Passwords
Passwords
Is there a program or an app or something that will help me both generate passwords for my many different accounts and keep track of them? I want my accounts to stay secure and I know changing passwords frequently is important to do...but how???? Thanks.
Re: Passwords
I use Lastpass and have never had a problem. If you want a local password program only (I.e. One that resides only on your hard drive and is not web-based), you can't go wrong with KeePass.
-
- Posts: 226
- Joined: Mon Jul 21, 2014 11:49 am
Re: Passwords
Last Pass Premium account. It will change the way you use the internet for the better.
Re: Passwords
I've used https://sourceforge.net/projects/passwordsafe/ for years. It's simple, secure, and syncs readily with my pc, android phone, and tablet. It's free as well.
Re: Passwords
Highly recommend LastPass as well (premium - only $12/year - if you do a lot of stuff on your smartphone).
Re: Passwords
I use KEEpass, free, local or you can use Dropbox or other web based storage for the file.
http://keepass.info/
http://keepass.info/
Re: Passwords
LastPass and OnePassword are both awesome. LastPass is a subscription service that stores your encrypted passwords for you, while OnePassword is a software application that you purchase, and you are responsible for syncing your password vault between devices (I use Dropbox for this). Between the two I prefer LastPass, and I'm actually getting ready to roll out the Enterprise version in my company.
In either case, the concept is the same. You create one strong, easy-to-remember passphrase that you use exclusively for the password manager. Mine is well over 30 characters. The most important part is that this password is NEVER used for anything else. Then you use the tool to randomly generate unique passwords (like: 7tp-sK4,qY&j}E4r )for each site, store them and enter them for you. Make sure you disable your browser's password manager, as it is nowhere near as secure as the best of the 3rd party utilities.
In either case, the concept is the same. You create one strong, easy-to-remember passphrase that you use exclusively for the password manager. Mine is well over 30 characters. The most important part is that this password is NEVER used for anything else. Then you use the tool to randomly generate unique passwords (like: 7tp-sK4,qY&j}E4r )for each site, store them and enter them for you. Make sure you disable your browser's password manager, as it is nowhere near as secure as the best of the 3rd party utilities.
Re: Passwords
I can recommend Keepas. It's free and has worked well for me. I just click on "open website" and then "autotype" to inject the username and password.
While the moments do summersaults into eternity |
Cling to their coattails and beg them to stay - Townes Van Zandt
Re: Passwords
I'm not sure it's been established that changing passwords frequently is important, but obviously having reasonably complex and unique passwords is. Also keep in mind when you're generating passwords that for some purposes you're going to have to key those in manually in one way or another (such as on a virtual keyboard.)brak wrote:Is there a program or an app or something that will help me both generate passwords for my many different accounts and keep track of them? I want my accounts to stay secure and I know changing passwords frequently is important to do...but how???? Thanks.
- LazyNihilist
- Posts: 1005
- Joined: Sat Feb 19, 2011 8:56 pm
Re: Passwords
I would also highly recommend KeePass. I've been using it for the past 2 years.
http://keepass.info/
http://keepass.info/
The strong do what they can and the weak suffer what they must -Thucydides
Re: Passwords
I've always wondered about the advice to frequently change passwords. I can't see the use of it. If anything, it seems like it would encourage people to use weak passwords and/or use passwords more than once since those would be easier to remember.tibbitts wrote: I'm not sure it's been established that changing passwords frequently is important, but obviously having reasonably complex and unique passwords is. Also keep in mind when you're generating passwords that for some purposes you're going to have to key those in manually in one way or another (such as on a virtual keyboard.)
True security comes from having strong passwords which are unique to each login account (to ensure that if one is hacked on the backend, the rest of your accounts are safe). A password manager makes this easy to do. I use 1password and am happy with it.
“I am losing precious days. I am degenerating into a machine for making money. I am learning nothing in this trivial world of men. I must break away and get out into the mountains...” -- John Muir
Re: Passwords
Same here although I don't use mobile devices for access. Makes using 12 and 14+ character alpha numeric passwords easy peasy.Loandapper wrote:Last Pass Premium account. It will change the way you use the internet for the better.
Re: Passwords
Highly recommend LastPass Premium.
Re: Passwords
LastPass
https://lastpass.com/how-it-works/
https://lastpass.com/how-it-works/
"One does not accumulate but eliminate. It is not daily increase but daily decrease. The height of cultivation always runs to simplicity" –Bruce Lee
- triceratop
- Posts: 5838
- Joined: Tue Aug 04, 2015 8:20 pm
- Location: la la land
Re: Passwords
I highly recommend LastPass too. Another option is to store it in a plaintext file and GPG-encrypt it, like pass does
The other option is to use hunter2 as your password on all sites. It has worked well for me: easy to remember.
The other option is to use hunter2 as your password on all sites. It has worked well for me: easy to remember.
"To play the stock market is to play musical chairs under the chord progression of a bid-ask spread."
Re: Passwords
Dashlane is another vendor similar to Lastpass. They have a nice interface, are simple to use, and synch nicely across devices. Dashlane premium, however, is more expensive than Lastpass premium. Lots of reviews online for both. Unless you need sync across devices, you may do fine with the free version of either. Personally, I find synching to be a tremendous benefit.
Much like choosing between similar index funds, it matters less which one you choose since they are pretty similar, but I highly recommend using a password manager.
Much like choosing between similar index funds, it matters less which one you choose since they are pretty similar, but I highly recommend using a password manager.
- Epsilon Delta
- Posts: 8090
- Joined: Thu Apr 28, 2011 7:00 pm
Re: Passwords
Changing passwords limits the time an exposed password will be useful. This probably matters more in an office where passwords leak through shoulder surfing or are lent/borrowed. These shouldn't happen, but they do. The number of administrative assistants and tech support people who have the passwords of everybody they've ever worked for is much larger than it should be*. Expiring passwords every six months or so is an easy countermeasure. If one of the AAs is compromised the damage is limited to only the people they've worked with in the last six months.DoTheMath wrote: I've always wondered about the advice to frequently change passwords. I can't see the use of it. If anything, it seems like it would encourage people to use weak passwords and/or use passwords more than once since those would be easier to remember.
Also if Moore's law is true the time to break a password is linear in complexity, not exponential. This suggests that passwords should be changed occasionally (every few years should be more than enough).
* It should be zero.
Last edited by Epsilon Delta on Tue Jul 12, 2016 10:30 am, edited 1 time in total.
-
- Posts: 673
- Joined: Tue Jun 01, 2010 4:41 pm
Re: Passwords
I use a combination of Dashlane and KeePass/Dropbox. I am slowly phasing KeePass out in favor of Dashlane. I like the UI much better than LastPass.
Today's high is tomorrow's low.
Re: Passwords
Like many others, I use Lastpass Premium ($12/year) for almost all our accounts. Works fairly well on my home Macbook Pro, work PC, and Android smartphone. If you do use Lastpass, use two-factor authentication for added security. Upside is that SOMEONE needs both your long memorized password and your phone to sign in. Downside is that YOU need both your long memorized password and your phone to sign in.
- Epsilon Delta
- Posts: 8090
- Joined: Thu Apr 28, 2011 7:00 pm
Re: Passwords
Lastpass on your phone plus using the phone as a physical token is not two factor security.mervinj7 wrote:Like many others, I use Lastpass Premium ($12/year) for almost all our accounts. Works fairly well on my home Macbook Pro, work PC, and Android smartphone. If you do use Lastpass, use two-factor authentication for added security. Upside is that SOMEONE needs both your long memorized password and your phone to sign in. Downside is that YOU need both your long memorized password and your phone to sign in.
Re: Passwords
Fair enough. But the assumption here is that you have a locked phone (as everyone should). But I agree that if you lose your phone AND its unlocked/culprit has your phone passcode AND the culprit has your lastpass password, it's a security risk. However, using some form of authentication app will still make it difficult for someone to sign into lastpass from another device/computer.Epsilon Delta wrote:Lastpass on your phone plus using the phone as a physical token is not two factor security.mervinj7 wrote:Like many others, I use Lastpass Premium ($12/year) for almost all our accounts. Works fairly well on my home Macbook Pro, work PC, and Android smartphone. If you do use Lastpass, use two-factor authentication for added security. Upside is that SOMEONE needs both your long memorized password and your phone to sign in. Downside is that YOU need both your long memorized password and your phone to sign in.
Re: Passwords
Another satisfied LastPass customer here. The free version is fine, but I splurge for the premium version for the rare times I use it on my phone.
No experience with other password managers, but one thing about LP is that the wide variation in website designs requires some diligence in setting up an effective LP site for some logins. The basic setup process works well for many sites, but for some I have to use the "save all entered data" approach to create a working LP site. Also sometimes need two LP sites for logins that span web pages (e.g., username on page one, password on page two), but sometimes can manually merge the two into one by adding the fields from one LP site to the other. The most problematical sites are those that use different URLs on the username and password pages, in which case two LP sites may be required, one for username and one for password.
On some sites you can complete the entire login process by just launching the LP site, but many sites require a few additional clicks, regardless of the LP settings.
Also, some sites generate some sort of error when you first hit the page with an LP login, but you can often "cancel" out of the error message or click some other link on the error screen to get back to the login page, and then the LP login works.
Last issue I'll mention is that when a login webpage design is changed, it may require changing or creating a new LP site to work with the new design.
Kevin
No experience with other password managers, but one thing about LP is that the wide variation in website designs requires some diligence in setting up an effective LP site for some logins. The basic setup process works well for many sites, but for some I have to use the "save all entered data" approach to create a working LP site. Also sometimes need two LP sites for logins that span web pages (e.g., username on page one, password on page two), but sometimes can manually merge the two into one by adding the fields from one LP site to the other. The most problematical sites are those that use different URLs on the username and password pages, in which case two LP sites may be required, one for username and one for password.
On some sites you can complete the entire login process by just launching the LP site, but many sites require a few additional clicks, regardless of the LP settings.
Also, some sites generate some sort of error when you first hit the page with an LP login, but you can often "cancel" out of the error message or click some other link on the error screen to get back to the login page, and then the LP login works.
Last issue I'll mention is that when a login webpage design is changed, it may require changing or creating a new LP site to work with the new design.
Kevin
If I make a calculation error, #Cruncher probably will let me know.
- Epsilon Delta
- Posts: 8090
- Joined: Thu Apr 28, 2011 7:00 pm
Re: Passwords
As you say, fair enough. It's safer than not doing it, it just doesn't completely eliminate a single point failure.mervinj7 wrote:Fair enough. But the assumption here is that you have a locked phone (as everyone should). But I agree that if you lose your phone AND its unlocked/culprit has your phone passcode AND the culprit has your lastpass password, it's a security risk. However, using some form of authentication app will still make it difficult for someone to sign into lastpass from another device/computer.Epsilon Delta wrote:Lastpass on your phone plus using the phone as a physical token is not two factor security.mervinj7 wrote:Like many others, I use Lastpass Premium ($12/year) for almost all our accounts. Works fairly well on my home Macbook Pro, work PC, and Android smartphone. If you do use Lastpass, use two-factor authentication for added security. Upside is that SOMEONE needs both your long memorized password and your phone to sign in. Downside is that YOU need both your long memorized password and your phone to sign in.
I get grumpy about security, it's so badly done. There's kludge upon kludge layered on to improve security. Many of these really do improve security, but they don't fix the original problems Password managers are a case in point. If you have the computing power to run a password manager you have the computing power to run a true challenge and response system. This would deal with a bunch of issues all at once that are currently dealt with layers of complexity, but it would require changes by the people running the servers, and they just don't care.
Re: Passwords
I take your point that there are circumstances where password changes are helpful, especially in an organizational setting like you describe. But it sounds like we agree that it is a second rate measure compared to using good security practices in the first place. For the home user I think regular password changes is mostly security theater.Epsilon Delta wrote: Changing passwords limits the time an exposed password will be useful. This probably matters more in an office where passwords leak through shoulder surfing or are lent/borrowed. These shouldn't happen, but they do. The number of administrative assistants and tech support people who have the passwords of everybody they've ever worked for is much larger than it should be*. Expiring passwords every six months or so is an easy countermeasure. If one of the AAs is compromised the damage is limited to only the people they've worked with in the last six months.
Also if Moore's law is true the time to break a password is linear in complexity, not exponential. This suggests that passwords should be changed occasionally (every few years should be more than enough).
* It should be zero.
“I am losing precious days. I am degenerating into a machine for making money. I am learning nothing in this trivial world of men. I must break away and get out into the mountains...” -- John Muir
- Epsilon Delta
- Posts: 8090
- Joined: Thu Apr 28, 2011 7:00 pm
Re: Passwords
Yes for a home user it's mostly theater. Not entirely, but it's a long way down the list.DoTheMath wrote:I take your point that there are circumstances where password changes are helpful, especially in an organizational setting like you describe. But it sounds like we agree that it is a second rate measure compared to using good security practices in the first place. For the home user I think regular password changes is mostly security theater.Epsilon Delta wrote: Changing passwords limits the time an exposed password will be useful. This probably matters more in an office where passwords leak through shoulder surfing or are lent/borrowed. These shouldn't happen, but they do. The number of administrative assistants and tech support people who have the passwords of everybody they've ever worked for is much larger than it should be*. Expiring passwords every six months or so is an easy countermeasure. If one of the AAs is compromised the damage is limited to only the people they've worked with in the last six months.
Also if Moore's law is true the time to break a password is linear in complexity, not exponential. This suggests that passwords should be changed occasionally (every few years should be more than enough).
* It should be zero.
However changing passwords is a necessary step going from insecure to secure. e.g. after a breach or if you have been sloppy and decide to turn over a new leaf.
Re: Passwords
Can people please define what "good security practices' on a computer involve? Thanks.
Re: Passwords
Use a password manager.brak wrote:Is there a program or an app or something that will help me both generate passwords for my many different accounts and keep track of them? I want my accounts to stay secure and I know changing passwords frequently is important to do...but how???? Thanks.
http://lifehacker.com/5529133/five-best ... d-managers
Don't overlook prior threads as well. There have been a number of threads on password managers.
Re: Passwords
here's a really good list of 10 best practices https://ist.mit.edu/security/tipsbrak wrote:Can people please define what "good security practices' on a computer involve? Thanks.
Re: Passwords
or use dadada. If it's good enough for Mark Zuckerberg, then it's good enough for me too.triceratop wrote: The other option is to use hunter2 as your password on all sites. It has worked well for me: easy to remember.
http://www.wsj.com/articles/mark-zucker ... 1465251954
jk, Lastpass premium user here.
Re: Passwords
+1Loandapper wrote:Last Pass Premium account. It will change the way you use the internet for the better.
-
- Posts: 382
- Joined: Thu Jul 16, 2015 9:36 am
Re: Passwords
LastPass Premium for years now.
Just make sure your main LP password is sufficiently entropic.
Just make sure your main LP password is sufficiently entropic.
- bertilak
- Posts: 10711
- Joined: Tue Aug 02, 2011 5:23 pm
- Location: East of the Pecos, West of the Mississippi
Re: Passwords
Has anyone used BOTH LastPass and KeePass and do you recommend one over the other?
I am currently satisfied with KeePass but am always open to change, if it is for the better. I have a huge number of passwords saved in it so would be reluctant to change due to the tedium of transferring passwords.
KeePass has an Android app that integrates well. It has a simple way of inserting ID/password without doing copy/paste. Works better than on a PC where one needs two, two-step processes (copy/paste), for ID and password. It's kind of clunky compared to the Android process. I make the password database available via OneDive. I'm sure any of the popular cloud services would work.
I am currently satisfied with KeePass but am always open to change, if it is for the better. I have a huge number of passwords saved in it so would be reluctant to change due to the tedium of transferring passwords.
KeePass has an Android app that integrates well. It has a simple way of inserting ID/password without doing copy/paste. Works better than on a PC where one needs two, two-step processes (copy/paste), for ID and password. It's kind of clunky compared to the Android process. I make the password database available via OneDive. I'm sure any of the popular cloud services would work.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
Re: Passwords
Don't let that be a barrier. I transferred 700+ passwords from 1Password into LastPass in about 15 seconds. I'm sure they have a utility for KeePass as well.bertilak wrote:I am currently satisfied with KeePass but am always open to change, if it is for the better. I have a huge number of passwords saved in it so would be reluctant to change due to the tedium of transferring passwords.
Lastpass does the same thing, on Android AND PC. On my PC browsers, it autofills my credentials for me, so I just click a button to sign in. On Android, in a browser AND most apps, if it recognizes that I have a login, it pops up a prompt, I swipe my fingerprint, then confirm the credential I want to use and I'm signed in.bertilak wrote:KeePass has an Android app that integrates well. It has a simple way of inserting ID/password without doing copy/paste. Works better than on a PC where one needs two, two-step processes (copy/paste), for ID and password. It's kind of clunky compared to the Android process. I make the password database available via OneDive. I'm sure any of the popular cloud services would work.
Re: Passwords
If you are referring to more broadly than passwords, I'd suggest starting a separate thread.brak wrote:Can people please define what "good security practices' on a computer involve? Thanks.
I always wanted to be a procrastinator.
Re: Passwords
I am uncomfortable giving my passwords to a company or third party software, or, allowing a company or software to generate passwords for me to access my asset accounts. Companies can be hacked. LastPass was hacked...
http://lifehacker.com/lastpass-hacked-t ... 1711463571
In my opinion, if I do not share my username with anyone, AND I have a sufficiently random and long passphrase that only I know, AND I use two factor authentication (for example with Vanguard), AND I never respond to unsolicited emails that may be phishing emails, then I am secure. Am I wrong about this?
http://lifehacker.com/lastpass-hacked-t ... 1711463571
In my opinion, if I do not share my username with anyone, AND I have a sufficiently random and long passphrase that only I know, AND I use two factor authentication (for example with Vanguard), AND I never respond to unsolicited emails that may be phishing emails, then I am secure. Am I wrong about this?
- bertilak
- Posts: 10711
- Joined: Tue Aug 02, 2011 5:23 pm
- Location: East of the Pecos, West of the Mississippi
Re: Passwords
I tried to install LastPass and it failed.
- First: Says my email is already in use so tried "Logon Existing Account" instead of "Activate New Account" using PW I had stored in KeePass.
- Second: Says PW invalid so I tried password hint. Got the hint in email. Hint was obvious to me but password associated with that was same as I already tried so still didn't work.
- Third: I tried a few more passwords and got locked out.
- Fourth: I tried "Account Recovery" and got an email with link to recovery web page. Clicked on the recover button. Failed with "LastPass plugin not installed" but Firefox shows me it is installed.
- Fifth: Plugin set to "ask for activation" so I changed it to "always activate," restated FF (again) but got same message about plugin not installed.
- Uninstalled and started over up to point of Account Recovery. Says recovery still pending so go away!
- Seventh: I GAVE UP, and uninstalled LastPass!
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
-
- Posts: 323
- Joined: Thu Oct 24, 2013 12:32 am
Re: Passwords
So if your long and random passphrase is the same at all sites, then this is much less secure than trusting a password manager. If any site stores your passphrase insecurely (either unencrypted or without a salt) and gets hacked, then all your other sites are compromised at the same time. If you don't understand about the LinkedIn breach, rainbow tables, and password salts, then your homework is to read up on this.mptfan wrote:I am uncomfortable giving my passwords to a company or third party software, or, allowing a company or software to generate passwords for me to access my asset accounts. Companies can be hacked. LastPass was hacked...
http://lifehacker.com/lastpass-hacked-t ... 1711463571
In my opinion, if I do not share my username with anyone, AND I have a sufficiently random and long passphrase that only I know, AND I use two factor authentication (for example with Vanguard), AND I never respond to unsolicited emails that may be phishing emails, then I am secure. Am I wrong about this?
If you are using different passphrases for each site, then how do you remember them all unless you are a savant or are they not really random? Or do you keep them written down on paper where they could be stolen. Please tell me you don't keep them in Excel!
I agree that it is hard to trust a third party but security is very hard and trusting yourself to do it right is like defending yourself pro se in court. (As in, "A man who is his own lawyer has a fool for a client").
LastPass and KeePass and their ilk have withstood a lot of scrutiny and have specialists trying to keep them secure. That's whey the lastpass breach didn't actually leak any user passwords, because the Lastpass folks knew how to store your data securely. They recommended changing passwords as a precaution. I personally use KeePass with the vault stored on Dropbox, but I would trust any of the major players in this space over trusting a homebrew method.
Re: Passwords
Everyone knows that the best place to keep passwords is on a post-it note stuck to the display. How else is your electrician going to log into your bank account?lotusflower wrote:If you are using different passphrases for each site, then how do you remember them all unless you are a savant or are they not really random? Or do you keep them written down on paper where they could be stolen. Please tell me you don't keep them in Excel!
Stay hydrated; don't sweat the small stuff
Re: Passwords
If you don't want to do the 2-4 step copy paste/copy paste with KEEpass you can get a browser extention to do it for you. I used one in the past, but as I recall it was complicated to install. It worked ok, but when I had to reinstall Windows after a virus I elected to keep the clunky process. The one you want would be under the integration & transfer heading. (Keeform, etc).
http://keepass.info/plugins.html
http://keepass.info/plugins.html
Re: Passwords
I use different passphrases for my bank and investment accounts. For example, for Vanguard, my passphrase might me "I like chocolate ice cream" so my password is "ilcic" and for my bank it might be "I like frozen yogurt" so my password would be "ilfy". Of course these are not my real passphrases, the real ones are much longer (more than 10 characters) and unique and only I know them and I don't use them for any other site. I do not write them down anywhere, but I do keep a reminder word written down that triggers me to remember my passphrase, like "ice cream"... only I would know the full passphrase related to that word. Again, I am using simplistic examples to illustrate what I do, the real passphrase is much longer and unique, and even if someone saw my one word memory trigger word it would be impossible for them to know 1) that there was a long passphrase associated with that word, and 2) what the passphrase is. I also add a special character or two to the passphrase that only I know. The full passphrase or password is never written or saved anywhere.lotusflower wrote: If you are using different passphrases for each site, then how do you remember them all unless you are a savant or are they not really random? Or do you keep them written down on paper where they could be stolen. Please tell me you don't keep them in Excel!
Re: Passwords
I agree their ilk have a strong incentive to keep their data secure, but the hackers also have a strong incentive to break the security. I also understand that the lastpass hack did not leak any user passwords...not this time...maybe next time they will? I accept that it is unlikely, and I understand that they use hashes and other methods so that even if they are hacked the actual passwords themselves are protected, I get that, but unlikely is not impossible. I do know that if I do not use lastpass or their ilk, it would be impossible for someone to get my password to my investment and bank accounts by hacking lastpass. So the odds go from highly unlikely to impossible, and I choose impossible.lotusflower wrote: LastPass and KeePass and their ilk have withstood a lot of scrutiny and have specialists trying to keep them secure. That's whey the lastpass breach didn't actually leak any user passwords, because the Lastpass folks knew how to store your data securely. They recommended changing passwords as a precaution. I personally use KeePass with the vault stored on Dropbox, but I would trust any of the major players in this space over trusting a homebrew method.
I understand your point about a homebrew method being potentially more vulnerable, but I am willing to accept that risk. I don't think there are any right or wrong answers here, just opinions, and each person has the right to make their own judgment.
-
- Posts: 67
- Joined: Sun Mar 08, 2015 1:55 pm
- Location: Rocinante
Re: Passwords
I use Keepass2Android on my phone. I don't like the idea of keeping my passwords in the cloud.
-
- Posts: 323
- Joined: Thu Oct 24, 2013 12:32 am
Re: Passwords
Okay, that sounds pretty good to me, as long as the passwords are at least 12 characters to defeat brute-force attacks. Of course I'm just another amateur but am a programmer and have done a fair amount of research. The other benefit of KeePass is that I have shared the master password with my wife in case I am incapacitated. Last time I looked at LastPass's marketing info they stresses that a good system has to provide both security and availability, and your system has an availability problem. While that may not be a problem for your specific case, most people get a better level of overall security with a leading password manager.mptfan wrote: Again, I am using simplistic examples to illustrate what I do, the real passphrase is much longer and unique, and even if someone saw my one word memory trigger word it would be impossible for them to know 1) that there was a long passphrase associated with that word, and 2) what the passphrase is. I also add a special character or two to the passphrase that only I know. The full passphrase or password is never written or saved anywhere.
-
- Posts: 54
- Joined: Fri Jul 08, 2016 9:57 am
Re: Passwords
I strongly recommend LastPass to all friends/family/co-workers. Like it's been said random and unique passwords for EVERY website you have a login can be automatically logged in while you only need to remember and input ONE password. Using on mobile apps is also a benefit if you pay the $12 fee.
Also it has a built in security challenge (password analyzer) that shows you how well your passwords are. If (when) a site breach happens you can see if your password for that site has been compromised. You can even have LastPass change a site password on its own (I've used it on Amazon.com).
Also it has a built in security challenge (password analyzer) that shows you how well your passwords are. If (when) a site breach happens you can see if your password for that site has been compromised. You can even have LastPass change a site password on its own (I've used it on Amazon.com).
Re: Passwords
Any concern that LastPass will get hacked, exposing everyone's passwords? There is a steady news stream of this company or that getting hacked and turning out to be not as secure as people thought it was (Snapchat stores the pics that disappear, what?).
I use an app to store passwords on my phone, but never the actual password-- just a reminder of it. However, I have to manually enter the passwords. Something that works across various platforms would be nice.
I use an app to store passwords on my phone, but never the actual password-- just a reminder of it. However, I have to manually enter the passwords. Something that works across various platforms would be nice.
The Espresso portfolio: |
|
20% US TSM, 20% Small Value, 10% US REIT, 10% Dev Int'l, 10% EM, 10% Commodities, 20% Inter-term US Treas |
|
"A journey of a thousand miles begins with a single step."
-
- Posts: 323
- Joined: Thu Oct 24, 2013 12:32 am
Re: Passwords
Umm, so if not the cloud, how to do you back up your Keepass file? Either you back it up manually after every change (tedious tasks like that typically lead to sloppy behavior), or you don't back it up at all. Either of those leads to an availability problem for your data (cf my previous post).Kuna_Papa_Wengi wrote:I use Keepass2Android on my phone. I don't like the idea of keeping my passwords in the cloud.
Personally I'm too worried about Android security to let my Keepass data anywhere near my phone or to do any banking on my phone. However that situation is probably improving rapidly with Android 6 and the popularity of mobile banking, but I'm still wary.
Edward Snowden said "Encryption works. Properly implemented strong cryptosystems are one of the few things that you can rely on." Keepass is open-source and people who know encryption can and do inspect the code. Whether or not your database is stored in the cloud it is encoded with AES encryption and so it should be quite secure if the implementation is correct.
If you type a letter and use strong encryption, you can drop a million copies of it in Times Square and no one will be able to read it, that's what Snowden is saying. The cloud itself is no more of a risk than the sidewalk of times square, as long as your data is encrypted.
-
- Posts: 323
- Joined: Thu Oct 24, 2013 12:32 am
Re: Passwords
Sure there's a concern. But as was already mentioned, LastPass did get hacked, and yet the attackers were unable to get at anyone's passwords because LastPass's team is doing a good job. I think you are way better going with the experts than rolling your own. Just like mptfan if your passwords are not recorded anywhere except your mind that's pretty safe from everyone else, but you still can have data availability problems if you are incapacitated or if you haven't used one in a while and you can't quite remember it correctly.czeckers wrote:Any concern that LastPass will get hacked, exposing everyone's passwords? There is a steady news stream of this company or that getting hacked and turning out to be not as secure as people thought it was (Snapchat stores the pics that disappear, what?).
-
- Posts: 1212
- Joined: Wed Nov 07, 2007 5:51 pm
Re: Passwords
I'm a technologically challenged old man. For my financial accounts, I use usernames that make no sense and use all of spaces available and passwords that use letters, numbers, and special characters for all of the spaces available. I have to consult my handwritten notes to log on because I can't remember my username and password. I may be wrong, but I assume that a hacker would be frustrated trying to determine what my username was let alone what my password was. I only access these accounts using my desktop computer that has antivirus, malware, and spyware protection.
I use my Kindle to surf the web, read email, and post here. My passwords for nonfinancial sites are not too sophisticated. If my Kindle is compromised, I have a 3 pound hammer that will resolve the problem.
Perhaps a technologically sophisticated poster could tell me if I'm safe from internet bandits. Thanks in advance.
DMW
I use my Kindle to surf the web, read email, and post here. My passwords for nonfinancial sites are not too sophisticated. If my Kindle is compromised, I have a 3 pound hammer that will resolve the problem.
Perhaps a technologically sophisticated poster could tell me if I'm safe from internet bandits. Thanks in advance.
DMW
- abuss368
- Posts: 27850
- Joined: Mon Aug 03, 2009 2:33 pm
- Location: Where the water is warm, the drinks are cold, and I don't know the names of the players!
- Contact:
Re: Passwords
We can not remember them all and are not comfortable with an app or other technology storing them. As such, we simply write them down in a book and this has worked so well.
Years ago it was easy to remember. Today, everything is more characters, symbols, upper case, lower case, and maybe symbols! And then, the password can not be reused or must change every month!
Years ago it was easy to remember. Today, everything is more characters, symbols, upper case, lower case, and maybe symbols! And then, the password can not be reused or must change every month!
John C. Bogle: “Simplicity is the master key to financial success."
Re: Passwords
I am not technologically sophisticated, but I understand the merits of a three pound hammer....primitive but effective.Dead Man Walking wrote:I'm a technologically challenged old man. For my financial accounts, I use usernames that make no sense and use all of spaces available and passwords that use letters, numbers, and special characters for all of the spaces available. I have to consult my handwritten notes to log on because I can't remember my username and password. I may be wrong, but I assume that a hacker would be frustrated trying to determine what my username was let alone what my password was. I only access these accounts using my desktop computer that has antivirus, malware, and spyware protection.
I use my Kindle to surf the web, read email, and post here. My passwords for nonfinancial sites are not too sophisticated. If my Kindle is compromised, I have a 3 pound hammer that will resolve the problem.
Perhaps a technologically sophisticated poster could tell me if I'm safe from internet bandits. Thanks in advance.
DMW
"..the cavalry ain't comin' kid, you're on your own..."