Password managers

pete6032

Diamond Member
Dec 3, 2010
6,230
1,795
136
Does anyone here use a password manager, and if so, do you store password to financial websites (CC, bank, etc.) separately? Or do you store those in the PW manager too?
 

Fenixgoon

Lifer
Jun 30, 2003
29,435
5,785
126
i use bitwarden. everything goes in there. unique passwords for everything, and as long and complicated as i can make them.

my master password is also pretty damn strong.
 
  • Like
Reactions: LikeLinus and manly

Captante

Lifer
Oct 20, 2003
23,463
5,457
136
I use Norton Password-vault for mission-critical stuff and web-browser for the less important.

Keepass also works well and I've used it in the past with success.
 

pete6032

Diamond Member
Dec 3, 2010
6,230
1,795
136
Semi related question: What are people doing with mobile phone app to ensure security? Are you logging out of them after using? I'm talking about ride share apps, Amazon, eBay, Home Depot, etc. Some apps like Target have login requirements before you can open the app, but others there appears to be no way to set a PIN or biometric login requirement before you can open the app.
 

Captante

Lifer
Oct 20, 2003
23,463
5,457
136
Semi related question: What are people doing with mobile phone app to ensure security? Are you logging out of them after using? I'm talking about ride share apps, Amazon, eBay, Home Depot, etc. Some apps like Target have login requirements before you can open the app, but others there appears to be no way to set a PIN or biometric login requirement before you can open the app.
Actually Norton offers a "per-app" utility that will force either a PIN code or a fingerprint match to open many apps. (I don't use it due to compatibility issues)

What you CAN do in Android 11/12 at least is manually revoke all permissions for any app you don't use often which will force the OS to re-ask permission every time it launch's said app.

Android 11 (not sure about 12) will also "expire" permissions automatically after a certain period of non-use too but I prefer not to wait for it to happen as it can leave you exposed.
 
Last edited:

lxskllr

No Lifer
Nov 30, 2004
55,611
5,584
126
I don't use many (cr)apps that duplicate browser functionality. Certainly none for stores. I have redreader for reddit, and mega for cloud storage. Mega gets on my nerves cause it's so big, does things I don't need, and is proprietary. I want to see if can use the libre cli program in termux, and use scripts to do what I want.
 

Red Squirrel

No Lifer
May 24, 2003
62,876
9,843
126
twitter.com
I wanted a locally hosted web based password manager so I don't have to worry about desktop software and could not find any solution so I ended up writing my own and put everything in there. It's not that fancy, I just copy and paste the password from the text field. My copy and paste functionality is flaky on this machine, I never figured out why, so I often get burned by that especially when I'm changing the password on the site, because it might not go through property and I end up locking myself out. But other than that it works ok. At some point I might look into how hard it is to write a firefox extension, then I could have it interface with the password manager web page and automate some stuff.

I may also look into having it generate a QR code, as it would be useful for when I want to login to a site on mobile instead of having to type it manually. Most of my passwords are strings like UR7fTyuc10@#IE)KXz.

As a side note, it's crazy how many sites have shitty password restrictions such as not liking certain characters. Often some will completely break with those strings as they don't like some of the special characters. I don't get that, why are they not hashing it into something that can mask all those characters anyway? Heck, even if they just MD5ed it locally first before sending it to the server to be hashed further. There's no reason to have any restrictions for passwords.
 
  • Like
Reactions: Captante

Ajay

Lifer
Jan 8, 2001
11,395
5,158
136
Dashlane. All passwords. All financial sites are set to require re-entry of Master Password.
 

MrSquished

Lifer
Jan 14, 2013
14,617
11,607
136
I was coming here to post my suspicion of this because yesterday I got an email from LastPass saying a suspicious login attempt was detected on my account in Buffalo NY but they blocked it. I used LastPass for like a week quite a while back but then never really set it up much nor used it.

The password I created for LastPass was unique, I never used it anywhere else, the person with my pw could have only got it from LastPass, so I was thinking yesterday that it turns out they are the fucking weakest link.
 

ponyo

Lifer
Feb 14, 2002
19,687
2,793
126
Thanks for the heads up. Just logged in and changed my master password. And also enabled 2-factor auth. I didn't even realize that was even an option.

Past couple of years, I moved pretty much everything over to Apple. I only use LastPass when I'm using Chrome. But I rarely use Chrome now and switched to Safari for 99% of usage.
 

LikeLinus

Lifer
Jul 25, 2001
11,518
668
126
i use bitwarden. everything goes in there. unique passwords for everything, and as long and complicated as i can make them.

my master password is also pretty damn strong.
This right here. It's all you need and free. You can download the stores sites, user and pass to an XML file. Store that on a flash drive or however you want, securely, and you are good to go. You can even password the excel file and then the rar or 7zip folder, lol.
 

balloonshark

Diamond Member
Jun 5, 2008
5,548
1,752
136
I'm also a keepass user. If I have to use anything like a password manager or encryption I want it to be open source.
 

Charmonium

Diamond Member
May 15, 2015
6,658
708
126
I started using LastPass many years ago. I think it was probably not too long after they launched. Stuck with them once they went fee only. I think there's still a free version, but last I checked, it was cobbled to the extent of being useless.

Downside, everything on their server is encrypted before being sync'ed. So if you lock yourself out, that's some very tough, chewy titties. There are few ways you can cover yourself though. For example you can print off a code grid and use that. No . . . wait, that's for 2FA. Hmm. I know there are multiple backups but of course, you have to use them.
 

drnickriviera

Platinum Member
Jan 30, 2001
2,311
107
116
Bitwarden with a yubikey for me. Keep all my passwords on it. Not sure if I like it, but probably better than weak passwords i can remember
 

PowerEngineer

Diamond Member
Oct 22, 2001
3,447
542
126
I've been using KeePass for years. Pretty simple to use, and database is only stored locally.
Ditto. Chose KeePass because the database is stored locally. I don't like the idea of putting my passwords at risk on a software provider's server; too obvious a hacking target.

I do not do anything online other than email on my phone. Phone apps seem to be the "Wild West" with regard to security and trustworthiness. No banking, no credit card information, no online purchasing.
 

Lost_in_the_HTTP

Diamond Member
Nov 17, 2019
6,605
3,818
106
I don't use ANY third party keeper. I don't want any system that is outside my personal control to have my PWs. I keep a file locally and use my local browser system. Nothing goes outside my house. My phone only has limited access to financial things, mostly for shopping, no banking.

That said, U.S. Government sites have taken to using systems that seem to thwart user security. Office Of Personnel Management (OPM) will not let you paste a password and will not allow password managers, browsers or otherwise to fill in your PW to log in. You must manually type your PW each time. U.S. Treasury Direct is similar, but they require the use of an on-line keyboard, point to a digit or character with your mouse and click it. No pasting, or form fills, no standard keyboard typing. I don't even know my PWs for most sites as they have a mix of letters, numbers and characters. There is no way I could type it each time using either method. They seem to be forcing people to use simple, less complex passwords.
 

mikeymikec

Lifer
May 19, 2011
15,297
5,434
136
I have a doc on my computer which has almost all my important passwords in except my main bank's online banking login details. Completely unimportant account logins (e.g. forum / social networking) are stored in my browser.
 

ASK THE COMMUNITY