pass word managers......

bilbo · Senior Member

pass word managers......

Southern Cruizer · Guru

bilbo wrote:
Does anyone use one??
I "googled" how they work but could not find an answer that I could understand!!
How do they "communicate" your P/W if you have forgotten it?
cheers Bilbo

Just ask Optus! lol

dabbler · Guru

Password Managers come in a variety of flavours. Some store passwords you enter, others generate complex passwords for you, some are restricted to one device while others span multiple devices, some will even store ancillary information attached to the user account accessed by the credentials you have added (like account numbers or app preferences).

Essentially they are an encrypted database of the credentials you are using and that database is more secured than a simple text file or piece of paper. They typically auto fill the username and password for you to submit, they don't look up your credentials and expect you to enter them although most have a look up function that let you view your passwords. Not all apps and websites will interact with password manager (government, banking and finance apps may not for instance).

Password Managers don't make your information held by others any more secure or safe, they are a means to safely secure and manage your own credentials.

Everyone should be using a password manager with a secure complex password and that password should a secure means to recover the master password. They take over the day to day "remembering"

Ivan 01 · Guru

That was a good explanation dabbler. Thank you.

Can anyone on here suggest a good password manager App to use for a retired old fella like me with a poor memory.

dorian · Guru

Look at the security incidents for LastPass:

https://en.wikipedia.org/wiki/LastPass#Security_issues

I can't bring myself to trust a web based password management service. I would much rather an open source password manager residing on my own machine, perhaps on a USB stick.

bilbo · Senior Member

I am with Dorian here.....I dont trust "anyone".

To be able to put the P/W on a USB stick.......dont you have to do that "electronically"....is that not a prob in itself in that the P/W is available to a hacker at a later date??

How about keeping P/W in a diary?? ( I have a very very safe hiding place )

cheers Bilbo

Mike Harding · Guru

A cloud based password manager is somewhat like "Trust me, I'm a gynaecologist." If it's on the net it's available to a hacker 24/7 if it's on a USB stick it isn't. But don't loose your USB stick without an up to date backup and a certain memory of the master password. You could email the (encrypted?) master password to your Gmail account but don't make the subject line "Master password" :)

I don't use a password manager but maybe should, I keep my passwords in an encrypted file on my local hard drive but, for things such as banking, I simply have strong passwords which I can remember.

It is a problem.

Mike Harding · Guru

bilbo wrote:
How about keeping P/W in a diary??

There is much to be said for this.

But be a little cryptic: eg. Commonwealth Bank becomes "ComB" and the like.

Mobi Condo · Guru

Agree re available programmes. If they have been written by MS, Apple or whomever, they can be hacked more easily.

Did my own with an open-source word processor which required one password to open, another to edit.

All entries were in "coded" titles with related passwords.

Must say thanks for the USB stick storage clue - must do that.

Are We Lost · Guru

I use Keepass. It is cross platform with versions for various operating systems. I use it on Windows and Android phone and the same file can be copied between platforms. No cloud storage used. There is also a portable version that works entirely on a USB stick. It generates passwords by default but I prefer to save my own.

It is free but more importantly is open source, which means the code that is used to build the app is available for anyone to see. So you can have confidence there is no hidden section that secretly does things you would not want.

Keepass features

KevinJ · Senior Member

Try three spreadsheets which have very different names. e.g. "HoldenCars.xlsx", "TestInfo.xlsx", "Furniture.xlsx" and each have a different password to open them.

The first column in each spreadsheet holds the key to join the data together.

The first spreadsheet has the name of the entity you are interested in. e.g. "rtnsk74%s9", "The Grey Nomads Forum"

The second spreadsheet has the login name of the entity you are interested in. e.g. "rtnsk74%s9", "myLogin"

The third spreadsheet has the password of the entity you are interested in. e.g. "rtnsk74%s9", "myPassword"

Without all three spreadsheets, the data is useless and it's not as complicated as it looks.

If you want to be even more clever, you can create a fourth spreadsheet with a simple macro in it which opens the other three spreadsheets and then if you enter the entity you are interested in, it shows all three pieces of info next to each other.

Alternate to the spreadsheets, you can do the same with three small notebooks and then hide them around the house or caravan.

dorian · Guru

I thought I would look for KeePass in the Microsoft Store.

Then I saw this thread:

https://sourceforge.net/p/keepass/discussion/329220/thread/a9d2de0f/

"Someone decided to trade KeePass for $11 in Microsoft Store. I wonder how did it become approved"

Are We Lost · Guru

Now almost 5 years later and no updates to that thread. One of the comments pointed out the size of the file was larger, so who knows what else it had. Presumably the scam has been removed from Microsoft Store. Shame on you Microsoft.

Get it direct from the developers from the link I provided.

bilbo · Senior Member

Thanks everyone for your responses.......but for me most are out of my "IT" league ........I will just have "difficult" P/W's for banks/govt agencies and keep them safe "somewhere on 40 acres"......cheers Bilbo

StewG · Senior Member

I use KeePassXC and restrict it purely to my computer; do not store it in the 'Cloud'. The main thing to remember with passwords is that the longer it is, the harder the job of a hacker to break in. I use a 20+ character master password. However, a good thing that many companies are doing now is offering/enforcing the use of multi factor authorisation (MFA) also known as two step verification. Where an SMS or email or 'Authenticator' is used to send a code to you when you try to login to email or bank, etc. This MFA reduces the value of the password (to a hacker), but increases the value of (typically) your phone, if that is the MFA facilitator. Don't lose your phone!

BAZZA44 · Senior Member

Like Bilbo I write mine down and keep somewhere safe.

Instead of trying to remember a heap of letters and numbers mixed together I use a sentence I make up with upper and lower case letters, eg --IwWmdT# I will Wash my dog Tomorrow hash.

Barry

Ivan 01 · Guru

Thanks for the warnings about the Apps.

It stands to reason that they may only be a secure as the trust you put in them.

I am not that tech savvy when it comes to computers generally so I think I will stick to the old reliable note pad.
Having said that, you guys have given me some great ideas when it comes to making up a password so what I might do is change any of my simple passwords with ones that might be a little more difficult to guess or hack.

spida · Guru

I use a password protected page in OneNote for all of mine. Easy to update if you change things & only one password to get in :)

Mike Harding · Guru

spida wrote:
I use a password protected page in OneNote for all of mine. Easy to update if you change things & only one password to get in :)

And that's uploaded to "The Cloud" is it?

Good luck.

gold dandelion · Senior Member

type in, Have I been pwnd, or pwnd passwords, in your browser. you may all get a shock. well worth a try.