harvey
10-03-2013, 10:57 AM
INFORMATION
This guide will explain how to generate, manage, and store passwords securely.
BRAIN PASSWORDS
A "Brain Password" would be one that is secure, and could be remembered, without ever having to store it anywhere.
This is simply a password, stored in your brain. Something you can remember, but won't be guessed or cracked, like a sentance.
For example, you could make your password "im taking a break because its spring break!", which is an easy sentance to remember.
While this isn't so random and using mixed character types, we can make it more complex:
im_taking_a_break_on_spring_break! (Underscore separating each word.)
0x00imtakingabreakonspringbreak0x00 (Adding a simple pattern before and after the password.)
iTaBoSb! (Take the 1st letter of each word, and use alternating cases.)
GENERATE PASSWORDS
It is recommended that, when you choose a password, do not use words, names, or anything that can be guessed or found in a brute force attack.
Your password should be completely random, being 25+ characters long, consisting of uppercase/lowercase letters, numbers, and symbols, with no repeating characters.
You can use a website like this (http://link.cur.lv/strongpasswordgenerator) to generate you a strong password.
KEEPASS (DOWNLOAD (hhttp://link.cur.lv/keepass-portable))
KeePass is available for almost all other operating systems here (http://link.cur.lv/keepass-other). We are going to use the Portable Windows version.
There is a reason why you should use this program to store your passwords, and there is a reason why you should use a portable version of this program.
When your passwords are stored on your computer, and you have programs remember your password, it is vulnerable to being stolen by a malicious program.
All passwords, for all programs, have how the password is stored, and the encryption it uses, if any, publicly online. (Read here (http://link.cur.lv/password-information).)
Passwords stored online, using a service like LastPass (http://link.cur.lv/lastpass), puts your passwords at risk too.
Your trusting a company of random people you don't know, with all your passwords, and that random company itself, may get hacked.
This is why you should use a separate program to manage passwords instead. This program is offline, does not use the internet to manage them, so there is no vulnerability of getting your passwords stolen.
We use a portable version so that no one can access it but you. You have to store the program itself, and all its data, on a USB drive.
Lastly, the program is open source, so it is trusted software.
SETUP KEEPASS
Download, and install KeePass Portable on to your USB drive, then delete the "Other" folder, and the "help.html" file included in it.
Run KeePass Portable, and click "Tools", and then click "Options.." and change your settings to look exactly like the settings below:
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/keepass/settings%201.png
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/keepass/settings%202.png
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/keepass/settings%203.png
NOTE: Un-check everything except what is shown in the image above.
Click the "Ok" button. The program will nowautomatically close when you are idle for 60 seconds.
Any data from your database copied to the clipboard, will be cleared in 10 seconds, and when the database/program is closed.
CREATE DATABASE
Click "File" and then click "New". Pick a master password to use to access your database.
Check Use master password and key file", and click the floppy disk icon, on the right of "Key File".
Save a file named "key" to your USB, then click the "Ok" button.
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/keepass/setup%201.png
Click the "Use Mouse as Random Source" button, and move your mouse around the static area randomly until the loading bar is full.
Type a bunch of random characters in the "Random keyboard input" text field and then click the "Ok" button.
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/keepass/setup%202.png
Click the floppy disk icon, in the top toolbar, and save the database to your USB.
You will see a list of categories on the left. Click one, or add/customize your own categories, and then on the top click "Edit" and then click "Add Entry".
Fill out the forms and information needed to be stored, and then click the "Ok" button.
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/keepass/password.png
NOTE: The "Notes" section can be used to store addition information such as password reset information, pin numbers, and more.
You understand how to manage passwords using this program. Let me show you how to load them. Close the program.
Open KeePass Portable, and then click "File", and then click "Open". Browse and select your database file you saved to your USB.
Type in your password, check the key file checkbox, and browse for your key file you saved to your USB drive, then click the "Ok" button.
You are now inside your password database.
NOTE
Make sure you make the database and key files hidden by right clicking them, and clicking "Properties", and then checking "Hidden", and then clicking the "Ok" button.
This USB drive should be kept in a safe place, and should not be on you when you leave the house, in case you lose it. You may be locked out of your accounts or some random person may find your passwords.
This does keep your accounts secure, but it is a hassle and a process just to log in every single time.
This method does not have to be used on every account you use, although it is highly recommended for maximum security, but you choose whats important.
The way I see it, if it's something your not logging into everyday, like your bank account, dropbox, email, or anything, then I suggest using this method to store your password.
--------------------------------------------------
This tutorial, and all my other guides, can also be viewed on my DropBox here (http://link.cur.lv/supasekret).
I wrote all of these guides to help people understand how to do a number of things on the internet correctly.
Please do not rip or take credit for my guides, you may share them, but share the Dropbox or this thread.
Enjoy.
This guide will explain how to generate, manage, and store passwords securely.
BRAIN PASSWORDS
A "Brain Password" would be one that is secure, and could be remembered, without ever having to store it anywhere.
This is simply a password, stored in your brain. Something you can remember, but won't be guessed or cracked, like a sentance.
For example, you could make your password "im taking a break because its spring break!", which is an easy sentance to remember.
While this isn't so random and using mixed character types, we can make it more complex:
im_taking_a_break_on_spring_break! (Underscore separating each word.)
0x00imtakingabreakonspringbreak0x00 (Adding a simple pattern before and after the password.)
iTaBoSb! (Take the 1st letter of each word, and use alternating cases.)
GENERATE PASSWORDS
It is recommended that, when you choose a password, do not use words, names, or anything that can be guessed or found in a brute force attack.
Your password should be completely random, being 25+ characters long, consisting of uppercase/lowercase letters, numbers, and symbols, with no repeating characters.
You can use a website like this (http://link.cur.lv/strongpasswordgenerator) to generate you a strong password.
KEEPASS (DOWNLOAD (hhttp://link.cur.lv/keepass-portable))
KeePass is available for almost all other operating systems here (http://link.cur.lv/keepass-other). We are going to use the Portable Windows version.
There is a reason why you should use this program to store your passwords, and there is a reason why you should use a portable version of this program.
When your passwords are stored on your computer, and you have programs remember your password, it is vulnerable to being stolen by a malicious program.
All passwords, for all programs, have how the password is stored, and the encryption it uses, if any, publicly online. (Read here (http://link.cur.lv/password-information).)
Passwords stored online, using a service like LastPass (http://link.cur.lv/lastpass), puts your passwords at risk too.
Your trusting a company of random people you don't know, with all your passwords, and that random company itself, may get hacked.
This is why you should use a separate program to manage passwords instead. This program is offline, does not use the internet to manage them, so there is no vulnerability of getting your passwords stolen.
We use a portable version so that no one can access it but you. You have to store the program itself, and all its data, on a USB drive.
Lastly, the program is open source, so it is trusted software.
SETUP KEEPASS
Download, and install KeePass Portable on to your USB drive, then delete the "Other" folder, and the "help.html" file included in it.
Run KeePass Portable, and click "Tools", and then click "Options.." and change your settings to look exactly like the settings below:
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/keepass/settings%201.png
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/keepass/settings%202.png
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/keepass/settings%203.png
NOTE: Un-check everything except what is shown in the image above.
Click the "Ok" button. The program will nowautomatically close when you are idle for 60 seconds.
Any data from your database copied to the clipboard, will be cleared in 10 seconds, and when the database/program is closed.
CREATE DATABASE
Click "File" and then click "New". Pick a master password to use to access your database.
Check Use master password and key file", and click the floppy disk icon, on the right of "Key File".
Save a file named "key" to your USB, then click the "Ok" button.
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/keepass/setup%201.png
Click the "Use Mouse as Random Source" button, and move your mouse around the static area randomly until the loading bar is full.
Type a bunch of random characters in the "Random keyboard input" text field and then click the "Ok" button.
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/keepass/setup%202.png
Click the floppy disk icon, in the top toolbar, and save the database to your USB.
You will see a list of categories on the left. Click one, or add/customize your own categories, and then on the top click "Edit" and then click "Add Entry".
Fill out the forms and information needed to be stored, and then click the "Ok" button.
https://dl.dropboxusercontent.com/u/10621288/grove/image/guide/keepass/password.png
NOTE: The "Notes" section can be used to store addition information such as password reset information, pin numbers, and more.
You understand how to manage passwords using this program. Let me show you how to load them. Close the program.
Open KeePass Portable, and then click "File", and then click "Open". Browse and select your database file you saved to your USB.
Type in your password, check the key file checkbox, and browse for your key file you saved to your USB drive, then click the "Ok" button.
You are now inside your password database.
NOTE
Make sure you make the database and key files hidden by right clicking them, and clicking "Properties", and then checking "Hidden", and then clicking the "Ok" button.
This USB drive should be kept in a safe place, and should not be on you when you leave the house, in case you lose it. You may be locked out of your accounts or some random person may find your passwords.
This does keep your accounts secure, but it is a hassle and a process just to log in every single time.
This method does not have to be used on every account you use, although it is highly recommended for maximum security, but you choose whats important.
The way I see it, if it's something your not logging into everyday, like your bank account, dropbox, email, or anything, then I suggest using this method to store your password.
--------------------------------------------------
This tutorial, and all my other guides, can also be viewed on my DropBox here (http://link.cur.lv/supasekret).
I wrote all of these guides to help people understand how to do a number of things on the internet correctly.
Please do not rip or take credit for my guides, you may share them, but share the Dropbox or this thread.
Enjoy.