I use Lastpass password manager but I was wondering if it is a good or bad idea to store your passwords locally or probably better on an external drive? I've read that storing them in Onedrive is not a good idea as they could easily be accessed by someone unwanted...
Could you encrypt a backup of your passwords?
I use Lastpass myself, they encrypt their data but like anything online there's an element of risk. Same could be argued for written down passwords, burgler enters house and finds your passwords and steals your computer. May be he wouldn't have considered stealing the computer until he saw the password book.
OneDrive is not geared towards password storage.
Lastpass has rescued me numerous times.
Hi there
Storing passwords anywhere carries an element of Risk -- if it's online you have the possibility of LOSS as well as Hacking.
Actually - I know security people will hate this - but for HOME users a bit of LOW tech probably is the best here -- (I know most people under the age of about 27 will probably not have a clue what I am saying) Simply write them down on a piece of paper / notebook and store it in a safe place.
If anybody does break in and steals the notebook - you'll have much more to worry about than lost passwords after a visit from "an uninvited guest".
I just don't like the idea of sharing sensitive information with 3rd parties - however secure they say they are.
I believe the only set of computers that have never been hacked from the Outside were IBM mainframes using their RACF (Resource Access Control Facility). Totally different from PC's etc and even current Network servers. !!!
For people who might be interested :
Resource Access Control Facility - Wikipedia, the free encyclopedia
Cheers
jimbo
You can encrypt anything as many times as you want and then store it anywhere.
Lastpass backup should be already encrypted, but you can additionally use 7-zip.
How to encrypt ZIP files securely using 7Zip
I prefer to backup offline and use an offline password manager like KeePass, but that is a matter of choice.
Hi there
using these sorts of ONLINE services misses the point. IMO as the previous poster says using OFFLINE methods is far more sensible. If you though use an electronic device you still have the problem if the device fails.
Against the ONLINE stuff :
1) presumably you STILL need a password to access this data --so what happens if you forget it.
2) If the server is down and you need the data - then you are also HOSED -- no point saying these servers never go down --even the "Mighty Google" has had outages - and not so long ago either.
3) Some of these servers can be seized by FBI or whatever if people store "dubious content" on them.
4) Intelligence / Security agencies world wide can get access to this data "In the Interests of National Security" --catchall phrase in loads of jurisdictions but I don't think there are many Court cases explaining exctly what that is.
5) Hack possibilty,.
I might be an old Dinosaur but I think the Pen and Paper method trumps online services by MILES and also in the event of Local device failure you still can recover your passwords when you repair the device or install a new one.
As for encryption -- a good idea but people usually forget that you STILL have to enter a password in Plaintext even if it is encrypted before access is granted to your service.
Cheers
jimbo
storing your passwords onto your notebook paper is much safer than software, and this is the fact.
That is a good about Keepass, it enters passwords randomly, so a keylogger would only catch characters, not the password. Opening Keepass can also by done on a secure desktop and it clears a clipboard after copy/paste.
Two-Channel Auto-Type Obfuscation - KeePass
Hi there
you still IMO haven't understood the real problem.
If a keylogger captures your Entry it can use that to enter into your account so you are hosed whatever the real / final encryption methods are used.
What's the difference between me and anybody else replying to a Username / Password prompt -- you still have to enter these in Plaintext which is possible to capture by hackers --especially if you are mad enough to logon via Wifi --any even beginning Engineer knows about Data analysers -- any old school engineer can MAKE one of these for a few dollars - all it needs to do if you use Wifi is just capture the Wireless signal coming from your Wifi card --Router encryption occurs AFTER this - and of course plenty of cheap commercial products available too.
It's not always HOW the data is stored - but your LOGON method -- and this stuff is ALWAYS at your keyboard entered in Plaintext.
A decent way IMO far safer - nobody has come out with one yet --would be to have the encryption built in to THE KEYBOARD so although you enter PLAINTEXT any data transmission or keyloggers would get scrambled data. I haven't seen this type of device yet --
Hi youngsters you could make serious money if you could build a decent security system built into a keyboard !!!.
Cheers
jimbo
Quote