Password managers
 

I am having problems remembeing my pass words, i was wonering if a passworld manager woul help.

Any suggestions

Re: Password managers
 

I've been using https://1password.com/ for many years and quite happy with it. The main feature I find useful is it works on all my devices with a native app on each platform and it synchronises my passwords for me in a secure and encrypted way (the 1password developers never have access to your passwords due to the local encryption it uses before synchronising things).

So whether I'm using it on my PC, Mac or iPhone it's always ready with all my passwords already synchronised.

There are many alternatives, some free and some paid but I've only used 1Password myself.

Re: Password managers
 

I use Firefox and its built-in password and login manager. That way I can have strong passwords without needing to try and remember them.

Re: Password managers
 

Install the Lastpass password manager on your browser it's awesome and so much better than built in password manager, mines setup with 2FA authentication.

Re: Password managers
 

These systems are all very well unless someone hacks it or it gets compromised. All very well putting your eggs in one basket unless someone steals the basket.

Re: Password managers
 

That are my main concern

Re: Password managers
 

Make sure your virus protection is up to date and I also use a script blocker to prevent malicious scripts on web pages compromising the system. This also prevents data gathering, pop-up ads, capcha and subverting your mouse clicks.

You can white list those scripts that are needed for sites to operate properly, mainly googleapis.com

Re: Password managers
 

To be honest write them down and put them in a drawer, there is 99.9999999999999999% chance that anyone would break in just look for a book just for passwords, when there are other more valuables lying about.

Re: Password managers
 

I use lastpass (it just makes things easier).

Dont get paranoid about it because of the doom merchants.
You may as well stop using the internet if you worry so much.
Just make sure you have a very strong password on your lastpass account.

I used to store them in a password protected excel spreadsheet, and still keep that up to date as a backup.

Re: Password managers
 

Kaspersky Password Manager here. Been using it for about 15 years.

Re: Password managers
 

It's all well and good getting your browser to remember passwords, but what if you need a password on a different device or computer?

I had been using Lastpass for a number of years, but swapped over to using Bitwarden a few months ago.

I found Lastpass was getting more & more buggy over the past year or so with updates on Android, it was getting harder to get it to actually kick in & fill in passwords, usually ended up having to open the app & copy & paste it manually.

Not had any problems with Bitwarden, works great on my phone & Brave (Chrome) extension, and can also login to the Bitwarden website should need to.

Re: Password managers
 

I will try that

Re: Password managers
 

We use lastpass for our passwords and have done for about 4 years now without bother.

Re: Password managers
 

I wouldn't advise writing them down on paper that is the worst option, password manager is the way to go with 2FA authentication.

Although I keep my banking on paper but the passwords are coded with things I can't forget and would be useless to anyone other than me trying to use them.

Re: Password managers
 

If you have a good password to start with, 2FA is just a waste of your time.

Re: Password managers
 

What is 2FA?

Re: Password managers
 

Two Factor Authentication

https://www.csoonline.com/article/32...-it-works.html

Re: Password managers
 

What Hugh said.

Basically when I log in to last pass on my browser I get a popup on my phone that I can either authenticate with my finger print, if the mobile/tablet doesn't have a fingerprint reader it then gives me a code to enter on the browser, then all sites will log in with their relevant passwords when they're visited.

Basically I never need to remember my site passwords and they're all like dud5#6gkse@#%2 etc, you only need to remember the Lastpass master password.

Re: Password managers
 

I use Keeper Password Manager, done so for two years now, tried all the popular ones like Lastpass and this is tops

Re: Password managers
 

Another thumbs up for LastPass. One feature I use is to share passwords with other users (children) but prevent them from seeing the password so they can login to sites but can't then share or play too much. I also generate a one time password sheet for each account and print that out incase master passwords are forgotten but I generally keep copies in my "vault".
LastPass (and others) can also fill in forms for you, I have a basic info one setup with name, address etc. It can save you time on some sites.
I use LastPass on Windows, Linux, iOS (iPhone) and mostly on Android. On computers it's the first thing I add to browsers as I need it to login to other sites to get other plugins working.
I don't have my main banking login in there and some sites require master password entry to get information.

Re: Password managers
 

Any password can be cracked given enough time and people are still silly enough to fall for phishing emails where they will freely give away their passwords believing fake websites to be legit, or requests for credentials to be genuine. With a rise in distirbuted cracking of passwords like fitcrack, thousands of machines could be working on your password at the same time. I mean, there's even freely available code on Github to add to websites that utilise visitor's web browser CPU time to work on passwords whilst they visit a website. There are so many free and very easily obtainable packages out there to harvest or payload in order to gain passwords with you even knowing about it. Consider Kali for example, and the enormous array of abilities that package has, and it's all free.

2FA requires something you know (password) AND something you have (rotating code / smart card / et cetera). This means either one is absolutely useless without the other. If someone loses their password for any reason to someone outside of themselves, that 3rd party still cannot access the account. If the 3rd party steals your smartcard or gains access to your authenticator application, it means nothing without your known account credentials.

If it were a waste of time, people and businesses across the globe wouldn't bother implementing it. There is no doubt 2FA would have saved businesses millions, if not billions, of pounds over the years through fraud and cryptolocking attacks. Social engineering is rife and people are always the weakest link. Regardless of how 'safe' you think you password is, or how clever you think you are, a password by itself will never be as secure as one used in conjunction with 2FA.

Security is the leading concern and factor in the IT industry right now being driven forward and pushed. Think GDPR, ISO27001, CyberSecurity implementations and so on.

howsecureismypassword.net and other such sites are great for filling people with a false sense of security because a 'long' password looks like it will take so long to crack it will forever be safe. but;

1) I refer to my point on social engineering - people are so inquisitive, they put their actual passwords into these sites to see how long it might take to crack - they have just typed in their password! Who knows what such sites are doing with that data? Match that to an IP and cross reference a leaked access database from an infrastructure such as Google, Apple, MS, Facebook or whoever and the opportunity is there to match that IP to a user account name and then the password from that password checking site.

2) those sites give you an idea how long a basic desktop computer by itself might take to crack a password. they do not take into account GPU-based algorythm password cracking or the aformentioned distributed password cracking techniques. ANY everyday password could potentially be broken within hours depending on the methods employed.

Your passwords are most likely safe purely because you, as an individual, are not worth enough to waste time on it for another individual to target you directly. But when it's all being done automatically by machines, there's absolutely no favourtism at play and you are as vulnerable as the next guy or company.


If you have the option to use 2FA, use it. It's very quick to set up and very easy to use. And is WAY more secure than any password alone.

Re: Password managers
 

Totally agree - it’s very easy, and places like PayPal just sends an authentication code to your mobile (at no cost to you), which you then enter.

It takes around 30 seconds.

Re: Password managers
 

You can agree all you want, I dont.

... and yes, I find this sending of codes that banks now do, very very irritating, and a waste of my time.

Re: Password managers
 

You don’t have to agree. But facts remain facts. They don’t rely on what people believe in, agree with, have faith in, what they feel about something or what they think is ‘true’.

2FA / MFA is far safer than any password alone. Whatever your password is, if you add 2FA to it, your account will be far more secure.

Re: Password managers
 

Building a 20ft high, 2ft thick concrete wall, with barbed wire on top all around my house will make it safer and more secure from burglers, that still doesnt make it necessary, or not a waste of time/money doing so.

Re: Password managers
 

2FA is free and keeps safe your accounts, which in turn reduces the risk of identity fraud, theft from online resources and protects those who may be listed as contacts or associates in those accounts.

For example, if your email account is compromised, someone could send your friends and family phishing emails from your account and defraud them of money or belongings. In turn, their accounts could also be compromised and so the cycle continues as it has been for many many years. By not using 2FA, these criminals will continue to prosper and people you know will continue to lose out. Not protecting yourself online actually goes a long way to not protecting others.

A 20ft high, 2ft thick concrete wall with barbed wire is absolutely necessary if you have something to protect and keep safe. A prison needs these things in order to keep the contents in and the public safe. Same thought process applies to 2FA - it keeps your contents safe and protects other people from being the next step after your accounts are compromised.

If everyone used 2FA, there would be a huge reduction is scam emails, phishing and fraud. Not using it is doing nothing more than enabling the people that commit these crimes because you’ve made their goals not only possible, but on the whole, pretty easy.

Facts remain facts, no matter what analogy you try to use against them

Re: Password managers
 

If this ... If that ... If the other.

No, it isnt.

Speculation, not a fact.
Banks and now Paypal force annoying 2FA on me, do I get less/no spam emails trying to phish my login ? (The answer is No).

It would be more secure not to have online banking at all.
Just becasue something is more secure does not make it necessary.

Re: Password managers
 

If you value it enough, it is. The protection needs to be proportionate. Your identity in this day and age (online) should be valued. If not for your own sake and protection, then for that of others. World famous art museums will be better protected than your local corner shop. Why? because the content is more valuable. The protection for both will be proportionate to what is being protected.

2FA is free, quick and simple. I'm not sure I completely understand why you are so against it if it is there for your own benefit at no cost to you. I'd like to understand as I might be able to help you here.

Correct - there is no reduction in these at this time because not everyone is using 2FA (as per yourself and many others). This means the shotgunning tactics used by scammers via email will still hit a large number of people (which doesn't even need to be a high proportion of those using a service to be a lot of people), whom are still susceptible and open to falling foul of their efforts to gain access to their accounts. If you read again what I wrote, I did stipulate if everyone used 2FA, there would be a reduction. If there was zero chance of being able to compromise an account with a password alone, there would be no point in trying to get people's password.

Using your home protection analogy, if the house was completely empty (and we remove any desire for the property itself), then there would be no point in spending time on protecting it. But placing little or no value on your own identity, accounts and anything that is associated to that is not sensible thing. People can easily profit at your expense by using you or your identity as a product or catalyst to gain further assets for themselves.

If we go back to your analogy about a 20ft wall around your house to protect it, well if you don't want to be burgled, don't live in a building. now that comment seems a little ridiculous because, well... it is. much like your comment about not banking online.

Banking online, like it or not, is here and it is here to stay. it is one of the reasons 2FA / MFA came into existence - to protect it. and it does a bloody good job of it. Remember, it means you need to know something AND have something in your possession to then access your account. So like it or not, 2FA is also here to stay, and that is a good thing. It means we as people, our accounts, identities and our assets are more protected than otherwise they would be.

I hope that all makes sense - forgive me if it doesn't, I will be happy to explain again in other ways.

The bottom line is that no matter what you think of it, 2FA is crucial in this day and age for the information that can be accessed online. It really is that simple. Without 2FA, a lot of systems and service available to us simply would not be able to exist in the form they do presently without a legitimate risk of losing an awful lot - be that information, fiscal assets or whatever. It's because people and companies have lost so much on the past that 2FA came about and it's a very good thing it did.

2FA is not your enemy. it's not going to give away your secrets or sell you out to third parties. That's the job of Facebook et al. 2FA is solely there to protect those individuals and groups that use it. Right now, it is not compulsory to do so. But it may be in the future - it prevents a lot of insurance pay outs because nothing gets stolen in the first place when it is employed. And as we all know, the fiscal world tends to dictate quite a lot, the nature of development within technology. :)

Re: Password managers
 

You should be a salesman.

You can post long arguments all day if you want, but you wont change my opinion.

Its an unnecessary pain I dont need, and a waste of my time, having to dig out a bloody phone everytime I wont to login to something (and just to rub it in, get timed out after a few minutes).

You are obviously one of those who thinks everyone lives their life tied to a smart phone.

I dont (nor do I even have one).

Im not going to waste any more time on it, you think its great, I dont.

This topic is about Password Managers, so back to the subject.

Re: Password managers
 

Must say that I thanks for the password managers suggestions was very helpful

Re: Password managers
 

2FA doesn't always mean password plus device.

Essentially think of security as
something you know (password)
something you have (hardware)
something you are (e.g. fingerprint)

2FA means you need 2 of one of those to authenticate. So you could have a hardware dongle that unlocks with your finger print connected to you PC and that could provide 2FA. But normally it is password plus some other factor.

My issue is more what that other things is. I don't have a mobile phone of my own and don't always have my work one with me. So text message does me no good. I have used Google Authenticator and that's OK if my tablet is with me. You can't seem to set up the same "Authenticator" on multiple devices.

Re: Password managers
 

My biggest concern was that you may not have understood what 2FA offers, how it works or why it is important. Your comment about smartphones has goes quite a way in reinforcing that for you. You do not need a smartphone at all for 2FA. You can install 2FA authentication applications on any computer. Obviously, installing it on the same computer you user your auto-fill password manager on is not advisable, but it certainly is possible and workable to do so. Just don't let your machine get stolen. Perhaps build a 20ft wall around your home or something. ;)

Re: Password managers
 

:clap:

Re: Password managers
 

IIRC these days if a text is sent to a standard phone it is intercepted, the system calls that line and "reads" the text to you.

Re: Password managers
 

2FA can be a pain in the rear to.

When it asks u for example to choose all pics that has a bus in them it doesnt always work especially if ur using a VPN it all goes to pot.

Re: Password managers
 

That isn't 2fa i don't think.

Re: Password managers
 

i always thought it was a sort of 2FA.

Re: Password managers
 

Being a smartass doesnt make your point any better. :dozey:

I look forward to hearing how my bank will send their SMS codes to my PC.

---------- Post added at 19:49 ---------- Previous post was at 19:47 ----------

Not really.

However, the memorable word I need for most banks is already a kind of 2FA, knowing the password alone would not get you far.

Re: Password managers
 

it does make people giggle though ;) I mean, you can't blame me - you practically fed me the opportunity! lol. It would have been ruder to let it pass me by.

Re: Password managers
 

If your bank is the same as mine which is Lloyds u need a username, password and then choose 3 characters from a memorable word so the longer the word the better the security mine is 12 Characters long.