Hit the "Forgot Password" link. If need be, answer the security questions, and generate a new password.
"Forgot Password" is my password manager!
LastPass
- Thread starter Vrai
- Start date
- Status
Hit the "Forgot Password" link. If need be, answer the security questions, and generate a new password.
"Forgot Password" is my password manager!
Condobloke
Well-Known Member
Hmmmm, that would not help me. My mother's maiden name is Rd8Hn#7y. My high school city is 97GrU3W$. And my childhood best friend is Cwp4Mz8d. No, I don't even trust my childhood best friend!
This follows advice from Electronic Frontier Foundation (EFF). So keeping a good up-to-date backup of my password manager is very important. Exporting the vault to .csv and printing a hardcopy to store in a safe, or safe deposit box, isn't a bad idea either. There are no perfect solutions, and everyone has a different level of comfort between security versus convenience. I try to lean toward security.
The answers I give to those recovery questions aren't real answers - but they're consistent answers.
So, knowing my mother's maiden name, my first pet's name, or my first car won't actually help you.
So, knowing my mother's maiden name, my first pet's name, or my first car won't actually help you.
What are you going to do if your house burns down or do you keep that notebook in a safe?
If my house burns down my laptop goes with it. Do I keep it on line in a cloud scenario instead and risk it being hacked by fraudsters?
No silver bullet friends.....
Condobloke
Well-Known Member
The stumbling block, it would appear, is the cloud. It is not trusted.
“But what exactly is the cloud? Simply put, the cloud is the Internet—more specifically, it's all of the things you can access remotely over the Internet. When something is in the cloud, it means it's stored on Internet servers instead of your computer's hard drive.”
So, we use the cloud with just about every mouse click....we are using it now to exchange comments etc here
We use it every time we receive an email, search for anything at all regardless of which search engine we use......it is the internet
But when it comes to our passwords.....no way !....trust goes out the window !!
what if those who doubt the security of the cloud were to use 2FA.....two factor authorisation ?...a text can be received or an ‘authoriser’ can be used. Google has one.....or “Authy”....Yubikey etc etc....all are simple and quite easy to set up. They work across devices.....pc and mobile (cell) phone etc
@stan said somewhere to print the .csv file from your password manager, and store that in a safe. Sage advice indeed !
It is imperative to note that with BitWarden, the information that leaves your pc/mobile or cell phone, is ENCRYPTED .....BEFORE IT LEAVES THE DEVICE .
Food for thought.
“But what exactly is the cloud? Simply put, the cloud is the Internet—more specifically, it's all of the things you can access remotely over the Internet. When something is in the cloud, it means it's stored on Internet servers instead of your computer's hard drive.”
So, we use the cloud with just about every mouse click....we are using it now to exchange comments etc here
We use it every time we receive an email, search for anything at all regardless of which search engine we use......it is the internet
But when it comes to our passwords.....no way !....trust goes out the window !!
what if those who doubt the security of the cloud were to use 2FA.....two factor authorisation ?...a text can be received or an ‘authoriser’ can be used. Google has one.....or “Authy”....Yubikey etc etc....all are simple and quite easy to set up. They work across devices.....pc and mobile (cell) phone etc
@stan said somewhere to print the .csv file from your password manager, and store that in a safe. Sage advice indeed !
It is imperative to note that with BitWarden, the information that leaves your pc/mobile or cell phone, is ENCRYPTED .....BEFORE IT LEAVES THE DEVICE .
Food for thought.
Condobloke
Well-Known Member
Lol.....that didn’t take much thought David !....wouldn’t you like the warm tingly feeling of a pword manager doing it for you ??
LOL Not really, no...
As I mentioned in the other thread, I use 'reset password' as my password manager. I also don't do much in the way of banking on my computer, so I'm not too worried there. I do have PayPal, but that's attached to an account that I only put money into it when I want to. If I don't visit a site regularly, there's no chance I'll remember the password and I'll just reset it.
My email passwords are all committed to memory. (I'm kinda pleased to be able to say that. I'm old and I have a dozen email addresses!) Though, frankly, my email client keeps those memorized if I should happen to forget.
I used the 'reset password' today, actually. I had to get into Amazon. I reset the password to a long string of gibberish, copied and pasted it to login, and promptly forgot it. When I want to use Amazon again, the browser might remember it for me. If not, I'll just reset it again.
I also don't let my browser sync my passwords. I have a copy of my ~/ directory. When I need to, I just move my config files to another computer, open the browser anew, unlock the profile, and there are all my passwords, bookmarks, browser history, cookies, etc...
On the other hand, my drive is encrypted and I don't really need to worry about physical security. As I've said before, if you can get past my encrypted drive, the last thing I'm worried about is you accessing my Amazon wishlist.
There is no cloud... it's just somebody else's computer!
Someone can correct me if I am mistaken. The BitWarden encryption importance "leaving the device" is about syncing to other devices, right? When you log in to your bank, via any password manager, your passwords are sent in plain text... or else your bank would not be able to decrypt it. Your real point of trust then is the pipe, the https connection, that secures your plain text password between you and your bank. The password manager's encryption "on the device" is simply a padlock to protect it if someone steals your phone/computer or is somehow able to retrieve it from your cloud storage server (hack). No one is immune from hacks... ask Chase Bank, Equifax, et al.
Your browser is your weak link, in my opinion. It is your gateway to everything. It has flaws and needs constant patching in it's attempt to remain secure for you. It is a prime target for adversaries who would exploit it's vulnerabilities. It is for these reasons that I never use the browser to store any passwords, ever. It is for these reasons that I would not want my password manager to interface with my browser in any way... in spite of the "convenience" that might offer. More convenience usually means less security, in one way or another, in ways you may not think of or suspect.
I don't use "banking apps" on my phone... not trusting either the phone itself, the phone's browser, or the app. I just have no need for that "convenience" that would justify the risks. Similary, I won't use Google Pay, or Apple Pay, or any other near-field communication (NFC) to move money with my phone.
I've read absolute horror stories of the after effects of identity theft. One of the strongest protections (here in the US) is to "freeze" your credit report with all the major credit bureaus. I did this many years ago, and I check occasionally that these reports remain frozen. That means it is very inconvenient when I actually do want to open a new credit account. Less convenient is more secure, following what I've already said.
I do online banking and bill pay from my computer, so these concerns are very real and immediate. I use KeePass with locally stored database (and backups) and extremely long secure passwords for important stuff. As @KGIII mentioned above, I have a script to compress and encrypt my KeePass vault (and a few other important files) and store it on a personal web server, not Dropbox or Google Drive. That process puts a 2nd padlock on the password data for the online backup.
And then I wonder.... is that enough?
For some folks, it is way too much. Some folks may even use more stringent methods than me. We all have different levels of comfort. We all have different levels of knowledge too... maybe some of these things have never occurred to you. But our computer security is up to us, and we all have different ideas, and needs, and solutions. Good luck!
I trust it when *I* encrypted it.
I have less trust when someone says *they* encrypted it before uploading it - and I can't even verify that it was encrypted prior to being uploaded.
I also have other-worldly quantities of disk space available online. But, properly encrypted *on your end*, you could upload said file most anywhere - including places like bayfiles.
After LastPass's dick move I switched to BitWarden premium. Loving it. Wish I had switched sooner.
Condobloke
Well-Known Member
How Safe Are Password Managers?
A password manager stores all your passwords and automatically fills them in your web browser and mobile apps. But is trusting an app with your passwords and storing them all in one place a smart idea?
www.howtogeek.com
D
Deleted member 101831
Guest
The best password keeper ever.
It's never failed to work or lost a password.
It's never failed to work or lost a password.
Condobloke
Well-Known Member
$3g7&9^N^sU#@KTFewD2z
Typical password.
Hope your handwriting is legible, Chief.
Typical password.
Hope your handwriting is legible, Chief.
D
Deleted member 101831
Guest
My handwriting is very legible.
Passwords aren't difficult to remember right now however may be harder to remember when I get further up in my years though.
I have my passwords written down in case something happens to me and the Wife needs to get into my accounts.
Last edited by a moderator:
Just tonight I created the longest password with KeePass that I have ever used: 48 characters. The financial institution allowed 50 characters, but I didn't want to go overboard.
In most cases, I can't remember 8 characters of gibberish, much less 48. My wife always has a copy of our KeePass on USB, and she is comfortable using it. I just give her regular backups when things change.
D
Deleted member 101831
Guest
I don't care how secure you think you may be once you access any online account from any device you information is available to be gotten.
Encrypted or not anything can be broken as has been proven so many times.
Look what happened to Colonial Pipeline Company.
Encrypted or not anything can be broken as has been proven so many times.
Look what happened to Colonial Pipeline Company.
Condobloke
Well-Known Member
from the WHite House,
""However, Anne Neuberger, the White House’s top cybersecurity official, pointedly declined to say whether companies should pay cyber ransoms at a briefing earlier this week. “We recognize, though, that companies are often in a difficult position if their data is encrypted and they do not have backups and cannot recover the data,” she told reporters Monday.
The simplest thing, brings down a company worth billions
The company is therefore run by a bunch of dumbshits.....the main password is probably ........... pipe .
""However, Anne Neuberger, the White House’s top cybersecurity official, pointedly declined to say whether companies should pay cyber ransoms at a briefing earlier this week. “We recognize, though, that companies are often in a difficult position if their data is encrypted and they do not have backups and cannot recover the data,” she told reporters Monday.
The simplest thing, brings down a company worth billions
The company is therefore run by a bunch of dumbshits.....the main password is probably ........... pipe .
- Status
$100 Digital Ocean Credit
Get a free VM to test out Linux!
Linux.org Hosting Donations
Consider making a donation
Get a free VM to test out Linux!
Linux.org Hosting Donations
Consider making a donation
