Password managers any good?
Discussion
bad company said:
I’m using Keychain for most web based passwords. I also store others such as email login details and bank logins on LastPass. Does that sound secure?
I was spooked last week when I looked in by email spam folder and saw a blackmail attempt with one of my passwords (now changed) as the subject line. So the criminal had the email address and a password. Scary.
Try checking your accounts on the following link-I was spooked last week when I looked in by email spam folder and saw a blackmail attempt with one of my passwords (now changed) as the subject line. So the criminal had the email address and a password. Scary.
https://haveibeenpwned.com/
Like you say scary to see your email / passwords laid bare, however better to know and take appropriate action.
bad company said:
I’m using Keychain for most web based passwords. I also store others such as email login details and bank logins on LastPass. Does that sound secure?
I was spooked last week when I looked in by email spam folder and saw a blackmail attempt with one of my passwords (now changed) as the subject line. So the criminal had the email address and a password. Scary.
Yes.I was spooked last week when I looked in by email spam folder and saw a blackmail attempt with one of my passwords (now changed) as the subject line. So the criminal had the email address and a password. Scary.
The main thing is use strong unique passwords.
It sounds like you are but it won't matter what you use to store your passwords if you use the same password on multiple sites and one of those sites is doing a bad job of storing them meaning when that site gets popped your password is out there.
Use 2FA where you can too especially on your email address as it's pretty much the key to your online life.
bad company said:
I’m using Keychain for most web based passwords. I also store others such as email login details and bank logins on LastPass. Does that sound secure?
I was spooked last week when I looked in by email spam folder and saw a blackmail attempt with one of my passwords (now changed) as the subject line. So the criminal had the email address and a password. Scary
Well there's not much you can do about a site you use being compromised & your username & password being exposed. That's why it's so important to never reuse passwords & hence why a password manager can be an important tool to keep your logins safe.I was spooked last week when I looked in by email spam folder and saw a blackmail attempt with one of my passwords (now changed) as the subject line. So the criminal had the email address and a password. Scary
We all have so many logins these days that the temptation to use the same or similar passwords is strong, but fatal. A PWM will greatly assist in having unique passwords & you just need to decide what features you want it to have. Some are stand alone, some are web/cloud based. Your method of mixed storage is ok if it works for you but others prefer to have things centralised, especially if you need cross-platform working.
Ham_and_Jam said:
bad company said:
I’m using Keychain for most web based passwords. I also store others such as email login details and bank logins on LastPass. Does that sound secure?
I was spooked last week when I looked in by email spam folder and saw a blackmail attempt with one of my passwords (now changed) as the subject line. So the criminal had the email address and a password. Scary.
Try checking your accounts on the following link-I was spooked last week when I looked in by email spam folder and saw a blackmail attempt with one of my passwords (now changed) as the subject line. So the criminal had the email address and a password. Scary.
https://haveibeenpwned.com/
Like you say scary to see your email / passwords laid bare, however better to know and take appropriate action.
I also use 2 factor authorisation.
Mr Pointy said:
s2kjock said:
I see reference to 2 factor authentication for LastPass, but is this only available if you have the paid for version? I can't seem to see how you would access it otherwise.
Yes, it's only available in the paid-for versions. I use a Yubikey.ETA; Their website says fingerprint authentication is a paid for feature but I use it on my phone. I did pay for Lastpass many years ago so I guess it could be a hangover from that.
https://www.lastpass.com/pricing
Edited by Fore Left on Sunday 31st May 19:00
Mr Pointy said:
s2kjock said:
I see reference to 2 factor authentication for LastPass, but is this only available if you have the paid for version? I can't seem to see how you would access it otherwise.
Yes, it's only available in the paid-for versions. I use a Yubikey.A word of caution to anyone using a password manager is the fact that if the developer stops updating it, then the app may stop working, and I say this from my own experience when I moved from my old and trusty iPhone 3GS to a SE with the latest OS installed on it. At that point I realised the app wouldn't run on the SE. In my case I was lucky in that the 3GS still worked so I was still able to retrieve the passwords, but I do feel sorry for users that updated the OS on their newer iPhones and then realised they couldn't access their passwords!
So backup your passwords onto a different computer, or print them off on a regular basis just in case the worst happens.
So backup your passwords onto a different computer, or print them off on a regular basis just in case the worst happens.
jesusbuiltmycar said:
Mr Pointy said:
s2kjock said:
I see reference to 2 factor authentication for LastPass, but is this only available if you have the paid for version? I can't seem to see how you would access it otherwise.
Yes, it's only available in the paid-for versions. I use a Yubikey.Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff