Does anyone want to talk about password management? I was using KeePass installed on Dropbox, but like a dummy I forgot my main password and there is no recovery system. Regardless, KeePass wasn't perfect for me. Tell me how you manage your passwords.
― a giant and leaky bag of mayhem (Jesse), Tuesday, 12 April 2011 15:56 (thirteen years ago) link
I tried using pw managing software but always find something wrong with them, ie. not intuitive enough, just not functioning how I would like it to function. So my password's are pretty much all over the place. I don't use the same one often, have lots of varieties and somehow seem to remember nearly all of them too. But if right now, say, Firefox erases all my password's I'm pretty sure it will take some time before I'm on here again.
― Future Debts Collector (Le Bateau Ivre), Tuesday, 12 April 2011 16:01 (thirteen years ago) link
password's
― Future Debts Collector (Le Bateau Ivre), Tuesday, 12 April 2011 16:02 (thirteen years ago) link
Have started using 1Password at this end and have so far been reasonably happy with it. Like any such thing there are a few nag moments and getting everything in place is a chore at first, but seems to generally work fine, and it has a place to store your software licenses too (which has saved me a few times). And yeah, it allows you to sync via Dropbox.
― Sean Carruthers, Tuesday, 12 April 2011 16:03 (thirteen years ago) link
I have an idea that for a password project that I've sort of started working on. I made three Word documents. One lists websites, numbered 1 through whatever, another will list the user names, and another will list a description of the password (the second two have numbers that correlate to the first one).
― a giant and leaky bag of mayhem (Jesse), Tuesday, 12 April 2011 16:25 (thirteen years ago) link
I have about 5 different passwords, plus multiple variations on these passwords involving numbers and symbols. I somehow manage to remember all of this.
― peter in montreal, Tuesday, 12 April 2011 17:05 (thirteen years ago) link
LastPass is working pretty nicely. I finally got serious about password management yesterday. It was worrying me that my passwords were super weak (whole words or an alphanumeric combos that I've been using since about 2004).
The Chrome extension is way better than the Firefox one, unfortunately.
― o_O the humanity (Jesse), Monday, 27 June 2011 15:45 (twelve years ago) link
Also, I made a base password that I customize for each website using parts of the site name, the parts being altered, of course. It makes for a strong password that is still really easy to remember.
― o_O the humanity (Jesse), Monday, 27 June 2011 15:47 (twelve years ago) link
i bought 1password and i really like it ....except that in Lion the safari extension is no longer native and I have some security concerns about the new one
― laughing stalk (diamonddave85), Monday, 27 June 2011 15:58 (twelve years ago) link
so i guess i mean i really LIKED it and now i'm kinda whatevs
― laughing stalk (diamonddave85), Monday, 27 June 2011 15:59 (twelve years ago) link
ICYMI: forget everything
The NIST is currently overhauling these guidelines and they've just been finalized. One revised recommendation is that IT departments should only force a password change when there's been some kind of security breach. Otherwise the changes we make are often incremental; when forced to switch out our passwords every 90 days, people tend to just swap out one character. That makes the bulk of passwords incredibly ineffective; this practice actually harms security rather than helping it.
Another recommendation is to favor long phrases, rather than short passwords with special characters. There should no longer be a requirement to have a certain mix of special characters, upper case letters and numbers for a password. It turns out that adding in these artificial password restrictions actually produced less secure passwords.
https://www.engadget.com/2017/08/08/nist-new-password-guidelines/
― ice cream social justice (Dr Morbius), Wednesday, 16 August 2017 19:07 (six years ago) link
what password manager is most indicated these days?
― mookieproof, Saturday, 28 September 2019 04:57 (four years ago) link
I like Bitwarden.
― mick signals, Wednesday, 2 October 2019 19:18 (four years ago) link
https://support.lastpass.com/help/incident-2-additional-details-of-the-attack
😬
― Tracer Hand, Thursday, 2 March 2023 14:12 (one year ago) link
https://devclass.com/2023/02/28/securing-the-developer-lastpass-breach-highlights-risks-of-devops-itself/?td=rt-3a
― Tracer Hand, Thursday, 2 March 2023 14:13 (one year ago) link
I used to use LastPass, but Apple made some sort of change to Mac OSX a while ago that made it virtually unusable. I switched to 1Password, which works well but is sometimes slow as balls.
― immodesty blaise (jimbeaux), Thursday, 2 March 2023 14:14 (one year ago) link
*generally works well
Them's the breaks. KeePass.
― maf you one two (maffew12), Thursday, 2 March 2023 14:17 (one year ago) link
i've been a loyal 1password user for awhile, even once they started charging a subscription, because it does work well, but i'm fully invested in the Apple ecosystem and their password management feels good enough at this point that i could probably just use that? i have sliiiightly more confidence in Apple's security than 1P's as well. anybody else in this boat? the only thing I'd miss is the nice feature in 1Password where you can have a shared set of logins that other people in your family can use
― Tracer Hand, Thursday, 2 March 2023 14:22 (one year ago) link
is it wrong to assume 1Password is just as vulnerable as LastPass?
― maf you one two (maffew12), Thursday, 2 March 2023 14:23 (one year ago) link
I don't know enough about it but it does feel a little eek when you see stuff like this
― Tracer Hand, Thursday, 2 March 2023 14:25 (one year ago) link
I use bitwarden. Actually I use bitwarden and also let chrome save most of my passwords for autofilling - so I don't know how good bitwarden is at that side of things. But yes, very worrying having a single point of failure. I mean I should write down my master password somewhere, if only for my wife if I get hit by a bus, but that seems like a bit of a security gap - maybe I won't write SEKRET PASSWDS HERE on the cover.
― ledge, Thursday, 2 March 2023 14:26 (one year ago) link
xp What i've read about lastpass's practices is quite eek yah
― maf you one two (maffew12), Thursday, 2 March 2023 14:29 (one year ago) link
but that seems like a bit of a security gap
why?
― budo jeru, Thursday, 2 March 2023 14:34 (one year ago) link
i mean you're not meant to write down passwords, let alone your one password to rule them all.
― ledge, Thursday, 2 March 2023 14:44 (one year ago) link
you can write it down and still keep it secure. buy an a4 safe from rymans or somewhere, lock it in a drawer.
― koogs, Thursday, 2 March 2023 14:59 (one year ago) link
if a hacker gets physical access to your house then your problems are probably bigger than this thread can address
― Tracer Hand, Thursday, 2 March 2023 15:01 (one year ago) link
well i was more thinking of a non hacker getting physical access to my house - i've been broken into before and seen a locksmith open our front door, it's not difficult - and chancing upon the keys to my digital life.
― ledge, Thursday, 2 March 2023 15:05 (one year ago) link
I'm wondering how often I should change my One Password. I haven't in a couple years.
― immodesty blaise (jimbeaux), Thursday, 2 March 2023 15:07 (one year ago) link
never. ride or die
― Tracer Hand, Thursday, 2 March 2023 16:01 (one year ago) link
everyone should write down their master password and never change it unless they have very good reason to
― chihuahuau, Thursday, 2 March 2023 19:16 (one year ago) link
yes but have some finesse about it. For instance write a short story in which the passphrase begins at the word count coinciding with your birth year, and the number of words matching your birth month.
― maf you one two (maffew12), Thursday, 2 March 2023 19:48 (one year ago) link
just spitballing
honestly most people would be best served with a paper password notebook that at least isn't super duper obvious if anyone does burglarize you (like not laid next to the computer titled "passwords!")
― maf you one two (maffew12), Thursday, 2 March 2023 19:49 (one year ago) link
Passwords should be jumbled up ILX memes only
― waiting for a czar to fall (Neanderthal), Thursday, 2 March 2023 20:50 (one year ago) link
― maf you one two (maffew12), Thursday, March 2, 2023 7:48 PM bookmarkflaglink
nah, that defeats the purpose of writing it down, then you wouldn't remember neither the password nor the silly riddle you made up
― chihuahuau, Thursday, 2 March 2023 21:49 (one year ago) link
i just want a professional code cracker on the case when i bite it(i don't think people need to be bequeathing master passwords... the bank and whatever else important will deal with the family)
― maf you one two (maffew12), Thursday, 2 March 2023 22:02 (one year ago) link
yeah but who’s going to delete my ilx account eh
― Tracer Hand, Thursday, 2 March 2023 22:22 (one year ago) link
i have to have a written "data security plan" as a professional licensing requirement.
i have pieces of paper with passwords on them stored in a different place than "next to my computer"i recently compiled the passwords written on multiple scraps of paper onto two pieces of paper that are stored in a secure place
i think my written data security plan is supposed to be more formal ... also, I don't think making a post about it to me ilxor chums would count to the regulatory authority idk
― sarahell, Friday, 3 March 2023 06:10 (one year ago) link
also: i don't have touch ID enabled on any of my devices in case a thief steals my stuff and cuts off my finger like in way too many movies/tv episodes
― sarahell, Friday, 3 March 2023 06:12 (one year ago) link