Password managers

I just messed up my 1Password account. I changed the master password and now I can't login with it. I am such an idiot. Fortunately, I am still able to access my vault due to TouchID on my MacBook and FaceID on my iPhone. I have contacted 1Password to see if they have any suggestions. In the meantime though, I thought I would give Bitwarden a go.
 
Last edited:
Fire Wizard said:
I just messed up my 1Password account. I changed the master password and now I can't login with it. I am such an idiot. Fortunately, I am still able to access my vault due to TouchID on my MacBook and FaceID on my iPhone. I have contacted 1Password to see if they have any suggestions. In the meantime though, I thought I would give Bitwarden a go.
Click to expand...
I dunno how 1password operate, but if you can login with TouchID can you not export the vault as plaintext and then reset the master password and reimport the vault?
 
Rainmaker said:
I dunno how 1password operate, but if you can login with TouchID can you not export the vault as plaintext and then reset the master password and reimport the vault?
Click to expand...

There isn't an option to do so on iOS. However, I have already tried that on MacOS and unfortunately, it requires the master password to do so. Thank you for the suggestion though. I am quite liking Bitwarden actually.
 
The best password is one you can remember that’s suitably long. Three random words you can actually remember is better than 8 random characters, once you are up at 16 characters you are hitting diminishing returns at the moment.
 
Fire Wizard said:
He is essentially saying, as long as you have at least 1 lower-case, upper-case, a number and a symbol, all that matters from that point on is length.
Click to expand...
Yeah, pretty much. Unless you're phished, the main thing is how many combinations something would have to go through to get to your password. 'omg!thisPasswordiseasytoRemember01#' would be harder to brute force than 'u8%d9gE;' for example. (Is my understanding of it all at least)
 
Last edited:
b0rn2sk8 said:
The best password is one you can remember that’s suitably long. Three random words you can actually remember is better than 8 random characters, once you are up at 16 characters you are hitting diminishing returns at the moment.
Click to expand...

Quite. Make a sentence, preferably a slightly unusual one, and add numbers and punctuation to it. Much more entropy than a string of characters.

Code: 
My children Billy, Bobby & Susie were born @ MyTown Maternity in 2009, 2012 and 2014!

is easy to remember, and wouldn't be cracked in your lifetime - or probably your children's either. It doesn't need to be that long, but the point is pick something simple for you but long. The recommendation now is 6 to 8 words minimum, and the above massively outpaces that. Use something along those lines as your master password, and store the rest randomly generated in a vault.

Edit: The search space of the above password is 1.29 x 10^168 and even at one hundred trillion guesses per second would take 4.11 trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion trillion centuries to crack. Good luck. :p Let's be real, a single sentence is no labour to type; if you can post on here you can have a password as above without even thinking twice about it. Even a more 'sane' sentence like:

Code: 
I've been on OcUK's forum since 2007!

has a search space of 1.51 x 10^73 and a time to crack (again at 100 trillion guesses/second) of 48.17 trillion trillion trillion trillion centuries. Sentences rule! Some sysadmins still do silly things like force password changes arbitrarily (i.e. based on calendar) and have daft rules about what you can and can't have. Some sites still use old versions of crypto libraries like bcrypt that have a max password length of 64 characters, or even don't allow special characters... Avoid!
 
Last edited:
AndyCr15 said:
Yeah, pretty much. Unless you're phished, the main thing is how many combinations something would have to go through to get to your password. 'omg!thisPasswordiseasytoRemember01#' would be harder to brute force than 'u8%d9gE;' for example. (Is my understanding of it all at least)
Click to expand...
Got no chance even if password was 1 number you not getting in with 2FA turned on. Unless someone gives out their 2FA code out ofc.
 
ChrisD. said:
Last edit on that page was 10 years ago, so I wouldn’t use it as any kind of reference.
Click to expand...

Despite its age, the underlying premise appears to be sound and relevant even today. Though, I guess I would say, apart from applying the concept to master passwords, it's a little redundant for all of the passwords inside the vault. We can just use a password generator and make them as ridiculous as we want.
 
Last edited:
Fire Wizard said:
Despite its age, the underlying premise appears to be sound and relevant even today. Though, I guess I would say, apart from applying the concept to master passwords, it's a little redundant for all of the passwords inside the vault. We can just use a password generator and make them as ridiculous as we want.
Click to expand...

128 complex chars. Like so, sorry not sorry.

op8R%8soythqDAp^i$XN@AZ$Vyoh3Xg9CD!kHgcsVqx6@iLU6pcN9o@Aawjv!^d8#AGv!v#YR^zbqwr6notUHSo6QHm9uUoj@C@fgJRZg@%UPCWrKap3@Hj6np7rM2SH
 
Last edited:
GaryTheSnail said:
128 complex chars. Like so, sorry not sorry.

op8R%8soythqDAp^i$XN@AZ$Vyoh3Xg9CD!kHgcsVqx6@iLU6pcN9o@Aawjv!^d8#AGv!v#YR^zbqwr6notUHSo6QHm9uUoj@C@fgJRZg@%UPCWrKap3@Hj6np7rM2SH
Click to expand...

I still prefer Flame-Emoticon-Wobbling-Sacrifice9-Undermost-Unmixed-Wanting-Prominent. :p Because the alphanumeric code is a limited search space (0-9, A-Z etc) it's actually better to use dictionary words with caps, spaces, numbers and symbols. The search space is larger in practice, as the attacker has to guess not only all the correct words, in the correct order, but also the included punctuation and symbols etc. In practice, though, both are uncrackable with known and foreseeable technology.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom