mrken30

I just have far too many to remember, you have a choice or pen and paper or electronic. I keep a reasonably up to date list at the bank.

I prefer lasspass, dashlane or roboforms

Bob

Yes, but an encrypted file on DB isn't much use on it's own and Keepass is just an example of one run off a thumbdrive that's a standalone roll out without any web updating features if you want.

Steerpike

One strategy that can help, as long as you don't want full automation (paste-in of passwords), is to store a mnemonic in the password database for at least part of the pwd.

So imagine if your 'actual' password is abcd1234!@#$-xyx. You could replace abcd1234 with 'alphanumeric', and that's your mnemonic for abcd1234. So the password manager would store 'alphanumeric!@#$-xyz', and you translate in your head the 'alphanumeric' sub-string to 'abcd1234'. You can use this 'root' portion of the password in all your passwords.

mrken30

I believe you can keep a local key file with keepass.

scottyvisa

Email is the most important as others have mentioned, so at least for that make sure you don't store that password anywhere and also have Two Factor authentication. I use LastPass for password management and have Two Factor on that, as well as Google, Facebook, Twitter, Amazon and my bank.

Steerpike

What's the best way to incorporate a 2FA solution into a 'home user' situation?

I've implemented corporate 2FA solutions for 500+ users (cryptocard/safenet, I recall) using smartphone apps, and I've also incorporated the free Google Authenticator into a sophos firewall solution for a small business, but how do you implement a 2FA solution with a diverse set of 'hosts' such as my schwab bank site, my Visa site, my email provider, etc? Doesn't each 'host' have their own way of implementing the solution? is there a way to 'unify' this?

mrken30

For my banks/credit union I have a variety of solutions I have to use ranging from a smartphone app to a device in which I have to put my debit card in, enter a PIN and then it spews out a number.

It would be nice if everyone used the same app/ device but I don't think that will ever happen.

Bob

Yes, that's the default. The remote storage is a extra plugin you have to set up, so for a casual user it might not be done.

mrken30

One thing that has got harder with passwords if entering the symbols on smartphones, especially when you are using 16 char plus passwords

Steerpike

What secure sites do you need to access from your smartphone? Only thing I use is my bank's check deposit service, rarely (cant use laptop, must be mobile phone). I do use email on my phone of course, and for that I blindly allow saved passwords. I do have a pin on the phone, and I've just started using the (fairly reliable) fingerprint reader (new Samsung S7).

mrken30

Groupon, insurance, amazon, netflix, expedia (sometimes), banking, expensify.

I could use a laptop, but a phone is more convenient and lighter.

scottyvisa

Yes you need your provider to have 2FA as an option of course, most that do are compatible with the Google Authenticator App. If your email provider doesn't have this as an option, switch to one that does, Gmail, Yahoo and Outlook all do. One of my deciding factors in switching from PNC to my current bank was their lack of 2FA, my current bank does have it. Amazon offers it too, and since I make most of my purchases from them and they have a lot of my personal data I use it. Not sure if Transfer Wise offers it directly, but I use my Google login for it, so I get 2FA through that. If a site offers login via Google or Facebook, I normally go for that option. Even if they don't have 2FA, many sites with offer some kind of alert system that will text or email you if your account is logged into from an unrecognised location. This happened last week to me with Facebook, someone tried to access it in Canada and they alerted me, I was able to block the access and change my password.

mrken30

I used to find google/ms authenticator anoying as I didn't always have my phone ready at hand. After I put the app on my watch, much more useful. I can also now use 2FA on my phone much more easily.

Steerpike

When you say 'outlook', do you mean office 365 (or does that include Office 365)? I use that (essentially, exchange hosted by microsoft) for both my personal and business accounts.

Isn't using your Facebook account to log into another web site also asking for trouble? I did look into that at one point, and felt that it was not a good thing - but I can't honestly recall why.

scottyvisa

I mean Outlook.com, Microsofts consumer email service, previously known as Hotmail. Office 365 does have some kind of built in 2FA, at least for the multi-user version. For your individual use, you can definitely add 2FA to your Microsoft account, which is presumably how you access your Office 365 tools?

I prefer using Google over FB, but I trust either of them with security more than most other web services. When you sign in using FB or Google, the site doesn't get your password, it just gets confirmation from them that it is indeed you. As long as you create a new password each time for a new service it doesn't really matter, but using Google or FB account to authenticate saves you having to do that without exposing your password to any potential hacks of that service.