PSA: Check Your Passwords

[lxskllr]

There's been a huge password data dump. There's a link in this article where you can check if your password shows up...

Check Your Accounts: 10 Billion Passwords Exposed in Largest Leak Ever

The 'RockYou2024' database includes almost 10 billion passwords pulled from 'a mix of old and new data breaches.' Here's how to check if yours are at risk.

www.pcmag.com

A different complex password should be used for every site/service. That requires a password manager. I use and endorse the keepass variants. I use them on every system I have. I use KeePassDX on android, and KeePassXC on debian. There's other keepass variants, and they all use the same database, so they're interoperable between them. It isn't the most convenient password manager, but it's secure, robust, and libre. You also aren't dependent on "cloud" services(another name for doing work on someone else's computer) for it to operate, and keep your passwords secure.

 

[Nutball]

There's a link where you can give away your passwords in case they weren't included in the leak? Thanks, just what I was looking for...

 

[lxskllr]

Passwords are meaningless without context. You could build rainbow tables from passwords, but that doesn't do anything aside from speeding up attacks, and at that point, you've already been pwned. Unless you're using a good password(most aren't), your password will eventually fall.

 

[SeanKroll]

I use a pattern.

Something from the home page of whatever I'm signing-into, in capitals, a 3 letter word in lower case, 4 numbers and a punctuation symbol.

Is that strong enough?

How often do you change PWs?

 

[lxskllr]

I don't really change passwords unless I hear of a specific breach. Biggest thing is to not reuse them, so a captured password can't be used elsewhere. I have different levels of passwords. Something like a forum I have less care of. I'll use a medium security pass I can remember and easily type. Someone hacks my account, posts dumb shit, and no one can tell the difference :^D Not a huge deal. Anything involving money or security uses a complex password generated by my manager, and is completely random. The password to my password database is tens of characters long, and tedious to type. I store it on nextcloud, so it's available everywhere I have internet.

edit:
This what a generated password looks like...

9n!]/P-D^[xf*"?z(^:a

Glad I checked. I had to tick some more boxes for options to choose from. I had it scaled back due to the stupid password requirements of a site I can't remember now. It can be made shorter, longer, it can be much simpler, or slightly more complex.

 

[SeanKroll]

That's complex

 

[lxskllr]

Here's a fun comic that shows a decent way to pick a password, and still be able to remember and type it. Whatever you do, *do not* use "correct horse battery staple"! Everyone in computing knows exactly what this is, and I'm sure it's in all the dictionaries.

 

[SeanKroll]

Is that math factually correct?

Why 2 to an exponential power?

 

[lxskllr]

I believe it's correct, but I'm not qualified to give a tutorial on the principles. I only have a very high level understanding of the concepts.

Entropy (information theory) - Wikipedia

en.wikipedia.org

 

[lumberjack]

There are many password generating and managing products on the market.


Here’s my average password using such things jyGsom-5fovki-nepnoj. There are hundreds of passwords and user names stored. Makes it easy and as secure as the master password+2fa.

 

[Kaveman]

I use the same two passwords for everything, but I also don't do anything of significance online... Stealing my data is just gonna get you a bunch of porn, some forum access and pictures of trees. Have fun with that.

Can't black mail me, I've never done much to regret, and I don't really answer to anyone.

Considering that I still don't have a bank account, the only way to get a penny out of me is to physically take it.

Web security can be really easy when you realize the Internet is not a real place, and you don't live there.