Do you use password management/protection software?

ElainePDX

Level 2 Member
Just wanted to update the thread on my progress.

I upgraded my MacBookPro, iPad and iPhone - the laptop to Yosemite and the other devices to IOS10. (Aside - I use computers of course but am definitely not a computer person, so I took advantage of my One-to-One membership and did the upgrades at a session with a trainer. He suppressed a laugh when I said I'd come to have some hand-holding as I upgraded to iCloud drive, IOS10 and Yellowstone.)

That all accomplished, I downloaded 1Password to the laptop after buying it for $39.99, using a promo code I found on the net. (It was: MACPOWERUSERS or maybe MacPowerUsers and saved me $10.) Spent a long time deciding on my master PW and settled on a PassPhrase that I am quite happy with. Worked my way through the Getting Started guides but ran into a glitch immediately when I saved the login/PW for Barclaycards, only to be unable to then save a different login/PW for another Barclay account I manage. Deleted my initial efforts and went back to the How To pages.

Turns out that in that situation, I need to manually save the PWs in 1Pass, but that works well and quickly. I have entered 4 logins and PWs for 2 sites: AA.com for myself and my husband, and AlaskaAir.com for both of us. Now that I understand what to do, I will save logins/PWs as I find myself opening websites requiring such info.

I still need to download the 1Pass apps for my iPphone and iPad, and set up syncing across all devices via Dropbox, but I have made a start.

I also did some cleanup at my AwardWallet, adding some accounts I had forgotten to add, which was quite profitable: I "found" about 400,000 points :) that I knew were there, but weren't being reflected in my AW totals. Nice to see that bottom line increase! Going forward, I plan to systematically make sure that all accounts I enter into 1Pass are also in AW, if they should be, as I enter info into the password manager.

PS - I vowed upthread that I'd do no more MSing until this was done. I haven't really kept my vow ;) but I am holding off on new CC signups until more is accomplished here.
 

David T

New Member
I use Keepass across many devices (Mac, Linux, Android, iOS) and love it. I sync the database file manually, but you could easily use dropbox to do so.
 

Daniel

#hackingtheplane(t)
I used to use Lastpass but recently swapped over to using 1password (because that's what my company requires). It's definitely expensive (though only a 1-time expense), but I do like the fact that the vault/passwords are all stored locally on my computer (or synced via Dropbox, which allows me to use it on my phone as well).
 

ElainePDX

Level 2 Member
Just wanted to update folks on my progress with 1Password. I have it installed on my laptop and have been using it for about 5-6 weeks. I just installed the App (available to me from iTunes at no extra cost) on both my ipad and iphone. I accomplished that during an Apple Workshop. (I am eligible for workshops at which I can work on my own project with a trainer available, as he rotates between the other perhaps 2-4 people who may also be there; but this is Oregon, the home of no crowds or congestion, and I've never had more than 1 other person there at the same time with me.)

Anyway, I was glad to have the trainer at hand but it was really reasonably simple.

1PW on my laptop works via a button on my Firefox browser; I click it and once I enter 1PW, I just click on the site name in my PW list. It then opens the site and logs me in. The only site that simply will not accept the info supplied by 1PW is UFBDirect; the user name and PW boxes just will not fill. Everything else works quite nicely, even those sites like Barclays which have two screens to log on. I simply have each one connected to a separate login with 1PW and click them in order.

The app works differently: It sits on the ipad and iphone along with all the other apps I have downloaded and I click to enter it. Once I key in my 1PW PW, I just click the website I want from within the iPW list and it logs me in.

I also had a great interaction with the 1PW support folks. Although I had bought 1PW fair and square ;) I apparently did not key in the license info. 1PW "thought" I was just doing their 30 day trial. I sent an urgent email to their support, totally worried I'd lose the 73 PWs I had keyed in. I received a very timely reply calming me down and walking me through what I needed to do. And no, one doesn't risk losing any PWs when the "your 30 day trial is over" messages shows up.

When I started, I keyed in about a dozen user names/PWs to get going and learn my way around the program. After that, I just add a new login when I need to log onto a site I haven't visited. The program makes that very easy too.

I have not used it to its full potential yet, but all in all, I am very pleased with my choice and love the fact that I now own it forever with no need to pay again or reconsider every year.

Thanks again to everyone who shared their advice and recommendations here.
 

f0xx

Level 2 Ninja
Still highly recommend LastPass.

I'd rather not give my kidney to obtain all of 1PW's apps and desktop applications.
 

rpsandiego

New Member
I use lastpass and have for probably the last 3+ years. I use it for convenience more than security. It will pick random passwords if you want, but as @Alex1432 said, I feel like most password thefts are coming from the sites themselves, so I use my own passwords that I can usually remember if I don't have the extension on a browser or am somewhere public.

I will freely admit that it may not be the most secure method, but damn if it isn't convenient and to date I haven't had any problems.
I've been using LastPass since 2009 since I was assigned to research the best password service for our startup 6 years ago. I've tried Roboform and other local versions but wasn't really impressed. LastPass does have its quirks (Vault's UX is horrible, some websites don't save forms, there's no easy way to duplicate form fills, etc.), but it gets the job done.
 

Brit

Level 2 Member
I just downloaded 1password for my Mac and also needed to buy the app for my android phone. I sync via dropbox so I can have easy access to my password, secure notes, etc. on either device. I am absolutely hopeless with technology, so it's always a steep learning curve for me. But, 1password seemed quite easy to install and get up and running on my Mac and phone.

So far, so good!
 

KissTheSky

Level 2 Member
BTW, autofill often fails on Citi sites, a CSR actually told me so. No autofill and no copy/paste. This is just one more reason to hate Citi, as most of my passwords look like list r9s&(xUw3EvTcVHxWyuv3Fp
 

ElainePDX

Level 2 Member
BTW, autofill often fails on Citi sites, a CSR actually told me so. No autofill and no copy/paste. This is just one more reason to hate Citi, as most of my passwords look like list r9s&(xUw3EvTcVHxWyuv3Fp
1PW never autofills for me on UFBDirect either, but I still love it.
 

KissTheSky

Level 2 Member
My problem is not that it doesn't auto fill. My problem that even with copy and paste I can't put my password in and have the logon work. Now this isn't with every citi account, but it does happen every time on my wife's account.
 

AIM

Level 2 Member
Just wanted to say thanks to all those who chimed in here. The thread prompted me to finally pick up a password manager (Lastpass) and start making my accounts more secure.
 

Annie H.

Egalatarian
Got an email today about a security breach at Lastpass. Jeez, if they can't keep my info safe...
 
Last edited:

grebel

Level 2 Member
Got an email today about a security breach at Lastpass. Jeez, if they can keep my info safe...
I wouldn't be too worried about this. Last pass uses double encryption meaning that their servers could be completely compromised and your info would still be completely encrypted on your end. Its not encouraging, but its not the same as a normal system breach because of their double encryption. That being said, change your master pass!
 

thorax

Level 90 ( ͡° ͜ʖ ͡°) Warlock
I wouldn't be too worried about this. Last pass uses double encryption meaning that their servers could be completely compromised and your info would still be completely encrypted on your end. Its not encouraging, but its not the same as a normal system breach because of their double encryption. That being said, change your master pass!
Yes, this really is nothing to worry about.
 

Alex1432

Level 2 Member
Encryption doesn't protect against everything. It only protects against someone plucking the data from that server and then trying to use it. However if someone got access to both the application and the database servers and was able to get the username/password for the application then encryption does not help.

Think of it like storing things in a safe. If I come to your house and find a safe I won't be able to break into it easily. But if I also know where you hide your key to the safe then its easy to break into the safe.
 

thorax

Level 90 ( ͡° ͜ʖ ͡°) Warlock
Encryption doesn't protect against everything. It only protects against someone plucking the data from that server and then trying to use it. However if someone got access to both the application and the database servers and was able to get the username/password for the application then encryption does not help.

Think of it like storing things in a safe. If I come to your house and find a safe I won't be able to break into it easily. But if I also know where you hide your key to the safe then its easy to break into the safe.
In the case of Lastpass, they don't have access to unencrypted data.
 

extradosed

Professional Engineer, Amateur World Traveller
I wouldn't be too worried about this. Last pass uses double encryption meaning that their servers could be completely compromised and your info would still be completely encrypted on your end. Its not encouraging, but its not the same as a normal system breach because of their double encryption. That being said, change your master pass!
I'm also not too worried about this. My master password isn't as strong as the one's Lastpass generates, but if you are using a decent password along with 2 factor authentication I think it's extremely difficult to get your stuff. It did cause me to change my password which had grown a little stale.
 

f0xx

Level 2 Ninja
I'm also not too worried about this. My master password isn't as strong as the one's Lastpass generates, but if you are using a decent password along with 2 factor authentication I think it's extremely difficult to get your stuff. It did cause me to change my password which had grown a little stale.
This
 

Glenn

Level 2 Member
They also use a unique salt w/every account.
True, means the attacker can't pre-compute anything to accelerate the cracking of an individual account. But the salts were apparently compromised.

The good news is that the vaults, containing your account logins & passwords, were not. Lastpass did a good job of keeping their stuff segregated across different networks, and they only breached one and not the other apparently.

Still, the recommendation seems to be to change your password.

Also, you need to be using a really strong password. An 8-character random alphanumeric & symbols password will apparently take several days to crack (this is one user, using GPU acceleration that can do about 8,000 random guesses/cracks per second). So you should probably be using something longer than 8 characters.
 

mmax1

Level 2 Member
I resisted password management for a long long time but finally gave in. I use 1password on iphone. It works well and makes life much easier.
 

ElainePDX

Level 2 Member
Just an update re: my use of 1Password.

While occasionally I encounter a website where the sign-on is a bit clunky - that is, clicking 1PW to sign on doesn't get me logged on without my also clicking the log on button on the page - 95% of the time it works beautifully. I love it. I'd probably love it even more if I took the time to learn what it can do beyond the basics I use it for. And I think the above situation is more due to the website I am trying to log onto than the features of 1PW.

I have it on my laptop, iphone and ipad and find it so much quicker than depending on my memory and the word documents I used to use to track my PWs using coded hints that hopefully only I would know.

The identities feature also makes entering personal info much quicker.

After many months of use, I continue to recommend it.
 
A

all328

Guest
I use LastPass and it works great with the Chrome extension. I also enabled 2 factor authentication with Google Authenitcator. It makes it easy to manage all my accounts and subaccounts.
 

Vic Diaz

Level 2 Member
I'm a LastPass user. Although I was mad when LogMeIn bought them up. LogMeIn has a long history of commercializing everything and really limiting the free versions of the product until it becomes unusable. Thats what they did with their LogMeIn product, effectively forced you to upgrade to Pro or you could not use their product. Hopefully this doesn't happen with LastPass.
 
Top