Password management methods? I was Hax0red like a bitch...



+1 for KeePassX - I would be lost without it.

If you use multiple computers all the time then you can have your database be saved in Dropbox.

and lol @ this threads tags
 
LastPass for browser based shit and Excel for everything else..

If i get my laptop jacked I'm sooo fucked... el oh el
 
Dittoooooooo on roboform. Paid 25-30 or so for it like... 3-4 years ago. probably have 500 passwords stored on it. Fucking lifesaver.
 
Andrew Scherer said:
Dude wtf happend ???

My worst fear
Click to expand...

Well, I wasn't going to go into it, but gather 'round children and let me tell you a tale of unspeakable horror...

On Friday I visited a Thematic WP child theme site in Firefox and had a script run on me that called on files from a .ru site. It walked right past my AVG, launched some Java, and shut down my firewall and about 10 seconds later I had about 130 trojans and whatnot on my machine.

Spent a couple hours cleaning house and thought the coast was clear. Ran fine all weekend thinking everything was good until, to my shock and horror, I got a phone call Monday morning from a client telling me their site on my server was spawning the same sort of shit.

Came to reallize that my main workstation was rooted and that they had gotten their hands on some cached FTP data and had modified 8 different sites on my server.

It gets better though! My home box had been used to send Viagra spam all weekend and I had a bunch of angry letters from my ISP on Monday telling me to knock it off or else. LuLz all around.

Sooo, out with AVG and Malwarebytes because not only did they fail to stop the infection from casual browsing of the web, they failed to find it after the fact. In with Kaspersky and Prevx. Starting to really question Firefox as well.

Had to reformat my home machine and so I upgraded from XP to Win7 as well... seemed like a good opportunity to do that. Spent the next couple of days changing passwords on everything, cleaning the server and rebuilding my workstation.

So, yeah, don't I feel like a total douche. Easily one of the worst days of my life. I was nearly sick from the stress.

Gonna give KeePass a try for server management and maybe Roboform as well for browser management. Thanks for the recommendations folks!
 
Stop using FTP and use SCP with password-protected key files instead. You can have one key per server, or one key for one user on all servers, or any combination you fancy. Added bonus is that because it all goes through SSH, you can login nice and easily as well.

Oh, and you don't *have* to use passwords, but it's highly recommended ;)
 
Never use an online password manager to keep your sensible data, every system can be hacked.

1) KeePass:

Protect the application db with a robust password and generate the random passwords with KeePass (at least 20 chars and use special characters whenever you can).
Benefits: it's free and secure, it's awesome and portable, keep it on a USB drive.

2) iMacros plugins for FF and IE:

In the Options -> Security section, encrypt your passwords with a master password.
Benefits: Free, fast and secure
 
I've had good success with Password Corral. I have about a thousand passwords in it. The random generator is customizable. It's never glitched in about 4 years of use. Free of course.
 
+++++1 for keepass

I store the key file in my dropbox folder which enables access to it anywhere. just be careful where you enter that 20 character master password. I use a combination of a sentence and random characters, upper/lowercase letters.

their GUI allows good organization of what you are talking about with clients, emails, etc. they have folders, groups, icons for organization and some cool features like just double clicking on the entry to copy the password to your clipboard...

and as also mentioned earlier syncing with other devices. But if you use dropbox in conjunction with it, you are synced and can access it from anywhere.
 
You must log in or register to reply here.
Top Bottom