I feel like I should be using a password manager and strong passwords but, like many, I tend to use the same few variations on passwords across many sites. [url= http://lifehacker.com/5529133/five-best-password-managers ]Lifehacker says LastPass, Dashlane, KeePass, 1Password or RoboForm are the five best[/url]. Or do I just trust and use Chrome's ability to remember them?
Ideally, I'd like to use the same service on my Android phone and tablet and my personal Win10 laptop and at work, where we don't have the ability to install software, across several different Win7 PCs.
Any suggestions, or others to try?
Eh - your memory?
I use KeePass. I use the native Windows version and the Android app, but keep the portable Windows version on my Dropbox for use elsewhere. Also had the native Mac version on my old Macbook. I keep the password file (encrypted) on my Dropbox (probably the least secure bit of it). I find this works flawlessly.
I'd never remember all my passwords without it. I wish I had your memory wanmankylung.
Eh - your memory?
I've probably got around 100 accounts with associated passwords. If each had a unique, strong password that's slightly more than I can remember.
wml - really?
Unless you operate a 'system' - as I'm trying to do - I too have only a handful or core passwords.
Due to having to buy stuff or even just register, I reckon I'm in or on for not far off 100 sites. Memory for that would be impressive, don't you think?
YMMV.
Cheers thenorthwind.
Eh - your memory?
I probably have somewhere between 80-100 passwords. Each of them is different and they vary in length between 12 and 16 characters. If I had a memory capable of that I would have put it to good use at a vegas card table before now.
Mine are in a password protected word file which is also printed out and kept in a safe place. Seemed a simple way to organise them, didn't require any new software and I only need to remember the one password to access the word file. I worked on the principle that a burglar is not very likely to be a cyber criminal and vice versa.
Mine are in a password protected word file which is also printed out and kept in a safe place.
So all of your numerous passwords are protected by......a password?
Is it just me or is this a bit ummmmmm?
[url= https://lastpass.com/ ]lastpass[/url] for me. Really good. 2 factor authentication and restricted to country for logging in
Trying out Dashlane now.
Used to use KeepAss but it kept corrupting the file every month or so - easy roll back on the filers but not confidence inspiring.
I also use KeyPass and store the Data and Key files in separate Dropbox folders to keep them in sync between home computer, work computer and Android.
Oh and storing all of your passwords in a Word doc is a stupid way to go about things when there are much better solutions about,
if the document is a docx all that you need to do is rename the file to .zip, delete the settings.xml from within the file and rename it back to .docx
So all of your numerous passwords are protected by......a password?
Yep. I may be a fool but it feels safe enough to me, someone needs to break into the house, find the thing containing the word file, work out or otherwise hack the password then they've got access to my digital world.
The password on the word file is a long one so it would take an automated system a very long time to crack so the only realistic method would be for someone to have a lucky guess and that's just not very likely to happen.
As for the printed version. That's stored somewhere else and doesn't contain any email addresses only passwords so even if you managed to get hold of it it wouldn't be immediately useful as "I've forgotten my details" request would get sent to my email address so if anything it would be a heads up that somethings not right.
Any of these systems can be breached somehow but I'm happy enough that mine would buy me enough time to change my details if there were a problem.
I just go for 12345 or Pa55word
Both foolproof..
LastPass here as well
My passwords are now super complicated and long
Works well for me
Yep. I may be a fool but it feels safe enough to me, someone needs to break into the house, find the thing containing the word file, work out or otherwise hack the password then they've got access to my digital world.
I was more wondering about peoples getting into it remotely TBH. But I'm far from an expert in this, I just found it amusing that you have excellent security having loads of differing passwords and protect them with a single password!
I use a core password with additional characters depending on website. The name of the website gives a strong hint as to what the additions should be. The core password changes regularly on a prompt from my work account. It's really not that hard.
Remembering one password and a rule is a lot easier then 100 passwords.
Oh and storing all of your passwords in a Word doc is a stupid way to go about things when there are much better solutions about,
if the document is a docx all that you need to do is rename the file to .zip, delete the settings.xml from within the file and rename it back to .docx
Mine isn't a .docx file, not sure if that makes a difference but I'll look into it.
I store mine in a non password protected .doc file.
That's then encrypted using 128bit encryption.
I used Truecrypt which, for these purposes is probably completely adequate but does come with the disclaimer that it is no longer under development and may therefore become vulnerable at some point in the future.. It's available on all platforms, you need the version before the last one if you want to encrypt rather than read only. Also useful for storing bank statements and such. Bitlocker is also available for Windows only users on pro and above I believe, though how good it is I cant say.
Another Keepass user with the file stored on Google Drive.
lastpass here too. Never got the two factor working perfectly, but otherwise it integrates with iOS pretty well. the main benefit for me is passwords are all unique, so expendable. No more worries about a compromised password being used on lots of sites and having to change it (or remember where you used it)
Is there any benefit to using lastpass over Apple Keychain for password management (apart from the latter obviously restricting you to entirely using Apple products)?lastpass here too. Never got the two factor working perfectly, but otherwise it integrates with iOS pretty well.
How about a book....choose chapter titles and their page numbers and mark the page....always works!
[quote=BoardinBob ]I just go for 12345 or Pa55word
Both foolproof..
I've got bad news for you, somebody has hacked your account and changed the password
Muppetwrangler. If you are feeling confident send me your word document and if I haven't cracked the security within 24 hrs I will delete it, and if I do I'll post its contents here! Still confident?
If you are feeling confident send me your word document and if I haven't cracked the security within 24 hrs I will delete it, and if I do I'll post its contents here! Still confident?
That would defeat the point of keeping the file off of a network. A big part of this is the idea that it's a simple system that's not easily accessible to the vast majority of people capable of reading it. You'd need to be a physical as well as a virtual thief. And even if you broke in you'd need to know what you were looking for as it's hardly the typical high value easily saleable item favoured by local scrotes.
Yes there's a good chance that an individual user account will get leaked in amongst millions of others as part of a larger corporate hack and yes there's a good chance that local youths will break in and try and nick my bike and the telly at some point. But I don't think there's much likelihood of a modern day pink panther style thief targeting my house so that they can gain control over my amazon account. Individually I'm just not worth the effort.
I use 1Password on iPhone, Macbook, Windows and Android.
I went for 1Password mainly as it's an outright purchase. Also the apps work well and look nice on their respective platforms. It's probably much of muchness between the main players, as assume they all have secure notes, credit card functions, browser plugins, multiplatform etc, but I am very happy with my choice.
Used Keepass in the past with my windows machine, now I use apple's keychain.
Keepass was recommended to me by my tame hacker.
Which reminds, me, I really should find out which institution he's in now...
I've just had to migrate from my previous one and have gone for LastPass for $12 per year.
Clients for OS X & iOS work for me.
I use a piece of paper! Nobody is going to hack it or steal it and it's not going to get lost
That would defeat the point of keeping the file off of a network.
You missed this bit of the OP's requirements then?
I'd like to use the same service on my Android phone and tablet and my personal Win10 laptop and at work
What exactly are folk doing that the need 100+ passwords?
I have around 40 at most, most of which I change regularly. My memory can handle that.
didn't last pass get bought by a less desirable competitor recently?
I just log into my google account if I forget a password as chrome has all my passwords remembered so I just need to click on the little reveal one and it shows me my login and password
For those with a Word doc and 'online' fears,
What happens if your hard drive dies tomorrow?
I have around 40 at most, most of which I change regularly. My memory can handle that.
You can remember 40 strong passwords? I suggest taking up Poker.
A bit of paper.
Seriously, the chances of someone breaking into your house to steal your passwords off bits of paper are next to nothing. Vastly safer than storing things online or trusting a password manager that could itself be hacked.
Difficult to update a piece oof paper when you change your wiggle password sat in a cafe.
I have a word doc in a google drive presently up to three pages, probably should do something better but works as I always have access.
I really can't imagine having a memory that allows me to remember 40+ passwords that are all unique and complex. Typically they'd be something like 'y62htX$6jF%Ku*' and I'll be jiggered if I could remember one or two like that let alone dozens. If you can remember 40+ 'complex' passwords, I'd suggest you either need to take up card counting, a one man memory show or your passwords aren't really that complex at all
No, that's not one of my passwords by the way!
What use is the bit of paper at home if you're sat a 100 miles away?
LastPass works for me
What exactly are folk doing that the need 100+ passwords?
Using lots of websites.
Thanks for the suggestions/discussion everyone.
So all of your numerous passwords are protected by......a password?
Is it just me or is this a bit ummmmmm?
Not sure I see the problem, as long as your password is a good, strong, unique one that you can actually remember. It's basically the same as saying that your PayPal (say) account is only protected by a password isn't it? There's nothing wrong with passwords in themselves.
I suppose there might be an argument that you've put all your eggs in one basket with things like LastPass, should they ever get hacked. That said I've never really checked them out so I'm not sure exactly how they work.
LastPass for me. Two factor enabled for non approved devices. Runs on my Mac, PC and phone. 100+ here too - some for work, most for other stuff. Also I have multiple email-ids so trying to remember that is beyond this bear of little brain 😉
Drac - Moderator
What use is the bit of paper at home if you're sat a 100 miles away?
Common sites you're likely to access - memory.
Write stuff down for all those complex ones you're rarely likely to access. If you get stuck, "forgot my password", so long as you have access to your email. Then repeat when you get home if you can't remember what you just changed it to 😀
Though another option is to keep an obfuscated list in a password protected cloud document store. I use OneNote for things like this. The traffic is encrypted and stored encrypted, although Microsoft internally do have the keys to decrypt their cloud storage, although not sure they can get to password protected sections in OneNote.
Still, obscure document that would make little sense to most people. It would take a targeted attack looking specifically for password looking things and working out what sites they refer to. Vast majority of hacks go for places where passwords are obviously stored such as web sites, or password managers which could potentially be hacked via malware or a flaw in a browser that gives them access. They get them on mass and sell them on.
In the case of web site hacks though, if people like Talk Talk hashed the bloody passwords properly then it's much harder to get them. Sounds like they used plain encryption and that's two way. If it can be decrypted then there's always a chance of it being cracked. First rule of web site design where passwords are involved - hash, never encrypt (sadly I keep coming across companies that break this and argue "oh we encrypt the passwords so it's fine"). Better still, use delegated authentication so you are never storing any password related information anyway. Though the delegate is then a single point of attack.
Keepass for me, mainly use it from android phone and copied to dropbox. All this discussion making me think its probably time to change some passwords. Mine tend to be thematically linked but unique, however not completely unmemorable, so im not dipping in every day, for me the challenge is often is remembering the id as much as the password, is it email or not, if email which one, has a benefit on any compromise not being exploitable everywhere else.
I also try not to register with every damned website that i might have bought a hinge from once, use paypal where possible.
