I finally changed my password! A first step towards organisational skil

[Japlabot]

Finally,I found the courage to change the usual password to my most important accounts

It needed to done because I have reused the same password on so many different sites over the last 10+ years

I just had to take the plunge after putting it off for so long, a small step in the right direction towards account security. I'm starting to get things under control with LastPass, so hopefully I can get everything secure with strong passwords in the next 10 years. The problem is working out which accounts I have everywhere (I think I have found most accounts and put them into LastPass).

This is part of my efforts to get organised in general (Starting with Passwords). Hopefully I can post another achievement when I have all my paperwork actually in a particular order (Any ideas on how this should be organised in a filing cabinet?) and another when I have all my computer files organised in the same place in a coherent folder structure (Any ideas on this one too? At the moment it is spread across Dropbox & External HDD. I do backup my External HDD so I have already conquered this step) and emails (again, I have no idea how I will structure this, help?).

It is pretty hard to do when you have never been organised before in your whole life and suddenly you have all sorts of papers built up in no order at all when you realise that you need to do something about it. Basically it is like starting from scratch with 10 tons of paperwork, emails, passwords, computer documents waiting to be filed.

[+Frank B. Subscriber²]

I'm in the middle of a similar project - get rid of unused website accounts, clean up and lock down others (Facebook for one). What prompted me to do it? Certain individuals I thought I could trust speculating too much about my private life (which I only found out about by reading IRC log files).

[iKenndac]

After two separate services got hacked and my passwords leaked, I bit the bullet and spent about half a day going through all of the websites I had accounts for, updating the passwords to a unique 20-digit random password. Everything is stored in 1Password and backed up to multiple places. I'm really liking the workflow!

[metallithrax]

Kinda hard to say how to file paper documents without knowing what they are. But, separate them into categories i.e.

Bank documents

Vehicle Documents

Mortgage/Property Lease documents

Utility Services Documents

and so on. Then, it would probably be best to file them(in a separate file per category) in date order, with the oldest ones at the back of the file (as you probably won't need access to these to often).

Although you may want the oldest ones at the front of the file, it's really your choice. I work in document management and have seen every kind of filing imaginable, some good, some not so good, which is why they send them to us to scan to CD.

[Japlabot]

I've locked things down with 2-factor authentication on Lastpass & Google Account. Used every possible security setting on Facebook (including App passwords) and removing unwanted apps. My new password is not very different to my old one but it is not an obvious change, this will let me get used to having a different password and then I will make a really good one as xkcd suggests when I am used to not having the same password.

Keep the tips coming for Document Management, I have to tackle this soon or the tax man will be after me.

[IceBlackIce]

I would love to do something similar but seeing so many big corporates being hacked and authentication credentials leaked I'm very sceptical about using any sort of password manager or anything similar.

What would be the recommendation for such a product?

[Japlabot]

I would love to do something similar but seeing so many big corporates being hacked and authentication credentials leaked I'm very sceptical about using any sort of password manager or anything similar.

What would be the recommendation for such a product?

I weighed KeePass vs. LastPass and I would say that KeePass is more secure because it is completely offline, but a pain to sync and backup everytime you add/change a password. LastPass is hosted online (so don't use if you don't trust "The Cloud") but it has the convenience factor which makes it actually practical to use. They also promise it is secure blah blah blah but for me it is the difference between having everything unmanaged with weak/reused passwords (definitely insecure) or trusting LastPass (more secure than Option A). I don't think that I could handle Keepass because I would not be able to access it remotely without some very complex setup, making it practically useless as I need to access my stuff remotely all the time.

[Detection]

I've been using lastpass for a long time, no problems at all, and imo more secure being online due to theft or loss of a machine / laptop, if your passwords are all stored offline your in trouble, with lastpass you change your master password and all machines now have no access to any passwords until the new master password is entered

Also

and

And there are a couple other authentication settings you can enable such as Grid Authentication etc

[mps69]

I had a reality check a few years ago, when I realised I was using the same password for all my stuff. It was amazing how many times I used the same one and where I used it.

I immediately started using Keepass, and I've never looked back. I sync the database using Dropbox, which I have installed on all my devices. Anytime I reformat my pc or have to reset the phone I only have to remember to note down the keepass password and I'm good to go.

One thing that drew me towards it was it is free, except fro some strange reason using it via the iPad, go figure.

[IceBlackIce]

Ive read about the two products some time ago and had some doubts about it...

Keepass seems more Windows oriented product...they dont offer support (or dont take responsability if you like) for contributed projects, like android/iphone...if they did that I would just point the database to a dropbox instalation folder and be done with it.

Lastpass being more cloud oriented has advantages being "always online" and can use Google authenticator but no support for applications passwords yet...

I dont know, I think I will use LastPass for some of my less important sites and see how it goes..

[Detection]

I had a reality check a few years ago, when I realised I was using the same password for all my stuff. It was amazing how many times I used the same one and where I used it.

I immediately started using Keepass, and I've never looked back. I sync the database using Dropbox, which I have installed on all my devices. Anytime I reformat my pc or have to reset the phone I only have to remember to note down the keepass password and I'm good to go.

One thing that drew me towards it was it is free, except fro some strange reason using it via the iPad, go figure.

Doesn't that mean that all your passwords are now only as strong as your dropbox password, essentially meaning you still only have 1 password for everything ?

Ive read about the two products some time ago and had some doubts about it...

Keepass seems more Windows oriented product...they dont offer support (or dont take responsability if you like) for contributed projects, like android/iphone...if they did that I would just point the database to a dropbox instalation folder and be done with it.

Lastpass being more cloud oriented has advantages being "always online" and can use Google authenticator but no support for applications passwords yet...

I dont know, I think I will use LastPass for some of my less important sites and see how it goes..

Yea the best practise is to use things like this for places / passwords that would be a pain to lose but not threaten anything like banking etc

Keep those important passwords in your head only imo

[Japlabot]

no support for applications passwords yet

Applications don't access LastPass directly (only the actual LastPass Chrome/Firefox extension etc.) so not really needed. For instance, your Facebook login doesn't authenticate to LastPass directly, Lastpass just saves the password for Facebook and pre-fills the password form with the Facebook password, so Facebook has no access to your LastPass account whatsoever.

It also includes a tool to automatically generate secure passwords (as well as being able to manually choose or use the existing password), so you can make a different secure password for each website/application.

[IceBlackIce]

Doesn't that mean that all your passwords are now only as strong as your dropbox password, essentially meaning you still only have 1 password for everything ?

I think you can password protect the keepass file and if you are paranoid you could true-crypt the file as well.

[Detection]

I think you can password protect the keepass file and if you are paranoid you could true-crypt the file as well.

So it then becomes more or less identical to lastpass :p

[mps69]

Doesn't that mean that all your passwords are now only as strong as your dropbox password, essentially meaning you still only have 1 password for everything ?

I can see what your saying, my Dropbox password was created by the password generator built into keepass it's self, I don't even know what it is So I have to make sure that, is the only password I have to make sure is stored securely else where, and I have access to it at anytime, trust me I've got stuck without access to it a few time when I'm on the move. It's a bit of a vicious circle really. My memory isn't that great so it's the best I can come up with. It's not ideal and some would say its got some flaws but it works. Rather than have one password used everywhere.

[Detection]

I can see what your saying, my Dropbox password was created by the password generator built into keepass it's self, I don't even know what it is So I have to make sure that, is the only password I have to make sure is stored securely else where, and I have access to it at anytime, trust me I've got stuck without access to it a few time when I'm on the move. It's a bit of a vicious circle really. My memory isn't that great so it's the best I can come up with. It's not ideal and some would say its got some flaws but it works. Rather than have one password used everywhere.

My memory is not so good either, but I can remember my lastpass password, so if I get caught out forgetting a site password I can always install lastpass somewhere and use that, and with it being a dedicated password protection / storage / encryption server I would rather rely on that than dropbox :)

[IceBlackIce]

I'm using LastPass and put there some credentials now...its a shame that the applications part is a premium feature and a part of another program...even if no autologin is provided I would like to use a more "clean" way of saving those than just making a generic note on the site...lets see how it goes.

[Japlabot]

I'm using LastPass and put there some credentials now...its a shame that the applications part is a premium feature and a part of another program...even if no autologin is provided I would like to use a more "clean" way of saving those than just making a generic note on the site...lets see how it goes.

Which browser are you using? Integrates with Chrome just fine for free

[IceBlackIce]

Which browser are you using? Integrates with Chrome just fine for free

Im using Firefox and it works perfectly.

Im talking about this feature: http://helpdesk.lastpass.com/upgrading-to-premium/lastpass-for-applications/

Even if no autologin was provided I would like to be able to save application passwords in a "cleaner" way than just generic notes, that an PIN's

[Rohdekill]

I never knew it takes actual courage to change a freakin' password. :rolleyes:

[DomZ]

I recently generated new passwords for all my accounts using lastpass. It's slightly unnerving having no idea what your password is for sites, and I haven't read too much into last pass's security methods but I'm glad I did it

[Dinggus]

Is LastPass better than 1Password? The problem I have with 1Password is it likes to store the same website's and account info multiple times.