Password Managers Newbie Re: Password Safe

Golden · 29 Jan 2019

TairikuOkami said:

Bitwarden is free - supports 2FA, unlimited number of entries, Windows, Mac, mobile devices and cloud synchronization amongst devices, unlike LastPass, where it is a paid feature.

Thats no longer the case since late 2016 - I use the free version of LastPass, and sync across several platforms and devices, and also use 2FA, at no additional cost.

Steve C · 30 Jan 2019

Try3 said:

Personally, I put everything in a [password-protected] Excel spreadsheet that lives on a USB stick that lives on a keyring that is always with me & which clips onto another ring sewn inside my jacket.
- I back it up onto an SD card that is otherwise blutacked to the wall behind my boiler.
- I never connect this USB while I am online.
- I never connect this USB even offline whilst a browser is showing any webpage other than one within my bank's secure area [if that is infected then all bets are off anyway].
- I can also read this spreadsheet by connecting the USB to my phone.
- If I need to get a password I copy it whilst offline then remove the USB again before going back online.
- I do not have the convenience that you would have if you used a password manager.

Denis

I do something similar since password managers have been hacked and I don't totally trust their security.

I store passwords in a password protected Word file on a Bitlocker protected USB drive (and a backup copy). I only access sensitive sites at home so the USB drives are stored in safe place at home and the router is disconnected when I access the USB drive

f14tomcat · 30 Jan 2019

Golden said:

Thats no longer the case since late 2016 - I use the free version of LastPass, and sync across several platforms and devices, and also use 2FA, at no additional cost.

@Golden
Screenshot from my LastPass site showing MFA free option, and choices of Authentication. Includes theirs, and the 2 most widely used....Google and MS. And others.

Password Managers Newbie Re: Password Safe-2019-01-30_14h59_54.png

Golden · 30 Jan 2019

f14tomcat said:

@Golden
Screenshot from my LastPass site showing MFA free option, and choices of Authentication. Includes theirs, and the 2 most widely used....Google and MS. And others.

Golden · 30 Jan 2019

Steve C said:

I do something similar since password managers have been hacked and I don't totally trust their security.

@Steve C Mmm....I know that vulnerabilities have been discovered, and then quickly patched on several, but I've never heard of an instance of one actually been breached/hacked.

Do you have any links for any articles where this is discussed so we can have a read of that?

Callender · 30 Jan 2019

I've used LastPass (browser extension) for a few years. They had a problem once:

LastPass Hacked

Users only needed to change master password.

More info: What Happens if LastPass Gets Hacked | Our Security Model

You could additionally use LastPass Pocket for backup:

LastPass - What is LastPass Pocket?

x509 · 30 Jan 2019

swarfega said:

I use Lastpass on desktop and mobile devices. I like the idea that you can log in using your fingerprint on mobile devices making them reasonably secure.

+1 for Lastpass.

I use it across Windows 10 and iOS 12 on phones and tablets.

x509

Golden · 31 Jan 2019

Callender said:

I've used LastPass (browser extension) for a few years. They had a problem once:
LastPass Hacked

Ah, cheers for that. It sounds though that nobody was able to reverse the hashed passwords and do any damage. Most users would (hopefully) use 2FA or MFA, although I think that only became available on the free accounts in 2016, after the breach in 2015.

Golden · 31 Jan 2019

x509 said:

+1 for Lastpass.

I use it across Windows 10 and iOS 12 on phones and tablets.

x509

Its very versatile indeed - I use seamlessly across Windows 7, Windows 10, macOS, IOS and Linux. It's a great piece of software.

Try3 · 23 Feb 2019

phaedruspress,

You might be interested in the discussion at Password Managers Vulnerabilities - Under Hood of Secrets Management

Denis