OT: UserID/Password storage apps....
What is everyone using? What one(s) should people stay away from? Free? Cost?
Im at the point with so many site UserId/Passwords i cannot remember jack anymore. Im sure there are many out here with more to store than i have.
*EDIT*
Thanks all. Some very good starting points for future research :)
January 17th, 2018 at 10:48 AM ^
January 17th, 2018 at 11:02 AM ^
January 17th, 2018 at 11:07 AM ^
I just have every service email me a new password whenever I need to log in.
Otherwise, 1password.
mostly /s
January 17th, 2018 at 3:06 PM ^
I was wondering if I'd be the first to say that. Unfortunately it's becoming less and less /s...
January 17th, 2018 at 11:14 AM ^
I like Lastpass, as many have mentioned above, with 2FA. I pay for the premium service ($24/year) so I can get access on my phone and tablet.
January 17th, 2018 at 11:18 AM ^
I either let google remember for me. Or i just click the forgot password link.
I have a couple iterations of the same password I use for all the whatever sites that don't have any real personal info that I wouldn't give a crap about getting hacked on
Then one good, complex password for all banking type stuff.
January 17th, 2018 at 11:18 AM ^
I either let google remember for me. Or i just click the forgot password link.
I have a couple iterations of the same password I use for all the whatever sites that don't have any real personal info that I wouldn't give a crap about getting hacked on
Then one good, complex password for all banking type stuff.
January 17th, 2018 at 11:23 AM ^
I've been thinking about using a password manager like Dashlane. But I have a question: Given how often any cloud-based anything gets hacked, why should I consider it more secure than simply storing a bunch of passwords on a spreadsheet located on an external hard drive that sits next to my computer? Isn't my own tiny little cloud that I can personally disconnect from everything, safer than the big one?
January 17th, 2018 at 4:18 PM ^
I have been using Dashlane for about 3 months now, and I just upgraded to the paid version. It syncs my passwords across all devices, work computer, home computer, cell phone, and ipad. It also lets you know if a password you choose is weak...or if the site has been hacked. It will monitor your passwords for any that are weak, or common to your other passwords and recommend changes. It can also autogenerate passwords for you that are absurdly(but necessary) long for which ever site you choose. Using multiple devices, it was worth the $40 per year for me.
Before that I used Google Keep..and before that I used to keep my work related passwords on my company iphone, in Notes.
January 17th, 2018 at 5:04 PM ^
What happens to your external hard drive if there's a fire, tornado, etc? Or what if it just fails? Do you have another external hard drive in an offsite location?
A cloud could get hacked, but will they be able to decipher the info?
Check the Dashlane Security page for more. Also, there's a white paper with further info. If I'm following it correctly, they don't store your User Master Password (UMP) on their servers, nor any derivative of it. There is a User Device Key for each device you're using with Dashlane to authenticate it. Your UMP is used with a 32-byte salt (additional random data) to generate an 256-bit key used to encrypt or unencrypt your data. You can also add in 2-factor authentication.
So without your UMP and device key (and secondary key, if 2FA), how is a hacker to decipher the data?
January 17th, 2018 at 11:26 AM ^
I don't like any of the password storage apps. As Willie Sutton said, "That's where the money is." To me, they're just too tempting for serious attackers. Plus, I would be ceding some level of control to an intermediary, which I don't like.
I have a formula for passwords that results in a) unique passwords for every site; b) passwords that are at least 10 characters long; c) lower case, upper case, numbers, and a special character. For financial sites, I have kicker characters. For a given site, I can usually figure out the password using the formula in my head and the site I'm trying to sign into.
However, that's sometimes not possible. For example, some sites don't allow special characters. Other times, the formula and site might results in a couple of different password possibilities. For that, I need a lookup table.
I have a 128-bit encrypted, innocuously named Excel spreadsheet that resides in an unshared folder on Google Drive. It's accessible to my phone, my iPad, and my laptop. I don't access the spreadsheet from untrusted systems. The password to the spreadsheet is long, complex, but unchanging. It would take serious horsepower and time to crack that file, assuming it could even be found.
BTW - I also have other important data in various tabs in the spreadsheet. It really is like a safe deposit box for my family's info.
If my system is already compromised (e.g. keystroke logger, other types of surveillance malware), I'm screwed. If not, I think my method is a pretty safe. Good luck to the dude who wants to break into my Google Drive, find that innocuous Excel file, and crack the encryption.
January 17th, 2018 at 12:17 PM ^
This sounds great. If I were to ever give up pen and paper password storgage, this sounds like a nice upgrade. You cannot be too careful with passwords on banking and finances.
Keyloggers are the only thing I worry about as well.
January 17th, 2018 at 12:17 PM ^
Oops, old person twitch.
January 17th, 2018 at 11:35 AM ^
Funny, right after I read this thread, I came across a deal for 50% off Dashlane premium subscriptions for new users. I personally have been using 1Password for about ten years, so I'm not interested, but thought someone else might be.
https://stacksocial.com/sales/dashlane-premium-1-yr-subscription
January 17th, 2018 at 11:46 AM ^
January 17th, 2018 at 11:51 AM ^
January 17th, 2018 at 11:48 AM ^
Dashlane
January 17th, 2018 at 11:57 AM ^
January 17th, 2018 at 12:47 PM ^
January 17th, 2018 at 12:16 PM ^
January 17th, 2018 at 12:44 PM ^
January 17th, 2018 at 1:06 PM ^
Blackberry Password Keeper on Adroid. Highly secure.
January 17th, 2018 at 2:09 PM ^
I use LastPass. I think there may be a free version (at least for a bit), but very good if you have a lot of passwords.
January 17th, 2018 at 3:41 PM ^
I use LastPass as well. It's definitely worth it
January 17th, 2018 at 2:19 PM ^
January 17th, 2018 at 4:13 PM ^
Dashlane is pretty good. free version or $40 per year to sync across all devices. Auto updates your passwords too if you choose, and will generate passwords for you. You also get notifications if a site is hacked, and will suggest you change your password. Few other neat features.
January 17th, 2018 at 4:34 PM ^
January 17th, 2018 at 10:42 PM ^