Thread: Password practices

Originally Posted by Splashone

I use Last Pass (lastpass.com). A web "guru" guy turned me on to it a while back. Its free for all but mobile devices ($12/yr if you want to automatically sync those to your account). It generates unique passwords and stores them along with the websites in encrypted storage. They also show you how to add additional security protocols like verification matrices to that to make things all but impossible to hack.

Ditto here too. Great product. If I had to pay for one mobile app, it'd be LastPass. Hands down. I don't have to worry about local browser insecurity, loosing phone, etc...

I, too, use the multi-level grid authentication you mention, so even if your master and sub-master passes are hacked, they would need to be in physical possession of an additional authentication method.

I've got my grandfather and other family members using it as well. Their days of pathetic passwords are over... well, I'd like to think so.

I haven't used 1Password. I'll have to take a look.

EDIT: Woah! 1Password $39.99 for single user license. pretty restricted "free options" too. I do like the PBKDF2 and hope LastPass will move this way also. No USB thumbdrive method or multi-factor authentication. No virtual keyboard for anything other than Windows and not in Chrome. No one time password(haven't seen that yet)??

I'm looking here btw LastPass vs. 1Password: Password Manager Shootout [Windows/Mac] | 40Tech

Also, as to 1Password, I don't really like the idea of a standalone sitting around on computers. I would think it would be susceptible to reverse engineering and, hence, a serious security liability. A large part of the rational for me was to have local computers in no way in touch with my credentials.

There is a an open source alternative as well: KeePass

Now, here's the rub: Did you complete the initial setup with tape on or tape off?

I generate passwords using my own software and just memorise them. Some of the less important I keep in a password manager called Roboform, but important ones like internet banking etc are in my head.

I try to use paypal as often as I can for online purchasing but when I cannot I do use my credit card. My bank has decent fraud detection, but...

At work they have the little plastic keychain thing that generates numbers every x seconds or whatever it is.

I've got an old laptop I've installed a linux OS on that is completely stand-alone - connects to nothing, uses unrelated password. I use that when students want to "show me their work" on a USB stick. If they want to download a key logger (or anything else) onto my machine they are most welcome to. (we've had hacking incidents in the past).

James.

Password practices? Every day or I will forget them.

I use the same one for a hand full of forums and change them out every few months,

same with my web based email.

Banking good luck, they don't make sense to me and are changed almost as often as my socks! (waiting on the peanut gallery here)

Have a book with them in. It ok if I remember note the chg.... and if I could remember where I put the book[emoji33]

I have one for several insignificant sites.
The important ones are written and tucked away, but I'll be getting password managing app.
Some of the important ones I remember, and all main financial sites I use are protected with pin activation via phone message.

True that - I forgot about the text message authentication.

James.

A USB thumb drive for the passwords and it is nowhere near the computer if I am not. A spare up to date at a different spot at home.
And some hefty AV and optimizing programs also on the computer full time. May not be perfect but..it may help.
~Richard