Mlle. Zabzie Posted August 4, 2016 Share Posted August 4, 2016 Dear Board, confer upon me your wisdom: What password manager do you think is the best product out there? I'm looking at LastPass (understanding that they did have a security breach last year) and Dashlane (understanding that it is expensive), but would be open to other suggestions. I want something that syncs across multiple devices and, if possible, works with apps (which makes Dashlane less good, I understand). Thanks! Link to comment Share on other sites More sharing options...
Elder Sister Posted August 4, 2016 Share Posted August 4, 2016 Passwords are the bane of my existence. I have a system that works (mostly) that is a small black book that I carry with me in my backpack. I have tried different products and always forget the password to my password manager. And that's both embarrassing and annoying as heck. Link to comment Share on other sites More sharing options...
Iskaral Pust Posted August 4, 2016 Share Posted August 4, 2016 I haven't used one yet but I'm interested to see the responses here. I use the same complex password across all non-financial and low-volume accounts, but use individual complex passwords (saved by the browser on each device) for regular use accounts with any financial risk, e.g. Amazon, iTunes, bank, investing, etc. I only save credit card details on high volume accounts. Link to comment Share on other sites More sharing options...
Elder Sister Posted August 4, 2016 Share Posted August 4, 2016 Zabzie, this article from PC Mag (which you've probably already perused) has some good info. http://www.pcmag.com/article2/0,2817,2461280,00.asp#disqus_thread What stuck out to me, though, was this comment from the comments section of the article. Quote I completely agree with you, RFairlane . I had no problems with Dashlane until I actually tried to change a saved password. I use only the mobile app. After saving my new password, the app reverted back to the original (now old/outdated) password. Since I had no record of the new, now missing, password, I had to go through quite a process to gain access to the account. This happened three times, with the app each time reverting back to the very first, original/old password. I too paid for Premium membership but after 5 days still have no constructive action on the part of Dashlane. Queue the crickets and the radio silence. Crazy that you had to write a review on PC Mag to get a response. Hopefully they helped you, and will help me, too! Link to comment Share on other sites More sharing options...
Castel Posted August 4, 2016 Share Posted August 4, 2016 I use LastPass, and kept using it after the security leak which apparently didn't reach anyone's data. One of their selling points is that they themselves don't know your code. Looked up DashLane and it didn't really seem to offer any more than LP for three times the price. LastPass has worked great for me, especially the ability to generate random passcodes I don't have to worry about for a broad list of sites I likely won't visit that much. For other sites I'm thinking of still keeping some sort of system with readable passcodes I can memorize, but a lot of sites I could care less about. Leave them in LastPass and let it auto-login for me. LastPass works just as well for me on Android as it does on Windows so that's not a problem Link to comment Share on other sites More sharing options...
Mlle. Zabzie Posted August 4, 2016 Author Share Posted August 4, 2016 Cool. Thanks for the input. Link to comment Share on other sites More sharing options...
Xray the Enforcer Posted August 4, 2016 Share Posted August 4, 2016 I use LastPass and have had a good user experience. I use it mostly on Chrome/OSX and various apps on Android. Link to comment Share on other sites More sharing options...
Inigima Posted August 5, 2016 Share Posted August 5, 2016 I am very jumpy about cloud-based password storage. I understand the mechanics and I appreciate the responsive track record of LastPass, but I have trouble getting past the exposure conceptually. I use KeePass. It does not meet your syncing requirement out of the box, but there are plugins to support that. I haven't tried them myself. AFAIK LastPass is the current favorite. Link to comment Share on other sites More sharing options...
Fez Posted August 5, 2016 Share Posted August 5, 2016 I stick to a little blue book that never leaves my apartment. I've memorized some of the key ones if I need to access them remotely (and I keep my phone logged into non-identifiable sites; like the board here), but anything else, I'm just out of luck until I get home. I appreciate the piece of mind though of not needing to worry about something else getting hacked and someone having access to everything. Link to comment Share on other sites More sharing options...
Mr. Chatywin et al. Posted August 5, 2016 Share Posted August 5, 2016 Just memorize them. It really isn't that hard. Link to comment Share on other sites More sharing options...
Future Null Infinity Posted August 5, 2016 Share Posted August 5, 2016 I'am using keepass, it's not a cloud-based password manager, it stores your passwords in a file, it's relatively very simple to use but one must very careful to not delete the file and there are versions of it for windows, linux and android Link to comment Share on other sites More sharing options...
White Walker Texas Ranger Posted August 5, 2016 Share Posted August 5, 2016 6 hours ago, Tywin et al. said: Just memorize them. It really isn't that hard. generally, if you can remember it, it's not a good enough password. That said, I don't use a password manager myself because I'm a little paranoid of having a single point of failure. Come to think of it, I already have a single point of failure with my email, though I have two factor authentication. I should probably use one. Link to comment Share on other sites More sharing options...
ThinkerX Posted August 6, 2016 Share Posted August 6, 2016 Way, way back when I worked at a gas station, the owner/manager had a little trick for the password codes for his security system. He had a phone book on the counter. Whenever he needed a password or code, he'd flip through the book until he spotted the name of somebody he knew slightly. Part of that persons phone number - or name, entered as numbers, became the password. Just a common as dirt phone book. Link to comment Share on other sites More sharing options...
Jon AS Posted August 6, 2016 Share Posted August 6, 2016 16 hours ago, White Walker Texas Ranger said: generally, if you can remember it, it's not a good enough password. No, as long as they're long and made up of random components passwords can be easy to remember. Obligatory XKCD link. Link to comment Share on other sites More sharing options...
all swedes are racist Posted August 6, 2016 Share Posted August 6, 2016 7 hours ago, Jon AS said: No, as long as they're long and made up of random components passwords can be easy to remember. Obligatory XKCD link. Thanks a lot, now I have to change my password Link to comment Share on other sites More sharing options...
Inigima Posted August 7, 2016 Share Posted August 7, 2016 1 hour ago, R'hllors Red Lobster said: Thanks a lot, now I have to change my password This is actually extremely bad advice now. Do not do what the comic suggests. It is no longer a good idea and is very vulnerable to automated attacks. Link to comment Share on other sites More sharing options...
Spring Bass Posted August 7, 2016 Share Posted August 7, 2016 2 hours ago, Inigima said: This is actually extremely bad advice now. Do not do what the comic suggests. It is no longer a good idea and is very vulnerable to automated attacks. There's a modified version IIRC, in which you do the first four as wide in variety as possible (like "8!y$") and then do another eight in a more memorable fashion. That screws with automated attacks, since you've maximized the field of possible guesses on your password. Personally, I have a bunch of unique passwords for anything that has confidential information, and a commonly set of passwords for stuff that doesn't. I keep the former written down in an innocuously labeled notebook among other similar looking notebooks at home. Link to comment Share on other sites More sharing options...
White Walker Texas Ranger Posted August 7, 2016 Share Posted August 7, 2016 4 hours ago, Inigima said: This is actually extremely bad advice now. Do not do what the comic suggests. It is no longer a good idea and is very vulnerable to automated attacks. You mean the latest software is explicitly designed to guess that type of password? Fuck. Though I do add some numbers and special characters. Link to comment Share on other sites More sharing options...
Jon AS Posted August 7, 2016 Share Posted August 7, 2016 6 hours ago, Inigima said: This is actually extremely bad advice now. Do not do what the comic suggests. It is no longer a good idea and is very vulnerable to automated attacks. Actually the calculation in the comic is done under the assumption that the attacker knows the exact method of password generation and has access to the full list of potential words that the components were chosen from. It's quite secure. Link to comment Share on other sites More sharing options...
Inigima Posted August 7, 2016 Share Posted August 7, 2016 2 hours ago, Jon AS said: Actually the calculation in the comic is done under the assumption that the attacker knows the exact method of password generation and has access to the full list of potential words that the components were chosen from. It's quite secure. I will cite Schneier on this, but suffice to say it is generally accepted that you are wrong. https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.