Password Manager Discussion.

I'm sorry but this is proof you can't rely on these tools. Seems like a major blunder from RoboForm. Speaking of RoboForm, is it true that you can't use the extension without running RoboForm in the background?

 

Password managers are a vital tool (IMO of course) for good security. Rather than writing down dozens of unique passwords or using the same passwords for many sites, the password manager does it for you. Roboform, which was not mentioned in the article, fixed the problem promptly as I'm sure that the others mentioned have also done by now. Sure it was a FU, but fixing these things fast is what counts to me. This applies to any application or OS I use.

Yes, Roboform has to be running to use an extension. I use the standalone version (which is free for now) so no cloud storage. I block any connections for Roboform to connect outbound. You can also choose to not use the extensions and copy/paste form the main application. I use the extensions just because.

Using a password manager is a choice thing. I urge people I care about to use one but not everyone cares about this kind of stuff <shrug>.

 

Agreed. A password manager makes it possible to maintain a much greater degree of security than trying to manage passwords manually. Many people simply can't keep track of their passwords.

 

OK thanks. And I also agree that password managers are very useful tools, but I'm disappointed when I hear about these flaws, I mean this is basic stuff. If they really hired skilled developers, this stuff should have never happened.

 

For people who are nervous about PW managers keep some things in mind to help keep you safe.

If someone gets your master password and logs into a cloud based manager if you have 2 factor authentication on they won't get in anyhow. But if you don't have 2FA even so the banks and credit card logins will trigger a code of some sort because the banks will see a login attempt from a new IP. Which brings me to this. You should never keep an email password that receives 2FA codes in the manager you keep all your other PW's in the cloud together. If you do the thief will have access to any email 2FA codes.

I use keepass2 and it has all of my passwords. But in my cloud PW managers I hold back on my email for 2FA and some other things i hold close to my chest.

Also if you have Android phone lock down your google account(using a PC) using 2FA like a U2F FIDO USB key(must have chromium based browser like Brave or Chrome to recognize the USB FIDO key). Then get a google voice phone number for free on the phone. Use that phone number to receive 2FA codes as that google number cannot be hacked like your real number can be and someone could steal your 2FA codes.I choose banks that let me decide if I want the code to be sent via phone or email so if I lose my phone I can still get access.

PW managers are pretty damn safe or there wouldn't be such a proliferation of them in the last 8 years or so.

 

I agree, but to be fair, I cannot remember any application or app I have used that has not had some problem in its journey to perfection

 

Why do you feel a Google voice number is safer than the actual wireless number? How can your real number be hacked?

 

If someone wants your phone SMS codes they probably have other information about you like bank passwords or something. Thieves have been known to call a cell phone service and act like its you on the phone. They trick the agent at the call center to move the phone number to a new phone or something like this. When the real phone owner checks their phone their phone is turned off and no connection. That's because the thief was able to substitute himself as you on the phone call with tidbits of information he gathered about you and a weak call agent employee. or maybe it don't take a weak agent.

If you have a google voice number they cannot get that number unless they have hacked your google account as well as the google voice # is attached to your google account. If you lock down your google account with a FIDO key there is one way they could still get in and that's with the forgot password email you gave google as a back up in case of emergencies. That's why it is suggested to not even give another email to bail you out if you cannot get into your google account as the hacker could do it too. But that leaves you with no chance to get in if you lose your FIDO key or it stops working. EDIT - I see now you can add multiple keys to your google account as back ups. Also if you have a computer and its been unlocked you can tell it to remember this PC and it won't ask for the FIDO key again. These can be safer ways to have a back up in case if lost or broken keys. Never use a back up email though.

Lock your google account down tight and get google voice and your SMS codes will probably never be hacked, or if its hackable still its at a much higher degree of expertise needed.

And change your passwords often to all your accounts that way if there was a leak at a company like a bank you sealed it back up.

 

I just got notification that my LastPass is about to expire and they are raising the price of the paid another 50% to $36 US dollars per year. I'm out. Either the free will have to work or I will be switching. This is triple what I originally signed up for.

 

Pretty much what I expected. The "everyone else is raising the price too" excuse. We could say it's only a dollar per month extra but if everything I paid for doubled and tripled the price on a regular basis while I continue to make the same income it just isn't going to work over the long haul. I'll probably grab a lifetime license of Sticky Password the next time there is a cheap deal and consider myself good.

The company I work for just dumped GoToMeeting and RescueAssist (owned by the same company) because it was over $700 per quarter for 2 seats of each.

 

Thanks for the heads up. My LP account auto-renewed in February and stayed at $24, but I guess it will go up next year. Unfortunately I need the ability to sync with my mobile phone, otherwise I'd switch to the free version.

 

You can't sync with the free version? Did they changed that?

 

The free version syncs just fine with my phone.

 

Thanks for that. I thought I had read somewhere that they excluded mobile sync from the free version, but am happy to hear it works. Looks like the free version would meet my needs.

I wonder if when you cancel a premium subscription the account is simply downgraded to the free version? I wouldn't want to have to recreate my account.

 

Yes. You will end up with the free version. I had the Premium version and when they raised the price to $2/mo I dropped to the free version which includes the phone sync capability. I've been running this for about 2 years now. Either drop it or don't renew your subscription.

 

Very helpful, thanks! Do you use multi-factor authentication with the free version? I use the LastPass Authenticator on my smartphone and want to make sure it's supported in the free version (apparently there are "advanced multi-factor options" that are only available to premium subscribers).

 

I don't use that feature but as far as I can tell The LastPass Authenticator works on the free version.

 

FAQ on the packaging differences:
https://lastpass.com/support.php?cmd=showfaq&id=11352

 

I use Google Authenticator with LastPass Free.

 

Myki Password Manager
If you're searching for an easy-to-use password manager that doesn't save your data to a third-party server, give Myki a try
March 11, 2019
https://www.techrepublic.com/article/why-you-need-the-myki-android-password-manager/

 

I think it's cool that they don't use the cloud for password storage, but the problem is that I have never heard of them before. Has anyone tested it?

 

Feather Password Manager
Website
Download

 

Watch out for LastPass. I had NO INTENTION of paying their $36 renewal but got an email this morning that my subscription had auto renewed. I hope they enjoy that $36. It is the last money they will EVER get from me. If you have a subscription, check your settings before you get ripped off too. I do not remember ever consenting to this. It must be an opt out situation.

 

Have a look here:

How do I cancel Automatic Renewal of LastPass Premium or Premium Credit Monitoring?

https://lastpass.com/support.php?cmd=showfaq&id=10422