Discussion
audi321 said:
Can I ask how safe Google Chrome is? I mean it remembers all my passwords and I seem to be able to 'log in' to any computer in the world and retrieve saved passwords for websites?
I don't really use it for many sites, but it seems to work perfectly well for those that it does (i.e. PH's)
Depends how secure your Google password is. You can also enable two factor authentication, so that logins from new devices require you to allow them via an app on your phone. No phone, no login. I don't really use it for many sites, but it seems to work perfectly well for those that it does (i.e. PH's)
Brainpox said:
Depends how secure your Google password is. You can also enable two factor authentication, so that logins from new devices require you to allow them via an app on your phone. No phone, no login.
Cheers, so with a complex password and two factor authentication, what is the benefit of one of these password sites (genuine question)?audi321 said:
Cheers, so with a complex password and two factor authentication, what is the benefit of one of these password sites (genuine question)?
Well (speaking for Lastpass as that's what i use) for a start you can use it on Firefox, Edge & Chrome, on desktop & phone. You can assign someone to have emergency access so if you die your family can get access to your passwords. You can also store files such as pdfs so when I travel I have instant access to insurance documents, passport scans etc as long as I have access to a PC or phone. You can also require a hardware dongle ( eg a Yubikey) is used to gain access so you aren't just relying on a pasword. It also log you into some non-browser apps such as Skype although that can be a bit variable at times.Edited by Mr Pointy on Monday 26th March 23:55
audi321 said:
Can I ask how safe Google Chrome is? I mean it remembers all my passwords and I seem to be able to 'log in' to any computer in the world and retrieve saved passwords for websites?
I don't really use it for many sites, but it seems to work perfectly well for those that it does (i.e. PH's)
I wouldn't because however safely Google may store and transmit them I'm cautious of how Chrome stores them inside your browser and what can get at them.I don't really use it for many sites, but it seems to work perfectly well for those that it does (i.e. PH's)
I'd go with a dedicated password manager.
AndrewEH1 said:
I think for a lot of accounts it's probably just worth having the same generic password for them all.
For example for all forums/account without any financial/personal/address information just used Password123!
Who cares if someone hacks your Pistonheads account?
But for email, banking, Amazon/eBay/etc they should all be unique!
That's my approach, have to admit.For example for all forums/account without any financial/personal/address information just used Password123!
Who cares if someone hacks your Pistonheads account?
But for email, banking, Amazon/eBay/etc they should all be unique!
Same generic one for mundane sites, let the browser hold those for me....
Then a well hidden notebook with the important ones in!
Yes, I type in my different banking ones whenever I log in. No massive hardship, it isn't like I have a thousand accounts.
Make sure all bank/PayPal/eBay/<emails that could link to them> ones are different.
Trust nobody!!
Years (20?) ago, my hotmail acct was hacked.
At the time, it had the same passed as ebay.
Hacked started buyin' & selling a load of stuff.
I had checked one lunchtime (was selling a camera) - no problems.
Checked again early evening....LOADS going on. WTF?!!
Up until the small hours trying to contact sellers (do not ship stuff!!), buyers (fake, don't buy!).
eBay/PayPal/hotmail had crappy automated systems that did nothing. Literally went round in circles.
Police weren't interested (I had what was clearly a holding address in Austria!! Call InterPol!!).
Only help was credit card company who I could speak to, & who put a stop on the card.
Funny thing was that in the end, weeks later, I ended up £400 better off: could not get hold of some folk who had spent money.
But it was a salutary lesson in taking care of data, passwords in particular.
Edited by mikeiow on Tuesday 27th March 08:16
anonymous said:
[redacted]
Mmmm...because those third party tools are all 100% secure, right?https://thehackernews.com/2017/02/password-manager...
https://www.theguardian.com/technology/2017/mar/30...
https://thehackernews.com/2016/07/lastpass-passwor...
I'm kind of kidding: I kind of know they *should* be way better than me typing things in.....
....but I also kind of trust myself more with the important ones, and being in IT myself, I kind of know the worst case scenario can exist....
I don't agree that using a generic password for irrelevant sites is is a BadThing(tm), provided you really do not care who can get to that site (& other sites you use generic passwords for). Although my generic password might be a little harder to crack than P@ssw0rd!!
So which password manager do you implicitly trust your crown jewels with?
mikeiow said:
Mmmm...because those third party tools are all 100% secure, right?
https://thehackernews.com/2017/02/password-manager...
https://www.theguardian.com/technology/2017/mar/30...
https://thehackernews.com/2016/07/lastpass-passwor...
I'm kind of kidding: I kind of know they *should* be way better than me typing things in.....
....but I also kind of trust myself more with the important ones, and being in IT myself, I kind of know the worst case scenario can exist....
I don't agree that using a generic password for irrelevant sites is is a BadThing(tm), provided you really do not care who can get to that site (& other sites you use generic passwords for). Although my generic password might be a little harder to crack than P@ssw0rd!!
So which password manager do you implicitly trust your crown jewels with?
I trust 1Password though I admit I don't put credit card or bank details in it, maybe because I don't need to do so.https://thehackernews.com/2017/02/password-manager...
https://www.theguardian.com/technology/2017/mar/30...
https://thehackernews.com/2016/07/lastpass-passwor...
I'm kind of kidding: I kind of know they *should* be way better than me typing things in.....
....but I also kind of trust myself more with the important ones, and being in IT myself, I kind of know the worst case scenario can exist....
I don't agree that using a generic password for irrelevant sites is is a BadThing(tm), provided you really do not care who can get to that site (& other sites you use generic passwords for). Although my generic password might be a little harder to crack than P@ssw0rd!!
So which password manager do you implicitly trust your crown jewels with?
If I had enough accounts to juggle that I needed to store the details I'd have to re-consider.
Thing is Troy Hunt is bang on the money, for most people most of the time you're massively better off with a password manager than you are without one.
Mr Pointy said:
robinessex said:
Make PW file on Excel. Keep file on memory stick. Only use if PW forgotten, unplug from computer unless being actively used. Keep in secret place at home.
How does that help you enter a password into a phone or tablet?anonymous said:
[redacted]
Yes, but your reasons appear to be that *me* having a cr@p password for PH & mumsnet (for example - just for clarity, I'm not on mumsnet ;-) makes the two sites less secure. Why so?
Surely that is only "less secure for mikeiow's details, messages etc" ? How would someone hacking my PH login make PH *generally* less secure - I have no admin rights here!
anonymous said:
[redacted]
I agree with 2-factor authentication for important stuff, for sure.....something you know, & something you have. Right up until your mobile battery fails you at an inopportune moment....mmm.....KIDDING, I'M KIDDING! MFA is great!b
hstewie said:
hstewie said: Thing is Troy Hunt is bang on the money, for most people most of the time you're massively better off with a password manager than you are without one.
He also makes a point for old people to write them in a book & keep that secure: the list of hackers going through cupboards is perhaps lower than the hackfest that is known as The Internet! Besides, I consider myself an old person now, so what's good for them.......Security is what it is. Always a target. Keep on top of financial & what you consider to be secure data. As outlined above, I have had an "interesting experience" of identity theft or 'hacking' way back, so I'm pretty cautious how I do things ;-)
Care less about the rest. Live a little!
Edited by mikeiow on Tuesday 27th March 11:41
If it works for you like it does her I wouldn't be saying use a password manager for the sake of it.
To answer the OP, I have used 1Password for 3 years and I can’t imagine how I would manage without it. I have well over 100 logins and there is no way I can manage them all with anything else.
The name of the app gives it away – you only need to remember the password that unlocks the password vault on your phone or pc.
It generates new complex passwords so you don’t need to know them or write them down.
When you create a login on a new site you can get it to generate a new password for you and then it will save it to your vault when asked.
You can launch websites from the app (on the phone or the pc) and it will automatically log you in with the stored username and password. Or you can view the password from the app.
You can store more than just passwords. Also ID numbers, bank accounts, passports, credit card details etc.
There are a few things I think it could do better, but it’s possible this is just user errror. They do occasional software updates. There is a licence fee for the windows product and separate for the phone app but I was happy to pay it because it works so well.
The name of the app gives it away – you only need to remember the password that unlocks the password vault on your phone or pc.
It generates new complex passwords so you don’t need to know them or write them down.
When you create a login on a new site you can get it to generate a new password for you and then it will save it to your vault when asked.
You can launch websites from the app (on the phone or the pc) and it will automatically log you in with the stored username and password. Or you can view the password from the app.
You can store more than just passwords. Also ID numbers, bank accounts, passports, credit card details etc.
There are a few things I think it could do better, but it’s possible this is just user errror. They do occasional software updates. There is a licence fee for the windows product and separate for the phone app but I was happy to pay it because it works so well.
I'm not rain man, but my handful of (unique) forum passwords are not written down anywhere. My browser remembers them, and if I have to re-enter them I can usually get them with a few guesses. Worst case I do a password reset.
Bank / ebay / email are never stored on the phone. If I forget them, it takes me at least an hour or two to find the paper cheat sheet.
Once I've found it, I stare at it for a while until I remember which password is the one I want : there's no account or site details on the cheat sheet, just the passwords.
Work related forum etc. passwords are in a place at work known to 3 of us : if there's a break in to my office, or it burns down, stolen / lost website passwords are the least of my worries.
Bank / ebay / email are never stored on the phone. If I forget them, it takes me at least an hour or two to find the paper cheat sheet.
Once I've found it, I stare at it for a while until I remember which password is the one I want : there's no account or site details on the cheat sheet, just the passwords.
Work related forum etc. passwords are in a place at work known to 3 of us : if there's a break in to my office, or it burns down, stolen / lost website passwords are the least of my worries.
This works for me:
Think of a phrase and then tailor it so that it's unique to a particular website, and stick to the logic.
A simple example - "Mary had a little lamb" might be my base phrase, so I use "mhall" as basis for my password. Then to tailor it, I might use the first 4 letters of the website as a prefix, and add a set of fixed numbers I always use, so for hotmail it would become hotmmhall12345, Then for gmail, it would be gmaimhall12345.
If it requires a capital letter, then it's always the first letter in the password; if it requires a special character, then I substitute ! for the 1. Make up your own rules that you can remember.....
Think of a phrase and then tailor it so that it's unique to a particular website, and stick to the logic.
A simple example - "Mary had a little lamb" might be my base phrase, so I use "mhall" as basis for my password. Then to tailor it, I might use the first 4 letters of the website as a prefix, and add a set of fixed numbers I always use, so for hotmail it would become hotmmhall12345, Then for gmail, it would be gmaimhall12345.
If it requires a capital letter, then it's always the first letter in the password; if it requires a special character, then I substitute ! for the 1. Make up your own rules that you can remember.....
Edited by Somebody on Tuesday 27th March 13:07
AW111 said:
I'm not rain man, but my handful of (unique) forum passwords are not written down anywhere. My browser remembers them, and if I have to re-enter them I can usually get them with a few guesses. Worst case I do a password reset.
Bank / ebay / email are never stored on the phone. If I forget them, it takes me at least an hour or two to find the paper cheat sheet.
Once I've found it, I stare at it for a while until I remember which password is the one I want : there's no account or site details on the cheat sheet, just the passwords.
Work related forum etc. passwords are in a place at work known to 3 of us : if there's a break in to my office, or it burns down, stolen / lost website passwords are the least of my worries.
It's people like you that password managers were invented for. Just try one of them, it makes life much easier. Bank / ebay / email are never stored on the phone. If I forget them, it takes me at least an hour or two to find the paper cheat sheet.
Once I've found it, I stare at it for a while until I remember which password is the one I want : there's no account or site details on the cheat sheet, just the passwords.
Work related forum etc. passwords are in a place at work known to 3 of us : if there's a break in to my office, or it burns down, stolen / lost website passwords are the least of my worries.
When you die, how will your family access your accounts?
Mr Pointy said:
It's people like you that password managers were invented for. Just try one of them, it makes life much easier.
When you die, how will your family access your accounts?
I have less than 10 online accounts in total.When you die, how will your family access your accounts?
The only one that matters is the bank, and family will have to contact them directly anyway when I die, so it's not much of an issue.
When you die, how will your family access your password safe?
Although I like the idea of something which manages complicated passwords for all of my online accounts - doesn't it only makes sense if you allow it to auto fill forms?
I tend to avoid that because it seems inherently insecure to me. The weakest link seems to be the device itself - so if somebody stole my tablet or phone then it's only the device security which is stopping them being able to log into everything automatically?
I tend to avoid that because it seems inherently insecure to me. The weakest link seems to be the device itself - so if somebody stole my tablet or phone then it's only the device security which is stopping them being able to log into everything automatically?
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff