Topic: Internet security / Password Managers? (Read 3200 times)

Martin (Admin) · « **on:** December 04, 2018, 10:53:30 pm »

Anyone have any personal Password Manager experience?

Recommendations?

NB: How many passwords do you have?
...... My password count is now 200+

Tombsy · « **Reply #1 on:** December 05, 2018, 01:28:16 am »

I’ve been using LastPass for years now, I used to have an address book that was just about full. I like LastPass because they are backed up with their servers and I can access them on all my devices, laptop, IPad, and phone. It allows you to use long secure passwords and will auto fill them for each site.

barriew · « **Reply #2 on:** December 05, 2018, 07:03:33 am »

BT give you True Key which is OK. When I first used it you could remain logged in when you shut down the PC. An upgrade seems to have removed that feature. Not a problem if you leave the PC on all day, but a pain if its on and off several times - assuming you have a strong master password.

Barrie

derekwarner · « **Reply #3 on:** December 05, 2018, 07:56:29 am »

Martin......

My Norton PC security software offers a low level of password recognition which I use....however their higher level of password management requires files to be transferred into the Cloud.......

Please correct me if I am wrong, however I understood that the Cloud is only a facility for storage?......[which is just a repository for others to pilfer] ....and so decline

the kind Norton offer of this facility

I have [5] passwords.......full strength.....if you have [200]......you are a chronic potential for ERROR ......

How would decide what to have on your breakfast toast each morning?

Derek

grendel · « **Reply #4 on:** December 05, 2018, 08:14:41 am »

I would have issues trusting my passwords to the cloud, purely because once on the cloud you could have a situation much like the recent photobucket fiasco, and your data could be held to ransom. plus you are also then trusting a third party with the security of your data.

tigertiger · « **Reply #5 on:** December 05, 2018, 10:50:50 am »

After people lost data, when a cloud company was shut down by Federal Government, I could see that they are not secure. The company was shut down, with almost no notice, because it was found out that people were using it store pirated video etc. When people complained that they had lost valuable data (business esp.) the somewhat glib answer they received was along the lines of, 'You should have done a back up'. Ironic really when one of the main uses of cloud storage being promoted was to do backups.
My more important passwords are over twenty characters long have upper and lower case letters, numbers and special characters, but easy to remember, like book titles. e.g. MobyDickHermanMelville1851! Just remember which book it was from your collection.

If we are constantly being told not to trust 3rd parties, then why should I trust third parties who tell me I need password managers.

grendel · « **Reply #6 on:** December 05, 2018, 12:38:38 pm »

if I was someone who wanted to collect peoples passwords, the easiest way would be to set up a password manager site (or one that people could go to to check the strength of their password).
As you say TT, we are constantly being told to be aware of third parties, whilst being offered a 'secure' backup location by other third parties.
in the same way as we are told that amazons Alexa, doesnt listen unless you say the word, but then get targeted by adverts about things you had just been talking about.

Colin Bishop · « **Reply #7 on:** December 05, 2018, 01:18:12 pm »

I have quite a lot of passwords but they divide into two types. There are the important ones such as online banking, utility companies and other financially related ones and then there are the inconsequential ones that you end up with because you need to register to use/buy the service such as internet forums.catchup TV services etc. If somebody hacks my Mayhem password it won't do them any good. Also, some organisations insist on certain formats for their passwords such as mixing upper and lower case.

I have used the Free KeePass application for quite a while now. The file is encrypted and stored on my PC and two family laptops plus on my local backup media. My Wife and daughters know the master password in case I fall under the proverbial bus.

I'm not keen on just using a limited number of powerful passwords as if one of those was to be intercepted, by a key logger for example, then it would expose a lot of my data and information.
Agree with others that cloud based applications can't be trusted ultimately. Even if they are secure the host might shut down without warning.

Colin

justboatonic · « **Reply #8 on:** December 05, 2018, 01:37:17 pm »

Problem with these things is, you must never forget the master password else you're goosed.

Thing to remember is, hacking is now more than a pastime for a couple of computer geeks and nerds. It is big business with elaborate programs set up to farm these details.

After a lifetime working in IT, my view is simple. Do not put anything on the net that you do not want others to see or, that could end up embarrassing you. Do not permit web sites to retain your card details if given the option, you are putting these details under the merchant's security protocols, that's if they have any!

Other than that, my general outlook is I wouldn't use a password manager to store my passwords for my banking websites. My banks use a pass token for security.
For financial sites, follow your bank's advice, never ever use a link sent to you in an email, don't do any transaction over free wifi. For websites and forums such as this, I don't bother with particularly strong passwords. It's just not worth the bother.

Colin Bishop · « **Reply #9 on:** December 05, 2018, 01:59:33 pm »

I believe banks will be tightening up their security next year similar to HMRC. When you log on to their website with your details they text you a security code which you have to enter before you can go any further.

Of course, if you don't have a mobile you are stuffed - they are scratching their heads about that I think.

Colin

Mark T · « **Reply #10 on:** December 05, 2018, 06:17:58 pm »

We switched to Apple many years ago and this issue has pretty much been solved for us because of just that. It runs a system called keychain which links together all of your Apple products. Passwords are suggested to you when opening new accounts and they are a mixture of numbers and letters which you could never remember. I have a different password for every website that I have ever used and my devices remember them. Although I do have a master password I never have to use it because I gain access to every website through either my finger print or facial recognition. The passwords are easy to see on any of our devices too should we need to know them. A simple but what seems to be a very secure system as you can also activate two stage password recognition which means that you need two of your devices with you to gain access. So for example if I want to access MBM from my MacBook, if I activated two stage password my iPhone would receive a text with a security code that I would have to enter as well. So far we’ve not had any issues with this system at all

derekwarner · « **Reply #11 on:** December 05, 2018, 10:05:43 pm »

This week.......[500 million guests data hacked from the Marriott Hotel Group database from the Cloud

]........

[some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (‘SPG’) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences]

https://www.vox.com/the-goods/2018/11/30/18119770/marriott-hotels-starwood-hack

Peter Fitness · « **Reply #12 on:** December 05, 2018, 11:24:32 pm »

Quote from: Colin Bishop on December 05, 2018, 01:59:33 pm

I believe banks will be tightening up their security next year similar to HMRC. When you log on to their website with your details they text you a security code which you have to enter before you can go any further.

Colin

My bank here in Australia does that now, as do some Government websites. Fortunately I do have a mobile

Peter.

Martin (Admin) · « **Reply #13 on:** December 06, 2018, 02:00:34 am »

Yep, mine too, UK

grendel · « **Reply #14 on:** December 06, 2018, 05:15:14 am »

our company set it up so that password reset was verified by mobile, then sent out a message saying it was mandatory for everyone to set this up - a quick email informed them that not every employee had a company mobile, and maybe some did not have a personal mobile either - red faces ensued, and about a week later they had amended it to be able to be done via desk phone too.

jaymac · « **Reply #15 on:** December 06, 2018, 05:32:36 am »

Quote from: justboatonic on December 05, 2018, 01:37:17 pm

After a lifetime working in IT, my view is simple. Do not put anything on the net that you do not want others to see or, that could end up embarrassing you.as this, I don't bother with particularly strong passwords. It's just not worth the bother.

That is similar to the advice we got in the 50's in the army ''Don't keep anything in your locker you would not like us to send your Mum''

Plastic - RIP · « **Reply #16 on:** December 06, 2018, 06:58:14 am »

I cannot understand why anyone uses the cloud - you are literally handing over all your personal data, documents, pictures to an unknown person and you don't even know where the server is in the world and what legal and security step are in place to protect or fleece you.
Your data could be sitting in a broom cupboard in Mongolia on a 15-year old computer with no maintenance and running Win XP owned by a criminal.

grendel · « **Reply #17 on:** December 06, 2018, 08:31:50 am »

this is why I cannot understand my companies insistence to use the cloud as a base for our data, we are also tied to microsoft office 365, and when we have an internet outage we cannot access company data or even use local documents as we cannot verify our identity to open the documents or access the company intranet, even if we can get to the servers. several times I have asked our IT what procedures we have in place to access data if the internet goes down (which it has several times already this year) the answer was we will do our best to get the internet back up!

Colin Bishop · « **Reply #18 on:** December 06, 2018, 10:13:34 am »

And just to rub our vulnerability in, 02 has lost data services over its network this morning....https://www.bbc.co.uk/news/business-46464730Colin

Brian60 · « **Reply #19 on:** December 06, 2018, 11:09:27 am »

Does anyone use the master password that is offered by Firefox/Google?
HSBC has a rather nifty offering that its bank users must use. Log in with a secure number and password, this generates a random number that has to be input to a tiny keypad that has been issued to each account holder. This gives a second number to be typed back into the login screen of the bank, obviously this number must tally with the first random number or you can't access the account. Just guessing a number doesn't work as they can be any combination of digits from 4 to 7, giving billions of combinations.

justboatonic · « **Reply #20 on:** December 06, 2018, 02:03:02 pm »

Quote from: Colin Bishop on December 05, 2018, 01:59:33 pm

I believe banks will be tightening up their security next year similar to HMRC. When you log on to their website with your details they text you a security code which you have to enter before you can go any further.

Of course, if you don't have a mobile you are stuffed - they are scratching their heads about that I think.

Colin

Many bank currently use One Time Passcodes (OTP) already and its being rolled out by others. When paying money to other people's accounts, they are also introducing tier 3 level authentication. This is where you enter the recipient bank sort and account codes plus the exact name of the recipient account.

News:

Author Topic: Internet security / Password Managers? (Read 3200 times)