Password managers

Ming the Merciless · 28 Sep 2024

Freeweel said:
the complexity and detail of the algorithms are probably something you'd want a mathematical doctorate

Not really, the maths is undergraduate level.

Ming the Merciless · 28 Sep 2024

wiggydiggy said:
I'll remember your passwords so you don't have to, just call me on 0800 6665555 and tell me what you want to remember.

I called it, but just got your sexy time answerphone. Can you turn that off please.

Freeweel · 28 Sep 2024

Ming the Merciless said:
Not really, the maths is undergraduate level.

Of course, you're right. Most of the big security companies use 21 year olds with a 2-1 to set their security parameters, because that protects their brand adequately and is bound to be uncrackable. I defer to your knowledge of the field.

Chris S · 28 Sep 2024

All my passwords are based on my relatives' number plates when I was a child. I just associate the car with the website.

si_c · 28 Sep 2024

presta said:
I don't understand why any login page would allow 2^28 guesses at 1000 guesses/sec. All it takes is an upper limit and a delay.

They don't. The point is that people re-use passwords which password managers help to prevent. The scenario this stops is a website getting hacked and the hacker comparing the stored passwords to a list of known used passwords. The guesses aren't entered into the website directly they're done offline - at significantly more than 1,000 guesses - my computer does it at well over 1mil per second even on more securely stored passwords.

Once the passwords are uncovered the hacker then tries them on a bunch of websites to see which ones they can get into.

Ming the Merciless · 28 Sep 2024

Freeweel said:
Of course, you're right. Most of the big security companies use 21 year olds with a 2-1 to set their security parameters, because that protects their brand adequately and is bound to be uncrackable. I defer to your knowledge of the field.

I was talking about the maths not the computer implementation. the vulnerabilities are in the implementation details not the maths.

Gillstay · 28 Sep 2024

I write the alphabet across the top of a sheet of paper and put all the sites down the side. Then I use a simple word say WASP to mean 1234 and then fill in the centre of the sheet with random numbers aside from where I fit in my different passwords. Hope that makes sense.
Works for me.

Freeweel · 28 Sep 2024

Ming the Merciless said:
I was talking about the maths not the computer implementation. the vulnerabilities are in the implementation details not the maths.

Definitely. E2e encryption isn't a mathematics issue at all, esp as the industry pivots to manage the threat from quantum computing power. Ming, you're right as ever. On reflection, most of the people I know working in this arena are mathematical ingenues.

Maybe, stop digging?

Ming the Merciless · 28 Sep 2024

Freeweel said:
threat from quantum computing power

Ah you’ll be referring to Shor’s Algorithm. Which as you’ll know is maths yet again, for finding prime factors. Should quantum computing get past its current issues then very large number prime factorisation in polynomial time will be quite something to see.

presta · 29 Sep 2024

si_c said:
They don't. The point is that people re-use passwords which password managers help to prevent. The scenario this stops is a website getting hacked and the hacker comparing the stored passwords to a list of known used passwords. The guesses aren't entered into the website directly they're done offline - at significantly more than 1,000 guesses - my computer does it at well over 1mil per second even on more securely stored passwords.

Once the passwords are uncovered the hacker then tries them on a bunch of websites to see which ones they can get into.

It seems to me like password managers are a bit like encrypted wireless car key fobs. They're more secure whilst most people still have pickable locks, but by the time everyone's got one all the crims get grabbers to steal the signal.

roubaixtuesday · 29 Sep 2024

Have set up Bitwarden (decent reviews and good free version, can upgrade later if needed).

Seems ok.

Alex321 · 29 Sep 2024

presta said:
It seems to me like password managers are a bit like encrypted wireless car key fobs. They're more secure whilst most people still have pickable locks, but by the time everyone's got one all the crims get grabbers to steal the signal.

There are no "grabbers" for the decebnt quality password managers. Even they cannot get into yoiur password list without your master password.

The only way the baddies are getting at your passwords is if they have a keylogger on your machine, so can catch you logging in to your password manager. Or by duping you into thinking you are accessing it when you are really accessing their site.

gom · 30 Sep 2024

roubaixtuesday said:
Have set up Bitwarden (decent reviews and good free version, can upgrade later if needed).

Seems ok.

I've been using it for some time now. Agree, reviews seem good. And free version does all I want.
I mostly use it via the Firefox extension (extensions available for other browsers). IMO, one setting to change is the timeout, so it locks after so-many minutes rather than only on browser restart. I'm not really worried about anyone accessing my PC, but don't like it to remain unlocked for several hours when I'm away doing something else.
And I export all the saved passwords to a VeraCrypt-encrypted file. Another password to remember!

Password managers

Ming the Merciless

There is no mercy

Ming the Merciless

There is no mercy

Freeweel

Regular

Chris S

Legendary Member

si_c

Guru

Ming the Merciless

There is no mercy

Gillstay

Veteran

Freeweel

Regular

Ming the Merciless

There is no mercy

presta

Guru

roubaixtuesday

self serving virtue signaller

Alex321

Guru

gom

Über Member