|
Originally Posted by theworld
(Post 15621679)
Password overload is quite a bit of a hassle these days!!
I personally now use Lastpass, which according to the others on this thread is also popular here. I am paying for the premium subscription, mainly because of its great integration with the Dolphin browser on Android, however I also use it with Yubikey. Other alternatives are KeePass (open source and free) and Roboform. There are loads others but these are reckoned to be the best. |
Originally Posted by frequentfoulup
(Post 15613473)
I admit it, my ability to remember all my passwords is long gone. I have always resisted recording them all on a portable laptop for security reasons but now I am overwhelmed. Any successful practices or useful tips are appreciated especially by road warriors in the same boat.
1) there are BB and IPhone apps and they will sync 2) you can sync to multiple devices (such as laptops, etc) 3) does much more than just password (such as bank info, credit cards, etc) 4) Is password protected and encrypted 5) can be used to generate passwords as well as store them I am NOT endorsing this product, just saying that it has worked well for me. YMMV |
I also use eWallet. I keep my (password protected) password file in a private space online, so I can access the password file from home or work and it always stays in sync. There's also an Android viewer that can be synced via USB.
|
Keepass.info - I STRONGLY endorse Keepass (classic edition), open source, free, and multi-platform.
I have it on my Android phones as well as my computers. Best of all, Keepass is portable, so you don't have to install it. It can be backed up on a USB thumb drive. Why would anyone use ANYTHING else other than Keepass (unless you're on a mac)?? Keepass is #1, the one I recommend and use. No need to look elsewhere. I even donated to Keepass (along with Truecrypt) because that's how useful the utility is to me. |
Originally Posted by richard
(Post 15622012)
I don't think so. Firefox and Chrome are open source and are in theory open to being vetted. Security vulnerabilities once found are rapidly addressed by the community. Can't know what is going on under the hood of these other systems, and for sure, any vulnerabilities aren't being checked out and announced to the world.
We are much, much safer with open source password "vaults". I don't like browser based passwords. Those can be potentially exploited by browser vulnerabilities, or just someone sitting in front of the PC and using the browser. I use Keepass because it's authenticate once, use it for everything (even non password stuff like credit card info). I have it set to auto-lock after a certain time, or if the PC screen saver comes on. |
Originally Posted by jerryss
(Post 15614835)
I use Lastpass (Lastpass.com). Works from most browsers, Is secure and syncs on the web.
I heard about it on the security Now podcast (twit.tv) I don't want my mobile security apps to have network communication access - who knows if the app isn't leaking my private info to a server on the internet for hackers? I much prefer Keepass and Keepass Droid (on Android) that are completely free, open source, and all your data is in your control. |
Originally Posted by davef139
(Post 15613680)
i keep mine abbr. in a notepad its fairly easy to do if you use a variation of word(s)/combos
ie. password base is: flyertalk American: FT1 (flyertalk1) US: FT11 (flyertalk11) UA: FT1- (flyertalk1-) Delta: 11FT1 (11flytertalk1) I have sites that require other chars and some that do not allow which is quite annoying. I have also used a number base so I could just use the # sign instead of the real number. To not use something like keepass these days is irresponsible, if you're dealing with very sensitive information online. |
I can recommend 1Password for OSX. It's a clean, easy to use, well integrated app that works seamlessly with Safari. The Dropbox syncing is great for set up and forget about it transferring of data to/from all devices (iPhone, iPad, Mac, PC).
|
I use the premium version, for $12per year. It gives me access to a lastpass client for my Blackberry.
Otherwise, the free version works fine. (I also pay to support the developers, they do a great job ) Jerry |
lastpass is having some problems apparently?
http://blog.lastpass.com/2011/05/las...ification.html (security issues; master passwd change recommended; server overload; aftermath?) http://bits.blogs.nytimes.com/2011/0...er=rss&emc=rss |
It seems that the hackers (if there were hackers) may have only gotten a small number of encrypted salted hashes. If you use a longer, non-dictionary-word password, you'll be fine.
|
Originally Posted by gfunkdave
(Post 16338782)
It seems that the hackers (if there were hackers) may have only gotten a small number of encrypted salted hashes. If you use a longer, non-dictionary-word password, you'll be fine.
If I were using lastpass, I certainly would change my master password, however, their servers can't handle the load from all their users changing their master passwords at the same time. So you can't just change it and expect it to work everywhere until they resolve that problem. That's an even bigger problem if you ask me. And what started all this is a data transfer that they don't understand and couldn't explain? Maybe (eventually) some good will come of this incident, but until it does ... To each their own, I guess. -David |
Many ways to make your own secure password
and make it easy to remember
if you are at site X, let's say you were born on the 7th of may .... start at the numeral 7 and "go downhill" = 7ujm ... now go to where the 5 is but GO UPHILL WITH CAPLOCKS ON = BGT5.... thus your password for site X = 7ujmBGT5 simply do variants of the above ... home address = 3345 .. so you use 4 and 5 = password 4rfvBGT5... etc etc ad infinitum if you cannot remember your birthdate, house number or last 4 of mobile phone number ... you should not be allowed to touch a keyboard. |
Originally Posted by LIH Prem
(Post 16340263)
Using a longer non-dictionary word master password is good advice, but you aren't saying that lastpass users shouldn't be concerned about this, are you?
If I were using lastpass, I certainly would change my master password, however, their servers can't handle the load from all their users changing their master passwords at the same time. So you can't just change it and expect it to work everywhere until they resolve that problem. That's an even bigger problem if you ask me. And what started all this is a data transfer that they don't understand and couldn't explain? Maybe (eventually) some good will come of this incident, but until it does ... To each their own, I guess. -David |
Originally Posted by gfunkdave
(Post 16338782)
It seems that the hackers (if there were hackers) may have only gotten a small number of encrypted salted hashes. If you use a longer, non-dictionary-word password, you'll be fine.
|
| All times are GMT -6. The time now is 3:24 am. |
This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.