For the record – the site above isn’t the current Doxbin address, but I wanted to give people a general idea of what it looked like. Nonetheless, there’s still a Doxbin Twitter account, @_DoxBin_, which is affiliated with Gray Hat Forums, apparently.
I’m sharing this because my broader topic is data leaks and password managers. First of all, no password appears to be 100% safe, but you’re better off if you use a good one. If you look at one of the lists of “most common passwords,” according to this article in The Telegraph, they tend to include ones like this:
And so on. I hate to admit it, but when I first “joined” the interwebs back in 1994, I was guilty of having some passwords like these. I’ve since learned that you need to up your security.
One of the reasons that I wanted to tell you about this, my loyal readers, was that I was recently looking at the sites Has my email been hacked? and Have I been pwned?. In the process, I found a disturbing trend: just by looking at the types of sites that someone had login credentials for, you could really tell a lot about their personal life.
For example, I typed in a “made up” email address onto the first site (which turned out to be a real one), and some of the results included Badoo, neopets.com, lookbook.nu, and mate1.com.
Anyhow, I think that to avoid this, it would be best to use a good password manager, particularly one that can keep your passwords offline – and therefore not vulnerable. Also, I tend to randomly generate my passwords using the Diceware method, which fellow WordPress author W. Smith talks about in Unique usernames with diceware.
In a nutshell, you use the dice to come up with combinations of words and numbers, which then become your password (or “passphrase”). The password managers, on the other hand, do this for you.
KeePass, unlike some other password managers, does not store your passwords in a cloud. Also, its complete database is encrypted (e.g. your usernames and other info). Oh, and did I mention that it’s open source? Open source = good.
To see more of its features, check out Features – KeePass. And no, I don’t work for them, so this isn’t an official endorsement.
Another password manager that I’ve been testing out is bitwarden, which, I am pleased to note, is 100% FOSS. bitwarden offers a web extension for all major browsers, including Tor, and a mobile app.
The downside, compared to KeePass, is that bitwarden only supports storing passwords in a cloud (as opposed to offline), which has the potential to be a security threat. However, it does allow 2FA and encrypts passwords with your master password (just as KeePass does).
An IRC buddy of mine by the name of Sheogorath does a good comparison of four different password managers here: Password safes – LastPass vs. Bitwarden vs. Keepass vs. Pass. Compare them all for yourself and decide! (By the way, if he’s into anything criminal, I’m not responsible.)
All that said, though it may seem like a pain to have to go through all of these steps, I think it’s better than having your password end up on Doxbin (or somewhere worse). Right?