New
#1
Password Managers - Better than a Post-It?
I’ve looked at some discussions here and elsewhere, and my wife hit me with a question last night…
You follow the clamor saying you need a password manager – presume Dashlane or Lastpass or something equivalent. HOPEFULLY, you find one that HAS actual, accessible, human support (unlike those two).
You go through the interminable process and create dozens of long, arcane, impossible-to-remember nonsense passwords, each unique for web sites, products, logins, whatever. You create some long, cumbersome MASTER password for getting into the thing, and turn on 2FA ‘cause they all seem to encourage this now.
And, you’re a person that DOESN’T like screen clutter (my wife is a “clean desktop” maniac who OPENS a tool, uses the tool, CLOSES the tool). So to check what cousin Gertrude is having for lunch, you go through the whole process of getting the 2FA key, enter than, then enter the password manager password, open Facebook, check whatever, then Log Off Facebook and close the browser. Come back next time and do it again, maybe this time to Amazon, do stuff, finish, close Chrome. Repeat untold times per day for browsers, email, applications, anything you normally do, over and over, all day.
And for whatever reason, you prefer Firefox for doing financial stuff, so if you want to get into your bank, credit cards, portfolio, anything financial, you start that browser – and go through the whole process again.
Even to open a LOCAL application you have to log into the Password manager and manually copy the username and password to paste into the login. Which means going through the whole login again.
After about the 8th time doing that today, you log into the Password manager and hit the “stay logged in for the next 14 days” ‘cause it’s just more hassle than it’s worth to go through this process 20-30-40 times a day, especially if you regularly mistype the password and have to repeat…
Here’s the question I was asked: “Didn't you just UNDO all the security you had? Wouldn’t the passwords be safer on a piece of paper taped to the screen where some virus or worm or trojan or 12-year-old in East Overshoe can’t break into the computer and access them?”
I didn’t have a good answer.
So, HOW do you use a Password Manager that’s secure, easy to use, doesn’t require logging in over and over, is readily accessible, but still secure from any malware or other intrusion getting at those dozens of passwords and secure notes with all the registration information, credit cards and everything else the Password Manager is supposed to be protecting?
I have the horrible feeling the answer is going to be “you’re screwed”. You either go through the whole login dozens of times/day or you make all the passwords “123456” so you can remember it, and take your chances… Hopefully, I’m wrong?