|
Post by aquaduct on Jan 26, 2024 19:43:32 GMT -5
My passwords are derivatives (depending on how many extra digits or symbols are required) of guitar names, which for me are all random collections of letters and numbers. Has always worked for me but I don't really do anything significant on personal computers (I suppose they could steal today's crossword answer but they'll have to wait until sometime next week before I actually get around to solving it).
For work, I've got a nightmare of two factor logins for two separate companies, one of which is a major defense contractor, that seems to be enough, along with the obligatory reporting of the company issued phishing scam emails and making me change passwords every 4 to 6 weeks on conflicting schedules. And they won't let me use anything on my own. So the random numbers and letters ploy is enough to make those psychopaths happy while still allowing me to eventually do the work they're paying me for.
The older I get, the more luddite I become.
|
|
|
Post by Marshall on Jan 27, 2024 9:31:15 GMT -5
I’ve used one for many (12?) years. The one I use is called mSecure, it’s never one that is written about much but it is very secure and not too dear. I keep reading about others but so far I haven’t seen one that I think is as good for personal use. If you’re choosing one for use in a large company, there may be others worth reviewing. Does it work with multiple devices you use to log into accounts, like multiple pcs, laptops, tablets, phones?
|
|
Dub
Administrator
I'm gettin' so the past is the only thing I can remember.
Posts: 19,852
|
Post by Dub on Jan 27, 2024 11:52:31 GMT -5
I’ve used one for many (12?) years. The one I use is called mSecure, it’s never one that is written about much but it is very secure and not too dear. I keep reading about others but so far I haven’t seen one that I think is as good for personal use. If you’re choosing one for use in a large company, there may be others worth reviewing. Does it work with multiple devices you use to log into accounts, like multiple pcs, laptops, tablets, phones? Yes, it works with my iPhone, iPad, iMac, and even my Apple Watch. Of course it works on Android devices and Windows as well, I just don’t have any of those. The data is synced across devices. A single user license covers five devices as I recall. Fiddlerina and I each buy our own single user license so we have separate password databases.
|
|
|
Post by Cosmic Wonder on Jan 27, 2024 12:44:57 GMT -5
Does it work with multiple devices you use to log into accounts, like multiple pcs, laptops, tablets, phones? Yes, it works with my iPhone, iPad, iMac, and even my Apple Watch. Of course it works on Android devices and Windows as well, I just don’t have any of those. The data is synced across devices. A single user license covers five devices as I recall. Fiddlerina and I each buy our own single user license so we have separate password databases. Dub, does Msecure use two factor thing? And biometrics to log in? Mike
|
|
Dub
Administrator
I'm gettin' so the past is the only thing I can remember.
Posts: 19,852
|
Post by Dub on Jan 27, 2024 12:48:01 GMT -5
Dub, does Msecure use two factor thing? And biometrics to log in? Mike Yes, it uses both or either.
|
|
|
Post by dradtke on Jan 27, 2024 19:33:03 GMT -5
I just print all mine out on a sheet of paper and push pin it to my office wall. Works great. It works better if you just write them on your office wall. That way if somebody steals your phone or laptop, they also have to break into your office and cut out a chunk of sheetrock- which you would surely notice.
|
|
|
Post by millring on Jan 28, 2024 13:43:21 GMT -5
It works better if you just write them on your office wall. This is why I always keep my blinds drawn. That, and I don't always have clothes on.
|
|
|
Post by coachdoc on Jan 28, 2024 16:51:04 GMT -5
The computer is a haystack. I am a needle. Nuff said. Said McGreevy.
|
|
|
Post by RickW on Jan 28, 2024 20:42:20 GMT -5
I don't always have clothes on. Is that because of where you write your passwords? Don’t you have write them down again every time you shower?
|
|
|
Post by RickW on Jan 28, 2024 20:46:37 GMT -5
The older I get, the more luddite I become. When I met my wife, she was programming in the first set of AI tools. She ended up doing technical support for PCs and networks. She now spends much of her day swearing at her cellphone, wondering why it’s not doing what she wants. I try not to get involved.
|
|
Dub
Administrator
I'm gettin' so the past is the only thing I can remember.
Posts: 19,852
|
Post by Dub on Jan 28, 2024 20:50:05 GMT -5
The computer is a haystack. I am a needle. Nuff said. Said McGreevy. Exactly. And the bad guys have very powerful magnets. They can pull you out of that haystack without even having to know you're there. Not a bad idea to have a magnetic shield of some kind.
|
|
|
Post by John B on Jan 29, 2024 9:49:47 GMT -5
I have used a password manager for 12 years or so; it works fairly seamlessly between my computer and my phone. When I need a new password, it will generate a random one to the length of my choosing (currently 16 characters, a mix of letters, numbers and nonnumeric characters). While the manager I use is LastPass, and it had a security incident, I am (mostly) satisfied with their explanation of what was or was not accessible when someone gained access and the security of my information. I would never go back to NOT using a password manager. Dub's really smart about this stuff. All of you who aren't using a manager, for whatever reasons, are accepting a huge amount of risk. "I don't wanna" or "it's complicated" or "I don't understand how it works" are all reasons not to use password managers, but they are poor ones. "I understand the risks and accept them" is a perfectly acceptable and realistic reason not to use them, but I only see one person saying that (and he's got a pretty good method of creating passwords outside of a manager). blog.lastpass.com/2022/12/notice-of-recent-security-incident/
|
|
|
Post by Marshall on Jan 29, 2024 10:55:03 GMT -5
So far I still use a spreadsheet with a list of passwords. 2 spredsheets, actually. One for most things, and a second for financial stuff. They are both password protected. For financial stuff, I use 2 part authentification.
I guess I don't trust somebody else (password program companies) managing my critical data. At least that's the way I used to see it. Now I just operate this way out of momentum.
|
|
|
Post by Cosmic Wonder on Jan 29, 2024 11:01:25 GMT -5
What happens if your computer crashes and you can’t get to your spread sheet?
Mike
|
|
|
Post by Marshall on Jan 29, 2024 11:02:19 GMT -5
It's backed up on 2 computers, a remote drive, and a USB stick.
|
|
|
Post by Marshall on Jan 29, 2024 11:06:07 GMT -5
What I'm most worried about these days is my phone. If somebody got that and got into it, they could do a lot of damage. There are bank apps, plus email. And any site that you access has a "forgot password" option, where they email you a link which you can read on your phone. And 2 part authentification also uses the same phone.
|
|
|
Post by david on Jan 29, 2024 13:10:15 GMT -5
Does it work with multiple devices you use to log into accounts, like multiple pcs, laptops, tablets, phones? Yes, it works with my iPhone, iPad, iMac, and even my Apple Watch. Of course it works on Android devices and Windows as well, I just don’t have any of those. The data is synced across devices. A single user license covers five devices as I recall. Fiddlerina and I each buy our own single user license so we have separate password databases. If your iPhone, with its self-contained biometric info and my 6-digit pin, is backed up to the "iCloud" based computer, is that cloud computer subject to being hacked and gaining access to secure data? If so, do you just not have your phone automatically backed up?
|
|
Dub
Administrator
I'm gettin' so the past is the only thing I can remember.
Posts: 19,852
|
Post by Dub on Jan 29, 2024 14:24:03 GMT -5
Yes, it works with my iPhone, iPad, iMac, and even my Apple Watch. Of course it works on Android devices and Windows as well, I just don’t have any of those. The data is synced across devices. A single user license covers five devices as I recall. Fiddlerina and I each buy our own single user license so we have separate password databases. If your iPhone, with its self-contained biometric info and my 6-digit pin, is backed up to the "iCloud" based computer, is that cloud computer subject to being hacked and gaining access to secure data? If so, do you just not have your phone automatically backed up? This is a many-layered question. I need to emphasize that I’m not trying to encourage everyone to do as I do. Each individual needs to evaluate the technology, the labor involved, and the risks in order to choose a path. My password manager, mSecure, like most of the others, offers cloud-based syncing across devices. Mine hosts their own cloud for the purpose but also supports iCloud and, I think, DropBox. I have so far chosen to use mSecure’s cloud just so I don’t have all my eggs in the same basket. This may be silly and inconsequential. Oh, well. If my password manager is hacked, either the company’s host computing environment or the product code itself, intruders still won’t have my passwords. The vendor keeps nothing that could be used to decrypt my passwords. They never, at any point, have the ability to see or learn any of my passwords. If, somehow, I completely lose the ability to access my passwords, they have no ability to help me. I am the one responsible. If hackers get ahold of my encrypted password file, they still won’t be able to crack it. Neither the NSA, the CIA, or foreign governments currently have that ability. There are no back doors. But this security is strong only because the computing power needed to break it isn’t available. At some point in the future, breaking the encryption will become child’s play. My iPhone is set to self destruct if thieves try to gain access. All my devices are continually being backed up. My iMac is backed up to a dedicated drive on my eero WiFi setup and my iOS devices are backed up to Apples iCloud. Now, with Apple’s recent iOS update, my phone is set so that a thief who also has my six-digit passcode is still prevented from gaining access. None of this is perfect but the effort and cost seem reasonable to me. Most of what I do with security I just put in place and forget about it. I use several other products that I feel make us more secure but the most useful thing is to keep being suspicious of everything. Still, there was that guy, Achilles.
|
|
|
Post by david on Jan 29, 2024 17:26:53 GMT -5
If your iPhone, with its self-contained biometric info and my 6-digit pin, is backed up to the "iCloud" based computer, is that cloud computer subject to being hacked and gaining access to secure data? If so, do you just not have your phone automatically backed up? This is a many-layered question. I need to emphasize that I’m not trying to encourage everyone to do as I do. Each individual needs to evaluate the technology, the labor involved, and the risks in order to choose a path. My password manager, mSecure, like most of the others, offers cloud-based syncing across devices. Mine hosts their own cloud for the purpose but also supports iCloud and, I think, DropBox. I have so far chosen to use mSecure’s cloud just so I don’t have all my eggs in the same basket. This may be silly and inconsequential. Oh, well. If my password manager is hacked, either the company’s host computing environment or the product code itself, intruders still won’t have my passwords. The vendor keeps nothing that could be used to decrypt my passwords. They never, at any point, have the ability to see or learn any of my passwords. If, somehow, I completely lose the ability to access my passwords, they have no ability to help me. I am the one responsible. If hackers get ahold of my encrypted password file, they still won’t be able to crack it. Neither the NSA, the CIA, or foreign governments currently have that ability. There are no back doors. But this security is strong only because the computing power needed to break it isn’t available. At some point in the future, breaking the encryption will become child’s play. My iPhone is set to self destruct if thieves try to gain access. All my devices are continually being backed up. My iMac is backed up to a dedicated drive on my eero WiFi setup and my iOS devices are backed up to Apples iCloud. Now, with Apple’s recent iOS update, my phone is set so that a thief who also has my six-digit passcode is still prevented from gaining access. None of this is perfect but the effort and cost seem reasonable to me. Most of what I do with security I just put in place and forget about it. I use several other products that I feel make us more secure but the most useful thing is to keep being suspicious of everything. Still, there was that guy, Achilles. Dub, If you have the continued patience to answer my questions: 1. How can a password be backed up to iCloud, MSecure or Dropbox without actually transferring the password that is being backed up to those computers? 2. How can my passwords be available on 5 different devices? That is, how do the passwords themselves get onto each of the five devices? - I am not doubting, I am simply trying to understand, and I appreciate your responses.
|
|
Dub
Administrator
I'm gettin' so the past is the only thing I can remember.
Posts: 19,852
|
Post by Dub on Jan 29, 2024 18:08:05 GMT -5
All encryption is done on my devices. No unencrypted data ever leaves my device. Only secure, encrypted data is sent to the cloud.
When passwords are entered for logins, the password comes from my device, not the cloud. The system does not track my logins in any way.
The passwords get to other devices because each device has the password app and each device syncs with the same cloud.
|
|