Anyone uses password hashing and master password?

[Ivo]

I'm wondering about this.

Maybe I should start using it myself.

[YoshiEgg25]

I'm wondering about this.

Maybe I should start using it myself.

I don't have a website/server, but it's a very good idea.

If someone gets a hold of passwords, etc., it could be bad. Note panels 2-6 of the following comic:



On another note, that's the first time I've ever been able to use a brand-new xkcd comic in real conversation!

[slowslow325]

I probably shouldn't say this aloud, with RacketBoy having access to my password and all, but I trust him along with any mod that might have access to this.

I use the same password for everything. I have a couple different usernames. Like with numbers, without numbers, different name entirely. I have slowslow325 registered on YT, but it's not my main account.

However, for important things like PayPal, my password is almost identical, but still different. I figure that if someone has a bunch of passwords and mine doesn't work the first time, they aren't just going to assume it's a modified version, they're just going to move on to the next one.

[Hobie-wan]

I probably shouldn't say this aloud, with RacketBoy having access to my password and all, but I trust him along with any mod that might have access to this.

Most well coded sites that have passwords do not store the actual password. They store a hash based off it and your password will always generate the same hash code that can be verified. It's possible that some other random combination of letters, numbers, and symbols will generate the same hash, but the longer the password, the less chance of coming across the code randomly that will work. That's why when you forget your password somewhere they usually don't send you your password after verifying who you are, you instead get some crappy looking new password that you are forced to change at first login.

[Hatta]

Of course, there's nothing stopping an unscrupulous admin from modifying the site to send him passwords in plain text.

[slowslow325]

Also, the majority of the sites I've had to recover from have sent me my old password. Only a couple haven't.

[Hobie-wan]

Also, the majority of the sites I've had to recover from have sent me my old password. Only a couple haven't.

If I were you I'd change all the passwords on those sites that send your actual pass to you if you forget so they don't have the same as any sites that actually have any security.

[RCBH928]

This is interesting

If you keep many passwords, you will forget them
if you keep the same password , you risk to lose private information

[D.D.D.]

First thing that came to mind~

President Skroob: Did it work? Where's the king?
Dark Helmet: It worked, sir. We have the combination.
President Skroob: Great. Now we can take every last breath of fresh air from Planet Druidia. What's the combination?
Colonel Sandurz: 1-2-3-4-5
President Skroob: 1-2-3-4-5?
Colonel Sandurz: Yes!
President Skroob: That's amazing. I've got the same combination on my luggage.
Dark Helmet, Colonel Sandurz: [looks at each other]

[Niode]

I find it hilarious how people have 'secure passwords' but use the same bloody password for every single website.

I use a fairly simple method for changing my passwords. I have a long master password with a cipher that I use to change my passwords to each website. Something fairly straight forward that I can remember and alter on the fly. I've got about 20-30 (possibly even more for logons that I don't use often) passwords that I remember on a regular basis because I remember the cipher and apply to the correct keyword. Simple.

You could do something similar like take a specific book, memorise a particular page and then just take passwords from that so you remember the page, the paragraph and sentence, for added security use a cipher to change the letters. so you move each letter one step backwards in the alphabet or replace certain letters with symbols or every 3rd letter is capitalised, keep it simple but not obvious. That way, should you forget your passwords, you just need to look at the page, your memory will jog as soon as you see the keyword and if you use the cipher you will be able to work out what the password is. That is very secure and best of all, you have a written copy of all your passwords that nobody will ever figure out. Even if they know you use a book as a prompt, they can't possible work out what page you use, or even what book.