[Closed] LastPass/Google password generation and use

I use LastPass. You have a master password and then the browser plugin stays logged in. On the phone app you can do things like tie it to a fingerprint, which would be great if the fingerprint reader on my phone wasn't toss.

Lastpass has an app, it's (mostly) cloud based. So you access it anywhere - it's a bit of a ball ache if you need to type in a 16 character complex password, but hey ho.

and then the browser plugin stays logged in

But if I can't install a browser plugin, I'm goosed?

Ah, sorry, just seen PJay's answer. So worst case is retrieve password from app, plug it manually into the browser that I happen to be using?

You should be able to login to lastpass / other provider's site and get to your logins that way assuming you have a service that syncs (if you don't then it's all a bit pointless anyway). So if you can't install a plugin, worst case you can copy & paste it across tabs in a browser.

But if I can’t install a browser plugin, I’m goosed?

With Apple you can view your password I would think it’s the same with Android?

Yeah, you can manually get it to display the passwords. There's nothing to say you have to use passwords that would be stupid hard to type, you can tweak the auto-generation settings or just type your own and have it store it. So you could have "$BaaBaa&GreenSheep" and it'd be difficult to broot force but easy to type.

Ah, sorry, just seen PJay’s answer. So worst case is retrieve password from app, plug it manually into the browser that I happen to be using?

Yes. I'm not familiar with LastPass but I presume you can use sensible passwords (like the famous CorrectHorseBatteryStaple) which are infinitely easier to type than the auto-generated ones (like E.g. x3#3f-gg54A-LP08b-2xXnQ). 1Password is another service.

EDIT: I'm a bit slow.

Bitwarden does a good job. Not sure if there’s a browser plugin but the app works well both on a phone and PC (Linux and windows).

You can view saved chrome passwords by going to passwords.google.com

I presume you can use sensible passwords (like the famous CorrectHorseBatteryStaple) which are infinitely easier to type than the auto-generated ones (like E.g. x3#3f-gg54A-LP08b-2xXnQ)

If I'm going to use a sensible password though, I don't need a password manager though, or do I?

Whilst I'm happy enough using Google to random generate and store nonsense passwords it does make me wonder at the logic behind having all these very difficult to guess passwords for probablyonlythirtyuserseorldwide.com which has my email address and maybe some tracking cookies protected by a single memorable if acceptably complex password for Google, with probably 30 billion users, lots of data on each of them, including payment info, passwords for other sites etc.

I accept Google is probably a harder nut to crack but I'd also guess it attracts a whole lot more attention than here for instance. <shrug> I don't know.

If I’m going to use a sensible password though, I don’t need a password manager though, or do I?

Well, if you can remember 200 different passwords, one for every online site you log in to, then no. The crucial thing is having different passwords for every site. Then two factor authentication where possible, particularly on crucial sites like email, Microsoft, Apple etc. Having secure / long passwords helps but in reality most web consumers aren't going to be the subject of a brute-force attack on any given account so this last point isn't actually as important as most people think.

The other thing is that password managers are timesaving too - I never have to enter credentials on my Phone / Laptop / iPad. YMMV if you have to use locked-down systems where you can't install the software.

Yes. I’m not familiar with LastPass but I presume you can use sensible passwords

Yes, you can use whatever you like - the goal being to have one that's easy to type so it could be a shortish 8 character collection of random letters and numbers, as long as it's easy to read it's good enough.

Like Apple is will prompt you to choose one of it's randomly selected ones - oh it's a real treat that one time you have no choice but to copy it from your phone to a PC manually.

it’s a real treat that one time you have no choice but to copy it from your phone to a PC manually.

Here speaks someone who’s never had to type it into an Xbox using just using a gamepad...

Keepass can do the same job but is an app on your phone and pc. Uses a backup file in drive or one drive to sync between devices. Works offline.

If you're on your work PC you can login to the lastpass website and copy and paste the passwords from there. Not as slick as the plugin but does the job.

The other benefit of LastPass is that it has 2FA meaning that if you log into it on a new device it will require a six digit code from your authenticator app of choice. I think they even do dedicated hardware one's or you can possibly get it to text you. I just use Google Authenticator.

https://www.lastpass.com/two-factor-authentication

I know LastPass were hacked a few years ago but they seem pretty robust and I still use them.

it could be a shortish 8 character collection of random letters and numbers, as long as it’s easy to read it’s good enough.

Eight characters really isn't.

Here speaks someone who’s never had to type it into an Xbox using just using a gamepad…

You don't have a USB keyboard anywhere in the house that you can appropriate temporarily? It's not like it's a common occurrence.

I know LastPass were hacked a few years ago but they seem pretty robust and I still use them.

They have one of the better security records.

Yep lastpass recommended on a presentation given by cyber security experts at Malvern science park last Year.