I just had a thought, which would be more secure to use, ignore the strength of the password.
Using a web browsers built in password saving feature, so passwords are not typed in all the time and synced between devices.
Using a password manager and disabling the saving of passwords and copy/pasting them into the box each time you visit a website.
Are the differences negligible? Or is one better to use than the other? Also, note that the password manager is not built into the browser, it's standalone. (keepass).
So the most secure way of using passwords would be to disable the caching of passwords and use a password manager with randomly generated passwords at maximum lengths?
I'm going to start doing that, I already carry my password manager with me it felt silly never really using it, the only thing I don't have cached is my bank stuff. But I will definitely start using it more. I also need to finish randomizing all my passwords, I got about half of them done already. lol
I can't believe password managers aren't more widely used. It's so convenient, while also being far more secure. As long as you don't use browser integration. I've run across a number of people who feel that's a good middle ground between browser caching and external password management. It's not. It's a terrible thing that shouldn't be done.
And also, KeePass ftw. I use KeePassX because I pretty much live in Linux these days. I can get KeePass for Linux, but I like KeePassX better in general.
I use different versions across all my devices, it's super handy. I like how the database can just copied from device to device. Although it can be a bit annoying when you have 6 devices and need to update it on all of them. Don't know if anybody has a decent solution for this other than just copy/pasta.
Copy pasta. However I have adopted a distribution system. I only create passwords on my main computer. The database then goes up to Google Drive and is dispersed to the other devices. If I'm on another device, and I sign up for a new service, there's a password that I'll use to create it. I'll go back later when I'm at my computer, update the password, send the new database up, and that's that.
i personaly use Enpass - sometimes it kinda buggy, but it saves passwords in your computer - or on onedrive (and many others), if you need to sync it between computers and it even has WP app - ye laugh at me, im ok with WP, don't need to play stupid Pokemon :P
Stopped trusting chrome and password managers that saves passwords in their own servers since you don't know whats on backend.
Having a master password, is a first step.. and using encryption in the browser; I have not looked into BeEF http://beefproject.com/ in a while - can not say for sure if there is already an attack vector.
But escaping the sandbox, than attacking another process is harder certainly