Needs Pictures: 0
Picture(s) thanks: 0
Results 1 to 15 of 29
-
9th September 2021, 08:42 PM #1
Password managers – yeah, nah, what?
There is much talk and recommendation of using a pwm, but how safe are they exactly?
If I don't know my own passwords, how can I change them?
Does the pwm change them regularly?
What about my Windows login pw - it's the start of everything...but one has to login first before the pwm becomes active, presumably (i.e before the first chicken is born there has to be an egg...from a chicken).
Seems to me it's a grey area that needs some conversation, particularly with the proliferation of scummy covid scammers around.
-
9th September 2021 08:42 PM # ADSGoogle Adsense Advertisement
- Join Date
- Always
- Location
- Advertising world
- Posts
- Many
-
9th September 2021, 09:54 PM #2GOLD MEMBER
- Join Date
- Nov 2018
- Location
- Newcastle
- Posts
- 1,016
I use dashlane. You do need to set a robust password to get into it, or as you note, it's a potential risk.
I was sceptical at first, but I reckon my online life is considerably safer now. As I'm on a Macbook most of the time, my fingerprint authorises dashlane to fill in each website's password.
They claim not to be able to access your data, and if you forget the master password, there's no way for them (or you) to recover the data.
It does have an app to update passwords, but I tend to do it manually. And with passwords like e!E6d9OCTQuccGv@U&, anything less than a quantum computer is going to take many months to brute force it.
I pay for their premium/family subscription, so my passwords sync across all my devices, and I can share with family members who use it as well.
Of course criminals would much rather you click on that dodgy link, and save them all the trouble of messing with passwords.
Like discouraging the burglars, you really just want your house to look harder to get into than next door to avert most of the trouble
-
10th September 2021, 09:37 AM #3
FF, just to make sure you understand the basics...
Imagine you have a simple text file, and on each line you have a username, password and website name. This way, when you want to go to a web site, or anything else that requires a password, instead of remembering it, you can just look it up in your text file. Now you can use a very complicated password, and never need to use the same password twice, as you don't need to remember anything.
That is essentially all a password manager is. The key difference is that your list of usernames and passwords is encrypted, and you need to provide a master password to open the file, so that others can't read your password list.
-
10th September 2021, 09:40 AM #4Senior Member
- Join Date
- Aug 2014
- Location
- Geelong, Victoria
- Posts
- 284
I use 1Password and like Bernmc feel that overall I am better off. I am amazed at how many passwords it has captured and I use it every now and then to audit and close accounts I don't need.
It has a password generator that allows you to choose the method - random, memorable, length, numbers, symbols etc. It also has a feature that highlights reused passwords and passwords that have been exposed in known hacks - that is where your user name and password were known to have been included in the data breach.
My wife does not agree and uses her own system of encrypted hand written notes - like 'sister pet mum' where the password is her sister's cat's name and mum's birth year. She is regularly failing to decode her own codes and has to reset the password.
-
10th September 2021, 10:02 AM #5
Thanks Lance. A couple of things come out of that (and your summary is more or less what I thought):
1. All my passwords would have to be reset, and that is QUITE a process that will involve dozens of emails (and I won't be able to remember all the places that have passwords...it's probably in Windows or Firefox or Chrome somewhere).
2. Not withstanding Bern's comment about several months of brute force to crack an 18 character pw..... that one pw opens the key to EVERYTHING, so if my computer was on (as it always is except overnight....coz I'm always bloody here, atm) then someone could get into ANY site, including my Microsoft accounts and so on.
3. My banking pw cannot be remembered on the site (just doesn't work) so presumably the pwm is useless for that. AFAIK this pw is only able to be 6 characters which seems incredibly weak, but perhaps I need to talk to them about that.
The part I don't understand is how the pwm can regularly change the pw on all these sites – if I want to do it manually I have to click a box, answer an email, often get a code sent to my phone etc etc. How does the pwm get around that?
-
10th September 2021, 10:16 AM #6
I tried a few but I've relied on the same one for almost 20 years now and always use a different password for every user registration. I use Password Safe. The biggest problem I've found over the years as my number of sites and passwords continued to increase was coming up with a filing hierarchy that was simple to navigate.
For a while I followed a theory that you don't actually need to remember every password for a lot of sites that you visit infrequently, just opt for a password reset each time you return visit, but that assumes the email address you used for registration is still valid.
Firefox now offers Relay which will generate a new email alias on the fly for sites wanting email ids for registration so you can now have separate emails as well as passwords for every site.Franklin
-
10th September 2021, 10:27 AM #7
Password managers are just places to keep track of passwords, they won't automatically update site access credentials for you, that is and should be something that you do intentionally. If you never use the same password across multiple sites I can't see any reason to go about changing them without a legitimate reason like the site was hacked.
Franklin
-
10th September 2021, 11:32 AM #8GOLD MEMBER
- Join Date
- Nov 2018
- Location
- Newcastle
- Posts
- 1,016
bottom line -
Screen Shot 2021-09-10 at 10.30.55.png
Still in development, and can only do certain sites
-
10th September 2021, 01:23 PM #9SENIOR MEMBER
- Join Date
- Feb 2016
- Location
- Perth WA Australia
- Posts
- 829
I use KeePass, it's free and does everything I need it for. As someone who has to remember over 100 different passwords, it's essential. It's secure and significantly better than having a spreadsheet or bit of paper.
Like anything you need to maintain it to be effective, and you kinda commit once you choose a particular application as transferring details is quite cumbersome.
-
10th September 2021, 01:53 PM #10Novice
- Join Date
- Aug 2021
- Location
- Mornington Peninsula Australia
- Age
- 64
- Posts
- 15
KeePass for me too. I use it simply, it seems you could do a lot with it but you would need to understand some convoluted program language to do so. I even use it to keep serial, purchase and receipts for equipment in it too. You can have attachments within each password entry.
-
10th September 2021, 02:48 PM #11
I have used lastpass for years but have moved to bitwarden recently as they p'd me off.
bitwarden is free.
You don't need to reset any passwords. As you visit each site you log in as normal and the manager should ask you if you want to add that login to your database.
The biggest security issue with them is if the company is fraudulent and can access your passwords, so you need to go with a reputable provider.
Some charge some are free for private use. Some prices are more reasonable than others.
I learned about them years ago in a casual remark from one of the people at my credit union. I have been very happy with the move.
Many browsers will do it for you (opera) on your own computer. The advantage with a manager is your passwords are synced across devices.
2cI'm just a startled bunny in the headlights of life. L.J. Young.
We live in a free country. We have freedom of choice. You can choose to agree with me, or you can choose to be wrong.
Wait! No one told you your government was a sitcom?
-
10th September 2021, 03:59 PM #12
You don't need to reset your passwords, or even know of all the passwords you have. Just pick a day, and start using the password manager. Every time you have to come up with a new password, just stick it into your PWM. Over time it will grow and encompass most of them.
Most password managers suggest a passphrase as the master password. That said, a 12 character password is going to take a lot of computing power a long time to crack. Unless you house state secrets, you simply aren't going to be the target of that sort of attack.
No, you can still store your password, and just copy and paste across to the bank's website. And if, like some dodgy sites they won't allow you to paste, just view the password and type it in yourself. Remember, at the most basic level, all PWMs are simply a secure place you can record passwords so you don't have to remember them.
That is a feature, which I would suggest most users of PWMs, myself included, never use.
-
10th September 2021, 04:53 PM #13Taking a break
- Join Date
- Aug 2008
- Location
- Melbourne
- Age
- 34
- Posts
- 6,127
I just use the one built in to Chrome; it syncs with my phone via my Google account and it also checks to see if passwords have potentially been compromised or leaked and prompts you to change them
-
10th September 2021, 06:42 PM #14
-
10th September 2021, 11:38 PM #15
Call me a sceptic, but if I was going to provide a dodgy pwm, I'd definitely put a mildly painful price on it (say 10-15 bucks a year) to give it the appearance of legitimacy. A small earner on the side, if nothing else gained.
I'm sure we all know of the Anti-Virus/Malware provider that was accused of sending out the virus in the first place so they could say "Look how good we are at killing that nasty virus" when o'course it wasn't nasty at all, and was super easy for them to kill...
Similar Threads
-
Guaranteed to offend bank managers....
By MBM888 in forum WOODIES JOKESReplies: 0Last Post: 12th November 2012, 12:24 AM -
yeah yeah yeah!!
By Shedhand in forum SAFETYReplies: 4Last Post: 4th October 2012, 10:40 AM -
Oh Yeah
By Barry_White in forum WOODIES JOKESReplies: 4Last Post: 7th June 2007, 06:27 PM -
united pest managers message board
By bugsy in forum Links to: WEB SITESReplies: 1Last Post: 9th February 2006, 03:12 PM -
Managers
By Gino in forum WOODIES JOKESReplies: 0Last Post: 14th January 2001, 07:05 PM