Password Manager
Reply
So, another day, another password breach (this time at Yahoo! again)

What's the most user-friendly way of using unique passwords at different sites, and managing this easily?

Ideally I want something that I can use on both my desktop and phone (so, web based?), so that I'm not dicking around trying to look up a password on one device to type into another.

Is there anything out there that can actually manage this in a way that doesn't inconvenience me more than re-using the same password variations on every site? What do people here do for password security?
Notebook in drawer.
I've started using LastPass in recent months just to try and encourage me to use more complex passwords and vary them more by site too as I've always been quite lazy. I've not used the mobile app yet though as I don't really use many sites on my phone.
I use 1Password. It can generate them too.
Like Kov, I take two bottles into the shower.

I also use 1Password Families, which has become a bit spendy since the pound tanked against the dollar (think it's basically a fiver per month now) but it does exactly what I need.

Generates passwords
Can access on my phone, on a desktop app, on a browser.
Fingerprint recognition on the phone is a gamechanger as it takes a second to access all my passwords.

Wouldn't be without it.
I paid for IOS version.
A fiver a month? Lastpass is about a fiver a year.
KovacsC wrote:
I paid for IOS version.

Yeah so do I, but you can't use that on the desktop, which is one of Russ's requirements.
It looks like Lastpass will do synching across all devices in the premium version, but the page is crashing for me at the moment to look at further details.

At the minute mali's suggestion fits the bill :)
I just use Chrome and my Google account.
Mr Russell wrote:
It looks like Lastpass will do synching across all devices in the premium version, but the page is crashing for me at the moment to look at further details.

At the minute mali's suggestion fits the bill :)



You stick with Uncle Mali. It's brighter solutions for a sunnier tomorrow.
Mr Russell wrote:
At the minute mali's suggestion fits the bill :)

Does it?

Mr Russell wrote:
so that I'm not dicking around trying to look up a password on one device to type into another

Looking up a password on a bit of paper and typing it into your computer sounds very similar to this issue.
Lonewolves wrote:
KovacsC wrote:
I paid for IOS version.

Yeah so do I, but you can't use that on the desktop, which is one of Russ's requirements.


This is the internet, we never give what you want.
KovacsC wrote:
Lonewolves wrote:
KovacsC wrote:
I paid for IOS version.

Yeah so do I, but you can't use that on the desktop, which is one of Russ's requirements.


This is the internet, we never give what you want.

Have you tried buying an xbox?
ApplePieOfDestiny wrote:
A fiver a month? Lastpass is about a fiver a year.


Crikey, he's not wrong.

Balls.

Is Lastpass shit?

Say it's shit, because I can't face trying to get all my passwords out of 1password and starting again.
It's no wonder the MoD is a shadow of its former self.
Mr Dave wrote:
KovacsC wrote:
Lonewolves wrote:
KovacsC wrote:
I paid for IOS version.

Yeah so do I, but you can't use that on the desktop, which is one of Russ's requirements.


This is the internet, we never give what you want.

Have you tried buying an xbox?


yes I have
Findus Fop wrote:
ApplePieOfDestiny wrote:
A fiver a month? Lastpass is about a fiver a year.


Crikey, he's not wrong.

Balls.

Is Lastpass shit?

Say it's shit, because I can't face trying to get all my passwords out of 1password and starting again.


You can import them apparently
devilman wrote:
Findus Fop wrote:
ApplePieOfDestiny wrote:
A fiver a month? Lastpass is about a fiver a year.


Crikey, he's not wrong.

Balls.

Is Lastpass shit?

Say it's shit, because I can't face trying to get all my passwords out of 1password and starting again.


You can import them apparently


nice! thank you.
Consider the security around the password store. Is Lastpass just a webservice with user/pass auth? That would worry me. 1Password is stored in my Dropbox, which has 2FA.

I don't pay for 1Password Families, so I don't pay any ongoing fee; I just use the Android/iOS/OS X native apps with Dropbox syncing and the Chrome extension.
I also use 1password, which is excellent and not expensive at all.
Aren't you supposed to use a capital letter and a special character too?
Zardoz wrote:
Aren't you supposed to use a capital letter and a special character too?


Goro
I use LastPass. Very cheap premium service, 2FA, has its own mobile authenticator app which handles 2FA on other sites better than Google's etc, detects password changes in the browser, has password / security audit functionality, notifies users of major breaches, password generator, etc etc.

And it was recommended by a top bod in the security industry, which I trust more than random internet anecdotes (the irony of saying this is not lost on me)
Doctor Glyndwr wrote:
Consider the security around the password store. Is Lastpass just a webservice with user/pass auth? That would worry me.


That's not really how it works. Basic info: https://lastpass.com/how-it-works/
User-side encryption is de rigeur, and doesn't protect you against phising however (as LastPass famously found out.) It does support 2FA, though, which is a significant factor.
Nothing really protects you from phishing, though. (By which I mean you could use any password manager, or password storage system you fancy, and if you fall for a "looks legit" scam you're probably stuffed. This is obviously where 2FA comes in.)

LastPass also had a breach a few years ago (memory failing on year?) but the key - certainly for me personally - is how they dealt with it. Transparency is v important. I believe 1Password are really good with this as well, from what I've heard.

(Incidentally, no data was obtained in the breach.)
Yes, I know, and yes, I agree. It's why I encourage everyone to adopt 2FA, if only for a few accounts that really matter (e.g. your password manager and your primary email that can reset all the other logins.)
Doctor Glyndwr wrote:
Yes, I know, and yes, I agree. It's why I encourage everyone to adopt 2FA, if only for a few accounts that really matter (e.g. your password manager and your primary email that can reset all the other logins.)


Yesss :)
I think I'll try this LastPass. Thanks all.
MaliA wrote:
Zardoz wrote:
Aren't you supposed to use a capital letter and a special character too?


Goro


If no one else is going to acknowledge this, then I will.

Good work Mali.
TheVision wrote:
MaliA wrote:
Zardoz wrote:
Aren't you supposed to use a capital letter and a special character too?


Goro


If no one else is going to acknowledge this, then I will.

Good work Mali.

yes, but how do you 'be' Goro?
TheVision wrote:
MaliA wrote:
Zardoz wrote:
Aren't you supposed to use a capital letter and a special character too?


Goro


If no one else is going to acknowledge this, then I will.

Good work Mali.


Thank you.
Mr Russell wrote:
TheVision wrote:
MaliA wrote:
Zardoz wrote:
Aren't you supposed to use a capital letter and a special character too?


Goro


If no one else is going to acknowledge this, then I will.

Good work Mali.

yes, but how do you 'be' Goro?

Just choose him from the character select screen.

HTH HAND
Grim... wrote:
Mr Russell wrote:
TheVision wrote:
MaliA wrote:
Zardoz wrote:
Aren't you supposed to use a capital letter and a special character too?


Goro


If no one else is going to acknowledge this, then I will.

Good work Mali.

yes, but how do you 'be' Goro?

Just choose him from the character select screen.

HTH HAND

To be fair it does, as the first and only MK game I had was Mortal Kombat Trilogy on the PS1 and he was just there.

I do love Consolevania though.
Trying out LastPass, seems very good so far, thanks for all the recommendations.
Just realised that when I set up a new password in my password manager, I often cycle through 3-4 randomisations until I find one I like the look of. Even though it's 15-characters of something I'm never going to clap eyes on again.

WEIRD.
Doesn't everyone do that?
Grim... wrote:
Doesn't everyone do that?


Perhaps. But why?
No, I don’t. I always just popped up the first time.
Alternatively you could just type in "password" to get your own set of random characters ;)
I assume that none of you will be surprised to learn that I don’t trust password managers.
Warhead wrote:
I assume that none of you will be surprised to learn that I don’t trust password managers.

Do you write your passwords in a little notebook instead?
DavPaz wrote:
Warhead wrote:
I assume that none of you will be surprised to learn that I don’t trust password managers.

Do you write your passwords in a little notebook instead?


Hey yo!
MaliA wrote:
DavPaz wrote:
Warhead wrote:
I assume that none of you will be surprised to learn that I don’t trust password managers.

Do you write your passwords in a little notebook instead?


Hey yo!

Giphy "speechless":
https://media2.giphy.com/media/8OUf78S1fhA6Q/giphy-loop.mp4
MaliA wrote:
DavPaz wrote:
Warhead wrote:
I assume that none of you will be surprised to learn that I don’t trust password managers.

Do you write your passwords in a little notebook instead?


Hey yo!


I use a spreadsheet.
TheVision wrote:
MaliA wrote:
DavPaz wrote:
Warhead wrote:
I assume that none of you will be surprised to learn that I don’t trust password managers.

Do you write your passwords in a little notebook instead?


Hey yo!


I use a spreadsheet.

Not a notebook, no. I have a randomly generated 15 character base which is prefixed and suffixed by a variety of other characters, based on the name of the app, website, etc. The base is not recorded on paper or electronically anywhere, it's only in my head. I only have to remember the base and can then work out the prefix/suffix, based on the app/site name.

Dog help me if I ever forget the base characters.
TheVision wrote:
MaliA wrote:
DavPaz wrote:
Warhead wrote:
I assume that none of you will be surprised to learn that I don’t trust password managers.

Do you write your passwords in a little notebook instead?

Hey yo!

I use a spreadsheet.

Having a local password list is pretty secure, and far more secure than reusing passwords.

Nearly all password attacks happen remotely.
TheVision wrote:
MaliA wrote:
DavPaz wrote:
Warhead wrote:
I assume that none of you will be surprised to learn that I don’t trust password managers.

Do you write your passwords in a little notebook instead?


Hey yo!


I use a spreadsheet.

I use keepass. Bit neater.
Page 1 of 1 [ 50 posts ]