SIGforum.com Main Page The Lounge Who here use a password manager? Password manager OneLogin hacked.
Main Page The Lounge Who here use a password manager? Password manager OneLogin hacked.Go | New | Find | Notify | Tools | Reply | |
Member |
Logmeonce gives you the option to store on YOUR computer Not the cloud. | |||
|
Member |
I'm using LastPass. The interface is not always perfect and it's a bit "in your way" sometimes, but it works well in my opinion. Steve Small Business Website Design & Maintenance - https://spidercreations.net | OpSpec Training - https://opspectraining.com | Grayguns - https://grayguns.com Evil exists. You can not negotiate with, bribe or placate evil. You're not going to be able to have it sit down with Dr. Phil for an anger management session either. | |||
|
quarter MOA visionary |
Many of my IT clients solve the problem by just taping their password to their monitor.  | |||
|
Member |
Dashlane uses AES-256. The best algorithm currently known for breaking AES takes, on average, 1/4 the time of brute forcing it. So how long would that take? http://www.eetimes.com/document.asp?doc_id=1279619 Here's a 2012 article where they conservatively estimated that 128-bit AES would take the then-fastest supercomputing cluster in the world about 1 billion billion years to brute force. Using the best exploit currently known, we could get that down to 250 million billion years. 256-bit AES is 2^128 times harder to crack than 128-bit AES. That's about 300000000000000000000000000000000000000 times harder. That is far from a "surprisingly short amount of time," at least as long as you use a reasonably secure password. If your password is "password" or "dog123" or something, all bets are off. AES could always he cracked tomorrow, of course, but there are very strong mathematical arguments that there shouldn't be a significant exploit. | |||
|
Baroque Bloke |
CNET reports some vulnerabilities in LastPass: “No, LastPass isn't flawless: A vulnerability privately reported in September 2019 was a scary flaw that could potentially compromise passwords. But the company patched it before it was known to be exploited in the wild. It was one of several vulnerabilities that have been discovered in LastPass over the years. More recently, however, privacy concerns emerged around LastPass's Android app when a privacy advocacy project discovered seven web trackers within the mobile app. In light of these privacy concerns and LastPass's new restrictions on its free-tier service, we're currently in the process of reevaluating LastPass's rank in our list of top password managers. Read our LastPass review” https://www.google.com/amp/s/w...st-password-manager/ Serious about crackers | |||
|
Void Where Prohibited |
I used Last Pass years ago - but then they got hacked. Since then I use note cards and store them in my safe. Certainly not perfect, but they will never be read by hackers. "If Gun Control worked, Chicago would look like Mayberry, not Thunderdome" - Cam Edwards | |||
|
member |
I've been using 1Password on my Mac for many years now. I use the stand-alone version, not the newer web version, so my encrypted vault is stored locally. I have it on 2 Macs and my iPhone. The master vault is on one Mac, and the other two devices sync with that. Syncing is done on the local network, with no cloud involvement at all. When in doubt, mumble | |||
|
W07VH5 |
Bitwarden with a self hosted setup is where I’m moving from iOS keychain. | |||
|
Member |
What's the scoop on the iphone native password manager? | |||
|
אַרְיֵה |
I have a "how to" question about this. I too, use the non-web version on two Macs, one at home and one in my office at the hangar, and also in an iPhone. Right now, everything is synced through the cloud, DropBox if I remember correctly, or might be iCloud. Here's my question: If I wanted to take the cloud out of the picture, but still keep the two Macs (in different locations) synced, could I make the iPhone version the "master" and have the Mac desktop installations of 1Password sync automatically whenever the iPhone connects to the local network? If so, how to set this up? הרחפת שלי מלאה בצלופחים | |||
|
Nullus Anxietas |
If everything's sync'd via iCloud, I really wouldn't worry about it. The keychain, itself, is encrypted, then the data is again encrypted in iCloud storage. In such a case the odds "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
| Baroque Bloke |
Maybe: In such a case the odds against anybody ever getting what's in your keyring are astronomically high. Serious about crackers | |||
|
| Nullus Anxietas |
Yes. Corrected. Thanks! "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
| A teetotaling beer aficionado  |
Not so with Dashlane. (and probably most of the others) You can occasionally down load a list of all of your stored passwords. Print it out , or make a digital copy which in either case it's then up to you to secure the downloaded list. Safe? off site? in your wife's bra drawer? Men fight for liberty and win it with hard knocks. Their children, brought up easy, let it slip away again, poor fools. And their grandchildren are once more slaves. -D.H. Lawrence | |||
|
His Royal Hiney |
I use 1Password also after some studying up on the topic. I used to have a list of sites with passwords but the passwords are in code. But reusing passwords was easy. When I started using a password manager, it was like the feeling you get after years of regularly hitting your shin against the table - it felt such a relief. I have 257 individual passwords / logins. For website logins that I want to keep especially secure, I learned one trick. When you record a new password or change to a new password, save the password to your password manager but before saving to the actual site, add another string of characters that you memorize. That way, even if the password in the password manager is decrypted, it still won't work because it doesn't have the second part which you only memorize. "It did not really matter what we expected from life, but rather what life expected from us. We needed to stop asking about the meaning of life, and instead to think of ourselves as those who were being questioned by life – daily and hourly. Our answer must consist not in talk and meditation, but in right action and in right conduct. Life ultimately means taking the responsibility to find the right answer to its problems and to fulfill the tasks which it constantly sets for each individual." Viktor Frankl, Man's Search for Meaning, 1946. | |||
|
Shall Not Be Infringed |
I am my own 'Password Manager', and I'm unhackable....100% secure!  ____________________________________________________________ If Some is Good, and More is Better.....then Too Much, is Just Enough !! Trump 2024....Save America! "May Almighty God bless the United States of America" - parabellum 7/26/20 Live Free or Die! | |||
|
Member |
Bitwarden is a good option. It's open source and the host option is affordable ($10/year if you need functionality beyond the free tier). You can also self host an instance if you are so inclined. | |||
|
| Member |
I use Keypass and sync IPhones, Macbook Pro, Window 10 and wifes Iphone by using Dropbox as the master repository. The database is encrypted so is OK on dropbox, no website has my stuff to get hacked. pretty basic but effective and cheap. Open source. I did donate as it is only fair. https://keepass.info/ I should be tall and rich too; That ain't gonna happen either | |||
|
Optimistic Cynic |
It is tempting to this so, but it is hard, if not impossible, to reconcile that approach with the need to maintain a different password, of sufficient variability and complexity, for each use case/login. Very few people have that good a memory. Even then you are vulnerable to "false flag" attacks, e.g. a website that masquerades as another prompting you to enter a password that has value on the forged site. So the truth is that you can be "hacked" through social engineering and other methods. Mitnick's "The Art of Deception" provides many examples of how this might occur. Trusting one's integrity, intellect, and abilities has proven flawed for many many people. It may be wiser to acknowledge one's own limitations, and use a tool, like a password vault, to help overcome them. So as to not veer too far off the topic, the password vault I have found that best fits my use profile is called "b-folders." It does not save to the cloud by default, and uses device-to-device syncing. Its biggest shortcoming is that it isn't available for iOS. I also use the Apple Keychain on macOS and iOS. | |||
|
| A teetotaling beer aficionado |
In addition, I use Dashlane's password generator and use the longest password allowable by the particular site, with upper and lower case letters, numbers and symbols. Hand typing these is very tedious. Men fight for liberty and win it with hard knocks. Their children, brought up easy, let it slip away again, poor fools. And their grandchildren are once more slaves. -D.H. Lawrence | |||
|
| Powered by Social Strata | Page 1 2 3 4 |
 | Please Wait. Your request is being processed... |
|
SIGforum.com Main Page The Lounge Who here use a password manager? Password manager OneLogin hacked.
Main Page The Lounge Who here use a password manager? Password manager OneLogin hacked.© SIGforum 2024