Although there is a 2014 thread, anyone have more recent experiences or thoughts with Password managers.
They all seem to be online so I don’t understand what makes them safe from hacking?
My son uses LastPass and feels it’s the best. That’s all I know about it!
Both my previous company and my current one recommend LastPass for employees, although it’s optional. These are both very security-conscious Fortune 100 tech companies. Personally I just use Apple’s keychain manager for most things, but that’s mostly because I’ve been too lazy to want to spend time figuring out LastPass. One of these days I’ll get around to it.
I use LastPass. Yes it is online, but everything is encrypted. The risk is someone guessing or learning your passphrase…so that needs to be long, complex, and at the same time, easy for you to remember.
In addition to LastPass, my son also uses YubiKey for 2-factor authentication.
@somemom You’re right. Right now I store my acct log in info in password protected files on USB drives. But then I read a current thread like “surviving a burglary or robbery” and I guess my paranoia begins to creep in. Anyone use password/encrypted USB or external hard drives?
I don’t use password managers for security. I use them because I can never remember my passwords.
I was reluctant to use an online password manager, but the people who fix all my computer problems suggested I use LastPass. My understanding is that LastPass passwords are not stored anywhere on their site so can’t be hacked. I use a very long passphrase and I’m the only one who knows it. The flip side is there’s no way to recover the passphrase should I ever forget it. At this point my whole life is saved on LastPass and I would be in serious trouble if I ever forgot how to access it.
LastPass can show you your passwords in plain text, it’s fairly easy to view them. However, this means they’re stored on their site and it’s not one-way encryption. I do hope they have the security thing figured out!
I’m probably old fashioned but I keep my passwords on a memory stick that I keep hidden away in a place I can access it quickly. I don’t trust any online service.
For the most vital sites: email, bank, credit cards, etc., I don’t save them anywhere online. Each has a unique one that I have memorized, with a back up written list fairly well hidden.
Very happy with LastPass. I think a few of the others are equivalent. In Audi use 2 factor authorization for a lot of things.
Use Apple’s keychain. Also keep a master file of all accounts we manage (ours, mom’s and MIL’s). Kids know where this is hidden.
There are some things I won’t store in the cloud/online, and passwords is one of them. I use KeePass.
I click on the link Forgot password.
I’d rather reset my passwords.
I wish the industry would settle on “secure” password rules. For example some sites want a minimum 8 digits, others want 10. Some want a special character, others say no special characters. Some don’t allow 3 repeating characters, others do. Some require upper and lower case, others don’t. Some reject the password without telling you why (happened to me my first day of work at a new job - couldn’t get a freaking password to work until I just character-substituted the temporary password out of frustration). The different requirements for every site makes it maddening to come up with something you can actually remember.
^ IT managers don’t know what they are doing. Their rules in password format make people forget password very often. Big companies like Google, Amazon,…don’t force users to use any password format. Adding upper case letters, digits, special characters does not make the password more secure.
@anomander , that’s exactly why Lastpass (or other similar PW managers) is so great. It will generate a password for you and you can specify the number of characters it must have, whether it needs capital letters or symbols, even whether it’s pronounceable. All you have to remember is your master password, which should be long and easy for you to remember. Unfortunately, you can’t always use a PW manager at work ~X(
My H was involved with computers for his entire career. He has both of us have a spreadsheet with our passwords & user names & security Q&A for each account. It works pretty well. We work to keep it current and each knows where it is stored. Whenever I have the ability, I use 2-factor ID (eg fof email accts). The 1st is a password you type in and the 2nd factor requires you to do something per my cell phone instructions. The fallback is it will call the landline with a code. The 3rd option is some printed one-time use codes.