You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
Probably about time I upgraded my web security, I've got a limited number of passwords across loads of online accounts though I do keep the very important ones, (banks, PayPal and the like) separate from more general ones.
Any recommendations for a more secure process, such as LastPass? Is that any better than just using Chrome password manager and going though a process of uniqueifying them all?
I've not used anything like this in the past, so any general tips welcome too. Ta.
I use LastPass and get on well with it but it is the only one I've used. I wouldn't use a browser to store passwords because I sometimes have to use different browsers or machines without that browser installed. I've not looked into comparative security of password manager vs browser.
lastPass gets another vote from me; i use it to store a lot of my passwords.
You might also want to consider PassBolt, which is a browser plugin. It's not that bad.
LastPass will nag you and be able to change quite a few for you
Lastpass +1
Only gripe I have with it is I never seem to get the plugin or site to work as smoothly as they should, click on ebay and it's supposed to take you to the ebay login page and populate the username and password, it doesn't, I have to go to lastpass > ebay > settings > show password > copy and paste.
Other gripe is when using a new PC. It sends an e-mail to confirm you are who you say you are logging onto a new pc. Except you're trying to log onto a new PC to check your e-mail because you're in a reception black spot on your phone so you're f*****.
It's good enough that I use it for the stuff I want to keep relatively secure (e-mail, facebook, linkedin, netflix, spotify, ebay etc). But I still have memorable-ish passwords for stuff I want quick and frequent but secure access too like paypal and banking. And a simple one word password for stuff like STW and other forums.
I work in security these days. LastPass is the solution we recommend (not least because it has to date not been hacked / breached, unlike several others).
Enable two-factor authentication wherever possible.
Have a strong, unique password for your email account - if your email is compromised, so is every other account with a "reset my password" link.
Thanks gents, I'll try Lastpass, though your user experience doesn't sound ideal TINAS.
I use Lastpass have done so for a few years.
as a dissenting voice, I use KeepAss at work. Store the file on one server, and the file needed to get in (as it doesn't have to use a password, but merely the presence of a file in the correct location) on another.
means you need be inside the firewall to use it. And have access to two servers. Cuts down on the number of people that can access it, let alone get in. So on a home PC, you could save the file access file on a USB (or a connected phone), so you can't access it unless you use that.
Use it - in a slightly different way - on my phone
Could you not use password locked Google sheet with two factor authentication to log into your google drive? In effect two factor authentication plus a password encrypted workbook?
I use Keepass. The encrypted password file is stored in Google documents so I can access my passwords and update them from any device (phone or home PC). If I don't have network access I can use the local copy on my phone or PC.
Could you not use password locked Google sheet
You could, but one advantage of LastPass is that it has a browser plug-in which can auto-complete logins for you. You could have systems where you yourself don't know the password, even.
I've been using Keeper for years. Works very well, and syncs seamlessly between Android, iPhone and web apps.
Also has an auto complete plug in, and, on the phone, uses fingerprint authentication, so very quick and easy to get into.
Application Blocked!
You have attempted to use an application which is in violation of your internet usage policy.
LastPass
Category: Storage.Backup
URL: https://www.lastpass.com/
Yup, exactly what I expected. *sigh*
I work in security these days. LastPass is the solution we recommend (not least because it has to date not been hacked / breached, unlike several others).
Four times is not enough for you then?
https://en.wikipedia.org/wiki/LastPass#Security_issues
Last pass for me too. Been good and when generating new passwords it recommends them and is good at monitoring pages for websites it doesn't have stored to add them in which is always good.
Works well on Android and iPhone too.
Four times is not enough for you then?
Erm. Bugger. I've totally been lied to then, I really should check these things.
Going to give Lastpass a go - any advantage of using the paid version over the free for personal use for the average bod?
I'm not really sure that there is. I pay for it though for the whole family as I would rather they were making money and improving the product than relying on advertising, ahem....
The most useful paid feature is being able to share stuff with someone else eg. A folder of key details, accounts etc. with your partner.
Been using lastpass for years - I'm less fussed about breaches or other issues than how they handle them, and I've been happy with that.
We also have a shared folder of logins for things like netflix, utility bills, tv licence, etc. I like too that there's an "emergency access" feature where you can specify people who can request access and after a (definable) period of time for you to deny it, they can get in to everything. Reassuring if I die or am in a coma, my wife can get it all.
It has gone up a lot in the last couple of years though, used to be $12 a year. Not sure I'm getting three times that amount of use out of it now but the cost is similar to 1password and dashlane.
I've been using eset password manager.. been ok so far but I'm more than willing to be advised differently..
Erm. Bugger. I’ve totally been lied to then, I really should check these things.
The good thing I guess as pointed out above they have normally been very honest about problems and exactly what was stolen each time!
Another user of Keeper. Started using it years ago and it has got better so have not felt the need to another one. Very easy to use on my Android phone and the plug-in fro Chrome is useful.
I use Password Safe. https://pwsafe.org/
It is pretty simple, the passwords are just saved in a file. So you can store it or back it up wherever you want. No relying on any web service etc. It is free and open source.
The good thing I guess as pointed out above they have normally been very honest about problems and exactly what was stolen each time!
And very fast to respond too.
So you can store it or back it up wherever you want. No relying on any web service etc.
Sounds great if you only ever use one device.
One password used here. Keychain/vault goes in Dropbox and it syncs arounds all my devices. Warns you if you have re-used a password and prompts when the website you are protecting has 2 factor authentication. On the Mac it has a menubar access when trying to fill PayPal or the like pop-ups that can't be done with the browser extension. Not cheap mind if you go beyond the free usage limits.