Go Back  British Expats > General > The Lab
Reload this Page >

Password managers.

Password managers.

Old Dec 6th 2019, 9:12 pm
  #1  
No longer unlocking.
Thread Starter
 
BuckinghamshireBoy's Avatar
 
Joined: May 2016
Location: Brasschaat, Vlaanderen, België.
Posts: 4,333
BuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond repute
Default Password managers.

I searched BE and only found an old thread of BristolUK's in the Maple Leaf which has been dead for a couple of years.

I currently use an Android app, which does have a Windows compatible interface, but seamless it sure isn't. I'm not talking about browser extensions or that kind of thing, but a secure, multi-platform accessible vault.

So... cloud based storage accessible by Windows, Linux and Android (I've effectively abandoned Apple/IOS, so don't care on that front).

I see that the lovely people behind NordVPN have launched NordPass, but they don't seem to be pushing it - why not

I looked at this article but don't see a clear 'winner'.

If anyone has thoughts or recommendations, I'd be glad to hear back.
BuckinghamshireBoy is offline  
Old Dec 6th 2019, 11:22 pm
  #2  
Oscar nominated
 
BristolUK's Avatar
 
Joined: Jan 2008
Location: Moncton, NB, CANADA
Posts: 33,326
BristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond reputeBristolUK has a reputation beyond repute
Default Re: Password managers.

dbd's comment in that thread - My "secret question" for some banking thing or other is "knee pads, an airline bag and?" is very handy. It's obviously something that means something to him but anyone else would be clueless. You could certainly guess it was something else needed on a plane but sick bag, ear plugs, book, dvd player are just a few of the possibilities and where would you put your caps/characters/spaces etc even if you did guess the right one among scores?

I'm still old skool and reluctant to use anything techie (for reasons mentioned in that thread) preferring clues that won't mean anything to anyone else. I do change them from time to time and the biggest issue then is automatically typing in the old one.
BristolUK is offline  
Old Dec 7th 2019, 10:30 am
  #3  
No longer unlocking.
Thread Starter
 
BuckinghamshireBoy's Avatar
 
Joined: May 2016
Location: Brasschaat, Vlaanderen, België.
Posts: 4,333
BuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond repute
Default Re: Password managers.

Originally Posted by BristolUK View Post
dbd's comment in that thread - My "secret question" for some banking thing or other is "knee pads, an airline bag and?" is very handy. It's obviously something that means something to him but anyone else would be clueless. You could certainly guess it was something else needed on a plane but sick bag, ear plugs, book, dvd player are just a few of the possibilities and where would you put your caps/characters/spaces etc even if you did guess the right one among scores?

I'm still old skool and reluctant to use anything techie (for reasons mentioned in that thread) preferring clues that won't mean anything to anyone else. I do change them from time to time and the biggest issue then is automatically typing in the old one.
It's managing the sheer number of items concerned (122 as of this morning) that prompted the inquiry. Not all of these these things are logins/passwords, I'm sure that I could muck out a few redundant ones, but I use it to handle all kinds of information that I consider to be sensitive. Plus the master database is on the mobile, so if that were to be misplaced or even stolen, I'd be in deep lumber.

I do copy the database over to a PC as a back-up fairly often, but as mentioned before, it's a bit clumsy. The data within hardly changes, but I'm making more and more use of it now, and I've had a couple of issues recently, one where the 'phone database became 'corrupted' and couldn't be accessed at all - had to copy back from the PC - and a couple of days ago I had a need to access something online where I had the userid, but no password was in the database, or the backup. Ok, that's a slip on my part, but still.

I realise that it's become exacerbated by moving country and thus changing SIM card and 'phone number. My financial stuff is always two-phase authentication, so the 'phone plays a critical part. Some governmental services in BE, CH and UK also use two-phase authentication, but not all of them.
BuckinghamshireBoy is offline  
Old Dec 8th 2019, 10:28 am
  #4  
Account Closed
 
Joined: Jun 2011
Location: UK
Posts: 4,891
materialcontroller has a reputation beyond reputematerialcontroller has a reputation beyond reputematerialcontroller has a reputation beyond reputematerialcontroller has a reputation beyond reputematerialcontroller has a reputation beyond reputematerialcontroller has a reputation beyond reputematerialcontroller has a reputation beyond reputematerialcontroller has a reputation beyond reputematerialcontroller has a reputation beyond reputematerialcontroller has a reputation beyond reputematerialcontroller has a reputation beyond repute
Default Re: Password managers.

https://www.dashlane.com/amp
materialcontroller is offline  
Old Dec 8th 2019, 7:11 pm
  #5  
No longer unlocking.
Thread Starter
 
BuckinghamshireBoy's Avatar
 
Joined: May 2016
Location: Brasschaat, Vlaanderen, België.
Posts: 4,333
BuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond repute
Default Re: Password managers.

Originally Posted by materialcontroller View Post
Thank you for that.

What put me off that originally was that it comes with an integrated VPN, and I already have one that meets my needs. It seems that I can get away without activating Dashlane's VPN, so I'll likely be trialling Dashlane and NordPass.
BuckinghamshireBoy is offline  
Old Dec 9th 2019, 1:07 am
  #6  
Sasstronaut
 
livinginnyc's Avatar
 
Joined: Aug 2016
Location: Manhattan, NYC
Posts: 1,290
livinginnyc has a reputation beyond reputelivinginnyc has a reputation beyond reputelivinginnyc has a reputation beyond reputelivinginnyc has a reputation beyond reputelivinginnyc has a reputation beyond reputelivinginnyc has a reputation beyond reputelivinginnyc has a reputation beyond reputelivinginnyc has a reputation beyond reputelivinginnyc has a reputation beyond reputelivinginnyc has a reputation beyond reputelivinginnyc has a reputation beyond repute
Default Re: Password managers.

Originally Posted by BristolUK View Post
dbd's comment in that thread - My "secret question" for some banking thing or other is "knee pads, an airline bag and?" is very handy. It's obviously something that means something to him but anyone else would be clueless.
I had something similar for a UK telephone bank account when I was a teenager. (The challenge would be 'You can't go out dressed like that'). Now everything is 2FA (text message) or MFA (code on an app), so I can't troll/traumatize someone on the phone any more (or at least make their day slightly better by having to talk to a weirdo).

In terms of password managers, I use 1Password.
livinginnyc is offline  
Old Dec 21st 2019, 3:20 am
  #7  
Forum Regular
 
Joined: Jan 2016
Location: Cambridge, MA
Posts: 166
Mercury39 has a reputation beyond reputeMercury39 has a reputation beyond reputeMercury39 has a reputation beyond reputeMercury39 has a reputation beyond reputeMercury39 has a reputation beyond reputeMercury39 has a reputation beyond reputeMercury39 has a reputation beyond reputeMercury39 has a reputation beyond reputeMercury39 has a reputation beyond reputeMercury39 has a reputation beyond reputeMercury39 has a reputation beyond repute
Default Re: Password managers.

Originally Posted by livinginnyc View Post
I had something similar for a UK telephone bank account when I was a teenager. (The challenge would be 'You can't go out dressed like that'). Now everything is 2FA (text message) or MFA (code on an app), so I can't troll/traumatize someone on the phone any more (or at least make their day slightly better by having to talk to a weirdo).

In terms of password managers, I use 1Password.
2FA, two factor authentication does not mean just text message, it can be an app, a security key etc. MFA is multi factor authentication, and is just alternative name for two factor authentication. Text message based two factor is best avoided, not very secure.

lastpass is another password manager to consider.
Mercury39 is offline  
Old Dec 21st 2019, 11:51 pm
  #8  
 
thinbrit's Avatar
 
Joined: May 2008
Location: DFW
Posts: 984
thinbrit has a reputation beyond reputethinbrit has a reputation beyond reputethinbrit has a reputation beyond reputethinbrit has a reputation beyond reputethinbrit has a reputation beyond reputethinbrit has a reputation beyond reputethinbrit has a reputation beyond reputethinbrit has a reputation beyond reputethinbrit has a reputation beyond reputethinbrit has a reputation beyond reputethinbrit has a reputation beyond repute
Default Re: Password managers.

I'm a fan of LastPass. I use the Teams and Personal versions for work and home.

Originally Posted by Mercury39 View Post
MFA is multi factor authentication, and is just alternative name for two factor authentication.
2FA is two factor authentication, MFA is multi-factor authentication. MFA could require more than 2 pieces of evidence to authenticate, whereas 2FA requires only two. They are not the same.

Text messages historically use the SS7 protocol (designed in 1975!), it is not at all secure. It has no authentication, no encryption, can easily be spoofed or modified in transit. I can't believe this is even used any more for 'authentication'. I'm not a Twitter user, but one of the security podcast I listen to said that Twitter finally allowed users to disable SMS based authentication when setting up 2FA. If you use SMS for authentication on Twitter then disable it and pick something secure.
thinbrit is offline  
Old Dec 22nd 2019, 3:46 pm
  #9  
Bob
BE Site Lead
 
Bob's Avatar
 
Joined: Aug 2004
Location: MA, USA
Posts: 91,761
Bob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond repute
Default Re: Password managers.

I use Keypass.
It's not very sexy, but it is simple enough.

Can use it as a standalone program off a thumb drive which is handy for the move. Can integrate your DB in the cloud such as Dropbox. Android app works well. Not tried iOS.
Bob is offline  
Old Dec 22nd 2019, 5:05 pm
  #10  
No longer unlocking.
Thread Starter
 
BuckinghamshireBoy's Avatar
 
Joined: May 2016
Location: Brasschaat, Vlaanderen, België.
Posts: 4,333
BuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond repute
Default Re: Password managers.

Originally Posted by Bob View Post
I use Keypass.
It's not very sexy, but it is simple enough.

Can use it as a standalone program off a thumb drive which is handy for the move. Can integrate your DB in the cloud such as Dropbox. Android app works well. Not tried iOS.
That's what I have at the moment, but have had some issues with it, which prompted the question. I currently drive it through the Android 'phone, maybe if I went the other way around... the portable option might work for me, as I need it on at least two Win machines, I'll give that a whirl.

Nordpass doesn't allow for hierarchies/groups, so that's going down towards the bottom of the list.
BuckinghamshireBoy is offline  
Old Dec 22nd 2019, 5:19 pm
  #11  
Bob
BE Site Lead
 
Bob's Avatar
 
Joined: Aug 2004
Location: MA, USA
Posts: 91,761
Bob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond reputeBob has a reputation beyond repute
Default Re: Password managers.

Originally Posted by BuckinghamshireBoy View Post
That's what I have at the moment, but have had some issues with it, which prompted the question. I currently drive it through the Android 'phone, maybe if I went the other way around... the portable option might work for me, as I need it on at least two Win machines, I'll give that a whirl.
I must admit, I do prefer using it on the desktop, as a standalone and have it on my thumb drive for the move. When the program updates, I just replace the folder on the thumbdrive and copy over the key file and plugins.
Bob is offline  
Old Dec 22nd 2019, 5:32 pm
  #12  
Lost in BE Cyberspace
 
Steerpike's Avatar
 
Joined: Nov 2007
Location: Bay Area, CA / Scottsdale, AZ
Posts: 8,580
Steerpike has a reputation beyond reputeSteerpike has a reputation beyond reputeSteerpike has a reputation beyond reputeSteerpike has a reputation beyond reputeSteerpike has a reputation beyond reputeSteerpike has a reputation beyond reputeSteerpike has a reputation beyond reputeSteerpike has a reputation beyond reputeSteerpike has a reputation beyond reputeSteerpike has a reputation beyond reputeSteerpike has a reputation beyond repute
Default Re: Password managers.

I'm a long-time user of 'Password Safe', an open source tool that works for me. Unfortunately, I've had only moderate success sharing the underlying database from my PC (which I consider the 'master') and my Android phone. But I rarely need it on my phone.

I just looked at my database and to my surprise I see I've got over 300 entries! While some are marginally appropriate (such as security gate codes for friends, my TSA Precheck code, my passport number, activation codes for licensed software, etc) there's a remarkable number of valid accounts in there - hard to believe there could be so many!

Like BristolUK, I don't save 'actual' passwords in the tool, but rather, clues / hints / obvious reminders. For example - if a password were to be AndyPandy1234!!, I might put AP1...!! as the 'reminder'. I know to substitute 'AndyPandy' for AP, and the 1... means a numeric sequence. This is a safety measure just in case the tool is ever compromised. The down-side to this approach is that I can't use the tool to 'automate' password entry - the tool can't possibly 'fill in' a password field for me since it doesn't know the actual password. But to me, using a tool to automate password entry is risky.

I don't know how many people on here follow 'NIST' (natl. inst. for standards and technology), but they are now strongly advising against complex passwords and ever-changing passwords. This guidance is now filtering its way through to other areas such as 'HIPAA'. Extract (from https://spycloud.com/new-nist-guidelines/ )

The updated guidance is counter to the long-held philosophy that passwords must be long and complex. In contrast, the new guidelines recommend that passwords should be “easy to remember” but “hard to guess.” According to the new guidance, usability and security go hand-in-hand.

In short, the new NIST guidance recommends the following for passwords:
  • A minimum of eight characters and a maximum length of at least 64 characters
  • The ability to use all special characters but no special requirement to use them
  • Restrict sequential and repetitive characters (e.g. 12345 or aaaaaa)
  • Restrict context specific passwords (e.g. the name of the site, etc.)
  • Restrict commonly used passwords (e.g. [email protected], etc.) and dictionary words
  • Restrict passwords obtained from previous breach corpuses
Two- (or Multi-) factor is definitely an improvement also.
Steerpike is offline  
Old Jan 5th 2020, 8:59 pm
  #13  
No longer unlocking.
Thread Starter
 
BuckinghamshireBoy's Avatar
 
Joined: May 2016
Location: Brasschaat, Vlaanderen, België.
Posts: 4,333
BuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond reputeBuckinghamshireBoy has a reputation beyond repute
Default Re: Password managers.

Originally Posted by Kate View Post
I use Keypass.
It's not very sexy, but it is simple enough.

Can use it as a standalone program off a thumb drive which is handy for the move. Can integrate your DB in the cloud such as Dropbox. Android app works well. Not tried iOS.
This is working out quite well. I had seen that Windows interface before, but must have blanked it around the time that Microsoft blanked my machine with the 1803 unleashing..

Database is up on NAS rather than thumb drive portable version. Android 'phone has a copy...

BuckinghamshireBoy is offline  
Old Jan 5th 2020, 10:39 pm
  #14  
Lost in BE Cyberspace
 
Gozit's Avatar
 
Joined: Sep 2013
Location: SW Ontario, Canada
Posts: 6,439
Gozit has a reputation beyond reputeGozit has a reputation beyond reputeGozit has a reputation beyond reputeGozit has a reputation beyond reputeGozit has a reputation beyond reputeGozit has a reputation beyond reputeGozit has a reputation beyond reputeGozit has a reputation beyond reputeGozit has a reputation beyond reputeGozit has a reputation beyond reputeGozit has a reputation beyond repute
Default Re: Password managers.

I'm an IT person and I use the simplest option...Google. Built into chrome and syncs to my google account which is protected with its own password as well as MFA. I'm aware it may not be the most "secure" but also Google would be in huge shit if it was caught stealing users passwords to things. Can't be bothered with the inconvenience of doing it any other way.
Gozit is offline  
Old Jan 7th 2020, 7:39 pm
  #15  
Professional cat herder
 
Zoe Bell's Avatar
 
Joined: Apr 2007
Location: TORONTO- yay!!!
Posts: 5,598
Zoe Bell has a reputation beyond reputeZoe Bell has a reputation beyond reputeZoe Bell has a reputation beyond reputeZoe Bell has a reputation beyond reputeZoe Bell has a reputation beyond reputeZoe Bell has a reputation beyond reputeZoe Bell has a reputation beyond reputeZoe Bell has a reputation beyond reputeZoe Bell has a reputation beyond reputeZoe Bell has a reputation beyond reputeZoe Bell has a reputation beyond repute
Default Re: Password managers.

Ben and I use Last pass, as it also allows us to manage shared accounts
also has a feature that will allow me to access ben's stuff if anything happens to him or vice versa
Zoe Bell is offline  

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information

Copyright © 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.