wrote a simple python program a while ago where it takes my master pw, domain of the site, and an answer to a personal question to create my password for a given site using a custom cypher.

Has actually worked really well for me, though the annoying part comes when you need to login to something on your phone and the cypher program is on your desktop PC.

Though this likely wouldn't be an issue if I had an android phone and could easily make a small application for it.

Some people use plaintext files in a git repo in an encrypted disk image file with a long passphrase (Windows disk image (Bitlocker), macOS encrypted disk image (AES256), and Linux LUKS encrypted image (most modern symmetric ciphers)). "Small" images hold lots of passwords, and you can drop the images in private cloud locations and USB storage in a safe. This method lacks auto-locking after a timeout and easy mobile access.

I do have a basic algorithm in my head for when I don't have my password manager of choice, keepassxc (https://github.com/keepassxreboot/keepassxc) on hand, but I highly prefer to just keep seperate keepassxc databases and secure them by keeping them stored on fde removable media (microsdcards are easily hidden).

I assume all my passwords will be leaked/known and don't store anything sensitive without 2FA, ideally not SMS 2FA.

A password alone is never secure.

This is almost totally impossible for most people. Banks have notoriously terrible password and 2FA policies, so even in the unlikely event that they allow a long/strong password, you're stuck without 2FA (or with SMS 2FA).

I try and mitigate the password management single point of failure with two factor authentication.

Obviously that it not an option for every site but access to my password manager, alone, will not provide access to my email (which lets me rest all my accounts) or my bank etc

Of course I use two factor on the manager too.

It doesn't completely solve the problem but I haven't found a better alternative (that works for me)

My alternative is believing that not all websites you log into pose the same risk to you and accepting some risk. This means I divide websites that require login into two categories:

1. I don't care if somebody gains access to my account

2. I do care if somebody gains access to my account

I use the same password for all the websites on the first category. It should be at least 8 characters long, consists of a made up word with some numbers and characters. Example: 7%Frifells. I drop the special character on websites that don't allow them in passwords and then it's a matter of failing to log in once and trying without it.

I use a different "xkcd" password (https://www.xkcd.com/936) for every website on the second one. Those are essentially catchphrases which I end up associating with the website I use them for. They consist of several words with numbers and special characters (using the example in xkcd, mine would be correctHorse?1batterystaple!).

So, I have to memorise about 8 passwords, all which make sense to me. In addition I have a password reminder file which consists of the website URL and the first two/three characters of the password. I don't bother adding completely unimportant websites from the first category.

If my password from category 1 gets compromised then it's a bit of a hassle to change the password on all the websites on the files, but no harm done. If a password from category 2 gets compromised then it doesn't affect the other websites.


I wish a lot of websites would realise they can be password-less. Pinterest is a good example. I have never posted anything, they don't have any personal or financial information from me and if and the only reason I registered was because I wanted to search something there once, and they made me register for that. Same goes to Quora and many other websites. I think all those should allow registering without a password but limit the functionality of those accounts.


Edit: formatting

IMHO, this is a curious way of thinking. Why put in the work of trying to secure one account, but not others? Wouldn't it be easier to simply secure ALL and not have the mental gymnastics of "how much do I care about this?"

Each account an attacker can gain control of, is more information they can glean and potential leverage points to gaining access to the accounts you do care about.

I actually ctrl+f for xkcd[0] to see if someone jumped the gun on posting the cartoon.

Something like that for a base password and then for each website mutate it a bit. Other people in the thread described methods they use.

I also use lastpass(paid personal), keepass+chromepass(work). Where I normally save the base password(and added mutations) yearly to change the base; or save the mutated password as I use it more for convenience.

I do not save certain financial and banking related sites.

And recently actually had a bit of a panic attack as I forgot my master password for a hour or so. Realised I need a fail save if I forget it again. Something like telling a close friend or sticky note to the monitor.

Still deciding, any suggestions would be appreciated?

[0]: https://www.xkcd.com/936

You're talking about mitigating the risk of break-in by using an alternative to a password manager.

I'd rather propse to use a self-hosted password manager on a VPS or in a cloud service.

As long as that password manager is hosted securely, VPS for example, and uses your login password to help decrypt the stored passwords.

Perhaps some HMAC required too.

Anyone know if this exists in the open source world?

KeePass is FOSS, and you can keep your database local or host it wherever you want (your server, Dropbox, Spideroak, etc.)

Closest I can think of is Vault from Hashicorp[0] other than that there are options for online password managers but they all use websites and are very obtrusive. (Like Thycotic secret server[1])

[0]: https://www.vaultproject.io/

[1]: https://thycotic.com/products/secret-server/

bitwarden.com allows you to self-host a docker image

There's also keychain https://github.com/levaidaniel/kc Open it with a master password, copy passwords from it or save new entries. You can have the single file database in a shared service like Dropbox and use it from any computer.

Bluink key is a password manager, OTP generator and FiDO U2F key all in one. It is a smartphone app for iOS and Android that stores all your passwords on your phone, not in your browser, not in the cloud. You can generate different, random passwords for everything and add 2FA to your most important logins. Check it out! Bluink.ca

Used to have a car with a digital lock; every time you exited, you punched a code to lock, punch again to unlock when you return.

Most folks would just give up and punch 1111 or some such. Instead I used the address where I'd parked. Didn't have to remember; didn't have to invent anything; different code fore every place I went.

what type of car was that? I've never heard of a car having a different password every time!

If you are more confident of your physical security, one option would be to use a book. If you search on Amazon for “password book” you can find the equivalent of an address book for the 21st century.

I recently got one for my parents (as they use and keep loosing post-it’s) and it has fields for username, password, secret question and notes.

I'm using Trezor hardware wallet which also has password manager (https://trezor.io/passwords/). I'm storing important secrets there (e.g. master password to my regular password manager which is Avast Passwords).

I'm lame. I don't need a pen to write a space when a pencil would do:

1. To generate a password i use randompass, which pulls stuff out of /dev/urandom, massages it and dumps it onto the screen.

2. I add that password to a plaintext login : password file located on an encrypted disk on my laptop

3. My password search tool is "grep"

Until about 6 months ago, I used a physical password manager: a small notebook that I kept with me. It posed a greater risk to a physical attack (theft or snooping), but I accepted that risk over using shared passwords across services.

I've started using LastPass as a replacement for this, and have been happy with it.

To mitigate the single-point-of-failure steganography (hidden containers) would help. That would offer compartmentization and deniability. One tool that implements this: https://github.com/bwesterb/pol

I have a folder in which each text file contains the username and password(s) for a particular domain/service. The hard drive is encrypted and its backups (on geographically spread external drives) are also encrypted.

I let Keychain (MacOS) remember the passwords, so I never really think about them.

I use a small truecrypt file containing text files with passwords generated randomly which is available online on some of my servers. Not perfectly secure nor the best ease of use but good enough for me and not using a third party.

Note: as TC has been discontinued, using VeraCrypt would be a good idea.

Some years ago my solution was a notebook in a physical safe. Not recommending this, but I already had the safe and I reasoned that for the assets I was protecting, it was unlikely that a thief or anyone who might gain physical access would be interested.

At this point I usually let iCloud Keychain generate, store, and sync passwords, but for some sites I still use a Javascript password generator [0] I originally wrote in 2003 or so [1] – I may be the inventor of in-browser hash-based password generation. It spawned a bunch of similar sites, and it's still useful, so in that sense it has been very successful – but it has all the frustrations described by others here: updating passwords is a pain, "special characters" have to be added, &c.

[0] http://angel.net/~nic/passwd.current.html

[1] https://web.archive.org/web/20031222201145/http://angel.net/...

I use https://bixense.com/pwcalculator/ (GUI for hashing alias + site) and dedicated passwords for services I need to access more often.

This seems to me like a very clean solution, is there a Chrome extension version of something like this? I'd love to tap on a password field, enter my secret key, and have it autofill based on the domain of the page.

If someone suspects such a solution is being used, they can attempt to crack the master password. Combined with the weakness of this not supporting forced password rotation or varying complexity requirements well, it's really not a good solution.

Why would anyone suspect that? You're talking about what 1 in several million users? All you have to be is above the threshold of "easy to hack". I'd like to be referred to such a thing if there is one already.

The specific tool mentioned uses a trivial scheme. If I were trying to crack a large breach, I'd probably try running a few billion master passwords with that algorithm.

If you master password is weak, I don't think that bcrypt/scrypt in my tool would help when a breach has happened.

It absolutely would.

Care to elaborate?

As I can't salt the hashes the attacker can precompute all the passwords he wants to try. If that takes 1 minute, it will take 1 minute for a database with 1 billion passwords and 1 minute for a database with 2 passwords.

You could simply have people use their email address (or name) as a salt. Not great, but it would help significantly.

Eight character random mixed alphanumeric password, hashed with say, sha256: crackable in hours with a GPU cracking rig.

Eight character random mixed alphanumeric password, hashed with scrypt using aggressive settings: could take years or decades to crack.

There is absolutely a large class of passwords that will be cracked if the hashing is fast, but not if it's hashed with a time and memory hard function.

You can make an attackers job literally over a million times harder at minimal cost.

> You could simply have people use their email address (or name) as a salt. Not great, but it would help significantly.

This wouldn't work, as the attacker should know both from the database.

Anyway: If the user really wants, he can already add his email or name to one of the input fields. A salt is just another input to the hash function so this would be the same.

> Eight character random mixed alphanumeric password, hashed with say, sha256: crackable in hours with a GPU cracking rig.

Let's say by "several" you mean two. Then if

    62^8 = 2 hours
that means that:

    62^12 = ~3374 years
Meaning that a 12 character random mixed alphanumeric password would already take longer than the scrypt approach thanks to the way the exponential function works :)

And to do it the other way around (let's say that "years or decades" is 20 years):

    62^8 = 20 years
    62^5 = ~44 minutes
That's why I don't like to advertise with an "uncrackable hash function". In the end this might lead users to choose a shorter password, which is way worse!

> scrypt using aggressive settings

Keep in mind that if a breach happens, the database is also hashed. And salted! So the attacker would need to crack that first anyway.

> This wouldn't work, as the attacker should know both from the database.

You mentioned pregenerated lookup tables in a previous comment. Using email address as salt prevents that attack. Salts come with the database too.

> Anyway: If the user really wants, he can already add his email or name to one of the input fields. A salt is just another input to the hash function so this would be the same.

The proportion of people who would supply it as a salt is much greater than those who would otherwise prepend/append that data to the password.

> Meaning that a 12 character random mixed alphanumeric password would already take longer than the scrypt approach thanks to the way the exponential function works :)

Yes, but then the user has a more difficult password to memorize, so that argument is irrelevant. You should be thing about what actual humans actually do, rather than assume your users are technically sophisticated and willing to put in the effort to do the right thing.

> That's why I don't like to advertise with an "uncrackable hash function". In the end this might lead users to choose a shorter password, which is way worse!

Don't advertise it as such, but do it anyway, and explain the details in an FAQ.

> Keep in mind that if a breach happens, the database is also hashed. And salted! So the attacker would need to crack that first anyway.

It is entirely unreasonable to expect anything better than MD5.

> You mentioned pregenerated lookup tables in a previous comment. Using email address as salt prevents that attack. Salts come with the database too.

Ah right, didn't think of that!

I will think of adding a preference where one can add a salt value :)

> Yes, but then the user has a more difficult password to memorize, so that argument is irrelevant.

But while the password-remembering difficulty scales linearly, the difficulty to crack it scales exponentially ;)

That would be a good idea! I haven't written a Chrome extension yet, but I'm planning to do an Android and iOS app next.

I looked at the algorithm this thing uses - it's just base64(sha1([master password][alias])) with some data munging to deal with endian issues. Would be trivial to do GPU accelerated cracking.

Yes, the master password needs to be strong.

Hopefully sites use their own salted, better hash algorithms anyway.

Thanks for sharing this; I've been doing the same thing mentally for years to get around a memory issue and a need for unique passwords.

Still has the issue of a password manager. Compromise the machine, record the "secret".

That's a issue of passwords in general though. Only 2FA can help there.

I have one of these. I personally never use it due to the inconvenience, but it might work for you.


The space bar code and "secret word" portion together are the same across all sites. If your password is compromised on two or three services, the attacker has this constant portion, and the remainder of your password is a simple substitution cipher encoding the service's name.

Well then I guess it's lucky I don't use it!

I used to open a text editor and mash on the keyboard until I had an 8-12char password. I'd then type that sequence out again 10-20 times until it was burned into my memory. Then I close the editor without saving it :) Let your subconscious "muscle-memory" remember the password for you! Bonus point: if someone tries to coerce you into revealing your password, you honestly won't know what it is without typing it out. This doesn't seem to scale beyond doing it a few times as they get hard to remember, but it can make for a few secure email/banking passwords.

Yep - a text file, encrypted with ccrypt. Happily, Emacs knows how to open and save ccrypt-ed files.

Why would you use an encrypted file when you have free, open source password managers like Keepass? Every time you login somewhere, you open the file, search for the site, copy the password and paste it in the browser? What do you do when you need a password on your phone? What do you do to clean your memory after the paste operation to reduce the likelyhood of memory trojans reading it?

> What do you do when you need a password on your phone?

dl the file from dropbox and decrypt it via termux /s

How much do you get paid / hour? Cause that takes times. 5 minutes here, 5 minutes there and I guarantee you that if you do the math, you're wasting a lot of time doing stuff that password managers (online/offline/closed or open sourced) can do automatically.

Actually I SSH into my home server :)

At work, and with shared family accounts, I use 1Password; it works nicely and has a Web interface so I can use it from FreeBSD.

My personal workflow though is heavily Emacs-centric; I use Emacs for editing, programming, IRC, email, file management, PIM (orgmode), and (soon) Slack.

+1 for Keepass.

pen and paper

rofl. I have around 1300 passwords in Keepass, most of them are 20 characters including symbols. Good luck writing those passwords every time you need to login...

I used pen and paper for a decade now. I have a folder and preprinted forms where I note passwords with pens. The folder had like 20 sheets. This worked pretty well and is without doubt the most secure variant -- I always have my folder with me. Note that this only stores the important passwords. I use weak and dumb passwords for non-important services (similar to disposable email boxes).

Anyway I want to change to a paperless variant due to the increasing amount of "important" services.

I have a friend who does the same, but a folder with password is not encrypted. If it's stolen, or you just leave it somewhere by mistake, or if you leave it on a table while you piss, byebye security... A hacker only needs your old yahoo password to hack everything else. Please use at least Keepass, it has a master password, it is encrypted all the time if you want, it can have browser integration, it can upload the encrypted DB to the cloud..

That's true. However, in general I trust my environment so much more than "the whole Internet" which potentially can gain access to my systems. In fact, I don't think encrypting password managers (even in their simplicity such as https://www.passwordstore.org/) prevent typical use cases: If your home account is compromised, it is easy manipulate the workflow and subsequently decrypt your virtual password storage.


Spreadsheet that's encrypted inside an encrypted drive (veracrypt). If I can't remember the password I used, I just open everything up then copy/paste. Use 2FA where possible and have never answered a "security question" without some ridiculous bullshit answer (that is also stored in the spreadsheet in case I have to look it up).

The only issue is when I try to do shit on my phone, but that's never been critical as I'm in front of computers 12-16 hours a day.

dashlane is interesting as i has a one button password regeneration that logs into sites uses the change password functionality for you.

> change password functionality for you

Lastpass has the same functionality. This is actually a feature open source tools like keepass and so on needs. That and easy cloud/mobile integration.

I use my browser’s password manager, which works across devices. It’s Mozilla, so I trust that they take the security of my data very seriously.

I let Google Chrome generate my passwords (You can enable password generator from chrome://flags/ ) and save them to the browser.

If I need to see the password for some reason you can find it from browser settings.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact