Calgarypuck Forums - The Unofficial Calgary Flames Fan Community
Old 01-07-2014, 01:38 PM   #1
Hack&Lube
Atomic Nerd
 
Join Date: Jul 2004
Location: Calgary
Exp:
Default Password Management Software?

After years of being able to retain passwords rather reliably in my head, I've gotten to the critical mass of accounts for both personal and professional purposes that I began to lose track of a ton of important things over the holidays and I realize I need a proper password vault, accessible by phone, and probably cloud based.

CP cognoscenti, what are you experiences and recommendations for password management software?
Hack&Lube is offline   Reply With Quote
Old 01-07-2014, 01:52 PM   #2
PsYcNeT
Franchise Player
 
PsYcNeT's Avatar
 
Join Date: May 2004
Location: Marseilles Of The Prairies
Exp:
Default

Change all passwords to mnemonics.

Seriously though, password management software (to me) just seems like a really bad idea.
__________________

Quote:
Originally Posted by MrMastodonFarm View Post
Settle down there, Temple Grandin.
PsYcNeT is offline   Reply With Quote
Old 01-07-2014, 02:04 PM   #3
photon
The new goggles also do nothing.
 
photon's Avatar
 
Join Date: Oct 2001
Location: Calgary
Exp:
Default

I use http://keepass.info/ rather than an online service so that I have full control over the password file and know how it is accessed. It's also open source, which I think is good for these kinds of apps. EDIT: You can still access it on a phone by either copying the file manually, or using a service like dropbox to mirror your password file (which of course increases exposure to your password file, so it's a risk/benefit thing).

Quote:
Originally Posted by PsYcNeT View Post
Seriously though, password management software (to me) just seems like a really bad idea.
I have something like 300 passwords in my primary password file, and a couple of customer password files which contain dozens to hundreds each, some of which only get used once every 5 years. Can't possibly remember those.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
photon is offline   Reply With Quote
Old 01-07-2014, 03:05 PM   #4
ah123
First Line Centre
 
Join Date: Oct 2001
Location: Here
Exp:
Default

I use 1Password - there is an iOS, Mac and Windows version and you can synch devices through WiFi or DropBox. It doesn't do the full cloud solution, as far as I know.

Last edited by ah123; 01-07-2014 at 03:43 PM.
ah123 is offline   Reply With Quote
Old 01-07-2014, 03:07 PM   #5
Thor
God of Hating Twitter
 
Thor's Avatar
 
Join Date: Apr 2006
Exp:
Default

Keepass here as well, works great.
__________________
Allskonar fyrir Aumingja!!
Thor is offline   Reply With Quote
Old 01-07-2014, 03:17 PM   #6
Street Pharmacist
Franchise Player
 
Street Pharmacist's Avatar
 
Join Date: Nov 2006
Location: Salmon with Arms
Exp:
Default

Pocket uses dropbox too for Android. It works well for me
Street Pharmacist is offline   Reply With Quote
Old 01-07-2014, 03:18 PM   #7
DownhillGoat
Franchise Player
 
DownhillGoat's Avatar
 
Join Date: Jan 2010
Exp:
Default

+1 for 1password
DownhillGoat is offline   Reply With Quote
Old 01-07-2014, 03:34 PM   #8
Buff
Franchise Player
 
Buff's Avatar
 
Join Date: Apr 2004
Location: I don't belong here
Exp:
Default

At home I remember everything. At work we use a public folder lon our exchange server that is ocked down so that only IT guys can see it. Only the IT guys are smart enough to hack into that folder.
Buff is offline   Reply With Quote
Old 01-07-2014, 04:22 PM   #9
Rathji
Franchise Player
 
Rathji's Avatar
 
Join Date: Nov 2006
Location: Supporting Urban Sprawl
Exp:
Default

LastPass here.

Quote:
Originally Posted by PsYcNeT View Post
Change all passwords to mnemonics.

Seriously though, password management software (to me) just seems like a really bad idea.
There are about 40 passwords that I need to know at any time, independent of a password management system. For these passwords a combination of anagrams and acronyms combined with reasonable but complex salting system allows me manage without much issue.

What about the other ~300, for random sites around the internet?

Password (partial or full) reuse, especially if you are entering a password into a system that you don't fully understand, is far more dangerous than having all your passwords in one location, that has secure crypto with 2 factor authentication.

You just need to look at the various password breaches in the last 12 months alone. Adobe, is a prime example. If Billy Bob site admin over at www.bobshouseofabortionphotos.com stores my complex password in the clear, or without a salt, using 4 bit encryption, I can't control who gets a hold of that password. I need a password I can generate in 5 seconds, that I will never lose access to and is at least 16 random digits, and can throw away without a care in the world if it gets compromised.

That's what LastPass does for me.

It would do wonders for regular people, who decide that monkey123 is the password that gets used for everything, from their banking to their porn account.
__________________
"Wake up, Luigi! The only time plumbers sleep on the job is when we're working by the hour."
Rathji is offline   Reply With Quote
The Following User Says Thank You to Rathji For This Useful Post:
Old 01-07-2014, 05:32 PM   #10
FlameOn
Franchise Player
 
FlameOn's Avatar
 
Join Date: Oct 2010
Location: Calgary
Exp:
Default

I'm using lastpass as well. Fantastic piece of software, great because you can get every password for all your accounts randomized so if a hack happens you are safe with your other accounts and as Rathji pointed out, you can use two factor authentication. This ensures even if you lose your master password people still can't log in unless they have your second stage. It has excellent browser integration and great password form entry. Pretty good overall and it allows for both local and cloud based password storage that is encrypted.

Love it so far except there are some issues, if you want to do account password sharing that is not something you can do except with premium accounts, if you want to use anything other than Googles two stage authentication system you need a premium account and if you want access to your passwords in the mobile app you need to pay.
FlameOn is offline   Reply With Quote
Old 01-02-2018, 09:59 AM   #11
Finger Cookin
Franchise Player
 
Finger Cookin's Avatar
 
Join Date: Jun 2014
Exp:
Default

Necrobump

Ad targeters are pulling data from your browser’s password manager

I started using Dashlane based on this article. It's been pretty simple to set-up and use so far.

Finger Cookin is offline   Reply With Quote
Old 01-02-2018, 10:04 AM   #12
DownInFlames
Craig McTavish' Merkin
 
DownInFlames's Avatar
 
Join Date: Oct 2008
Exp:
Default

I use 1Password and it doesn’t autofill logins. That sounds like a security flaw on top of a vector for tracking.
DownInFlames is offline   Reply With Quote
The Following User Says Thank You to DownInFlames For This Useful Post:
Old 01-02-2018, 10:24 AM   #13
Iceman90
Powerplay Quarterback
 
Iceman90's Avatar
 
Join Date: Apr 2004
Location: Behind the microphone
Exp:
Default

I am a big fan of LastPass.
__________________
Fireside Chat - Official Podcast for the C of Red
New Episode Weekly! Listen Now: FiresideChat.ca
Iceman90 is offline   Reply With Quote
Old 01-02-2018, 02:24 PM   #14
Azure
Had an idea!
 
Azure's Avatar
 
Join Date: Oct 2005
Exp:
Default

I use LastPass as well and Authy for two factor authentication.

I always try to use max length passwords for every site and have a 92% security score. Its not higher because of some of my internal router passwords that I store there that are simple to figure out but it doesn't matter since they are not accessible to the internet.

For the most part it works good.
Azure is offline   Reply With Quote
Old 01-02-2018, 04:50 PM   #15
cupofjoe
Scoring Winger
 
Join Date: Aug 2012
Exp:
Default

Lastpass works well for me also.
cupofjoe is offline   Reply With Quote
Old 01-03-2018, 09:07 AM   #16
Azure
Had an idea!
 
Azure's Avatar
 
Join Date: Oct 2005
Exp:
Default

I am more paranoid about losing access to my account than I am with someone hacking it.

If they get hacked I can change my passwords. If I lost access I have no idea what my passwords are.

What is the best way to backup? I printed off my list and put it into a safe for now.
Azure is offline   Reply With Quote
Old 01-03-2018, 09:30 AM   #17
Iceman90
Powerplay Quarterback
 
Iceman90's Avatar
 
Join Date: Apr 2004
Location: Behind the microphone
Exp:
Default

Quote:
Originally Posted by Azure View Post
I am more paranoid about losing access to my account than I am with someone hacking it.

If they get hacked I can change my passwords. If I lost access I have no idea what my passwords are.

What is the best way to backup? I printed off my list and put it into a safe for now.
I have my password manager's "master password" printed out on a piece of paper and stored in a secure location.
__________________
Fireside Chat - Official Podcast for the C of Red
New Episode Weekly! Listen Now: FiresideChat.ca
Iceman90 is offline   Reply With Quote
The Following User Says Thank You to Iceman90 For This Useful Post:
Old 01-03-2018, 09:51 AM   #18
Azure
Had an idea!
 
Azure's Avatar
 
Join Date: Oct 2005
Exp:
Default

I did that as well.

However I am not worried about JUST that password, but in fact all my other ones.
Azure is offline   Reply With Quote
Old 01-03-2018, 09:59 AM   #19
photon
The new goggles also do nothing.
 
photon's Avatar
 
Join Date: Oct 2001
Location: Calgary
Exp:
Default

Quote:
Originally Posted by Azure View Post
I am more paranoid about losing access to my account than I am with someone hacking it.

If they get hacked I can change my passwords. If I lost access I have no idea what my passwords are.

What is the best way to backup? I printed off my list and put it into a safe for now.
I use a standalone application rather than a service, so I keep my password file in several different locations. But if I forget my master password then yeah I'm completely screwed, it's not like an online service that has a password reset functionality.

Some apps also support using a private key as part of access to the information, so something you know and something you have (i.e. a keyfile on your computer's hard drive, on a USB stick on your key chain, etc).

Having a hard copy somewhere just in case makes sense IMO, offsite rather than just a safe is even better.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
photon is offline   Reply With Quote
Old 01-03-2018, 10:01 AM   #20
photon
The new goggles also do nothing.
 
photon's Avatar
 
Join Date: Oct 2001
Location: Calgary
Exp:
Default

Quote:
Originally Posted by Azure View Post
I did that as well.

However I am not worried about JUST that password, but in fact all my other ones.
You could keep a USB key with the password file in wherever you keep the master password hard copy, or a printout. Both won't get updated though.

Because I'm confident in the password I have on my password file, I have it in Dropbox for ease of access, so even if my house got nuked my passwords are fine.

EDIT: And I'd bet that almost all your other passwords are recoverable via email if necessary. Your email should be the most secure of any of your accounts, as that's the one that can unlock almost everything else.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
photon is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 04:56 AM.

Calgary Flames
2022-23




Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.
Copyright Calgarypuck 2021