Any thoughts on using password managers?

randytsuch

Pulling my weight
Joined
Oct 1, 2016
Messages
495
Reaction score
176
One more option (if you keep the wife), lastpass (and other programs) have a "trusted device" option. Make your wife's PC a trusted device and it adds a layer of security.
I think google and other email programs have trusted device options too.
 

nbstl68

Getting comfortable
Joined
Dec 15, 2015
Messages
1,399
Reaction score
321
Well so much for installing the LastPass extensions at the office.
I even have admin priv and it failed.
LP_Error.jpg

I guess I could always use the mobile app and if I need access to a PW for a particular site, open the mobile app on my phone, get the PW and manually key it in. I think it works like that.
My assumption here is that LastPass or the other types of PW managers can auto create a long complex pw or you can still use and save your own it it.


so something at the office I assume is blocking it or maybe any add-in extension for browsers.
 

nbstl68

Getting comfortable
Joined
Dec 15, 2015
Messages
1,399
Reaction score
321
I'd think doing the ""trusted device" thing and registering only the computers you use would be a must do additional sec layer.

...Opting to NOT keep the wife would prove far costlier than anything anyone could hack in and steal. Hacker could get 1/2 your bank account but can't steal your house, car.
 

randytsuch

Pulling my weight
Joined
Oct 1, 2016
Messages
495
Reaction score
176
Can you bring your PC home over the weekend, and try from home?
I know there are things I can't do at work that are possible from home. Work firewall.

The phone thing would work, but it would be a pain. Lastpass makes long random passwords, but because they are so random they are a pain to type in.
 

copex

Getting the hang of it
Joined
Feb 15, 2015
Messages
225
Reaction score
79
Location
Cumbria,England
Good old pen and paper :)

i would only use a password manager for passwords for sites you don't relay care if they get hacked, ( i.e they don't contain any personal data ) use a good passphrase over a password different for every site and 2fa on every site that supports it. don't use security questions though if you do use random answers as long as you can print them out and store in a safe place.

stolen from Password Vs Passphrase: Here’s 5 Reasons to Use Passphrase (littel out of date )

So why is passphrase better than passwords?
  1. Passphrases are easier to remember than a random of symbols and letters combined together. It would be easier to remember a phrase from your favorite song or your favorite quotation than to remember a short but complicated password.
  2. Passwords are relatively easy to guess or crack by both human and robots. The online criminals have also leveled up and developed state of the art hacking tools that are designed to crack even the most complicated password.
  3. Satisfies complex rules easily. The use of punctuation, upper and lower cases in Passphrases also meets the complexity requirements for passwords.
  4. Major OS and applications supports passphrase. All major OS including Windows, Linux and Mac allow pass-phrases of up to 127 characters long. Hence, you can opt for longer passphrases for maximum security.
  5. Passphrases are next to impossible to crack because most of the highly-efficient password cracking tools breaks down at around 25 characters. Hence, even the most advanced cracking tool won’t be able to guess, brute-force or pre-compute these passphrases.
 

wantafastz28

Getting comfortable
Joined
Nov 18, 2016
Messages
550
Reaction score
253
Location
Phoenix, az
Interesting. maybe plug-ins are allowed\blocked as an app install.
I think I'll test out the LP and Chrome plugin on a computer at the office to see if it works.

I totally agree...but try telling the wife ...she's the one who has been using the same ID and PW on all her and our shared sites that I'm trying to come up with a good solution overall.
I get that there is not always time to do this stuff at home in the a.m or p.m. after work though. I'm sure lots of people risk do banking and shopping at the office. Risky but she won't change that habit...too stubborn.


She'd never go for the "extra work" of the U2F key thing and maybe not even GA 2nd level auth. Her laziness in this area to not want to be hassled seems to override her security concern.
I love her go-to excuse for everything..."well, it's never happened before so why should I do X....?"
How do you try to have a logical discussion when you get that response, ha-ha?
Change the password and simulate being hacked, and she will see how inconvenient it could potentially be. :)
 

nayr

IPCT Contributor
Joined
Jul 16, 2014
Messages
9,329
Reaction score
5,325
Location
Denver, CO
at work I worry more about disgruntled IT guy harvesting credentials from the Corp Mandated Spyware they put on your pc to monitor/track your activity.. if they can record screen and capture keystrokes when you log into your bank account you better hope they aint planning on burning the building down on there way out because someone took there fucking stapler.

My wife's lil company got bought out by mega corp; with that came all new IT policy.. after all the changes were in place my wife had moved all her stuff off her work equipment and only does financial work from her own equipment now... she did that all on her own; thas why I married her... When we were dating she hacked my computer, found my location, and then came over and busted me playing video games in a friends basement.. she thought I was with another woman hah.
 

randytsuch

Pulling my weight
Joined
Oct 1, 2016
Messages
495
Reaction score
176
My wife's lil company got bought out by mega corp; with that came all new IT policy.. after all the changes were in place my wife had moved all her stuff off her work equipment and only does financial work from her own equipment now... she did that all on her own; thas why I married her... When we were dating she hacked my computer, found my location, and then came over and busted me playing video games in a friends basement.. she thought I was with another woman hah.
lmao Definitely a keeper
 

Silas

Pulling my weight
Joined
Jan 6, 2017
Messages
328
Reaction score
121
Location
Down Under
I have lastpass and am happy with it, for me I find it the lesser of many evils, but I know and understand most of what I am doing, as in some things on the internet are NOT really under your full control, just consider how many other parties 'manage' your connection ;-)
For those that want to use more secure password without additional packages then this link GRC's | Password Haystacks: How Well Hidden is Your Needle?   might be of help
 

tangent

IPCT Contributor
Joined
May 12, 2016
Messages
4,342
Reaction score
3,524
I have lastpass and am happy with it, for me I find it the lesser of many evils, but I know and understand most of what I am doing, as in some things on the internet are NOT really under your full control, just consider how many other parties 'manage' your connection ;-)
For those that want to use more secure password without additional packages then this link GRC's | Password Haystacks: How Well Hidden is Your Needle? might be of help
The problem is password re-use not just password quality. All these password hacks have revealed people suck at creating random passwords and hackers have bigger data sets than ever of how people create passwords and passwords that have been used on various websites. Lets say you have an account on a website like OpenPuppies (where you can't actually create an account), they get hacked and didn't even hash passwords let alone salt them, and while it was a pretty good password you used it elsewhere... now you're screwed. In the past few years I've gotten more than a dozen emails announcing a breach like this and that's just the places that even noticed they were hacked.

Realistically you can't expect to remember truly random passwords for a hundred+ accounts so don't; use a password manager. Dashlane, LastPass, 1password, KeePass, etc
For things that really matter or are of greater value to a hacker make sure you use 2 factor authentication if it's available. Maybe you choose to keep financial account credentials stored in a different manner.

I think things like that grc tool can actually give a false sense of security.

@nbstl68 I recommend you find some good articles on hacked passwords / account and data breaches from Krebs on Security and get your wife to read them.
 
Last edited:

wantafastz28

Getting comfortable
Joined
Nov 18, 2016
Messages
550
Reaction score
253
Location
Phoenix, az
get your self some U2F keys: Amazon.com: FIDO U2F Security Key: Computers & Accessories

and at least secure your email with it, since once your into your email everything else is compromised.. I got one for me and my wife, then I bought us some cheap ones, associated them as backup and put them in our saftey deposit box incase the main ones ever get lost/stolen/destroyed.

Wish my banks would start using the damn things.. I got one of the higher end Yubi keys that have a PGP key and use that to encrypt a file on my owncloud storage that has all the rest of my credentials...

These are new to me, what happens if you say.... lose the key?
 
As an Amazon Associate IPCamTalk earns from qualifying purchases.

Silas

Pulling my weight
Joined
Jan 6, 2017
Messages
328
Reaction score
121
Location
Down Under
I answered the OP, I also offered a suggestion for how to use something NOT web based, and whist Brian's site has good information, Steve Gibson who is GRC.COM does a weekly podcast called security now on the twit network, if the OP or his partner would like to listen to some of them, they would gain a better understanding of password/computer security with detailed explanations given.
 

Dodutils

Pulling my weight
Joined
Dec 10, 2016
Messages
451
Reaction score
166
Part of my job is to install servers that manage personnal health medical data and connecting to them require 3 things :
  • something you own (software or hardware X509 certificate)
  • something you now (password)
  • something random (OTP)
So if you want max security this is the way to do it but medical staff is always complaining about complexity ;-)
 

nbstl68

Getting comfortable
Joined
Dec 15, 2015
Messages
1,399
Reaction score
321
Thanks guys for all the input. I've learned a lot.
 

rotorwash

Getting the hang of it
Joined
Aug 22, 2016
Messages
103
Reaction score
20
Location
NE PA
I use Keypass for personal use and Roboform for work use. The idea is that you use different passwords for everything in case one is compromised. Anything is better than using the same password for everything.
 
Top