Nik Habicht Posted November 27, 2014 Share Posted November 27, 2014 So, the USPSA hack has got me thinking about password managers. What I know can be written in large print on a pinhead. Apple offers a built in password manager. Companies like Last Pass offer a service -- they'll even generate strong passwords for your log-ins and store them securely in their software, allegedly encrypted and decrypted automatically and never sent in the clear..... Should we all be using something like that to ensure that we have unique passwords everywhere? Educate me -- please..... Link to comment Share on other sites More sharing options...
Butterpuc Posted November 27, 2014 Share Posted November 27, 2014 Apple has a built in password manager? Link to comment Share on other sites More sharing options...
BritinUSA Posted November 27, 2014 Share Posted November 27, 2014 (edited) Apple has a built in password manager? KeyChain It stores your passwords and has a series of password generators based on varying criteria. I've been using it for a while and I plan to use it more extensively in future. Edited November 27, 2014 by BritinUSA Link to comment Share on other sites More sharing options...
38SuperDub Posted November 27, 2014 Share Posted November 27, 2014 I looked a while back at a few of these - seem the big 3 are all pretty good: 1Pass, LastPass, Dashlane. I finally signed up for one today - now every website has a completely different password randomly generated. Lesson learned Link to comment Share on other sites More sharing options...
ummm Posted November 27, 2014 Share Posted November 27, 2014 (edited) KeePass http://keepass.info/download.html available for free on Windows, Linux, Android also available for Mac / iStuff, might cost money in the Apple Garden, I dunno also available on blackberry, palm pilots, etc so you can have one encypted database which holds all your usernames / passwords, and share it everywhere with whatever sync software you use (I'd recommend SpiderOak's Hive service as it's free, runs on everything and is generally awesome). I have my keepass db in my spideroak hive, so when I add a new password for some new site, no matter which device I'm using, every other device will get in sync with that new addition (because all those devices are running spideroak's hive, too, and the same keepass file works across all your devices). Two pieces of free software and you're gtg everywhere. You can replace all the passwords you juggle with one (hopefully very complicated) password to secure Keepass. Of course it has all the standard password keeping features, and then some, but remains very easy to use. Edited November 27, 2014 by ummm Link to comment Share on other sites More sharing options...
ZackJones Posted November 27, 2014 Share Posted November 27, 2014 I used keychain for a little while but now I use a program called keeper. It works on EVERYTHING I use PC, Mac, iPhone, kindle, etc. it generates strong passwords and is easy enough to use that my wife finally shredded the sheet she had printed with all of the account passwords on it. Link to comment Share on other sites More sharing options...
Sarge Posted November 27, 2014 Share Posted November 27, 2014 I just have everything written down as well. I am just not computer savvy enough to fool with this. I would probably end up sending all of my passwords to the cloud or every person on the planet with the touch of a button. Or I would forget the password to get to my passwords and then be royally screwed. Link to comment Share on other sites More sharing options...
whitedog Posted November 27, 2014 Share Posted November 27, 2014 I'm with you Sarge. Have a book with stuff wrote down. Goes back 8 years of stuff. Should have really paid more attention to this crap when I was younger..... Link to comment Share on other sites More sharing options...
Vlad Posted November 27, 2014 Share Posted November 27, 2014 You all have gun safes right? Turns out a notebook might fit in it. Also turns out you can encode your own passwords in that book in case anyone gets access to it, a pattern like "always go up 3 letter on the 3ed letter and 3 down on the 6th)" Link to comment Share on other sites More sharing options...
basman Posted November 27, 2014 Share Posted November 27, 2014 Apple has a built in password manager? KeyChain It stores your passwords and has a series of password generators based on varying criteria. I've been using it for a while and I plan to use it more extensively in future. I see that it will sync on all devices, is that via the Cloud or just on my wireless network? Link to comment Share on other sites More sharing options...
gino_aki Posted November 27, 2014 Share Posted November 27, 2014 Been using roboform for years Link to comment Share on other sites More sharing options...
SonOfSpartans Posted November 27, 2014 Share Posted November 27, 2014 Use pass phrases. Phrase can be site relevant with site specific key. Link to comment Share on other sites More sharing options...
MarkCO Posted November 27, 2014 Share Posted November 27, 2014 I am thinking that those apps and programs woulds be a very target rich environment for a hacker. Link to comment Share on other sites More sharing options...
BritinUSA Posted November 27, 2014 Share Posted November 27, 2014 I see that it will sync on all devices, is that via the Cloud or just on my wireless network? I think its through the iCloud service and when you set it up you define each device that you want to access the data, there are more details at the Apple Support page : HERE Link to comment Share on other sites More sharing options...
outerlimits Posted November 27, 2014 Share Posted November 27, 2014 I see that it will sync on all devices, is that via the Cloud or just on my wireless network?I think its through the iCloud service and when you set it up you define each device that you want to access the data, there are more details at the Apple Support page : HERE Yes, it is the cloud. Set up is simple. Link to comment Share on other sites More sharing options...
Graham Smith Posted November 27, 2014 Share Posted November 27, 2014 KeePass is a good little program (and free and can generate some hugely complex passwords) but it can be a bit tough to integrate to automatically log you in. A lot of security experts recommend changing your password on a regular basis, but that leads to people forgetting what's what and they end up writing things down or using simple passwords. Not all logins allow all the keyboard characters, and may require some particular things. One "simple" trick is to use a simple combination (you can remember) of letters used in both lower and upper and interspersed with numbers and special characters. For example: d1v2c3D!V@C# All this is is DVC mixed with 123 lower case then shifted. If you can create something like this then you can use that along with some other thing specific to the site. For example, if you bank is Acme Bank and Trust, then AcMe_d1v2c3D!V@C# Of course, one of the biggest problems with something like this is that if you are using a tablet or phone, then shifted numbers don't exist and you have to remember what their special character equals are. Link to comment Share on other sites More sharing options...
ummm Posted November 27, 2014 Share Posted November 27, 2014 (edited) I am thinking that those apps and programs woulds be a very target rich environment for a hacker. Sort of, but generally it's exactly the opposite. It's like saying, "I bet Fort Knox is a target for every criminal in America"... The "sort of" part comes because sometimes the surrounding infrastructure is easily targeted (like the idiocy which led to the celebrities having their nude photos leaked from iCloud recently), but that's usually because of stupid human decisions, as it was in that case. The stuff you see in the movies where there's always a person who can crack any secure system is purest fiction. Edited November 27, 2014 by ummm Link to comment Share on other sites More sharing options...
Dranoel Posted November 27, 2014 Share Posted November 27, 2014 (edited) Pick a phrase that you can remember easily and involves some numbers but is totally unrelated to anything you do on the internet. Use the first letter of each word and the numbers. Example: My 3 kids have watched Star Wars 17 times this year. = M3khwST17tty I don't trust password managers. The manager can be hacked and then they have ALL your passwords. Edited November 27, 2014 by Dranoel Link to comment Share on other sites More sharing options...
ummm Posted November 27, 2014 Share Posted November 27, 2014 (edited) The manager can be hacked and then they have ALL your passwords. Back up this claim, please, or do you mean "can be" as in "cannot be proven to be impossible" ? Edited November 27, 2014 by ummm Link to comment Share on other sites More sharing options...
mjohn Posted November 27, 2014 Share Posted November 27, 2014 Pick a phrase that you can remember easily and involves some numbers but is totally unrelated to anything you do on the internet. Use the first letter of each word and the numbers. Example: My 3 kids have watched Star Wars 17 times this year. = M3khwST17tty I don't trust password managers. The manager can be hacked and then they have ALL your passwords. I don't understand how this would help. If you have 10 accounts that need a password, it appears to me that what you are suggesting, all 10 accounts would have the same password then. I thought the point was to have unique passwords for each account. I also do not trust password managers. It is only amount of time, before the password managers will become the next victim. Link to comment Share on other sites More sharing options...
ZackJones Posted November 28, 2014 Share Posted November 28, 2014 I don't trust password managers. The manager can be hacked and then they have ALL your passwords. I don't know the specifics but your passwords are stored in an encrypted format so that if your password manager was hacked in the cloud the hacker would see the clear text password. Link to comment Share on other sites More sharing options...
Butterpuc Posted November 28, 2014 Share Posted November 28, 2014 One "simple" trick is to use a simple combination (you can remember) of letters used in both lower and upper and interspersed with numbers and special characters. For example: d1v2c3D!V@C# All this is is DVC mixed with 123 lower case then shifted. If you can create something like this then you can use that along with some other thing specific to the site. For example, if you bank is Acme Bank and Trust, then AcMe_d1v2c3D!V@C# I already do something similar to this and in general I would say it works well. Usually the websites list my password as "strong" but I still find myself forgetting part of the "code" and having to reset passwords more frequently than I like. Some sort of safe password encryptor and gernerator is something that interests me.... I just don't know who to trust. I don't mind paying for this app, but I don't want a subscription service. Link to comment Share on other sites More sharing options...
D.Hayden Posted November 28, 2014 Share Posted November 28, 2014 I've used Keepass for years and really like it but be aware of issues... http://www.zdnet.com/citadel-malware-attacking-open-source-password-managers-7000036028/ look at the 2 factor authentication Link to comment Share on other sites More sharing options...
Miranda Posted November 28, 2014 Share Posted November 28, 2014 The manager can be hacked and then they have ALL your passwords. Back up this claim, please, or do you mean "can be" as in "cannot be proven to be impossible" ? hi Ummm, semantics is a fun game. I play with meanings a lot. I have a logic puzzle for you... which is better for security? knowing you are 'safe' or looking for better securities? if insanity is left aside, all crime is a risk vs profit evaluation. So cracking a secure system is not a question of 'impossible' it is more of a question of 'why try...' BTW, "because it is there" is about where insanity starts.... miranda Link to comment Share on other sites More sharing options...
AJE Posted November 28, 2014 Share Posted November 28, 2014 I just have everything written down as well. I am just not computer savvy enough to fool with this. I would probably end up sending all of my passwords to the cloud or every person on the planet with the touch of a button. Or I would forget the password to get to my passwords and then be royally screwed. Writing them down seems more secure to me than having them stored somewhere online. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now