How do you manage your passwords?
-
Before last year I hate to say it I was a little slack with my password policy. Not rubbish mind, I tried to split things up into groups, so I’d have a password for random sites that insisted on me having a login and then a medium pass for things like online shopping sites and a super password group for financial stuff, but It’s still pretty rubbish. I guess being involved with the crypto world was the awakening, since with all things crypto, security is your responsibility.
So I played with keypass1 and eventually signed up to Lasspass secured with a complex password and 2FA provided by google authenticator. I’m in a position now which is a million times better than before, or am I? Since lastpass is closed source, how am I to know that they technology listed on their site functions as desired? It’s trust in a 3rd party.
The main alternative is keepass, since it’s open source, however it’s not cloud based so getting my passwords from multiple machines and my android device is harder, it’s not as convenient. There is a solution, which is to use cloud storage for my database, but I’m not sure I trust Dropbox with my data. Spider Oak might be another contender since it’s Zero Knowledge, but again it’s trust in a third party. Paired with a keyfile required for opening the database and a strong, yet memorable password (looking at roughly 60bits in strength) I’m guessing this is plenty enough to leave the database lying around on a cloud service. This would be a really interesting use for decentralised storage like Storj
How do you manage your passwords?
-
I use LastPass. I havent totally utilized it yet (2FA, the reports, etc) but I decided to try it out on a few sites for a few months first. So far Im happy. They claim they can not access your database even if they wanted to but I guess there is no way to verify this claim.
Ive very recently (within the last 2 weeks) started looking at KeePass for work related stuff, it doesnt seem as pretty and nice as LastPass but it is open source…
-
I’ve just installed keepass2 again. If I can get it working between mulitple devices and on android, I’ll ditch lastpass, since it costs for the advanced version which provides the android support.
I might also invest in a YUBI key with NFC.
Over the top? haha
-
I bought a yubikey from Mt Gox not knowing it only worked there… Ive considered getting another but I dont see many places that work with them so I haven’t.
-
Loads of stuff works with Yubi, lastpass too. I’ve got a Mt Gox Yubi too, haha, but I didn’t pay for it.
-
I don’t like keepassdroid app, it’s ok for viewing your database but it doesn’t autofill the browser like lastpass. trying Keepass2Android, will keep you posted
-
I’ve gone for Keepass2Android offline, since I don’t want something that knows my password to have internet access privileges.
-
Let me know how it works for ya, I may just switch.
-
It’s working well. It’s just not quite as slick as lastpass, the browser integration with lastpass is just plain better unfortunately. Don’t get me wrong, it works, but I think I’ve been spoilt.
I’m using the hive folder in spideroak to store the database, it syncs changes up pretty quickly. But I’m happy with Keepass, it’s free and open source. Now we just need to replace spideroak with StorJ and I’ll be a happy bunny.
If anyone wants to try spider oak and doesn’t mind using my referral link it’s here
-
My Brain
-
Sadly my brain isn’t that good. I can’t remember a strong unique password for each site use.
-
nothing beat paper and pencil so far
especially today when every hdd is highjacked with superfish
-
Happy with keepass + firefox plugin + spideroak. It’s good.
-
nothing beat paper and pencil so far
especially today when every hdd is highjacked with superfish
Perfect. I’m used paper too…
-
Lastpass - only way to fly!
-
Lastpass was hacked.
What a stupid idea to centralize all your passwords on other person hdd.
Use pen and pencil dammit.
-
What about blockchain? :)
-
Mirrax, that’s terrible advice. I’d still argue that last pass is still a better solution for most people than using one password for all websites, which is what plenty of people do.
I mean let’s not blow this out of context, even if last pass’s server side DB fell into the wrong hands, each user’s database is individually salted and hashed 1000 times.
The risk is without a password manager people struggle to manage a unique password for every website, resulting in them trusting hundreds of less secure websites with their password.
Sure pen and pencil are great, but it requires a strictness most people don’t posses
-
If you do use paper, use a random password generator like Keypass to generate strong unique password for every website before writing it down in multiple secure locations.
-
Look it’s the desk of Mirrax :)
