Password Manager

Page may contain affiliate links. Please see terms for details.
Tin Pot

Tin Pot

Guru
Brains said:
In this day and age the number of passwords, log ins, web addresses, numbers, door codes, account codes, etc. that we all are supposed to to remember is beyond what is possible.

Which means the more convoluted and awkward the access code is made, means it has to be written down which thereby negates all the security entirely, however that is not today's issue.

I have a, not very secret, place where all my codes are stored, it now contains well over 150 entries, which of course is ridiculous, but I use them all day every day, so I need a single place to put them electronically as I cut/paste them back and forth. I can access them from home, on the phone, at work, and if needed halfway up a mountain with no phone signal or Wi-Fi

I'm looking for an 'password manager' App, iPhone and PC compatible
The spec is:
  • Easy to access, on the phone via fingerprint, on the home or office PC via a simple password (say max 4 chars)
  • Fast upload, sub 10 seconds (I can get a PIN number from current set up faster than a PIN machine can connect)
  • Simple to cut/paste in and out
  • No need for 24/7 Wi-Fi/internet access
  • If updated in one place will update the others (when connected)
  • With a search feature
Basically something like password protected Word or Excel would do, or even Access or Notes
It does not have to be ultra secure, but I want to ensure that if someone logged onto my phone or PC they could not open the app without another password

Any ideas or recommendations ?
Click to expand...

What's wrong with the inbuilt Keychain? The safari browser works with it and retains passwords for all sites, and suggests random passwords. If you subscribe to iCloud it's all stored up there so no chance of losing it all due to some local cock up.
 
rich p

rich p

ridiculous old lush
Location
Brighton
http://www.telegraph.co.uk/technology/0/safe-use-password-manager/

This article says that...

LastPass, one of the leading password managers, recently discovered a security flaw with its program that could have let hackers steal passwords. The "major architectural problem" was discovered by a security researcher at Google and forced LastPass to urge users to be careful using its service.

It isn't the first time a credential management firm has suffered a problem of this scale. 1Password, another manager, was criticised in 2015 for leaking users' bookmarks.

The news led some experts to warn users against password managers. "LastPass isn't alone: Keeper, Dashlane and even 1Password have had severe vulnerabilities that allowed attackers to steal all of the passwords in a user's account without their knowledge," said Sean Cassidy, chief technology officer of Defence Storm.

"Browser-based password manager extensions should no longer be used because they are fundamentally risky and have the potential to have all of your credentials stolen without your knowledge by a random malicious website you visit or by malicious advertising.

But then goes on to say that they are still worth using. I'm sceptical.
 
U

ufkacbln

Guest
The other way is to have a system

For instance if you sign up here today, then CycleChat290617 would work, and if you forget then simply checking your confirmation email will give you a clue.

The other I have used is to use a bike and then a purchase date

For changing passwords, chose a favourite place (or person) and then have a numerical system to update.
 
D

Debade

Über Member
Location
Connecticut, USA
In my research, the easier for you, the easier for 'them'.

I use keepass on a secure thumb drive. While adding cloud storage, even keepass's, adds convenience, I avoid it, for better security. I also use 2 factor as much as possible.

Having said all this, on sites like CC, I simply save my PW on my device.
 
Sea of vapours

Sea of vapours

Guru
Location
Clapham, Yorkshire Dales
Passwords ought to look something like this: cJ52"&8^T7wTksa(NUxZDO . If they don't then they're barely useful for anything other than rather casual attacks. I'm not going anywhere near trying to remember a couple of hundred strings of that sort :wacko:

Writing them down - provided they look like that sort of thing - in a little book which is kept somewhere safe is a pretty good method though. It guards against the majority* of on-line attacks and is really only a risk when the physical security of where they're stored has been breached, in which case you may very well have bigger problems.

* And using two factor authentication wherever you can massively reduces the risks for just about everything (not everything, just about everything.
 
Last edited:
summerdays

summerdays

Cycling in the sun
Location
Bristol
Drago said:
Just remember the passwords. I know its old fashioned to remember important stuff but its not difficult. The biggest problem is that it requires effort, which folk are increasingly loathe to expend.
Click to expand...
The problem comes for me that you are advised to have different passwords for every site. I just can't remember all of them. Then I have a complete brain freeze and end up having to reset it!

I've contemplated Dashlane..... I just worry about not being able to access my own accounts.... (I've even had to reset my CC one a couple of times due to forgetting it:blush:).
 
D

Dan B

Disengaged member
I have around 50 of the buggers, and i want each of them to be random and more than 12 characters long. You might think it's easy "just" to remember that lot, i think I'd rather use the brain space for something more important
 
OP
OP
Brains

Brains

Legendary Member
Location
Greenwich
Two Factor ?
 
Sea of vapours

Sea of vapours

Guru
Location
Clapham, Yorkshire Dales
Brains said:
Two Factor ?
Click to expand...
Usually phrased as 'something you know + something you own', so the password is the thing you know and then you add a second factor, typically something physical like a 'key' or a fingerprint, or a bit of software on a mobile device which gives you a number to type in. So if you log in to site X you first put in a password, then you plug your key into the device, scan your finger, or type in the dynamically generated code.

The point is that your accounts aren't accessible without both, so if the site suffers a complete loss of all passwords and userids the thieves still can't get into your account since they don't have the physical thing, whatever that might be.

Banks tend to do this is a variety of ways, as do increasingly large numbers of services such as Google accounts, Dropbox, Wordpress, Lastpass (two factors to get to the point where it will fill in your secure passwords for you).
 
KnackeredBike

KnackeredBike

I do my own stunts
When I used to work for Sainsbury's a few years ago the done thing was to have one set of accounts per store, with the password for everything as the city you were in followed by 1, e.g. "London1". This made it very easy if you were sent to cover another store.

They did try and change it to (gasp) two accounts but everyone kicked off and they changed it back. Bearing in mind the software they were using at the time, Repos, allowed access to full credit card numbers I hope they have changed it by now.

tl;dr Your details are more secure with you than with other people anyway.
 
Sea of vapours

Sea of vapours

Guru
Location
Clapham, Yorkshire Dales
Drago said:
Non alphanumeric characters may defeat the amateur tinkerer, but the serious fraudsters use software to either crack the passwords, or more often to simply steal them. It matters not to them whether you use ABC or %@\.
Click to expand...

It doesn't matter, no, though restricting passwords to 26 characters makes cracking considerably quicker than including numerics and other characters. More to the point, randomness matters very much indeed so using something, such as a password manager, to generate a long-ish, pseduo-random string is vastly better than using words or using words with various letters substituted by other characters (those are surprisingly easy to crack - little different from the original word). And yes, stealing passwords en masse is the most popular and easiest method, the defence against which is two factor authentication, and it's a very good defence.
 
Drago

Drago

Legendary Member
Location
Suburban Poshshire
As aforementioned by myself, they are more likely to simply steal them. Whether you have ABC123 or a 200 digit random selection of dots and dashes makes no different when they hack the server and steal the password whole.
 
U

User33236

Guest
Drago said:
Just remember the passwords. I know its old fashioned to remember important stuff but its not difficult. The biggest problem is that it requires effort, which folk are increasingly loathe to expend.
Click to expand...
I use 1Password for sites with minor security issues but 'remember' passwords for the more vulnerable.

I do this by storing a three or four character string as a reminder of a random 16 to 48 character string which I have generated a phrase to remember it by. The reminders characters provide a seamingly ramdon prompt that I can associate with.
 
You must log in or register to reply here.

Similar threads

R
Password managers
Replies
42
Top Bottom