donators

n@work Internet Informationssysteme GmbH
Your ad here

My iPhone Apps


Get PwGen now for FREE in AppStore

Get PwGen Pro in AppStore

support @ Amazon

If you like to support this site and you want to by something at Amazon, please use this link for purchasing your desired items. This does not cost you anything more than the normal price but I got a small revenue from your order.
Thank you!

Advertising

print page print page

How to master your passwords

By: Thomas

25.11.08 20:25 Age: 1 yrs

Hello,

after the last post about the leaked passwords on typo3.org (The login is back by the way) I decided to change all my passwords. Not because I feared that someone could be cracked my password from typo3.org. I think it was strong enough to be not vulnerable for rainbow tables.

Anyway, I wanted to change my passwords for a long time and this was the final piece that forced me to do it. If you want, you could see that as very positive side effect of that "hack". I was very happy with my password system for a long time. I used a base password which could be remembered very easily. I tailed it with some numbers and some characters from the service I needed a password for. The system how I choose that characters was very obvious for me and so I had a different password on each login.

But I was not longer satisfied with that solution and because I purchased a password manager for OSX some time ago I decided to give that tool a chance. It's called "1password" and is developed by agile web solutions.

1password is hooking into the most used web browsers on OSX named Safari, Firefox and some others. Every time you login on a website it recognizes that login and asks you if you want to safe that login. If you do so, 1password is storing the password in an encrypted keychain.

I don't want to explain the features of 1password or any other password manager, but I want to say is. It's absolutely worth the time you might need to get used to it!

The first time I used my old password but with the time I changed all my logins to 20 characters long passwords that contain normal letters, numbers and special characters. I use passwords like "9+0SLTMmG[Il@0t3sw?u" (No that's not really used by me!). No chance to guess (or remember) that one. But I don't have to worry because my password manager is handling it. ;-) And yes! I have backups of my keychain.

Greets,
Thomas

 


Please leave a comment

Back to: Blog

6 Responses to “How to master your passwords”

#1: Martin commented on Tuesday, 25-11-08 21:40

Gravatar: Martin

Take a look at www.passpack.com !


#2: Sebastian Gebhard commented on Wednesday, 26-11-08 09:57

Gravatar: Sebastian Gebhard

Since a while i'm more careful with passwords, but before i used always one and the same 6 characters (absolutely decryptable by rainbow tables) password, and I also did at typo3.org. So I was forced to work down a huge list of websites where I had to change my password.
I also considered 1password but i decided to test the free tool KeePass first. Now I'm used to it and it also generates me those 20 characters long cryptic looking passwords.
The only disatvantage is, that it doesn't interact with the browsers as nice as you described it. But it's still easy to handle and I also start to collect passwords of my new company in a separate passwords-db-file.
So I can recomment KeePass as a free solution


#3: Thomas Hempel commented on Wednesday, 26-11-08 10:07

Gravatar: Thomas Hempel

Hi Sebastian,

yes you're right. KeePass is a good free alternative. I just found that after I got used to 1password. To be honest I never searched for anything else because 1password worked very well.

And by the way, this 20 characters long password generator is not the killer feature of 1password. ;-)

Nice tipp by the way... If you need a new password on the go, check out PwGen Pro on the iPhone.

Greets,
Thomas


#4: Thomas Hempel commented on Wednesday, 26-11-08 10:09

Gravatar: Thomas Hempel

@Martin: I'm not sure if I want to save my passwords in a proprietary system somewhere in the internet. Even if the say that they are not evil.

Greets,
Thomas


#5: Dmitry Dulepov commented on Wednesday, 26-11-08 20:20

Gravatar: Dmitry Dulepov

Not directly related but one idea about passwords.

Long time ago I compared different password generation programs for cracking resistance. Normally such programs just make random letters and numbers. Suprisingly they are easy and fast to crack with lOphtcrAck.

I found only one program, which passwords took much longer to crack. I do not know who made it, there is no source code and interface is terrible. But it works. It is called SmrtPass. It is possible to find it on the net using smrtpass.zip. I still use it, already for more than 10 years. As fasr as I know, it uses a very sophisticated filters to add extra randomness to combinations. Even visually you can see the difference.

I wish I knew who was the author. I would donate him some money for such a great app!


#6: Fladi commented on Wednesday, 26-11-08 20:59

Gravatar: Fladi

I have 2 licenses of 1password to giveaway.... for free ;-)


Calendar

November 2008
M T W T F S S
« Oct   Jan »
 12
3456789
10111213141516
17181920212223
24252627282930

Tagcloud

t3board personal installer development web TYPO3 security podcast page community

Latest comments

  • Thomas

    It is! Please check the top left corner above the menu. :-) Greets, Thomas

  • Phlogi

    Could you activate the search function in doxygen? Thanks

  • Kristian

    Thanks, I have the same quicksilver setup as you describe and have just spend over an hour trying to...

  • Thomas

    Hi Gina, interesting way to contact me. ;-) Anyway, we the amazing number of 52 complete and 21 i...

  • gina

    hey thomas, shouldn't we close the survey now? could you have a look how many people took part? if ...

Blogroll

Advertising

Meta







Valid XHTML 1.0 Strict
Valid CSS!