OT: UserID/Password storage apps....
What is everyone using? What one(s) should people stay away from? Free? Cost?
Im at the point with so many site UserId/Passwords i cannot remember jack anymore. Im sure there are many out here with more to store than i have.
*EDIT*
Thanks all. Some very good starting points for future research :)
January 17th, 2018 at 9:37 AM ^
I just use the same password for every site/app:
everybodymurderspeoplestealsfromyoustealsfromme
January 17th, 2018 at 10:30 AM ^
January 17th, 2018 at 10:47 AM ^
This is why multi-factor authentication matters.
Learn about it. Use it.
January 17th, 2018 at 9:37 AM ^
I discovered the same problem early last year. After digging around, I settled on LastPass over Dashlane and KeePass. Dashlane did not allow syncing in its basic form, and KeePass looked more technical than I needed. LastPass hit the sweet spot on the spectrum between security and ease of use.
January 17th, 2018 at 9:38 AM ^
I second this
January 17th, 2018 at 11:25 AM ^
January 17th, 2018 at 10:37 AM ^
January 17th, 2018 at 10:50 AM ^
Well, who knows for sure. There are a couple of well documented examples out there. Here's my take:
- Using a password manager is better than not using one. What's your alternative?
- The hacks at LastPass I'm aware of never actually exposed account information and passwords.
- LastPass from its inception has been very open about how it works and what its doing to maximize security. When there have been issues, they have been quick to respond and to recommend specific steps to protect your information.
- People need to be informed and decide accordingly.
January 17th, 2018 at 10:58 AM ^
Agree 100%. To my knowledge, LastPass has never had a hacking incident where anyone had access to passwords stored through them. Considering they'd presumably be a great target and have not yet had that happen, I presume they are doing a good job.
Also, LastPass has a lot of other useful features. Password-sharing among family members, for example, so that my wife can access various accounts. Synchronization across desktop and mobile experiences is another nice feature.
January 17th, 2018 at 11:13 AM ^
I am by no means and expert but did spend a great deal of time reading up on things before settling on Lastpass. If I remember correctly your passwords (and all other information) are encrytpted in a manner that is far superior to any encryption method used by the average company that we read about being hacked in the news.
January 17th, 2018 at 10:42 AM ^
I've used LastPass for a while. It is hard for me to compare because I haven't used the other services, but Dashlane is the one I hear about the most.
A couple of add-ons:
- I use LastPass family and pay for it. It means that for accounts my wife and I both need to access, we can share passwords. This also avoids having to call each other or (worse) text each other when we need a shared password or when one gets changed.
- With the family plan, my kids are now in the habit of using different complex passwords.
- With the premium version, you can also access via your mobile phone, which you can secure with fingerprint ID and then use to copy/paste passwords on your mobile devices.
- I also recommend and use multi-factor authentication. In particular, I use Google Authenticator which I have on my phone and iPad. Every so often, typically 30 days for me, you need to re-enter an authentication code on each device you use. You also need to enter an authentication code when you log in from a new computer or new device. This solves the "single point of failure" problem. As an aside, even with LastPass, I also use Multi-Factor authentication on key apps, like my Google account, social media, and any sites where I do financial transactions. It is powerful and way less intrusive than it used to be.
January 17th, 2018 at 10:56 AM ^
Another thing I like about LastPass (and I'm sure the other major apps do the same) is that you can store notes and attachments. As an example of why this is important, in my Driver's license record, I have a picture of my Driver's License; in my Passport record a picture of my Passport. Even if everything I have is stolen while I'm traveling, I can access LastPass from any computer and get a copy of those documents.
January 17th, 2018 at 11:18 AM ^
The free version of Lastpass now allows access on all devices. I've been using Lastpass for several years and highly recommend it. There are some instances when copy & paste is required but usually automatic fill-in works fine using Chrome on my desktop.
January 17th, 2018 at 9:38 AM ^
I switched to using a hash. So when I create a password it goes like this (obviously I use different rules than I'm giving here):
j0Hn,hpn;ph
So my hash is j0Hn and the other characters are each one key to the right of the key to spell out the service I'm signing up for, in this case mgoblog. No need for an external service, super easy to remember, no using the same password on every site.
January 17th, 2018 at 10:15 AM ^
January 17th, 2018 at 10:26 AM ^
It's just something you can remember that you use consistently with all passwords. So your name or something. Also something to make sure you get a capital letter and digit in since many (most?) services require one of each at this point. Wouldn't hurt to stick a special character in as well.
Another thing you can do is use two hashes one on either side, so your mgoblog password could be j0Hn,hpn;phsm!th if you are looking for extra length and security. I don't go that far, though my hash is more than 4 characters.
January 17th, 2018 at 10:34 AM ^
The problem here is that if someone figures out your system, they have a much easier path to getting into everything you have.
January 17th, 2018 at 11:19 AM ^
I'm not concerned about someone personally figuring out my system. I am concerned with ending up on Have I Been Pwned and whoever steals the email/password combos from LinkedIn then using the combo on Gmail. With this system that doesn't happen. And the chance of a hacker who takes a list of millions of email/password combos trying to crack a system like this instead of just going for the low hanging fruit is close to nil.
January 17th, 2018 at 11:49 AM ^
-1
That is not a hash, more like a substitution cipher.
/nerded
January 17th, 2018 at 9:38 AM ^
I use LastPass. It's free and does what I need it to.
January 17th, 2018 at 9:38 AM ^
Either use a randomly generated password, or a pass phrase. Length > complexity.
mgoblogfridayposbangs > Mg0BL0Gfr1d4Yz!
January 17th, 2018 at 9:39 AM ^
January 17th, 2018 at 9:40 AM ^
google chrome
January 17th, 2018 at 9:43 AM ^
January 17th, 2018 at 9:43 AM ^
January 17th, 2018 at 10:30 AM ^
KeePass is more technical than LastPass, but offers great flexibility. I like it because I can store my database locally on my machine, whereas with LastPass, your passwords are stored in LastPass cloud servers.
My wife and I have a shared password database that we keep on Dropbox, which syncs across all our devices. As LB noted above, there are KeePass ports or plugins for almost every platform out there. That said, the biggest gap is in iOS support. There are some apps out there for iOS, but they all seem to struggle with keeping an up-to-date copy of a Dropbox database. KeePassTouch for iOS looks promising, though.
January 17th, 2018 at 2:50 PM ^
You've echoed my impression of KeePass. When I researched KeePass, I liked its model, but not the setup and upkeep requirements. Since my wife also uses the same password manager and is not as technically inclined as me, I elected for something easy to use, if less secure.
January 18th, 2018 at 6:20 AM ^
January 17th, 2018 at 9:43 AM ^
January 17th, 2018 at 9:50 AM ^
I have my personal userids and passwords stored on paper in my wallet. Substitution codes may be used, although abbreviations only I would know work for me.
At work I have a folder I keep in my laptop bag.
Works great, it's always free, and immune to remote hacking.
January 17th, 2018 at 10:32 AM ^
What happens when you lose your laptop bag, or the paper gets lost?
January 17th, 2018 at 12:07 PM ^
Why wouldn't I be serious? It isn't that hard not to lose things. If I ever did, almost everything has an automated password change tool anyway.
I've been doing this for 25 years, and it works great. Only change I've had to make is moving the work password folder to my bag when I started working more outside of the office.
January 17th, 2018 at 1:18 PM ^
January 17th, 2018 at 9:51 AM ^
January 17th, 2018 at 10:55 AM ^
I use Dashlane on my PC, my work PC, my phone, and my iPod. It syncs across all platforms and has made my life much simpler. I sprung for the Premium license and found it to be well worth the cost.
January 17th, 2018 at 9:56 AM ^
same general structure for all my passwords, just with different characters tacked onto the end. I keep a protected document on my computer with all of them in there, with the middle all blanked out, like this:
Bank: G*********64&
So the '*' are a consistent string of characters.
People can (and likely will) tell me this is a terrible way to do it, and it probably is.
January 17th, 2018 at 10:00 AM ^
January 17th, 2018 at 12:23 PM ^
January 17th, 2018 at 3:04 PM ^
January 17th, 2018 at 10:13 AM ^
I said hip, hop, the hippie to the hippie to the hip hip hop and you don't stop the rock it to the bang bang boogie say up jump the boogie to the rhythm of the boogie the beat
January 17th, 2018 at 10:14 AM ^
January 17th, 2018 at 10:17 AM ^
I use last pass, and my employer uses the enterprise version of it where you can create groups based on permission, share access, etc. There's also a handy "notes" section so you can store whatever private notes (account numbers, safe combos, etc.) you want, whether they are personal or shared to a group. If someone in the company changes a shared password, it updates the vault so all users get the update. There's also a password generator built in that will create highly secure, random character passwords that you dont ever have to type. Very handy and as far as I can tell, very secure.
January 17th, 2018 at 10:23 AM ^
January 17th, 2018 at 10:36 AM ^
January 17th, 2018 at 10:36 AM ^
January 17th, 2018 at 3:06 PM ^
January 17th, 2018 at 10:45 AM ^
for 15+ years.