Password Managers - school me please.

Discussion in 'General Software' started by vladtepes, Jul 13, 2018.

  1. vladtepes

    vladtepes Member

    Joined:
    Sep 30, 2015
    Messages:
    1,535
    Location:
    Brisbane, Qld
    So... how good are these things I hear so much about?

    Do they in fact improve security? OR are they best avoided?

    Can they interface with a wide range of things?
    eg numerous forums, wordpress logins, share registries etc etc ?
    (That is to say, how PRACTICAL are they in the real world).

    If worth using - recommendations for the best ones?

    Answers to this, and any related discussion on the topic, welcomed.

    Cheers and thanks in advance
     
  2. waltermitty

    waltermitty Member

    Joined:
    Feb 19, 2016
    Messages:
    603
    Location:
    BRISBANE
    Use Bitwarden
     
    vladtepes likes this.
  3. Hive

    Hive Member

    Joined:
    Jul 8, 2010
    Messages:
    4,855
    Location:
    ( ͡° ͜ʖ ͡°)
    Keep them in your head.
     
    vladtepes likes this.
  4. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    5,523
    Location:
    Briz Vegas
    use the same password for everything and write it on a post-IT and stick it somewhere obvious so you can't forget.

    Serious - do not allow browser to cache passwords EVAR! Make sure whatever you use is encrypted, and use 2FA whenever possible.
     
    Last edited: Jul 13, 2018
    vladtepes likes this.
  5. OP
    OP
    vladtepes

    vladtepes Member

    Joined:
    Sep 30, 2015
    Messages:
    1,535
    Location:
    Brisbane, Qld
    It's funny you should say that.

    Having horribly complex passwords, different for each place, means that people WILL forget them. This makes it more likely they'll write it down.,
    Having the password written down at home isn't really a big issue for most people. Its 99.9% more likely that a password will be compromised either by force or social engineering, than it is for someone to break into your house..

    On the other hand in a secure work environment it's crucial NOT to have a written record of a password, as there is an insider risk. i.e a co-worker could log in using your credentials and then everything dodgy they do gets tracked back to you, not them.

    I've done numerous after hours checks where I've found password written under computer keyboards. People can be idiots
     
  6. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    5,523
    Location:
    Briz Vegas
    A fraud case I investigated in my banking days where the customer lost, was a case where son's gf got on dad's laptop and transfered 10K into her account which she then spent, saved passwords in browser no 2FA. The bank said not a fraudulent transfer and police and courts agreed. Food for thought.

    Like putting a car alarm and steering lock on your car, they only deter the amateurs, likewise 2FA can be compromised but requires more effort then other low hanging fruit, implement it as much as possible, then use same password all you want just don't lose ya phone. Personally I just use SMS 2FA because people lose phones and RSA tokens and its a pain in the ass to replace/unlock.
     
    Last edited: Jul 13, 2018
  7. DiGiTaL MoNkEY

    DiGiTaL MoNkEY Inverted Monkey

    Joined:
    Jun 28, 2005
    Messages:
    26,891
    Location:
    Melbourne, Victoria
    I tend to use KeePass https://keepass.info/ while its not a seamless as 1password or lastpass services that are cloud based to some extent. Some people use Keepass and save the encrypted database into the cloud so they can access it seamlessly on other devices, but i'm not one of them.

    I made the move a while ago, where i found i was using common passwords for random sites that i needed to make accounts for, and lost track of which sites i had registered to over the years. Once i collated all the websites i had accounts on (nearly 100 at the time), i logged into each account that had one of my common passwords and changed it to some randomly generated one from keypass, or even deleted my accounts from the website...the less websites that know my password and email the better :)

    After doing this i had a better understanding which sites i had access to, which emails i registered them with (notes section), and what passwords i was using.

    I have a few key passwords that i always remember, and then randomly generated passwords for sites i rarely have to login to. So worst case, if one of those sites gets owned, which happens even to the best of websites, i dont' have to rush around like a crazy man changing all my passwords that are similar. I just change that one for that website.

    How practical it all is for me...well..i feel a lot more organized and i at least know what sites i have access to at any given time. Then again, i've never been one to have my browser remember my passwords in the first place.
     
  8. OP
    OP
    vladtepes

    vladtepes Member

    Joined:
    Sep 30, 2015
    Messages:
    1,535
    Location:
    Brisbane, Qld
    I've just checked out some internet reviews on this, and while not everyone believes it's the best option, many reviews do suggest it is an excellent one.
    Seems they have Windows and Linux (and Apple) desktop compatibility too so that's good for me.

    This comparison leads me to think bitwarden might be best for me.
    https://www.slant.co/versus/2824/19421/~keepass_vs_bitwarden

    I couldn't use the USB key file functionality offered by keepass on my work computer etr as USB is disabled. So I'd be using a single password in any event.

    Walter are yo able to confirm that bitwarden does NOT require a file to be installed on the computers used? (because I also can't do that at work).

    Ta
     
    Last edited: Jul 13, 2018
  9. GumbyNoTalent

    GumbyNoTalent Member

    Joined:
    Jan 8, 2003
    Messages:
    5,523
    Location:
    Briz Vegas
    https://www.passwordstore.org/
     
  10. waltermitty

    waltermitty Member

    Joined:
    Feb 19, 2016
    Messages:
    603
    Location:
    BRISBANE
    Works fine in a browser
     
    vladtepes likes this.
  11. MR CHILLED

    MR CHILLED D'oh!

    Joined:
    Jan 2, 2002
    Messages:
    131,614
    Location:
    Omicron Persei 8
    Far far too many to do that.

    I use KeePass and PasswordSafe.
     
  12. OP
    OP
    vladtepes

    vladtepes Member

    Joined:
    Sep 30, 2015
    Messages:
    1,535
    Location:
    Brisbane, Qld
    AND ? why use two?
     
  13. sTeeLzor

    sTeeLzor Member

    Joined:
    Dec 12, 2005
    Messages:
    1,624
    Used LastPass forever. I use a common password for sites I just dont give a fuck about people getting access to like my OCAU account to make it simpler for me to access if for whatever reason I cant use lastpass :p The rest are generated by lastpass and where possible 2FA is on. Aka Google, NAB, Facebook, Steam, Origin. That's about it I think.
     
  14. MR CHILLED

    MR CHILLED D'oh!

    Joined:
    Jan 2, 2002
    Messages:
    131,614
    Location:
    Omicron Persei 8
    KeePass at work because it's an approved app and PasswordSafe at home and on the mobile because I've used it for many years and love it's simplicity.
     
    vladtepes likes this.
  15. Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    6,084
    Location:
    Brisbane
    Another vote for LastPass, seamless and liked to my YubiKey for 2Fa.

    Seamless across browsers\pcs and phones
     
  16. iMomOx3

    iMomOx3 Member

    Joined:
    Dec 13, 2008
    Messages:
    859
    I currently use SafeinCloud but looking at Bitwarden makes me want to consider a move.
     
  17. MR CHILLED

    MR CHILLED D'oh!

    Joined:
    Jan 2, 2002
    Messages:
    131,614
    Location:
    Omicron Persei 8
    Via what? Cloud?

    PasswordSafe and KeePass are seemless across devices if you carry across the password file.
     
  18. th3_hawk

    th3_hawk Member

    Joined:
    Jun 4, 2005
    Messages:
    1,578
    Location:
    [VIC] Eastern Suburbs
    I've been using 1Password forever, started on a Mac and while their Windows version always appeared to be the poor cousin, it now appears to be in line with the Mac version (which is nice since I spend most of my time in Windows these days). It nicely syncs everything behind the scenes too so all my computers and phones are always in sync.

    It's integration into the browser is very nice, although does require an install which is a downside for work, although the web interface emulates the app pretty well and while you have to copy/paste the passwords it's all very easily accessible.

    While I still have lots of passwords that are very simple (and old) everything new is generated and saved by the app and 2FA is turned on where possible.

    Another nice touch is 1Password will run a report on your passwords to let you know if any services have been involved in a data breach and you should change your password as well as more standard reports on weak and duplicate passwords. Mind you, what you do with this information is another question. I know I have lots of weak and duplicate passwords from the olden days for services I used once in 2011 which I'm never going back to fix (if they even still exist) but it's amazing how many times I've got to a site I forgot I ever went to in the past and 1Password just lets me log into an old account! (I do try and change those passwords to something more secure when I touch them).
     
  19. Gunna

    Gunna Member

    Joined:
    Dec 25, 2001
    Messages:
    6,084
    Location:
    Brisbane

    Yup, download the plug in\app, sign in using master password and it downloads the encrypted file and decrypts it on your device.
     
  20. MR CHILLED

    MR CHILLED D'oh!

    Joined:
    Jan 2, 2002
    Messages:
    131,614
    Location:
    Omicron Persei 8
    Ok, I don't mind this.....I'll give it a go :thumbup:
     

Share This Page