Forgotten password that was compromised

[haifisch27]

Dear community,

I have not used the Ubuntu Forum much in the last years and thus forgotten the/which password I used for it. Now that the site was hacked and the passwords stolen, I was wondering if there is a procedure for me to find out which password I used for the forum (don't want to change the passwords for every internet service I use). I would be very grateful if anyone has helpful suggestions here...

[TheFu]

Not going to help you now, but a password manager can prevent this issue in the future. After about a week of use, KeePassX changed my life. Accounts are remember, extremely complex, random, different passwords used everywhere, and because KeePassX DBs are v1 compatible, Windows, Linux, Android programs can read the same DB without issue.

I know only 3-4 passwords now - but the most important one is to access the AES encrypted KeePassX DB. A few articles about KeePassX:
* http://www.jdpfu.com/2010/04/24/keep...ssword-manager
* http://www.jdpfu.com/2011/03/25/101-...ssword-manager

As you can see - I'm crazy about password managers and have learned there are many, many, many uses for those DBs, not just for passwords.

A few family and friends have started using KeePass or KeePassX - they all agree - it takes about a week, but after that, they are 100% hooked.

[oldos2er]

Moved to FF&H.

See http://ubuntuforums.org/showthread.php?t=2164064
All the old forum passwords were randomized, so your old password is gone.

[cariboo]

Dear community,

I have not used the Ubuntu Forum much in the last years and thus forgotten the/which password I used for it. Now that the site was hacked and the passwords stolen, I was wondering if there is a procedure for me to find out which password I used for the forum (don't want to change the passwords for every internet service I use). I would be very grateful if anyone has helpful suggestions here...

There is no way for us to tell what your password was, as all the password were randomized, and we no longer store passwords in our database. I'd suggest you use something like apg or pwgen to generate new passwords for the services you are worried about.

[CharlesA]

Not going to help you now, but a password manager can prevent this issue in the future. After about a week of use, KeePassX changed my life. Accounts are remember, extremely complex, random, different passwords used everywhere, and because KeePassX DBs are v1 compatible, Windows, Linux, Android programs can read the same DB without issue.

I know only 3-4 passwords now - but the most important one is to access the AES encrypted KeePassX DB. A few articles about KeePassX:
* http://www.jdpfu.com/2010/04/24/keep...ssword-manager
* http://www.jdpfu.com/2011/03/25/101-...ssword-manager

As you can see - I'm crazy about password managers and have learned there are many, many, many uses for those DBs, not just for passwords.

A few family and friends have started using KeePass or KeePassX - they all agree - it takes about a week, but after that, they are 100% hooked.

Just chiming in with a +1 here. I've been using Keepass for a long time now and it just rocks. I even got my mum to start using it so she would stop using weak passwords and/or reusing passwords.

[Dave_L]

I see that both keepass2 and keepassx are available in the 12.04 repositories. Which is preferable?

[CharlesA]

I see that both keepass2 and keepassx are available in the 12.04 repositories. Which is preferable?

I use keepassx on *nix and KeePass on Windows.

[TheFu]

I see that both keepass2 and keepassx are available in the 12.04 repositories. Which is preferable?

I haven't researched this in some time, but when I was looking for a password manager, I wanted:
* F/LOSS - GPL/BSD license
* Strong, standard encryption
* Trust no external websites or services
* Cross-platform DB support - copy the same DB to any platform - 100% binary compatible.
* Cross-platform Application support
* Avoid Mono and .NET libraries.
* auto-type for userid and passwords - I haven't typed logins in a few years for the things inside my keepassX db.

At the time, KeePassX on Linux, KeePass v1.x on Windows and KeePassDroid all used the v1.xx DB format.

Things may have changed since then. I dunno.

Your requirements are probably different than mine. Just do the research on all the platforms you want covered and take your best choice.

Be certain that you back up the DB file religiously. I have it on 6 different machines and on an internet server located 1,000 miles away. It gets pushed to most of these automatically, nightly. I use 1 system for updates - all the others are considered "read-only" copies.

[sandyd]

Best thing to do.

Get a YubiKey.
Generate an super long PW, and use it on keepassx. Store the keepassx database anywhere you like.
Store password on YubiKey.

Now, you dont even need to remember any passwords....

Basically a YubiKey emulates a keyboard, and on a press of the key, it inserts the password in. Ive found it useful for securing LUKS lvm setups as well.

[CharlesA]

Best thing to do.

Get a YubiKey.
Generate an super long PW, and use it on keepassx. Store the keepassx database anywhere you like.
Store password on YubiKey.

Now, you dont even need to remember any passwords....

Basically a YubiKey emulates a keyboard, and on a press of the key, it inserts the password in. Ive found it useful for securing LUKS lvm setups as well.

That would be awesome, especially if you don't have to actually remember the damn encryption key.