|
Post by Cosmic Wonder on Jan 26, 2024 13:04:38 GMT -5
Do you like it?
Mike
|
|
|
Post by david on Jan 26, 2024 13:14:08 GMT -5
|
|
|
Post by Marshall on Jan 26, 2024 13:41:25 GMT -5
Nope
|
|
|
Post by majorminor on Jan 26, 2024 13:49:28 GMT -5
I just print all mine out on a sheet of paper and push pin it to my office wall. Works great.
|
|
Dub
Administrator
I'm gettin' so the past is the only thing I can remember.
Posts: 19,852
|
Post by Dub on Jan 26, 2024 14:34:26 GMT -5
I’ve used one for many (12?) years. The one I use is called mSecure, it’s never one that is written about much but it is very secure and not too dear. I keep reading about others but so far I haven’t seen one that I think is as good for personal use. If you’re choosing one for use in a large company, there may be others worth reviewing. There are many things I like about a password manager. They generate long complex passwords and keep them encrypted. They fill in the login info for you so you never have to actually know your password or write it down. A good password manager company lacks the ability to tell you what your passwords are if you lose them. If they can do that, they aren’t secure. Passwords need to be too long and complex to remember or even write down accurately. You also need to sure that you aren’t using the same password for more than one account/website. I used to make up passwords from random phrases floating around in my head. So the Robert Frost quote “Something there is that doesn’t love a wall” becomes the password Stitdlaw. The ones I actually used were much longer but they were things I could remember. But it’s been years since those strategies were secure. Now, password managers are being replaced by a new technology called Passkey. Here is a link to an article from 2022 that explains Passkey. www.howtogeek.com/854319/what-is-a-passkey/In the 13 months since that article was published, support for Passkey technology has mushroomed. Very often now, when you create an account or log in at a website, you’ll be asked whether you’d like to log in with your Apple account or Google account or whatever, in addition to the ID and password option. You are being offered Passkey authentication which is even more secure than the best password managers. I also use other forms of security software and might be willing to discuss those here if time allows. I’m not paranoid, they actually are out to get us.
|
|
|
Post by Hobson on Jan 26, 2024 14:39:05 GMT -5
I don't trust them.
|
|
|
Post by Marty on Jan 26, 2024 14:52:47 GMT -5
I use one but not for important passwords. Bank, SS, Medicare or any thing financial. Those are written down in a password book.
|
|
Dub
Administrator
I'm gettin' so the past is the only thing I can remember.
Posts: 19,852
|
Post by Dub on Jan 26, 2024 14:52:49 GMT -5
I haven't and will not. I fear that it will be hacked. See These are poor choices. Really.
|
|
|
Post by coachdoc on Jan 26, 2024 15:02:21 GMT -5
I just print all mine out on a sheet of paper and push pin it to my office wall. Works great. 😄😄😄
|
|
Dub
Administrator
I'm gettin' so the past is the only thing I can remember.
Posts: 19,852
|
Post by Dub on Jan 26, 2024 15:04:52 GMT -5
David, the article you cite concludes by saying that password managers are really important despite the fact that some have been hacked. If my password manager supplier was hacked, they might learn that my email address exists but they wouldn’t get any of my passwords. Security is kinda like being able to outrun your friend, not necessarily the bear chasing you. Your security only needs to be strong enough to make it too difficult, too time consuming, and too expensive to bother with. When quantum computing becomes a reality and is readily available, all bets are off.
|
|
|
Post by kbcolorado on Jan 26, 2024 15:14:53 GMT -5
Son set me up with Keepass over Christmas. I'd had multiple instances where I needed access to something and wasn't at home with my text file of passwords. Very handy.
|
|
|
Post by david on Jan 26, 2024 15:51:38 GMT -5
David, the article you cite concludes by saying that password managers are really important despite the fact that some have been hacked. If my password manager supplier was hacked, they might learn that my email address exists but they wouldn’t get any of my passwords. Security is kinda like being able to outrun your friend, not necessarily the bear chasing you. Your security only needs to be strong enough to make it too difficult, too time consuming, and too expensive to bother with. When quantum computing becomes a reality and is readily available, all bets are off. The article is from a reviewer, who is in the business of reviewing and, other than reviewing, might have a financial motive for recommending password managers. So far, my state of Oregon DMV info has been hacked, my Equifax credit reporting account has been hacked, two of my banks have been hacked, and others I can't even remember. All were supposed to be secure. Your point about being able to outrun your friend has merit, but the other side of the analysis is that hackers are more motivated to hack an entity which has large amounts of valuable information rather than hacking a single person. If any company has digitally received your accumulated passwords and the passwords of others, then that company is a larger, more valuable target that will appeal to sophisticated hackers. And even if you store your passwords on your own digital device, e.g. an iPhone, I think that device is more likely to be hacked than a printed hard copy hanging on your wall.
|
|
|
Post by Cosmic Wonder on Jan 26, 2024 16:05:40 GMT -5
David, you are correct that Password management companies are a juicy target, but the customer passwords and data are encrypted so accessing is realistically impossible. The other hacks you’ve mentioned happed because the banks and DMV did not secure their data.
Mike
|
|
|
Post by drlj on Jan 26, 2024 16:08:42 GMT -5
I do. Her name is Barbara. I like her a lot.
|
|
|
Post by RickW on Jan 26, 2024 16:17:13 GMT -5
Folks, Dub is entirely correct. if you’re using easy to guess passwords, or keeping things written down, you’re in a hell of a lot worse state than you would be using a software manager.
We use Enpass. It’s an individual system, so the passwords are not stored in a central database. The data is in our dropbox account, in an encrypted database that no one else has access to. So, someone would have to not only hack dropbox/our dropbox account, they’d need a hack for enpass then. By using it, we have difficult to guess passwords, that the software generates for us, and it’s available on all our devices. Don’t have to type passwords, because it can copy and paste them.
|
|
Dub
Administrator
I'm gettin' so the past is the only thing I can remember.
Posts: 19,852
|
Post by Dub on Jan 26, 2024 16:17:22 GMT -5
David, the article you cite concludes by saying that password managers are really important despite the fact that some have been hacked. If my password manager supplier was hacked, they might learn that my email address exists but they wouldn’t get any of my passwords. Security is kinda like being able to outrun your friend, not necessarily the bear chasing you. Your security only needs to be strong enough to make it too difficult, too time consuming, and too expensive to bother with. When quantum computing becomes a reality and is readily available, all bets are off. The article is from a reviewer, who is in the business of reviewing and, other than reviewing, might have a financial motive for recommending password managers. So far, my state of Oregon DMV info has been hacked, my Equifax credit reporting account has been hacked, two of my banks have been hacked, and others I can't even remember. All were supposed to be secure. Your point about being able to outrun your friend has merit, but the other side of the analysis is that hackers are more motivated to hack an entity which has large amounts of valuable information rather than hacking a single person. If any company has digitally received your accumulated passwords and the passwords of others, then that company is a larger, more valuable target that will appeal to sophisticated hackers. And even if you store your passwords on your own digital device, e.g. an iPhone, I think that device is more likely to be hacked than a printed hard copy hanging on your wall. I don’t want to launch into a long treatise on the technology of security but if my phone is stolen, the thief will not get my passwords. Most serious hacks happen because a user isn’t paying attention and is tricked into volunteering critical information that allows the attacker to gain access. That strategy is far easier to implement and more productive for the attacker than trying to decrypt passwords. Security isn’t just technology, it’s also a mindset. If people don’t take passwords seriously, they probably don’t take other security precautions seriously either.
|
|
|
Post by david on Jan 26, 2024 17:01:15 GMT -5
Most serious hacks happen because a user isn’t paying attention and is tricked into volunteering critical information that allows the attacker to gain access. That strategy is far easier to implement and more productive for the attacker than trying to decrypt passwords. Security isn’t just technology, it’s also a mindset. If people don’t take passwords seriously, they probably don’t take other security precautions seriously either. Dub, I agree with much of what you say and would love the convenience of all my passwords on my phone. My concern is that if many users have their info on their phones, then learning how to do a massive hack on a bunch of phones makes that the goal, attracting sophisticated hackers. And what better prize than a password vault? Hackers do not need to physically have your phone. We all (except Bill) permit apps access to our cell phone's microphone, pictures, GPS location, etc. How do we know that some app like "Google Maps" hasn't been hacked so that it downloads malware onto 100 million phones? How about if our WiFi or our cell service providers are hacked? Have you ever used public WiFi for your phone? Entered your password in a public place or a place that might have had cameras? Hacking cell phones used to be considered science fiction. I suspect it is now considered a business in some circles.
|
|
Dub
Administrator
I'm gettin' so the past is the only thing I can remember.
Posts: 19,852
|
Post by Dub on Jan 26, 2024 17:54:02 GMT -5
Most serious hacks happen because a user isn’t paying attention and is tricked into volunteering critical information that allows the attacker to gain access. That strategy is far easier to implement and more productive for the attacker than trying to decrypt passwords. Security isn’t just technology, it’s also a mindset. If people don’t take passwords seriously, they probably don’t take other security precautions seriously either. Dub, I agree with much of what you say and would love the convenience of all my passwords on my phone. My concern is that if many users have their info on their phones, then learning how to do a massive hack on a bunch of phones makes that the goal, attracting sophisticated hackers. And what better prize than a password vault? Hackers do not need to physically have your phone. We all (except Bill) permit apps access to our cell phone's microphone, pictures, GPS location, etc. How do we know that some app like "Google Maps" hasn't been hacked so that it downloads malware onto 100 million phones? How about if our WiFi or our cell service providers are hacked? Have you ever used public WiFi for your phone? Entered your password in a public place or a place that might have had cameras? Hacking cell phones used to be considered science fiction. I suspect it is now considered a business in some circles. I'm not trying to be a salesman here, I'm just trying to help out a friend. Feel free to ignore anything I say, we are still friends. But, just as you are an expert in law (not the same as expert-in-law, LOL) I am an expert in computing hardware, software, and networking. I've also planned data security for a major corporation.
|
|
|
Post by PaulKay on Jan 26, 2024 18:28:08 GMT -5
I use them all the time.
|
|
|
Post by david on Jan 26, 2024 19:07:43 GMT -5
But, just as you are an expert in law (not the same as expert-in-law, LOL) I am an expert in computing hardware, software, and networking. I've also planned data security for a major corporation. Dub, I defer to your superior knowledge and, as I said, I too want the convenience of a password vault or passkey. I was playing a bit of the devil's advocate. Sorry to sound argumentative. Occupational hazard. As James Taylor sang, "If I had closed my mouth, and opened my eyes." I will look into mSecure" and Passkey.
|
|