Password Manager Discussion.

Discussion in 'other software & services' started by Mayahana, Jan 28, 2015.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,491
    Location:
    The Netherlands
    I'm sorry but this is proof you can't rely on these tools. Seems like a major blunder from RoboForm. Speaking of RoboForm, is it true that you can't use the extension without running RoboForm in the background?
     
  2. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    442
    Location:
    USA
    Password managers are a vital tool (IMO of course) for good security. Rather than writing down dozens of unique passwords or using the same passwords for many sites, the password manager does it for you. Roboform, which was not mentioned in the article, fixed the problem promptly as I'm sure that the others mentioned have also done by now. Sure it was a FU, but fixing these things fast is what counts to me. This applies to any application or OS I use.

    Yes, Roboform has to be running to use an extension. I use the standalone version (which is free for now) so no cloud storage. I block any connections for Roboform to connect outbound. You can also choose to not use the extensions and copy/paste form the main application. I use the extensions just because.

    Using a password manager is a choice thing. I urge people I care about to use one but not everyone cares about this kind of stuff <shrug>.
     
  3. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,996
    Location:
    USA
    Agreed. A password manager makes it possible to maintain a much greater degree of security than trying to manage passwords manually. Many people simply can't keep track of their passwords.
     
  4. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,491
    Location:
    The Netherlands
    OK thanks. And I also agree that password managers are very useful tools, but I'm disappointed when I hear about these flaws, I mean this is basic stuff. If they really hired skilled developers, this stuff should have never happened.
     
  5. Soft Life

    Soft Life Registered Member

    Joined:
    Aug 10, 2018
    Posts:
    94
    Location:
    United States
    For people who are nervous about PW managers keep some things in mind to help keep you safe.

    If someone gets your master password and logs into a cloud based manager if you have 2 factor authentication on they won't get in anyhow. But if you don't have 2FA even so the banks and credit card logins will trigger a code of some sort because the banks will see a login attempt from a new IP. Which brings me to this. You should never keep an email password that receives 2FA codes in the manager you keep all your other PW's in the cloud together. If you do the thief will have access to any email 2FA codes.

    I use keepass2 and it has all of my passwords. But in my cloud PW managers I hold back on my email for 2FA and some other things i hold close to my chest.

    Also if you have Android phone lock down your google account(using a PC) using 2FA like a U2F FIDO USB key(must have chromium based browser like Brave or Chrome to recognize the USB FIDO key). Then get a google voice phone number for free on the phone. Use that phone number to receive 2FA codes as that google number cannot be hacked like your real number can be and someone could steal your 2FA codes.I choose banks that let me decide if I want the code to be sent via phone or email so if I lose my phone I can still get access.

    PW managers are pretty damn safe or there wouldn't be such a proliferation of them in the last 8 years or so.
     
    Last edited: Mar 2, 2019
  6. focus

    focus Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    442
    Location:
    USA
    I agree, but to be fair, I cannot remember any application or app I have used that has not had some problem in its journey to perfection :)
     
  7. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,996
    Location:
    USA
    Why do you feel a Google voice number is safer than the actual wireless number? How can your real number be hacked?
     
  8. Soft Life

    Soft Life Registered Member

    Joined:
    Aug 10, 2018
    Posts:
    94
    Location:
    United States
    If someone wants your phone SMS codes they probably have other information about you like bank passwords or something. Thieves have been known to call a cell phone service and act like its you on the phone. They trick the agent at the call center to move the phone number to a new phone or something like this. When the real phone owner checks their phone their phone is turned off and no connection. That's because the thief was able to substitute himself as you on the phone call with tidbits of information he gathered about you and a weak call agent employee. or maybe it don't take a weak agent.

    If you have a google voice number they cannot get that number unless they have hacked your google account as well as the google voice # is attached to your google account. If you lock down your google account with a FIDO key there is one way they could still get in and that's with the forgot password email you gave google as a back up in case of emergencies. That's why it is suggested to not even give another email to bail you out if you cannot get into your google account as the hacker could do it too. But that leaves you with no chance to get in if you lose your FIDO key or it stops working. EDIT - I see now you can add multiple keys to your google account as back ups. Also if you have a computer and its been unlocked you can tell it to remember this PC and it won't ask for the FIDO key again. These can be safer ways to have a back up in case if lost or broken keys. Never use a back up email though.

    Lock your google account down tight and get google voice and your SMS codes will probably never be hacked, or if its hackable still its at a much higher degree of expertise needed.

    And change your passwords often to all your accounts that way if there was a leak at a company like a bank you sealed it back up.
     
    Last edited: Mar 2, 2019
  9. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    5,459
    Location:
    USA
    I just got notification that my LastPass is about to expire and they are raising the price of the paid another 50% to $36 US dollars per year. I'm out. Either the free will have to work or I will be switching. This is triple what I originally signed up for.
     
  10. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    13,399
    Location:
    UK
  11. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    5,459
    Location:
    USA
    Pretty much what I expected. The "everyone else is raising the price too" excuse. We could say it's only a dollar per month extra but if everything I paid for doubled and tripled the price on a regular basis while I continue to make the same income it just isn't going to work over the long haul. I'll probably grab a lifetime license of Sticky Password the next time there is a cheap deal and consider myself good.

    The company I work for just dumped GoToMeeting and RescueAssist (owned by the same company) because it was over $700 per quarter for 2 seats of each.
     
  12. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,996
    Location:
    USA
    Thanks for the heads up. My LP account auto-renewed in February and stayed at $24, but I guess it will go up next year. Unfortunately I need the ability to sync with my mobile phone, otherwise I'd switch to the free version.
     
  13. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,124
    You can't sync with the free version? Did they changed that?
     
  14. thomasjk

    thomasjk Registered Member

    Joined:
    Jul 22, 2005
    Posts:
    1,480
    Location:
    Charlotte NC
    The free version syncs just fine with my phone.
     
  15. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,996
    Location:
    USA
    Thanks for that. I thought I had read somewhere that they excluded mobile sync from the free version, but am happy to hear it works. Looks like the free version would meet my needs.

    I wonder if when you cancel a premium subscription the account is simply downgraded to the free version? I wouldn't want to have to recreate my account.
     
  16. thomasjk

    thomasjk Registered Member

    Joined:
    Jul 22, 2005
    Posts:
    1,480
    Location:
    Charlotte NC
    Yes. You will end up with the free version. I had the Premium version and when they raised the price to $2/mo I dropped to the free version which includes the phone sync capability. I've been running this for about 2 years now. Either drop it or don't renew your subscription.
     
  17. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,996
    Location:
    USA
    Very helpful, thanks! Do you use multi-factor authentication with the free version? I use the LastPass Authenticator on my smartphone and want to make sure it's supported in the free version (apparently there are "advanced multi-factor options" that are only available to premium subscribers).
     
  18. thomasjk

    thomasjk Registered Member

    Joined:
    Jul 22, 2005
    Posts:
    1,480
    Location:
    Charlotte NC
    I don't use that feature but as far as I can tell The LastPass Authenticator works on the free version.
     
  19. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    5,459
    Location:
    USA
  20. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    3,820
    Location:
    Under a bushel ...
    I use Google Authenticator with LastPass Free.
     
  21. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,452
    Myki Password Manager
    If you're searching for an easy-to-use password manager that doesn't save your data to a third-party server, give Myki a try
    March 11, 2019
    https://www.techrepublic.com/article/why-you-need-the-myki-android-password-manager/
     
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,491
    Location:
    The Netherlands
    I think it's cool that they don't use the cloud for password storage, but the problem is that I have never heard of them before. Has anyone tested it?
     
  23. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    25,452
    Feather_Password_Manager.png
    Feather Password Manager
    Website
    Download
     
  24. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    5,459
    Location:
    USA
    Watch out for LastPass. I had NO INTENTION of paying their $36 renewal but got an email this morning that my subscription had auto renewed. I hope they enjoy that $36. It is the last money they will EVER get from me. If you have a subscription, check your settings before you get ripped off too. I do not remember ever consenting to this. It must be an opt out situation.
     
  25. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,996
    Location:
    USA
    Have a look here:

    How do I cancel Automatic Renewal of LastPass Premium or Premium Credit Monitoring?

    https://lastpass.com/support.php?cmd=showfaq&id=10422
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.