a thoughtful web.
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment by Zero2122

Personally I use KeePass to generate a different password for everything i sign up for, usually 60 characters in length containing everything from letters to numbers to symbols. If anyone happens to get access to one of my accounts there is zero chance of them using that to gain access to something else. Above and beyond that I have four different email accounts. A gmail account for Play Store and Google rubbish, a gmail account for Facebook and only Facebook, a yandex account for forums and junk mail and one more yandex account for personal use.

When I put it into writing like that it seems like a hell of a complicated process but honestly it's not. If you use an email client like Thunderbird, it doesn't matter whether you have one email address or fifty thousand million email addresses. And if you use a password safe like KeePass every account that you ever need to sign into is a click and master password away. I would highly recommend. Also, avoid password safes that store your stuff online, that kinda defeats the purpose.





kleinbl00  ·  2589 days ago  ·  link  ·  

I have a more complicated procedure than you and I'm still pretty sure I need to go through and change a bunch of passwords. Thing is, if a website running Cloudflare for authentication has your password, it doesn't matter if you have it locked up under three layers of encryption. It went in plaintext and that plaintext is the key.

Zero2122  ·  2588 days ago  ·  link  ·  

Oh yes, regardless of what I said it's definitely still cause to change passwords and make sure everything is safe. But I'm still not too rushed about it because the next step is to just refrain from storing your personal details online or linking social media accounts. The trick is to not have anything worth hacking stored online in the first place, in my opinion. Although obviously it becomes more serious when it comes to things like banking or PayPal.

user-inactivated  ·  2589 days ago  ·  link  ·  

How did you stumble upon Yandex all the way from South Africa?

Zero2122  ·  2588 days ago  ·  link  ·  

Yandex is basically the alternative to Google. It doesn't insist on my phone number every few months like Google and it doesn't track me across the web to advertise to me, like Google. So it seemed like a great choice. South Africa is a lot closer to Russia than the US anyway. Despite our mentally challenged president, we're a part of BRICS and during the Cold War, our racist government was supported by Israel while the 'evil commies' were the only ones actually helping the resistance, which is now in power.

Cedar  ·  2589 days ago  ·  link  ·  

    Also, avoid password safes that store your stuff online, that kinda defeats the purpose.

Everyone and their dog goes on about OnePass and I'm just sitting here like... "Ya'll are smoking crack"... what part of putting the db in the cloud sounds like a good idea?! Heck most browsers save and sync passwords, so you might even be doing it accidentally, urgh.

kleinbl00  ·  2589 days ago  ·  link  ·  

The part where it's encrypted to shit and every password problem that has hit in the past ten years has been external to 1password.

The part where when Heartbleed hit they highlighted every website you visited that was vulnerable to heartbleed so you knew if you needed to change 1, 10 or, in my case, 257 passwords.

The fact that I don't have to remember 257 passwords.

The fact that the encryption allows me to sync my passwords across four computers and a phone.

It has been proven time and again that if you want credit card or social security numbers, the way to get them is to hack a corporation's database. Get in, get thousands. Why bother with the effort of attempting to crack an individual user's encrypted password file, particularly if that individual isn't noteworthy?

I've been using 1password for nearly ten years now - Mac, Windows, Android, iOS. It is the purchase I recommend the most. Back when Lastpass got blown up, 1Password didn't. And every time I ask them a question, I get an answer within an hour. Never once have I felt that they haven't fully disclosed their position or that they aren't brutally frank about what's a security risk and what isn't.

If that makes me a crack smoker, pass the pipe.

goobster  ·  2589 days ago  ·  link  ·  

Ok. I put on my big boy pants and bought it. Thanks for continuing to champion this tool.

Cedar  ·  2589 days ago  ·  link  ·  

Sorry KB, I was confusing Lastpass for 1Pass. Actually sounds like a decent service you get, especially with the Heartbleed warnings. Cheers for the input!

kleinbl00  ·  2589 days ago  ·  link  ·  

Copy that. I've been using 1Password since before Lastpass existed. It's a big bite out of your ass - and I say that having just discovered that they switched from hitting you for $80 initially and $50 every major rev to $3 a month - but it's one of those things where you go "I should have bought this years ago."