Jump to content

Password Manager

Mlle. Zabzie

By Mlle. Zabzie,
in General Chatter

Recommended Posts

Mlle. Zabzie Council Member

Mlle. Zabzie

Posted
Posted

Dear Board, confer upon me your wisdom:  What password manager do you think is the best product out there?  I'm looking at LastPass (understanding that they did have a security breach last year) and Dashlane (understanding that it is expensive), but would be open to other suggestions.  I want something that syncs across multiple devices and, if possible, works with apps (which makes Dashlane less good, I understand).  Thanks!

Link to comment
Share on other sites
Elder Sister Council Member

Elder Sister

Posted
Posted

Passwords are the bane of my existence.  I have a system that works (mostly) that is a small black book that I carry with me in my backpack.  I have tried different products and always forget the password to my password manager.  And that's both embarrassing and annoying as heck. 

Link to comment
Share on other sites
Iskaral Pust Council Member

Iskaral Pust

Posted
Posted

I haven't used one yet but I'm interested to see the responses here.

I use the same complex password across all non-financial and low-volume accounts, but use individual complex passwords (saved by the browser on each device) for regular use accounts with any financial risk, e.g. Amazon, iTunes, bank, investing, etc.  I only save credit card details on high volume accounts.

Link to comment
Share on other sites
Elder Sister Council Member

Elder Sister

Posted
Posted

Zabzie, this article from PC Mag (which you've probably already perused) has some good info. 

http://www.pcmag.com/article2/0,2817,2461280,00.asp#disqus_thread

What stuck out to me, though, was this comment from the comments section of the article.

Quote

I completely agree with you, RFairlane . I had no problems with Dashlane until I actually tried to change a saved password. I use only the mobile app. After saving my new password, the app reverted back to the original (now old/outdated) password. Since I had no record of the new, now missing, password, I had to go through quite a process to gain access to the account. This happened three times, with the app each time reverting back to the very first, original/old password. I too paid for Premium membership but after 5 days still have no constructive action on the part of Dashlane. Queue the crickets and the radio silence. Crazy that you had to write a review on PC Mag to get a response. Hopefully they helped you, and will help me, too!

 

Link to comment
Share on other sites
Castel Council Member

Castel

Posted
Posted

I use LastPass, and kept using it after the security leak which apparently didn't reach anyone's data. One of their selling points is that they themselves don't know your code.

 

Looked up DashLane and it didn't really seem to offer any more than LP for three times the price. 

LastPass has worked great for me, especially the ability to generate random passcodes I don't have to worry about for a broad list of sites I likely won't visit that much. For other sites I'm thinking of still keeping some sort of system with readable passcodes I can memorize, but a lot of sites I could care less about. Leave them in LastPass and let it auto-login for me.

 

LastPass works just as well for me on Android as it does on Windows so that's not a problem

Link to comment
Share on other sites
Inigima Council Member

Inigima

Posted
Posted

I am very jumpy about cloud-based password storage. I understand the mechanics and I appreciate the responsive track record of LastPass, but I have trouble getting past the exposure conceptually. I use KeePass. It does not meet your syncing requirement out of the box, but there are plugins to support that. I haven't tried them myself. AFAIK LastPass is the current favorite.

Link to comment
Share on other sites
Fez Council Member

Fez

Posted
Posted

I stick to a little blue book that never leaves my apartment. I've memorized some of the key ones if I need to access them remotely (and I keep my phone logged into non-identifiable sites; like the board here), but anything else, I'm just out of luck until I get home. I appreciate the piece of mind though of not needing to worry about something else getting hacked and someone having access to everything.

Link to comment
Share on other sites
White Walker Texas Ranger Council Member

White Walker Texas Ranger

Posted
Posted
6 hours ago, Tywin et al. said:

Just memorize them. It really isn't that hard.

generally, if you can remember it, it's not a good enough password.

That said, I don't use a password manager myself because I'm a little paranoid of having a single point of failure. Come to think of it, I already have a single point of failure with my email, though I have two factor authentication. I should probably use one.

Link to comment
Share on other sites
ThinkerX Council Member

ThinkerX

Posted
Posted

Way, way back when I worked at a gas station, the owner/manager had a little trick for the password codes for his security system.  He had a phone book on the counter.  Whenever he needed a password or code, he'd flip through the book until he spotted the name of somebody he knew slightly.  Part of that persons phone number - or name, entered as numbers, became the password.  Just a common as dirt phone book. 

Link to comment
Share on other sites
Inigima Council Member

Inigima

Posted
Posted
1 hour ago, R'hllors Red Lobster said:

Thanks a lot, now I have to change my password

This is actually extremely bad advice now. Do not do what the comic suggests. It is no longer a good idea and is very vulnerable to automated attacks.

Link to comment
Share on other sites
Spring Bass Council Member

Spring Bass

Posted
Posted
2 hours ago, Inigima said:

This is actually extremely bad advice now. Do not do what the comic suggests. It is no longer a good idea and is very vulnerable to automated attacks.

There's a modified version IIRC, in which you do the first four as wide in variety as possible (like "8!y$") and then do another eight in a more memorable fashion. That screws with automated attacks, since you've maximized the field of possible guesses on your password. 

Personally, I have a bunch of unique passwords for anything that has confidential information, and a commonly set of passwords for stuff that doesn't. I keep the former written down in an innocuously labeled notebook among other similar looking notebooks at home. 

Link to comment
Share on other sites
White Walker Texas Ranger Council Member

White Walker Texas Ranger

Posted
Posted
4 hours ago, Inigima said:

This is actually extremely bad advice now. Do not do what the comic suggests. It is no longer a good idea and is very vulnerable to automated attacks.

You mean the latest software is explicitly designed to guess that type of password? Fuck. Though I do add some numbers and special characters.

Link to comment
Share on other sites
Jon AS Council Member

Jon AS

Posted
Posted
6 hours ago, Inigima said:

This is actually extremely bad advice now. Do not do what the comic suggests. It is no longer a good idea and is very vulnerable to automated attacks.

Actually the calculation in the comic is done under the assumption that the attacker knows the exact method of password generation and has access to the full list of potential words that the components were chosen from. It's quite secure.

Link to comment
Share on other sites
Inigima Council Member

Inigima

Posted
Posted
2 hours ago, Jon AS said:

Actually the calculation in the comic is done under the assumption that the attacker knows the exact method of password generation and has access to the full list of potential words that the components were chosen from. It's quite secure.

I will cite Schneier on this, but suffice to say it is generally accepted that you are wrong. https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...