How do you remember passwords?
Mar 14, 2016, 2:39 pm
#46
Join Date: May 2004
Location: Exclusively OMNI/PR, for Reasons
Posts: 4,188
Originally Posted by Ars Technica
It uses the Microsoft Enhanced RSA and AES Cryptographic Provider in CryptoAPI (the same as Cryptolocker!) and uses the "Strong Transform/Strong Provider" function to do the lifting.
Mar 14, 2016, 6:09 pm
#48
Join Date: Oct 2005
Location: Orange County, CA
Programs: AA Lifetime Platinum, SPG
Posts: 123
I go the completely low-tech analog route- my own notebook with references and not the actual passwords. A tad inconvenient but I feel better about not having my stuff somewhere else.
Mar 15, 2016, 4:00 am
#50
FlyerTalk Evangelist
Original Poster
Join Date: Sep 2003
Programs: BA Silver, EY Gold, HH Diamond, IHG Plat
Posts: 12,210
Mar 15, 2016, 4:43 am
#51
Join Date: May 2004
Location: Exclusively OMNI/PR, for Reasons
Posts: 4,188
Only you can determine what's best for your needs. All we can do is to make sure those who ask for assistance are given enough information to make an advised (if not always intelligent
) choice.
Mar 15, 2016, 4:51 am
#52
FlyerTalk Evangelist
Original Poster
Join Date: Sep 2003
Programs: BA Silver, EY Gold, HH Diamond, IHG Plat
Posts: 12,210
Don't take it personally. The majority of us here feel that the security of one's online data is nothing to trifle with, and we sometimes get very strident about it. Many of us are in the IT industry and hear about breaches and exploits almost daily.
Only you can determine what's best for your needs. All we can do is to make sure those who ask for assistance are given enough information to make an advised (if not always intelligent) choice.
Only you can determine what's best for your needs. All we can do is to make sure those who ask for assistance are given enough information to make an advised (if not always intelligent
) choice.
Mar 15, 2016, 6:49 am
#53
Join Date: Jun 2005
Location: Tri-State Area
Posts: 4,728
I'm not in IT or related sectors but my son did experience identity theft years back. It wasn't fun. The only password I remember these days is the master password and everything else is randomly generated and changed like clock work every six months. And whenever available we use two step authentication as added precaution. Even that sometimes is circumvented. Just recently our TMO account was target of fraud -- completely TMO's fault and they lost a Samsung Edge 6 plus!
You can understand why some of us get anal about security these days!
Good luck
You can understand why some of us get anal about security these days!
Good luck
Last edited by dtsm; Mar 15, 2016 at 6:54 am
Mar 15, 2016, 10:44 am
#54
Join Date: Sep 2008
Location: Cincinnati, OH
Programs: Delta SkyMiles, Marriott Platinum
Posts: 413
I use LastPass.
I recently switched from iPhone to Android and a pleasant surprise I discovered is that the Android version of LastPass automatically detects and fills password prompts. Huge timesaver compared to having copy/paste passwords from LastPass in the iOS version.
As someone else mentioned earlier, after using LastPass for a couple years I can't possibly imagine going back.
I recently switched from iPhone to Android and a pleasant surprise I discovered is that the Android version of LastPass automatically detects and fills password prompts. Huge timesaver compared to having copy/paste passwords from LastPass in the iOS version.
As someone else mentioned earlier, after using LastPass for a couple years I can't possibly imagine going back.
Mar 15, 2016, 11:01 am
#55
FlyerTalk Evangelist
Original Poster
Join Date: Sep 2003
Programs: BA Silver, EY Gold, HH Diamond, IHG Plat
Posts: 12,210
Laspass does sound great. Will keep on using it. Hopefully it will grow on me.
Just out of interest how secure is it? Giving a website all my passwords is making me a little nervous. Do you guys trust it with your banking passwords too?
Just out of interest how secure is it? Giving a website all my passwords is making me a little nervous. Do you guys trust it with your banking passwords too?
Mar 15, 2016, 11:18 am
#56
Suspended
Join Date: Oct 2004
Location: Bay Area
Programs: DL SM, UA MP.
Posts: 12,729
I use the older version of 1 Password on iOS and OS X.
Their newer iOS version isn't too bad but the OS X version costs $50.
So I'll probably go to keypass if I migrate.
I don't need to have every password sync'd up to the minute. Just do the wifi sync at my leisure.
Their newer iOS version isn't too bad but the OS X version costs $50.
So I'll probably go to keypass if I migrate.
I don't need to have every password sync'd up to the minute. Just do the wifi sync at my leisure.
Mar 15, 2016, 11:25 am
#57
Join Date: Nov 2006
Programs: Seniors Bus Pass
Posts: 5,529
Yes, thats why I gave you the recommendation 
They hold the "keys of the castle". The material is encrypted and even they dont know the key to decrypt it. You can look at the YouTube videos which explain it.
If you dont feel comfortable with a "technical solution" just write everything down on a piece of paper that you carry with you. Those who are in the security business mainly do it this way - and probably know better than you or I. If was not safe there would not be this type of busness.
I assume you are now trying the free version? As I told you upthread, the all singing version is $12 per year. It is worth it to me for the ease and security.
They hold the "keys of the castle". The material is encrypted and even they dont know the key to decrypt it. You can look at the YouTube videos which explain it.
If you dont feel comfortable with a "technical solution" just write everything down on a piece of paper that you carry with you. Those who are in the security business mainly do it this way - and probably know better than you or I. If was not safe there would not be this type of busness.
I assume you are now trying the free version? As I told you upthread, the all singing version is $12 per year. It is worth it to me for the ease and security.
Mar 15, 2016, 11:38 am
#58
FlyerTalk Evangelist
Original Poster
Join Date: Sep 2003
Programs: BA Silver, EY Gold, HH Diamond, IHG Plat
Posts: 12,210
Yes, thats why I gave you the recommendation
They hold the "keys of the castle". The material is encrypted and even they dont know the key to decrypt it. You can look at the YouTube videos which explain it.
If you dont feel comfortable with a "technical solution" just write everything down on a piece of paper that you carry with you. Those who are in the security business mainly do it this way - and probably know better than you or I. If was not safe there would not be this type of busness.
I assume you are now trying the free version? As I told you upthread, the all singing version is $12 per year. It is worth it to me for the ease and security.
They hold the "keys of the castle". The material is encrypted and even they dont know the key to decrypt it. You can look at the YouTube videos which explain it.
If you dont feel comfortable with a "technical solution" just write everything down on a piece of paper that you carry with you. Those who are in the security business mainly do it this way - and probably know better than you or I. If was not safe there would not be this type of busness.
I assume you are now trying the free version? As I told you upthread, the all singing version is $12 per year. It is worth it to me for the ease and security.
Mar 15, 2016, 12:05 pm
#59
Join Date: Nov 2006
Programs: Seniors Bus Pass
Posts: 5,529
I think you will find it has more uses than you can currently imagine. The secure notes facility I find useful for information I might require but not normally to hand. Passport info or a scan of a document like my travel insurance in case I lose them them overseas in some emergency. It is worth it for that alone to me!
Not only will it store and fill in passwords and forms, but you can set it to auto change passwords at regular intervals. You can set passwords that have different lengths and with different amounts of numbers letters and characters to meet the requirements of the sites you visit. But far more important is the fact that you have different passwords for each site you use.
Unfortunately a fact of life is that every now and then one of the sites you use will be hacked, either by external or internal security problems. When that happens the bad guys usually get a username email address and a password. The bad guys then try those at other sites and regularly strike gold if they are the same. With different passwords that wont happen to you. Lots of people reuse the same easy password at multiple sites - which is why the bad guys do it. People use easy passwords because it is difficult to remember so many long and complicated ones. Brute force attacks offline on a stolen password list will be easier for simple passwords, so those will be cracked and exploited first. If you have a 17 digit multi and random character password it might take a little longer than most others - by which time they will be emptying everybody else's accounts and you might get an alert!!
If they get control of your email account then they go to sites and hit "forgot password" and get it sent to them at your account (now in their control) before you know it. So do make sure that is a strong password too.
What you are doing is making it safer for youself by making yourself a less attractive target for bad guys because you operate safely.
Not only will it store and fill in passwords and forms, but you can set it to auto change passwords at regular intervals. You can set passwords that have different lengths and with different amounts of numbers letters and characters to meet the requirements of the sites you visit. But far more important is the fact that you have different passwords for each site you use.
Unfortunately a fact of life is that every now and then one of the sites you use will be hacked, either by external or internal security problems. When that happens the bad guys usually get a username email address and a password. The bad guys then try those at other sites and regularly strike gold if they are the same. With different passwords that wont happen to you. Lots of people reuse the same easy password at multiple sites - which is why the bad guys do it. People use easy passwords because it is difficult to remember so many long and complicated ones. Brute force attacks offline on a stolen password list will be easier for simple passwords, so those will be cracked and exploited first. If you have a 17 digit multi and random character password it might take a little longer than most others - by which time they will be emptying everybody else's accounts and you might get an alert!!
If they get control of your email account then they go to sites and hit "forgot password" and get it sent to them at your account (now in their control) before you know it. So do make sure that is a strong password too.
What you are doing is making it safer for youself by making yourself a less attractive target for bad guys because you operate safely.
Mar 15, 2016, 12:25 pm
#60
FlyerTalk Evangelist
Join Date: Feb 2003
Location: Denver, CO, USA
Programs: Sometimes known as [ARG:6 UNDEFINED]
Posts: 26,700
I think it's truly becoming a password crisis that will only be resolved with fingerprint and voiceprint scans in the future.
IT has gotten so paranoid about password rules and restrictions that millions of people around the world have reverted right back to writing their passwords on a Post-It and putting it in the top right-hand drawer for easy reference.
Nice going on the security "enhancements," IT.
IT has gotten so paranoid about password rules and restrictions that millions of people around the world have reverted right back to writing their passwords on a Post-It and putting it in the top right-hand drawer for easy reference.
Nice going on the security "enhancements," IT.