Today, I decided to share my security habbits in generating/storing/remembering passwords and managing online accounts. I try to use some math too, to explain it better.
First, I dont trust them, because a lot of them uses cloud storage for some data, which can be hacked. Or it can be hacked on my computer too, with maybe some 0 days. So what I use instead? A plain text file packed in a 7zip file(on mac with Keka) that has a secure AES-256 encryptition and I use a 31 characters long password.
Generate safe sentence like passes
First, lets do the math. If you use a 4 digit PIN code, that means, the first number can be a random number between 0 … 9 that means 10(1..9 + 0) numbers. So the second number, third and fourth. That means, we can combine the four numbers in a 10 options * 10 options* 10 options* 10=10 000 combinations for a 4 digit PIN.
So now lets think not just about numbers, but words. In english we maybe use 500,000 words. So if we use a combination of words instead of numbers, we can have a combination of 500,000 * 500,000 * 500,000 * 500,000 = 6250…0 a huge number. A lot more combinations, then by numbers.
Now if we know the math, lets use random words, to generate a sentence and add even some numbers and special characters like punctuation. I use the mac’s keychain acces, which have a random password generator. I choose the memorable type and the maximum length. You can find random password generators with google too.
Maybe it generates a password like “idiosyncratic4598)heuristically” or something else. It has 31 characters (2 longer words and some numbers and special characters). Dont forget to change the words to camelCase(first characters capital letter) like “idiosyncratic4598)heuristically” to “Idiosyncratic4598)Heuristically”.
I generate for every account I use online such a passwords and save login name + password in a txt file. Now I take one or more words from the password out and put it in google translate, I choose a random language and i paste this version of the word back,example from idiosyncratic4598)heuristically i choose heuristically and translate it to finnish heuristisesti and now I put it back so my original password is now “idiosyncratic4598)Heuristisesti”. This helps against some dictionary attacks, where hackers try to crack your passwords with using dictionaries and some software combines words and try to guess your passwords. They will rarely think on using other dictionaries, then the english ones:)
Next step is saving the passes in a txt file, and salting them. Even if somebody gets my master password and gets access to the passes, they wont work. I mostly add a random number or random character to the passes, so they dont make sense. Like in the example “idiosyncratic4598)Heuristisesti” I add a "l" on the end of idiosyncratic. So now it is “idiosyncraticl4598)Heuristisesti”.
Now I open Keka on my mac, put a 31 characters long password in it and zip and encrypt at once my txt file. Now I write my password in some older book and on a notice on my desk, until I know the password without watching the notice, then I destroy the notice(mostly 1-2 weeks). So now I just have to learn the master password for the zip, that I learn with constant using and drilling, and even if I forgot it, I have it in a book. All the other complex passes are in the file.
Now I send it to my email so I can access it even If I am not at home. When I want to add a new password, I unzip/encrypt it on my harddrive, add it to txt, save it again with the same procedure and send it to my email account. On the email account I just delete the old one(I search and delete it).
Now I activate on all my accounts 2 step verification, so even if somebody gets my passwords, they cant acces it without the code The best is some code generator on your device and not a phone number(sms), because your sms can be forwarded to the hackers phone via SS7 vulnerability in the telecommunication systems(but its advanced stuff).
I have to mention, you should separate password types in different encrypted txt files(with different master passwords). So accounts like email, facebook, bank should be in a separated encrypted txt, then some accounts to tumblr, pinterest or operations system passes. Its much safer this way.
I hope you enjoyed my paranoid security tips and if you want to support me, give a upvote:) thanks!
If you're going to do it the right way, then I'd suggest to not use actual words, or does this not matter?
do you know, why i got a lot of money on my first introduction article, on the rest barely something?
I don't know how that answers my question, but I'll answer yours anyway: you're new and you haven't made a lot of quality content yet, so you won't get noticed as much. Keep writing good stuff and you'll break through eventually. People who break through immediately are just lucky most of the time. What also helps is to use good spelling and grammar and to style your post in a way that is pretty and readable at the same time, with the emphasis on readable.
edit: and the reason you got a lot of money on the first post is because it's an introduction post and lots of introduction posts get boosted by bigger users to help people get started.
You made a lot...I only made around 40$ on my first post. But I had the same question actually. It's true..in the first post the most influential users are upvoting your posts...they have a lot of steem power so that each of their votes is worth a lot more then the average user's
For anyone that doesn't have a Mac, you can use open source Keepassx - I'm on a Mac and I use it anyway. Its user interface is clunky, but it's a solid program (I don't remember the last time it crashed) and importantly it's open source.
I use this for everything, though I should probably move my 2nd factor codes to a separate database file!