Password managers
- Thread starter pete6032
- Start date
lxskllr
No Lifer
- Nov 30, 2004
- 57,409
- 7,591
- 126
I use keepass compatible managers on every platform I use. I keep my most important passes in it. Less important stuff, I use the browser manager.
Fenixgoon
Lifer
- Jun 30, 2003
- 31,548
- 9,907
- 136
i use bitwarden. everything goes in there. unique passwords for everything, and as long and complicated as i can make them.
my master password is also pretty damn strong.
my master password is also pretty damn strong.
- Dec 3, 2010
- 7,472
- 3,025
- 136
Semi related question: What are people doing with mobile phone app to ensure security? Are you logging out of them after using? I'm talking about ride share apps, Amazon, eBay, Home Depot, etc. Some apps like Target have login requirements before you can open the app, but others there appears to be no way to set a PIN or biometric login requirement before you can open the app.
Captante
Lifer
- Oct 20, 2003
- 30,272
- 10,777
- 136
Actually Norton offers a "per-app" utility that will force either a PIN code or a fingerprint match to open many apps. (I don't use it due to compatibility issues)
What you CAN do in Android 11/12 at least is manually revoke all permissions for any app you don't use often which will force the OS to re-ask permission every time it launch's said app.
Android 11 (not sure about 12) will also "expire" permissions automatically after a certain period of non-use too but I prefer not to wait for it to happen as it can leave you exposed.
Last edited:
lxskllr
No Lifer
- Nov 30, 2004
- 57,409
- 7,591
- 126
I don't use many (cr)apps that duplicate browser functionality. Certainly none for stores. I have redreader for reddit, and mega for cloud storage. Mega gets on my nerves cause it's so big, does things I don't need, and is proprietary. I want to see if can use the libre cli program in termux, and use scripts to do what I want.
Red Squirrel
No Lifer
I wanted a locally hosted web based password manager so I don't have to worry about desktop software and could not find any solution so I ended up writing my own and put everything in there. It's not that fancy, I just copy and paste the password from the text field. My copy and paste functionality is flaky on this machine, I never figured out why, so I often get burned by that especially when I'm changing the password on the site, because it might not go through property and I end up locking myself out. But other than that it works ok. At some point I might look into how hard it is to write a firefox extension, then I could have it interface with the password manager web page and automate some stuff.
I may also look into having it generate a QR code, as it would be useful for when I want to login to a site on mobile instead of having to type it manually. Most of my passwords are strings like UR7fTyuc10@#IE)KXz.
As a side note, it's crazy how many sites have shitty password restrictions such as not liking certain characters. Often some will completely break with those strings as they don't like some of the special characters. I don't get that, why are they not hashing it into something that can mask all those characters anyway? Heck, even if they just MD5ed it locally first before sending it to the server to be hashed further. There's no reason to have any restrictions for passwords.
I may also look into having it generate a QR code, as it would be useful for when I want to login to a site on mobile instead of having to type it manually. Most of my passwords are strings like UR7fTyuc10@#IE)KXz.
As a side note, it's crazy how many sites have shitty password restrictions such as not liking certain characters. Often some will completely break with those strings as they don't like some of the special characters. I don't get that, why are they not hashing it into something that can mask all those characters anyway? Heck, even if they just MD5ed it locally first before sending it to the server to be hashed further. There's no reason to have any restrictions for passwords.
Red Squirrel
No Lifer
MrSquished
Lifer
- Jan 14, 2013
- 21,175
- 19,647
- 136
I was coming here to post my suspicion of this because yesterday I got an email from LastPass saying a suspicious login attempt was detected on my account in Buffalo NY but they blocked it. I used LastPass for like a week quite a while back but then never really set it up much nor used it.
The password I created for LastPass was unique, I never used it anywhere else, the person with my pw could have only got it from LastPass, so I was thinking yesterday that it turns out they are the fucking weakest link.
ponyo
Lifer
- Feb 14, 2002
- 19,689
- 2,811
- 126
Thanks for the heads up. Just logged in and changed my master password. And also enabled 2-factor auth. I didn't even realize that was even an option.
Past couple of years, I moved pretty much everything over to Apple. I only use LastPass when I'm using Chrome. But I rarely use Chrome now and switched to Safari for 99% of usage.
This right here. It's all you need and free. You can download the stores sites, user and pass to an XML file. Store that on a flash drive or however you want, securely, and you are good to go. You can even password the excel file and then the rar or 7zip folder, lol.
brianmanahan
Lifer
- Sep 2, 2006
- 24,232
- 5,630
- 136
Fenixgoon
Lifer
- Jun 30, 2003
- 31,548
- 9,907
- 136
horse battery staple correctthanks for giving us your master password
balloonshark
Diamond Member
- Jun 5, 2008
- 6,317
- 2,718
- 136
I'm also a keepass user. If I have to use anything like a password manager or encryption I want it to be open source.
Charmonium
Diamond Member
- May 15, 2015
- 8,908
- 2,416
- 136
I started using LastPass many years ago. I think it was probably not too long after they launched. Stuck with them once they went fee only. I think there's still a free version, but last I checked, it was cobbled to the extent of being useless.
Downside, everything on their server is encrypted before being sync'ed. So if you lock yourself out, that's some very tough, chewy titties. There are few ways you can cover yourself though. For example you can print off a code grid and use that. No . . . wait, that's for 2FA. Hmm. I know there are multiple backups but of course, you have to use them.
Downside, everything on their server is encrypted before being sync'ed. So if you lock yourself out, that's some very tough, chewy titties. There are few ways you can cover yourself though. For example you can print off a code grid and use that. No . . . wait, that's for 2FA. Hmm. I know there are multiple backups but of course, you have to use them.
Brainonska511
Lifer
- Dec 10, 2005
- 24,050
- 6,848
- 136
Bitwarden with a yubikey for me. Keep all my passwords on it. Not sure if I like it, but probably better than weak passwords i can remember
PowerEngineer
Diamond Member
- Oct 22, 2001
- 3,548
- 716
- 136
Ditto. Chose KeePass because the database is stored locally. I don't like the idea of putting my passwords at risk on a software provider's server; too obvious a hacking target.
I do not do anything online other than email on my phone. Phone apps seem to be the "Wild West" with regard to security and trustworthiness. No banking, no credit card information, no online purchasing.
My banking password is password. I am deeply in debt and hope that a hacker will hack my account take pity at what he sees and leaves a deposit for me.
Lost_in_the_HTTP
Lifer
- Nov 17, 2019
- 10,764
- 6,452
- 136
I don't use ANY third party keeper. I don't want any system that is outside my personal control to have my PWs. I keep a file locally and use my local browser system. Nothing goes outside my house. My phone only has limited access to financial things, mostly for shopping, no banking.
That said, U.S. Government sites have taken to using systems that seem to thwart user security. Office Of Personnel Management (OPM) will not let you paste a password and will not allow password managers, browsers or otherwise to fill in your PW to log in. You must manually type your PW each time. U.S. Treasury Direct is similar, but they require the use of an on-line keyboard, point to a digit or character with your mouse and click it. No pasting, or form fills, no standard keyboard typing. I don't even know my PWs for most sites as they have a mix of letters, numbers and characters. There is no way I could type it each time using either method. They seem to be forcing people to use simple, less complex passwords.
That said, U.S. Government sites have taken to using systems that seem to thwart user security. Office Of Personnel Management (OPM) will not let you paste a password and will not allow password managers, browsers or otherwise to fill in your PW to log in. You must manually type your PW each time. U.S. Treasury Direct is similar, but they require the use of an on-line keyboard, point to a digit or character with your mouse and click it. No pasting, or form fills, no standard keyboard typing. I don't even know my PWs for most sites as they have a mix of letters, numbers and characters. There is no way I could type it each time using either method. They seem to be forcing people to use simple, less complex passwords.
Muadib
Lifer
- May 30, 2000
- 17,916
- 838
- 126
mikeymikec
Lifer
- May 19, 2011
- 17,677
- 9,522
- 136
I have a doc on my computer which has almost all my important passwords in except my main bank's online banking login details. Completely unimportant account logins (e.g. forum / social networking) are stored in my browser.
TRENDING THREADS
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 9K
-
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 7K
-
Facebook
Twitter