• 0

Experience with password managers

Asked by jamester64,

 Share

Question

33 answers to this question

Recommended Posts

  • 0
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

lastpass user for years.. Dozen passwords - how cute ;) hehehe

 

Over 400 here...  Did you just get on the internet last week?...

 

Another one been playing with is bit https://bitwarden.com/

  • 0
Grand Master

+Warwagon MVC

Posted
  • MVC
Posted

One Pro of a password manager like Lastpass is phishing protection. If you land on PayPaI <-- That's a capital i at the end, not a lower case L .. LastPass will refuse to automatically fill in the username and password. It will also show No matching passwords for that site, which should be a big hint you are on the wrong site.  You might not be able to tell the difference but LastPass can.

  • 0
Grand Master

Tuskd

Posted
Posted

Dashlane user here. It is great, but free version is limited and the full version is pricey. I got it on an offer. However, like many others, LastPass is also recommended.

Pros: never have to remember more than 1 password anymore. most managers have tools to create strong password. many managers are cross-platform, so you can log in without hassle from any device. you can also store card details, notes, etc.

 

Cons: You wont remember almost all of your passwords :p If your password manager is hacked and all your passwords comprised, you are doomed. (highly unlikely, but still).

  • 0
Grand Master

dipsylalapo Supervisor

Posted
  • Supervisor
Posted

I've always wondered about things like LastPass. I would always be worried about the eggs in one basket situation. 

 

Is it not a risk that one password (LastPass password) could potentially give someone access to everything? Or just my naivety?

  • 0
Grand Master

+Warwagon MVC

Posted
  • MVC
Posted
  On 09/04/2018 at 14:07, exotoxic said:

I use Lastpass too but since the LogMeIn takeover it has gone down hill FAST, it has a couple of major issues (on Firefox at least) and the developers don't respond on the support forum.

Expand  

The only issue I had on firefox, was on the portable version and that was it never remembered my google authenticator. Everytime I would relaunch it I would type in my password it would ask for the Google Authenticator code again, so annoying!

  • 0
Grand Master

+InsaneNutter MVC

Posted
  • MVC
Posted

I use 1Password 4, I like that as you are in total control of your data.

 

Sadly for newer versions you can only use it with their cloud service, you can't store your own data locally. In addition the app on Windows app has been re-wrote from scratch and is not great in comparison to the previous version. I certainly wouldn't pay for a newer version in its current state regardless.

 

Long term i'm not sure what i'm going to do. Apparently supporting local 1Password keychains is a feature that will be implemented again at some point on 1Password 6, so I guess i'll see what happens. 1Password 4 is serving me fine for now and is still updated.

  • 0
Grand Master

+BudMan MVC

Posted
  • MVC
Posted
  On 09/04/2018 at 14:16, dipsylalapo said:

Or just my naivety?

Expand  

This ;)

 

Even if someone got your lastpass password.. They would need your 2nd factor method, and they would need to be coming from a country you allow access from as another..  Or would have to have your password and access to one of your devices already trusted by lastpass, etc.

lastpasscountries.thumb.png.5a1137eed51c85cc073bc8aed5729884.png

 

Your lastpass master password should be very SECURE as well.. Mine is currently 20 characters.. While its just made up of what amounts to gibberish, it is something easy for me to remember and type in, etc.

 

And yes if your really paranoid with even your devices physical security you can require 2nd factor everytime you login to your account even from trusted devices.  I have mine set to logout after 15 minutes.. So even if I leave my home machine unlocked and walk away.. Shoot my wife only other person in the house can not just walk up and access my vault ;) without knowing the master password since it logs out on its own if not being used, etc.  If I forget to logout when I leave, etc.

  • dipsylalapo
  • Like 1
  • 0
Grand Master

dipsylalapo Supervisor

Posted
  • Supervisor
Posted
  On 09/04/2018 at 15:06, BudMan said:

This ;)

 

Even if someone got your lastpass password.. They would need your 2nd factor method, and they would need to be coming from a country you allow access from as another..  Or would have to have your password and access to one of your devices already trusted by lastpass, etc.

 

Your lastpass master password should be very SECURE as well.. Mine is currently 20 characters.. While its just made up of what amounts to gibberish, it is something easy for me to remember and type in, etc.

 

And yes if your really paranoid with even your devices physical security you can require 2nd factor everytime you login to your account even from trusted devices.  I have mine set to logout after 15 minutes.. So even if I leave my home machine unlocked and walk away.. Shoot my wife only other person in the house can not just walk up and access my vault ;) without knowing the master password since it logs out on its own if not being used, etc.  If I forget to logout when I leave, etc.

Expand  

I figured that that would be the case, but good to know why. As I've said I've always toyed with the idea of using LastPass. I may give it go with a free trial or something and see how it pans out. 

 

Cheers again @BudMan, as always a fountain on knowledge ;)

  • 0
Grand Master

+Warwagon MVC

Posted
  • MVC
Posted
  On 09/04/2018 at 15:06, BudMan said:

This ;)

 

Even if someone got your lastpass password.. They would need your 2nd factor method, and they would need to be coming from a country you allow access from as another..  Or would have to have your password and access to one of your devices already trusted by lastpass, etc.

  I have mine set to logout afte 15 minutes.. So even if I leave my home machine unlocked and walk away.. Shoot my wife only other person in the house can not just walk up and access my vault ;) without knowing the master password since it logs out on its own if not being used, etc.  If I forget to logout when I leave, etc.

Expand  
10

Yep I recommend this as well to people, This way they always have to be entering their master password so they don't forget it. You would be surprised (or probably not) how many people tell me they don't have a yahoo mail password because it always logs straight in.

  • 0
Grand Master

exotoxic

Posted
Posted
  On 09/04/2018 at 14:17, warwagon said:

The only issue I had on firefox, was on the portable version and that was it never remembered my google authenticator. Everytime I would relaunch it I would type in my password it would ask for the Google Authenticator code again, so annoying!

Expand  

So no issues with auto fill not working or new passwords not being saved (https://forums.lastpass.com/viewtopic.php?f=6&t=255755) almost a year and still no fixes or feedback!! 

  • 0
Grand Master

+Warwagon MVC

Posted
  • MVC
Posted
  On 09/04/2018 at 17:43, exotoxic said:

So no issues with auto fill not working or new passwords not being saved (https://forums.lastpass.com/viewtopic.php?f=6&t=255755) almost a year and still no fixes or feedback!! 

Expand  

I don't have any of those issues either. It's just that Lastpass won't keep me authenticated with google authenticator 

  • 0
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

My license expires like in july... I might switch over to bitwarden at that time... As I stated I have been playing with it.. It was very easy to export all info from lastpass and import into bitwarden..

 

Especially if your one of those people that like to host stuff yourself or have space in the cloud.

 

While I would recommend lastpass for sure - there are always other options.. From my looking around bitwarden seems like the best alternative to me.

 

To go along with password managers I would suggest a 2FA tool... Been using Authy for long time - to me way better than google authenticator..  https://authy.com/

 

Why I like most about it is the ability have it on my desktop as well as my mobile.  I use it on my work mobile, which since its works phone - could be lost if lost job, etc.  So its nice to have that backup running on my desktop at home.. Works with all the QR codes for google out of the box.. Even got it working with paypal - who's 2fa support is horrible, etc.  Had to reverse engineer to get the code to put in, etc.

  • 0
Contributor

jamester64

Posted
  • Author
Posted (edited)
  On 09/04/2018 at 13:28, BudMan said:

lastpass user for years.. Dozen passwords - how cute ;) hehehe

 

Over 400 here...  Did you just get on the internet last week?...

 

Another one been playing with is bit https://bitwarden.com/

Expand  

Actually is over 80 total but the dozen or so I care about are just the banks and email ?

  • 0
Grand Master

Draconian Guppy

Posted
Posted (edited)
  On 09/04/2018 at 14:16, dipsylalapo said:

I've always wondered about things like LastPass. I would always be worried about the eggs in one basket situation. 

 

Is it not a risk that one password (LastPass password) could potentially give someone access to everything? Or just my naivety?

Expand  

+1 This is what keeps me from using these sorta of services!

 

But then again, I only use like 5 passwords at much :laugh:

Edited by Draconian Guppy
  • 0
Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Then you do not understand how the technology works... Sorry even if they were compromised.. They don't have your password, and all they have is your encrypted vault.. You have the keys to decrypt it..

 

https://lastpass.com/support.php?cmd=showfaq&id=6926

This topic is now closed to further replies.
 Share
Go to question listing