Passwords - create & manage - online security apps & tools

[driver8]

So how easy are these to use ?
And do they do everything you need, so apart from the 'master password' there's no need to remember (or even know) any others ?
And do you change all your existing passwords (for Amazon, etc) into randomly generated ones, looked after by the app ?

[ljp]

Another vote for lastpass, works well and takes the worry out of remembering anything other than the one you log in with.

[AndyWilson]

I used to use My Head - always worked really well and reliably and the information was available wherever I was and whatever device I was using. Lately though it's been having issues - I think it's getting a bit long in the tooth - and I don't think I can rely on it much longer

[peg20]

Quote:

Originally Posted by driver8

Anyone tried more than one, to compare ? (Is there a good review roundup anywhere ?)

Sorry, I've only tried keepass, so will comment on that.

Quote:

Will I need to pay monthly/annually for the best solution (which I'd rather not have to do) or is there a 1-off payment (or completely free ?) method that is just as good as the big boys ?

KeePass is free for non-commercial use (at least). I've not looked into the cost for commercial use.

Quote:

How do the apps handle things like 1st/3rd/7th characters from your memorable word ?

KeePass doesn't. But it can show you the password (normally obscured by asterisks) so you can count yourself. :-)

Quote:

As for allowing your app to generate & manage all your passwords so even you don't know what they are - still seems weird to me - anyone come unstuck with this, say at a cybercafé or friend's house ?

KeePass has android and iphone apps. I keep my KeePass encrypted in BoxCryptor and then inside DropBox (again, both free for non-commercial use and available on android and iphone). So then I have access to my passwords wherever I go.

Hope this helps

[beebul]

KeePass for me too, for both work and personal passwords.

[ljp]

http://www.theregister.co.uk/2014/07...lurting_codes/

[driver8]

Thanks for all the suggestions.

So it looks like KeePass and LastPass are the favourites, with eWallet bringing up the rear.

It's surprising that one of the big boys hasn't created the ultimate cross-platform password manager app by now, although I suppose that might be a red rag to the pro hackers.

Anyone else with personal experiences to share ? Or a decent comparative online review anywhere ? Anyone with a cross-platform cost of ownership summary table ?

[Anthony.S]

For Lastpass I can really recommend the Yubico yubikey which adds two-factor authentication along with many other things. You could also use Google auth using an app on your phone.

http://www.yubico.com/products/yubik...dware/yubikey/

[driver8]

Sheesh - it really is complicated, and the main reason I've held off for so long !

What is the average person expected to do ?? No wonder there is so much cybercrime and so many 'qwerty123' passwords !

[douglasb]

I just use a formula.

Say it was your Amazon account, you could do something like

Amazon567%^&Arsenal where the 2nd word is a football team with the same initial.

Your Play account would be

Play567%^&Portsmouth

Once you get into a routine, it's easy enough. If someone hacks a site and gets access to passwords, it doesn't matter how complex yours is - they have it. All you're looking for is something that would deter a basic brute force attack.

[driver8]

Thanks, Doug - yes, this iirc kind of thing was discussed earlier in the thread.

But I really need an app cos I've just got too many now (developing websites for people).

[zharrt]

Using 1password for a bit now and really like it, especially the programmable hot key to insert passwords into the browser, annoyingly though as more and more apps on my phone/tablet have passwords that seems to be the weak link in the chain, I know 1password has an iOS app but that just gives you access to the browser version of any sites etc which are impractical, guess I am going to have to generate new obscure passwords, key them in manually on the phone/ipad and then just up the screen lock from simple pin to complex password

[Dave h-j]

I use 1password on iOS. I used to have them ni my head, but i having to request more and more reset requests. I don;t bother with highly complex passwords, as there i no way I would be able to recall them easily and be able to type them in reasonably quickly.

So I either use:
keyboard patterns (so I couldn't tell you what the password is, but I know how to recreate it)

Word patterns (based on object verb object). Such as: Y0u kick ball!

I also try and use different usernames too, so a certain amount of reuse of password can be done.

It's mainly websites and some other services - banking is still all in my head

[peg20]

Quote:

Originally Posted by ljp

http://www.theregister.co.uk/2014/07...lurting_codes/

Nice. I'm glad I keep mine in my own storage rather than in a random service. (And yes, mine are in Dropbox, but that requires someone cracking both keepass encryption, boxcryptor encryption and hacking dropbox.)

[driver8]

PC Pro (Mar-13) : Password managers: Are they safe? Which is the best?

PCW (Feb-14) : 5 password managers that protect your personal data too

PCM (Apr-14) : The Best Password Managers

DashLane and Norton ID Safe have joined LastPass and 1password on my shortlist ...

[Tempest]

You know what would help us all a LOT, and I know it's a crazy stupid idea as it involves humans coming together and actually agreeing on something. (typically a very hard thing to do)
That would be for everyone to agree to the same type of password on all web sites, and perhaps even all devices.

Not one place that says must include a letter, when another place does not need that, one place saying can be up to 50 characters long, another saying max 10 letters.
Some allowing the odd character "!/- when others places saying NONONO only a-z

It would at least allow people around the world to actually have a password system that they could use always. Not a great system, but 1/4 of their web sites won't allow that type of password.

On the other hand, realistically would there be ANY scope in the future of some body part scanning? Again, someone pretty much everyone could agree on.

[Anthony.S]

Quote:

Originally Posted by Tempest

You know what would help us all a LOT, and I know it's a crazy stupid idea as it involves humans coming together and actually agreeing on something. (typically a very hard thing to do)
That would be for everyone to agree to the same type of password on all web sites, and perhaps even all devices.

Not one place that says must include a letter, when another place does not need that, one place saying can be up to 50 characters long, another saying max 10 letters.
Some allowing the odd character "!/- when others places saying NONONO only a-z

It would at least allow people around the world to actually have a password system that they could use always. Not a great system, but 1/4 of their web sites won't allow that type of password.

On the other hand, realistically would there be ANY scope in the future of some body part scanning? Again, someone pretty much everyone could agree on.

I don't think I could disagree more TBH. Having a standard would just make it easier to compromise. Traditional passwords are not long for this world I think anyway.

[Tempest]

Quote:

Originally Posted by Anthony.S

I don't think I could disagree more TBH. Having a standard would just make it easier to compromise. Traditional passwords are not long for this world I think anyway.

I disagree back

When I say a standard, I mean it allows you full range to have a good password, and not limit you.

If you CAN have say A-Z and 0-9 And a range of !"£$%^ in there, on every site, then that would be better than some other sites limiting you.

I am against the limiting sites, and saying that all sites should adopt the acceptance of the full range so you can think up a nice password/s and not have to come up with limited ones due to some site having it's own less secure rules.

[driver8]

Has anyone got any new experiences with password managers, good or bad ?

What's currently considered the best (easiest) solution across Android and Windows devices ?

Good article here - What the Dropbox Hack Can Teach You About the State of Web Security

And the rather worrying: Pwned Websites - see if your email address or user name is featured in online lists, publicly dumped and readily available.

Password Manager Reviews

• HowToGeek
• PCmag
• LifeHacker
• HackerNews
• Wired
• TechRadar

[zantarous]

I recently started using LastPass and it does what it should, works really well on android and chrome on windows. Now every site I sign up to has a unique password and I can change them with ease. I don't need to remember anything apart from the master password.