Do you use a password manager?
That is a generic screenshot of 1Password. Fear not, it's not my data. :)
It seems like there's a new security breach at a different website every day. Besides being an inconvenience at best and a nightmare at worst, a particularly troubling is that all these leaked passwords floating around have given hackers better strategies for cracking passwords: lifehacker.com/5937303/your-clever-password-tricks...
Everyone I talk to seems to have a different strategy for creating and remembering passwords. Some use a rotating assortment of 3 or 4, some combine birthdays and pets names, or even create a tabula recta (I actually don't know anyone who does this, but it's a neat idea): lifehacker.com/5715794/how-to-write-down-and-encry...
Of course, there's also the XKCD password generator if you're feeling especially geeky: preshing.com/20110811/xkcd-password-generator/
If you're really smart though, you'll be using a password manager. There are a number to choose from -- some of the more prominent ones are 1Password, LastPass, KeePass, and more.
Do you currently use a password manager? I've been using 1Password for around 3 years now and I haven't looked back. Initially, it was a bit of a chore to setup and took some time to get used to the idea of not really being in control of my passwords. That said, it's been a handy tool when companies like Sony, Adobe, or LinkedIn have a security lapse and entire databases start floating around.
> Last year, Ars Technica gave three experts a 16,000-entry encrypted password file, and asked them to break as many as possible. The winner got 90% of them, the loser 62%...
> A typical password consists of a root plus an appendage. The root isn't necessarily a dictionary word, but it's usually something pronounceable. An appendage is either a suffix (90% of the time) or a prefix (10% of the time).
> This is why the oft-cited XKCD scheme for generating passwords -- string together individual words like "correcthorsebatterystaple" -- is no longer good advice. The password crackers are on to this trick.
So I really do not bother with many long passwords in different places, i stick to my one password and has been working fine so far .. hope yours stays safe too ..
what's a good app that i can access both from my android phone and from my windows laptop (soon chromebook) that's cheap and can accomplish the same thing?
my excel spreadsheet works just fine, but i wanna be a bit more modern :p
1) all my files are local. No "will they hack the other server" bs. If my files get out there, that's my own fault then.
2) My files are encrypted with a combination key file and password. I only keep the key file on one piece of hardware. So it's unlikely that someone will get the key file and my password and my password database all together.
downside: I'm now primarily a linux user and it seems like it was entirely designed around windows use. I have to use a mac at work, and support is even worse there. (at least, far as I can tell)
Thats scary. What happens if somehow the key file is corrupted on the hardware or the hardware itself goes missing?
Backing up the key file (password protected zip file maybe?) in more than one hardware might be a good idea?
Looking at the options mentioned in this thread, I think LastPass suits my needs best. I want it to work on all mobile platforms (iOS, Android, Windows Phone, BB10) because I switch between all of these quite often.
Mac and Windows support is required too.
1Password looks nice, but it only supports iOS and Android. It seems like a grey area for their Android app to work on BlackBerry 10, and no chance of it working on Windows Phone
You CAN use LastPass as a password safe primarily, but it's super clunky compared to say, 1Password or SplashID. Otherwise though, I really like the LastPass development cadence, platform support, etc.
So I gather your complaint is that you don't like the presentation of the "LastPass Vault" as they call it. I can agree with that. I don't like going into that either. But the thing is, I never do. I don't really know why you would need to go into your password manager for anything. Why not just let it fill out the login information for you? I found this to be one of the best features of the service when I first tried it out. The first time that I went to a site and saw LastPass take over and log in for me I was hooked. You may not like that, but I love it.
As to storage, I only have it on my main SD card that I use as my primary working drive and a backup on my home server. Not as convenient as LastPass or 1Password, but I feel a lot better about the situation.
I know that video is old, but I think it demonstrates why you'd be safe with a company like LastPass.
I've been using LastPass since before that episode of Security Now, and in that time they've had one breach that didn't involve the leak of any actual information, but they were completely up-front about it. IMO, four years of security and convenience outweighs the highly unlikely risk that I might have to spend those couple days fixing everything and resetting passwords (again, not likely).
You've gotta take some chances! The risk/reward balance here is so out of whack in this case in favor of trusting the service.
The recent feature that LastPass put out for their Android app (populating logins for your other apps) makes them, IMO, the most powerful password manager out there.
I've also been to their offices here in northern Virginia and they're a great group of people.
21 users following this discussion, including:
This discussion has been viewed 13421 times.
Last activity .