Registration passwords

Chat about just about anything else
Post Reply
CommonUser
Level 1
Level 1
Posts: 3
Joined: Wed Dec 26, 2018 9:48 am

Registration passwords

Post by CommonUser » Wed Dec 26, 2018 10:18 am

Hello,

I’ve just registered and was a bit surprised by the PW requirements.
I understand security but this always seems to come with more complexity at the cost of memorability.
These PW requirements here don’t fit into any patterns commonly found in other forums.
It doesn’t make it easier.
So people would either write it down (and compromise security) or forget it and make using this awkward, having to go through PW recovery.
Hasn’t this been a consideration...?
It’s not a bank here...

User avatar
kc1di
Level 14
Level 14
Posts: 5431
Joined: Mon Sep 08, 2008 8:44 pm
Location: Maine USA

Re: Registration passwords

Post by kc1di » Wed Dec 26, 2018 10:51 am

Hello CommonUser and welcome to Linux Mint forums.
The reason passwords are needed is because this forum and others were hijack some time ago and the Password protocol was strengthened then.
Just use a password you can remember and you should be fine.
Longer the better.
Please enjoy the Forum it has a wealth of information available and may dedicated volunteers ready to help with problems.
Enjoy :)
Easy tips : https://easylinuxtipsproject.blogspot.com/ Pjotr's Great Linux projects page.
Linux Mint Installation Guide: http://linuxmint-installation-guide.rea ... en/latest/
Registered Linux User #462608

HaveaMint
Level 5
Level 5
Posts: 709
Joined: Fri Feb 02, 2018 9:56 pm
Location: Somewhere in the USA
Contact:

Re: Registration passwords

Post by HaveaMint » Wed Dec 26, 2018 11:35 am

CommonUser wrote:
Wed Dec 26, 2018 10:18 am
..
https://www.keepassx.org/features I use this for passwords, it really works great and I set a spot for the database in my documents which gets backed up regular.
It can be installed from the Software Manager
"Tune for maximum Smoke and then read the Instructions".

User avatar
xenopeek
Level 24
Level 24
Posts: 24136
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Registration passwords

Post by xenopeek » Thu Dec 27, 2018 7:24 am

This board was attacked almost 3 years and user passwords were stolen. Those passwords were encrypted in such a way that makes retrieving passwords nigh impossible—unless a very short, simple or common password would have been used (in which case each account's password could individually be "brute forced" by repeatedly guessing a password for that account by encrypting the guess in the same manner and comparing it with the stolen user password). Such attacks happen all the time on the internet, see https://informationisbeautiful.net/visu ... hes-hacks/ for an overview of the largest (known) successful attacks.

Hence to stay safe online one should use a unique password for each website / account and longer passwords are better. That's not feasible to do for most people, if they'd want to remember them all. Here a password manager can be of help. It will store all your passwords and encrypt them with a master password—the only password you'll have to remember going forward. Password managers can also generate passwords for you.

I would strongly discourage to use KeePassX as suggested above, given that it has been unmaintained for years and needed security fixes and improvements have not been implemented (see also https://keepassxc.org/docs/#faq-keepassx).

A better alternative is to use KeePassXC (https://keepassxc.org/) as that is actively maintained. It is available on Linux Mint 19.x through the repositories and on LMDE 3 after adding the Stretch backports repository. It's available as various other download formats from its website.

KeePassXC stores your passwords locally (so make a backup of the password database!) and has options for web browser integration (see https://keepassxc.org/docs/#faq-browser).

If you prefer to have your passwords more easily available on other computers & mobile devices you can consider an online password manager like LastPass or Bitwarden. Such online password managers consist of a web browser plugin and store the encrypted passwords in your online account, so passwords are automatically available on any computer & mobile device on which you're logged into that account.
Image

Post Reply

Return to “Open chat”