Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Passwoed Manager - Secure?

  1. #1
    Join Date
    Dec 2012
    Location
    Bedford, NH
    Posts
    1,683

    Passwoed Manager - Secure?

    I'm curious what youthink of using an online Password Manager (PWM) software, how many actually useone, and which one do you prefer.

    I'm somewhatapprehensive about using a PWM, such as Last Pass (supposedly highly rated - http://online-password-manager-revie...enreviews.com/). The concern is obviously hacking vulnerability, or access by big brother, as the PWM data centers could be just asvulnerable as others. Once an I-site log-on account has been established, theinfo remains "out there" despite the encryption used by the site, andwhether the site is used or not. So, I have some concerns regarding the securetyaspect of using a PW Manager software to keep track of all my log-on info.


    • Is the PW Manager Encryption protection any better than what is provided by the site?
    • Does the PWM actually prevent the use of log-on info, i.e. does it block the log-on info from the site until the site is accessed by the user, as recognized by the user's PC ID, or is it just a convenient way to keep the list for the user?
    • With the PWM “issuing” the PW, who/what monitors the issuer?
    • Is it really a useful tool?
    Thoughts entering one's mind need not exit one's mouth!
    As I age my memory fades .... and that's a load off my mind!

    "We Live In The Land Of The Free, Only Because Of The Brave"
    “The problems we face today are there because the people who work for a living are outnumbered by those who vote for a living."
    "
    Socialism is a philosophy of failure, the creed of ignorance, and the gospel of envy, its inherent virtue is the equal sharing of misery." Winston Churchill

  2. #2
    Join Date
    Apr 2007
    Location
    No, not all of SoCal is Los Angeles!
    Posts
    9,076
    First I should state that I do not consider the internet very safe in nearly all respects ;-) I have no experience with an online manager but, the idea disturbs me. At work we use KeePass with good success. We have many passwords to track and most are randomly generated and frequently changed. Like a speed dial number on your phone leaves you forgetting the actual phone number, password managers can "help" you forget what the actual password is since you don't regularly see or type it. This is not a negative per se, just an observation.
    Any sufficiently advanced technology is indistinguishable from magic.
    - Arthur C. Clarke

  3. #3
    Join Date
    Jan 2007
    Location
    Sacramento, CA
    Posts
    1,367
    I wouldn't trust 'em ... it's just a matter of time before there's a compromise.

    I haven't done it yet ... but I'm very tempted to give this scheme a try someday: http://www.passwordcard.org/en

    It'd greatly simplify things and seems pretty tough to crack. Haven't done it, yet, though....
    Jason Beam
    Sacramento, CA

  4. #4
    Join Date
    Dec 2012
    Location
    Bedford, NH
    Posts
    1,683
    Your responses are basically how I feel. Can't get myself to go there. I'll continue to do it the old fashion way.
    Thoughts entering one's mind need not exit one's mouth!
    As I age my memory fades .... and that's a load off my mind!

    "We Live In The Land Of The Free, Only Because Of The Brave"
    “The problems we face today are there because the people who work for a living are outnumbered by those who vote for a living."
    "
    Socialism is a philosophy of failure, the creed of ignorance, and the gospel of envy, its inherent virtue is the equal sharing of misery." Winston Churchill

  5. #5
    Join Date
    May 2007
    Location
    Thomasville, GA
    Posts
    5,992
    I'm not going the route of having passwords in the cloud, but I'm beginning to soften on giving an online backup service a try.
    Bill Arnold
    Citizen of Texas residing in Georgia.
    NRA Life Member and Member of Mensa
    My Weather Underground station

  6. #6
    Join Date
    Dec 2006
    Location
    Yorktown, Virginia
    Posts
    5,014
    I have been using Dashlane for three months. I have a thick notebook full of passwords and finally got tired of trying to create passwords I could remember easily without compromising all my sites. Dashlane syncs with my cell also. It tracks all the sites I have accounts on, tells me which passwords have been used on more than one site, tells me the strength of each password in terms of 'hackability' and will create passwords for you. It came in handy today after Yahoo got hacked. I got a notification from Dashlane even before Yahoo notified me. You can set it to automatically log you on to a site, manually log you on, or log you on only when you have entered a master password. They claim to be as secure as you can get on the internet--with high grade military encryption. Very pleased with it so far. YMMV
    https://www.dashlane.com

  7. #7
    Join Date
    May 2007
    Location
    Kansas City, Missouri
    Posts
    13,442
    I've used a couple of different ones, KeePass and 1Password keep the data files local, I think LastPass encrypts the passwords to 256 AES prior to sending them over SSL and store them encrypted. I don't store banking and email passwords, but use it for keeping track of various online forums and other like places. I found I just don't remember those and hate keeping them written down, so they work well for that purpose.
    Darren

    To a small child, the perfect granddad is unafraid of big dogs and fierce storms but absolutely terrified of the word “boo.” – Robert Brault

  8. #8
    Join Date
    Jul 2011
    Location
    The Gorge Area, Oregon
    Posts
    4,698
    +1 to LastPass. Darren is correct they never get the unencrypted passwords as they are encrypted locally and then the encrypted version is sent to their site. imho your risk profile with something like that is about on par with having your local computer compromised. I certainly wouldn't trust ANY solution that stored unencrypted passwords or where the passwords were encrypted on their side.

    There are some local password storage solutions like the ones Darren mentioned. The one I've used is password safe http://passwordsafe.sourceforge.net/ - which you could store a backup copy of in "the cloud" (gah "cloud" stupid name they're still just computers anyway...) because its an encrypted file. That's obviously slightly less convenient.

    If you're really paranoid you could put the password safe files on something like an ironkey that adds another layer of hardware encryption on top before you can get to the safe. Although practically I don't really think it adds a lot of safety over an encrypted file (it is convenient for storing documents and encryption keys you don't want to encrypt for some reason).

  9. #9
    Join Date
    Oct 2006
    Location
    ABQ NM
    Posts
    30,014
    I just use 'PassworD1' for everything. So far, so good! Easy to remember, and the capital 'D' really fools the hacksters.

    Seriously, I don't trust online password managers, and don't even use a local one. Like Ted, I have a books of 'em, and it drives me crazy, but I've not taken the plunge into password managers.
    When the going gets weird, the weird turn pro. - Hunter S. Thompson
    When the weird get going, they start their own forum. - Vaughn McMillan

    workingwoods.com

  10. #10
    Join Date
    Dec 2009
    Location
    Hillsborough, NC
    Posts
    58

    Passwoed Manager - Secure?

    One additional comment about Lastpass… they support multi factor authentication which makes it much more secure. Basically, you keep a small program on a USB thumb drive that generates one-time-use passwords. In order to access your password vault you need to know the vault password AND generate a key using the thumb drive. So, if a hacker cracks your vault password it does them no good unless they also possess your thumb drive. For convenience, it's possible to treat certain computers as trusted, requiring only the password after the initial 2-factor login.


    --dave
    --dave

Similar Threads

  1. Google's Inactive Account Manager
    By Darren Wright in forum Off Topic Discussion
    Replies: 1
    Last Post: 05-01-2013, 03:27 PM
  2. Secure On Bike Tool Storage.......?
    By Stuart Ablett in forum Off Topic Discussion
    Replies: 18
    Last Post: 07-24-2010, 04:00 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •