01-07-2014, 01:38 PM
|
#1
|
Atomic Nerd
Join Date: Jul 2004
Location: Calgary
|
Password Management Software?
After years of being able to retain passwords rather reliably in my head, I've gotten to the critical mass of accounts for both personal and professional purposes that I began to lose track of a ton of important things over the holidays and I realize I need a proper password vault, accessible by phone, and probably cloud based.
CP cognoscenti, what are you experiences and recommendations for password management software?
|
|
|
01-07-2014, 01:52 PM
|
#2
|
Franchise Player
Join Date: May 2004
Location: Marseilles Of The Prairies
|
Change all passwords to mnemonics.
Seriously though, password management software (to me) just seems like a really bad idea.
__________________
Quote:
Originally Posted by MrMastodonFarm
Settle down there, Temple Grandin.
|
|
|
|
01-07-2014, 02:04 PM
|
#3
|
The new goggles also do nothing.
Join Date: Oct 2001
Location: Calgary
|
I use http://keepass.info/ rather than an online service so that I have full control over the password file and know how it is accessed. It's also open source, which I think is good for these kinds of apps. EDIT: You can still access it on a phone by either copying the file manually, or using a service like dropbox to mirror your password file (which of course increases exposure to your password file, so it's a risk/benefit thing).
Quote:
Originally Posted by PsYcNeT
Seriously though, password management software (to me) just seems like a really bad idea.
|
I have something like 300 passwords in my primary password file, and a couple of customer password files which contain dozens to hundreds each, some of which only get used once every 5 years. Can't possibly remember those.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
|
|
|
01-07-2014, 03:05 PM
|
#4
|
First Line Centre
Join Date: Oct 2001
Location: Here
|
I use 1Password - there is an iOS, Mac and Windows version and you can synch devices through WiFi or DropBox. It doesn't do the full cloud solution, as far as I know.
Last edited by ah123; 01-07-2014 at 03:43 PM.
|
|
|
01-07-2014, 03:07 PM
|
#5
|
God of Hating Twitter
|
Keepass here as well, works great.
__________________
Allskonar fyrir Aumingja!!
|
|
|
01-07-2014, 03:17 PM
|
#6
|
Franchise Player
Join Date: Nov 2006
Location: Salmon with Arms
|
Pocket uses dropbox too for Android. It works well for me
|
|
|
01-07-2014, 03:18 PM
|
#7
|
Franchise Player
|
+1 for 1password
|
|
|
01-07-2014, 03:34 PM
|
#8
|
Franchise Player
Join Date: Apr 2004
Location: I don't belong here
|
At home I remember everything. At work we use a public folder lon our exchange server that is ocked down so that only IT guys can see it. Only the IT guys are smart enough to hack into that folder.
|
|
|
01-07-2014, 04:22 PM
|
#9
|
Franchise Player
Join Date: Nov 2006
Location: Supporting Urban Sprawl
|
LastPass here.
Quote:
Originally Posted by PsYcNeT
Change all passwords to mnemonics.
Seriously though, password management software (to me) just seems like a really bad idea.
|
There are about 40 passwords that I need to know at any time, independent of a password management system. For these passwords a combination of anagrams and acronyms combined with reasonable but complex salting system allows me manage without much issue.
What about the other ~300, for random sites around the internet?
Password (partial or full) reuse, especially if you are entering a password into a system that you don't fully understand, is far more dangerous than having all your passwords in one location, that has secure crypto with 2 factor authentication.
You just need to look at the various password breaches in the last 12 months alone. Adobe, is a prime example. If Billy Bob site admin over at www.bobshouseofabortionphotos.com stores my complex password in the clear, or without a salt, using 4 bit encryption, I can't control who gets a hold of that password. I need a password I can generate in 5 seconds, that I will never lose access to and is at least 16 random digits, and can throw away without a care in the world if it gets compromised.
That's what LastPass does for me.
It would do wonders for regular people, who decide that monkey123 is the password that gets used for everything, from their banking to their porn account.
__________________
"Wake up, Luigi! The only time plumbers sleep on the job is when we're working by the hour."
|
|
|
The Following User Says Thank You to Rathji For This Useful Post:
|
|
01-07-2014, 05:32 PM
|
#10
|
Franchise Player
Join Date: Oct 2010
Location: Calgary
|
I'm using lastpass as well. Fantastic piece of software, great because you can get every password for all your accounts randomized so if a hack happens you are safe with your other accounts and as Rathji pointed out, you can use two factor authentication. This ensures even if you lose your master password people still can't log in unless they have your second stage. It has excellent browser integration and great password form entry. Pretty good overall and it allows for both local and cloud based password storage that is encrypted.
Love it so far except there are some issues, if you want to do account password sharing that is not something you can do except with premium accounts, if you want to use anything other than Googles two stage authentication system you need a premium account and if you want access to your passwords in the mobile app you need to pay.
|
|
|
01-02-2018, 10:04 AM
|
#12
|
Craig McTavish' Merkin
|
I use 1Password and it doesn’t autofill logins. That sounds like a security flaw on top of a vector for tracking.
|
|
|
The Following User Says Thank You to DownInFlames For This Useful Post:
|
|
01-02-2018, 10:24 AM
|
#13
|
Powerplay Quarterback
Join Date: Apr 2004
Location: Behind the microphone
|
I am a big fan of LastPass.
__________________
Fireside Chat - Official Podcast for the C of Red
New Episode Weekly! Listen Now: FiresideChat.ca
|
|
|
01-02-2018, 02:24 PM
|
#14
|
Had an idea!
|
I use LastPass as well and Authy for two factor authentication.
I always try to use max length passwords for every site and have a 92% security score. Its not higher because of some of my internal router passwords that I store there that are simple to figure out but it doesn't matter since they are not accessible to the internet.
For the most part it works good.
|
|
|
01-02-2018, 04:50 PM
|
#15
|
Scoring Winger
|
Lastpass works well for me also.
|
|
|
01-03-2018, 09:07 AM
|
#16
|
Had an idea!
|
I am more paranoid about losing access to my account than I am with someone hacking it.
If they get hacked I can change my passwords. If I lost access I have no idea what my passwords are.
What is the best way to backup? I printed off my list and put it into a safe for now.
|
|
|
01-03-2018, 09:30 AM
|
#17
|
Powerplay Quarterback
Join Date: Apr 2004
Location: Behind the microphone
|
Quote:
Originally Posted by Azure
I am more paranoid about losing access to my account than I am with someone hacking it.
If they get hacked I can change my passwords. If I lost access I have no idea what my passwords are.
What is the best way to backup? I printed off my list and put it into a safe for now.
|
I have my password manager's "master password" printed out on a piece of paper and stored in a secure location.
__________________
Fireside Chat - Official Podcast for the C of Red
New Episode Weekly! Listen Now: FiresideChat.ca
|
|
|
The Following User Says Thank You to Iceman90 For This Useful Post:
|
|
01-03-2018, 09:51 AM
|
#18
|
Had an idea!
|
I did that as well.
However I am not worried about JUST that password, but in fact all my other ones.
|
|
|
01-03-2018, 09:59 AM
|
#19
|
The new goggles also do nothing.
Join Date: Oct 2001
Location: Calgary
|
Quote:
Originally Posted by Azure
I am more paranoid about losing access to my account than I am with someone hacking it.
If they get hacked I can change my passwords. If I lost access I have no idea what my passwords are.
What is the best way to backup? I printed off my list and put it into a safe for now.
|
I use a standalone application rather than a service, so I keep my password file in several different locations. But if I forget my master password then yeah I'm completely screwed, it's not like an online service that has a password reset functionality.
Some apps also support using a private key as part of access to the information, so something you know and something you have (i.e. a keyfile on your computer's hard drive, on a USB stick on your key chain, etc).
Having a hard copy somewhere just in case makes sense IMO, offsite rather than just a safe is even better.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
|
|
|
01-03-2018, 10:01 AM
|
#20
|
The new goggles also do nothing.
Join Date: Oct 2001
Location: Calgary
|
Quote:
Originally Posted by Azure
I did that as well.
However I am not worried about JUST that password, but in fact all my other ones.
|
You could keep a USB key with the password file in wherever you keep the master password hard copy, or a printout. Both won't get updated though.
Because I'm confident in the password I have on my password file, I have it in Dropbox for ease of access, so even if my house got nuked my passwords are fine.
EDIT: And I'd bet that almost all your other passwords are recoverable via email if necessary. Your email should be the most secure of any of your accounts, as that's the one that can unlock almost everything else.
__________________
Uncertainty is an uncomfortable position.
But certainty is an absurd one.
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -6. The time now is 09:27 AM.
|
|