Password managers any good?
Discussion
I have used 1Password for a few years now and it so something I now couldn't live with out and I finally feel in control of all my user accounts. I'm sure LastPass is the same but I've never used that.
Key features for me are:
- Creates new passwords so you don't have to think them up
- Syncs across all PCs and Mobiles
- Autofills user name and passwords on websites
- Can be used by all members of my family, with shared passwords if necessary
- Can also store credit cards, bank account numbers etc.
Key features for me are:
- Creates new passwords so you don't have to think them up
- Syncs across all PCs and Mobiles
- Autofills user name and passwords on websites
- Can be used by all members of my family, with shared passwords if necessary
- Can also store credit cards, bank account numbers etc.
LastPass with Authy (Google Authenticator clone) for 2FA .
It allows me access to all my passwords in my phone, laptop, iMac and work PC. I have been using it for 3 years and it has been revelation - removing all the stress of trying to create and remember passwords for 100s of sites.
In first use it ‘found’ numerous passwords + site combinations from my browser history, identified which passwords were duplicates / poor etc and assisted with changing them.
I also use the Secure Notes feature of LastPass to store other information securely.
It allows me access to all my passwords in my phone, laptop, iMac and work PC. I have been using it for 3 years and it has been revelation - removing all the stress of trying to create and remember passwords for 100s of sites.
In first use it ‘found’ numerous passwords + site combinations from my browser history, identified which passwords were duplicates / poor etc and assisted with changing them.
I also use the Secure Notes feature of LastPass to store other information securely.
LeoSayer said:
I have used 1Password for a few years now and it so something I now couldn't live with out and I finally feel in control of all my user accounts. I'm sure LastPass is the same but I've never used that.
Key features for me are:
- Creates new passwords so you don't have to think them up
- Syncs across all PCs and Mobiles
- Autofills user name and passwords on websites
- Can be used by all members of my family, with shared passwords if necessary
- Can also store credit cards, bank account numbers etc.
Im with him.....Key features for me are:
- Creates new passwords so you don't have to think them up
- Syncs across all PCs and Mobiles
- Autofills user name and passwords on websites
- Can be used by all members of my family, with shared passwords if necessary
- Can also store credit cards, bank account numbers etc.
Annoyingly, a lot of websites cannot cope with even a ten digit PW generated by 1PW as they dont understand it for some reaason.
My password manager's normally quite efficient but does roll her eyes when I go off on a rant about why I need a password to log into the council website for refuse collection and I do have to take her a Sunday morning cup of tea in bed occasionally.
I've never tried any particular app but do use the feature on Google Chrome & on my iPhone. Maybe should look into it further...
I've never tried any particular app but do use the feature on Google Chrome & on my iPhone. Maybe should look into it further...
Yet another Lastpass user here. The only "problems" with it is banking websites where you have you enter the 3rd 5th and 276th character of your password as it can't fill those in, and I do like to have some passwords short and memorable enough that I can access them from other computers where I don't have it installed.
This has been discussed many times on PH, so worth a look at previous threads as there is some good information in them:
https://www.pistonheads.com/gassing/topic.asp?h=0&...
https://www.pistonheads.com/gassing/topic.asp?h=0&...
https://www.pistonheads.com/gassing/topic.asp?h=0&...
https://www.pistonheads.com/gassing/topic.asp?h=0&...
And as for the justification for their use, and debate on how good they are - this is a great summary (and shares my own view):
https://www.troyhunt.com/password-managers-dont-ha...
And the summary - in most cases they are very worthwhile - there are some weaknesses, but usually agreed that these are less bad than the alternative (not using one)
As you can see - I am a big fan, and agree the likes of 1Password, Lastpass, KeePass are all well regarded and have their fans.
A throwback to my Windows Mobile days but I still use eWallet on my mobile phone and Windows desktop:
https://www.iliumsoft.com/ewallet/
It's more than a password vault as it holds whatever you want it to hold; card and bank account details, software keys etc. Just need to be disciplined and update the details whenever there are changes e.g. new expiry dates and CVVs etc.
https://www.iliumsoft.com/ewallet/
It's more than a password vault as it holds whatever you want it to hold; card and bank account details, software keys etc. Just need to be disciplined and update the details whenever there are changes e.g. new expiry dates and CVVs etc.
Whilst I can see the obvious advantages of using a password manager, one question that I've often thought about, and wondered if anyone has any comments is that all your passwords are encrypted and held in a password manager (let's call it MyPass).
What happens when the company providing MyPass goes bankrupt, or simply changes their business model and decides to no longer provide the MyPass service?
Having seen the carnage resulting from image hosting sites such as Photobucket suddenly changing their business model (with the resulting decimation of many useful forums (fora?) with photos disappearing), there is often a tendency to rely on 3rd party services with an assumption that they will simply continue forever.
With password managers, are you potentially going to be looking at manually resetting all your passwords, or extracting the actual complex passwords and then manually entering them into an alternative password manager, or what?
Maybe it's not worth worrying about, but for the photos aspect, I save ones I want to publish on FlickR, but have a backup on my home Mac, another on a connected NAS, and a further backup on removable disk which is stored physically remotely from the Mac or NAS, so I'm not reliant on a single company/service.
For passwords, I use different passwords for anything remotely important, and store a list of "services" in a password protected file (available on multiple of my devices) along with hints which are enough to remind me what the passwords are, but certainly not enough for anyone to guess the password. I'm not that worried about complexity, as am tending towards longer pass-phrases these days which are (according to the IT security community) generally harder to crack than shorter complex passwords.
DL/DR:
Clearly using a password manager is a massive improvement on having no strategy and using the same passwords for multiple accounts, but what happens if/when the service suddenly disappears - what do you do?
What happens when the company providing MyPass goes bankrupt, or simply changes their business model and decides to no longer provide the MyPass service?
Having seen the carnage resulting from image hosting sites such as Photobucket suddenly changing their business model (with the resulting decimation of many useful forums (fora?) with photos disappearing), there is often a tendency to rely on 3rd party services with an assumption that they will simply continue forever.
With password managers, are you potentially going to be looking at manually resetting all your passwords, or extracting the actual complex passwords and then manually entering them into an alternative password manager, or what?
Maybe it's not worth worrying about, but for the photos aspect, I save ones I want to publish on FlickR, but have a backup on my home Mac, another on a connected NAS, and a further backup on removable disk which is stored physically remotely from the Mac or NAS, so I'm not reliant on a single company/service.
For passwords, I use different passwords for anything remotely important, and store a list of "services" in a password protected file (available on multiple of my devices) along with hints which are enough to remind me what the passwords are, but certainly not enough for anyone to guess the password. I'm not that worried about complexity, as am tending towards longer pass-phrases these days which are (according to the IT security community) generally harder to crack than shorter complex passwords.
DL/DR:
Clearly using a password manager is a massive improvement on having no strategy and using the same passwords for multiple accounts, but what happens if/when the service suddenly disappears - what do you do?
I use Lastpass and like it a lot.
What I don't like however is that they have made all the features worth having available in the free version. This makes me wonder how they are raising funds now. I would rather pay and be assured that the service will not disappear one night, or be funded by selling my data.
What I don't like however is that they have made all the features worth having available in the free version. This makes me wonder how they are raising funds now. I would rather pay and be assured that the service will not disappear one night, or be funded by selling my data.
CC said:
Whilst I can see the obvious advantages of using a password manager, one question that I've often thought about, and wondered if anyone has any comments is that all your passwords are encrypted and held in a password manager (let's call it MyPass).
What happens when the company providing MyPass goes bankrupt, or simply changes their business model and decides to no longer provide the MyPass service?
Lastpass keeps a local file so you have access even when you are offline. What happens when the company providing MyPass goes bankrupt, or simply changes their business model and decides to no longer provide the MyPass service?
CC said:
With password managers, are you potentially going to be looking at manually resetting all your passwords, or extracting the actual complex passwords and then manually entering them into an alternative password manager, or what?
You can export the data in your file as a .csv file which most PW managers can importCC said:
For passwords, I use different passwords for anything remotely important, and store a list of "services" in a password protected file (available on multiple of my devices) along with hints which are enough to remind me what the passwords are, but certainly not enough for anyone to guess the password. I'm not that worried about complexity, as am tending towards longer pass-phrases these days which are (according to the IT security community) generally harder to crack than shorter complex passwords.
That's fine while you are alive but what happens when you die? How are your family going to access your accounts as they don't know what your hints mean. What happens if you lose your phone whilst abroad? How strong is the encryption on your password protected file? PWMs aren't perfect but they are are huge help.
PS: the ampersand in your username screws with the forum quote formatting.
Mr Pointy said:
Lastpass keeps a local file so you have access even when you are offline.
You can export the data in your file as a .csv file which most PW managers can import
Ok fair enough, so that would make switching pretty straightforward.You can export the data in your file as a .csv file which most PW managers can import
Mr Pointy said:
That's fine while you are alive but what happens when you die? How are your family going to access your accounts as they don't know what your hints mean.
This is a good point, so for the limited number of accounts that they would need access to, I will ensure there's a written record available - thanks - hadn't considered that.Mr Pointy said:
What happens if you lose your phone whilst abroad? How strong is the encryption on your password protected file?
PWMs aren't perfect but they are are huge help.
Losing phone isn't an issue, as the file is stored in an online service as well, so can be accessed from any of my devices, or at a push via a web browser.PWMs aren't perfect but they are are huge help.
Encryption is nothing special, but by the premise that the info contained therein is only of any use when combined with what's in my head, it doesn't need to be.
I agree - PWMs are very useful, and I can see how helpful they are, especially for improving security particularly for people who tend to re-use passwords across multiple accounts. The reasons for my questions were really out of interest into the practicalities. I'm the sort of person who (for whatever reason) doesn't tend to like relying on apps for storing passwords. Even on my home computers I don't allow the browser to store passwords for sites but prefer to enter them myself.
Mr Pointy said:
PS: the ampersand in your username screws with the forum quote formatting.
Yes, I know. You'd think the forum software/configuration would be set up to prevent the choice of username that would screw up quotes. Interestingly, it wasn't initially a problem when I first joined PH 14 years ago. I think an update to the forum software has introduced the problem in recent times.budgie smuggler said:
I use Lastpass and like it a lot.
What I don't like however is that they have made all the features worth having available in the free version. This makes me wonder how they are raising funds now. I would rather pay and be assured that the service will not disappear one night, or be funded by selling my data.
LastPass is owned and run by LogMeIn (annual revenue $1 Billion 2017)What I don't like however is that they have made all the features worth having available in the free version. This makes me wonder how they are raising funds now. I would rather pay and be assured that the service will not disappear one night, or be funded by selling my data.
See: https://en.wikipedia.org/wiki/LogMeIn
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff