Passwords and Internet security

Discussion in 'Living Room' started by Handyandy, 13th Jul, 2019.

Join Australia's most dynamic and respected property investment community
  1. Handyandy

    Handyandy Well-Known Member

    Joined:
    18th Jun, 2015
    Posts:
    302
    Location:
    Sutherland
    In this day and age we are now expected to have many user accounts and passwords for ever increasing sites be they different real estates, banks, US counties, Aust councils, etc etc

    How are folks managing the plethora of accounts? I know that some time ago @Simon Hampel posted some comments about an off line program which managed all his accounts via one master password.

    Just looked at 2 different online offerings which seem to have similar criteria but it would seem you need to trust some nebulous company who could disappear tomorrow leaving you in a gigantic hole.

    The 2 online sites are :
    #1 Password Manager & Vault App, Enterprise SSO & MFA | LastPass
    Never forget another password | Dashlane

    So how are you managing your user account / password nightmare?
     
  2. Simon Hampel

    Simon Hampel Founder Staff Member

    Joined:
    3rd Jun, 2015
    Posts:
    4,269
    Location:
    Sydney
    I use 1Password - I use the standalone version, not their hosted version.
     
  3. twobobsworth

    twobobsworth Well-Known Member

    Joined:
    18th Jun, 2015
    Posts:
    454
    Location:
    Sydney, New South Wales
    I have password fatigue. It's crazy the variations, upper and lower case, digits numbers and characters.
     
    ellejay, Pumpkin and KayTea like this.
  4. Simon Hampel

    Simon Hampel Founder Staff Member

    Joined:
    3rd Jun, 2015
    Posts:
    4,269
    Location:
    Sydney
    Other than my master password, every single password I use is long and randomly generated.

    Current count of passwords I have: 1023 ... and there's probably less than 10 that I actually know.
     
  5. bunkai

    bunkai Well-Known Member

    Joined:
    28th Jun, 2015
    Posts:
    553
    Location:
    Sydney
    I've been trying out Lastpass and 1Password to work out which is most usable for the family.

    (@Simon Hampel - not as hardcore as having my own repository yet though).

    I much prefer 1Password's security model but find it a little unreliable particularly on mobile. Lastpass has been pretty easy to use.

    Dashlane, Lastpass and 1Password are all mainstream. Try out which one works for you.

    P.S. I wouldn't recommend putting really critical passwords in the tool or those where your could expose yourself to liability in terms/conditions - like banking or main email account. For everything else it is great!
     
  6. euro73

    euro73 Well-Known Member Business Member

    Joined:
    18th Jun, 2015
    Posts:
    4,221
    Location:
    The beautiful Hills District, Sydney Australia
    I also use 1 password
     
  7. Simon Hampel

    Simon Hampel Founder Staff Member

    Joined:
    3rd Jun, 2015
    Posts:
    4,269
    Location:
    Sydney
    Why? I'm the only person who can access my passwords.
     
  8. jprops

    jprops Well-Known Member

    Joined:
    24th Sep, 2015
    Posts:
    717
    Location:
    Sydney
    If you can't trust it for these things, you're back at square one.
     
  9. PurpleTurtle

    PurpleTurtle Well-Known Member

    Joined:
    10th Jan, 2016
    Posts:
    62
    Location:
    Melbourne
    Another very happy 1Password user here. Everything is in there. Works really well on iOS.
     
  10. bunkai

    bunkai Well-Known Member

    Joined:
    28th Jun, 2015
    Posts:
    553
    Location:
    Sydney
    Read the terms and conditions of your internet banking carefully. Password managers are good but are vulnerable to compromise (think malware) like anything.

    Not really, they are really convenient and good for most sites. However, by their very nature they are a big target. If you leave your main email account out, then at least you can reset the passwords if the password manager was compromised. If you have a few layers of security then it reduces the risk should one be compromised.

    I'll go back to worrying that I'm being followed ....:eek:
     
  11. QldKoolies

    QldKoolies Well-Known Member

    Joined:
    28th Sep, 2018
    Posts:
    157
    Location:
    Brisbane
    Two factor authentication Always as a minimum. The days of a single password are over. Do not rely on single password unless absolutely necessary. A password vault will store your password and allow you to use something else but still sends a single authentication. Two factor is setup on the other side of the authentication not your side.
    If you must use a single password ignore all the upper/lower/number/character stuff and just use a sentence as long as it is 12 or more its good. “ilikeapplesinmay” you can change to “ilikeapplesinjune” and continue for each month changing every month. Remember this will protect you from brute force attacks but not leaks/compromises that commonly use “pass-the-hash” and never require the attacker to decrypt the password. You must change at least monthly.
     
  12. Simon Hampel

    Simon Hampel Founder Staff Member

    Joined:
    3rd Jun, 2015
    Posts:
    4,269
    Location:
    Sydney
    So is your browser. Again, I ask - why? I'm the only person who can access my passwords.

    If you're worried about key loggers - then you're just as vulnerable not using a password manager and typing your password in by hand.

    Seriously - password managers are fine.

    Use 2FA for any site which is important (especially primary email account).
     
  13. bunkai

    bunkai Well-Known Member

    Joined:
    28th Jun, 2015
    Posts:
    553
    Location:
    Sydney
    Personally, I'm not comfortable being in breach of the T&Cs but each to their own.
     
  14. Rooky

    Rooky Well-Known Member

    Joined:
    18th Jun, 2015
    Posts:
    99
    Location:
    Perth
    I am using keepass and store password file in USB drive. Drawback is if u cant access your USB, u cant access your passwords. Also you cant access it on mobile as they have not released authorised app. There are some unauthorised apps but i wouldn't trust them. I guess thats the inconvenience you have to go through if you do not want to put your password in someone's online servers and do jot want to pay as keepass is free.
     
  15. QldKoolies

    QldKoolies Well-Known Member

    Joined:
    28th Sep, 2018
    Posts:
    157
    Location:
    Brisbane
    Its important that you understand that password managers and vaults do not increase security. It is far more likely your password is compromised by the system you use it to access and not by your device. This is because the system is a higher value target (thousand of users compromised in lieu of just you). Forget them. Use simple passwords at 12 or more characters changing them monthly and use two factor authentication (2FA) at all possible times. 2FA protects you from someone else losing control of the hashed version of your password.
     
    bunkai and ellejay like this.
  16. bunkai

    bunkai Well-Known Member

    Joined:
    28th Jun, 2015
    Posts:
    553
    Location:
    Sydney
    Microsoft released their public preview for FIDO2 - hardware security keys in the last few days. Their view on the world is passwordless.
     
  17. PurpleTurtle

    PurpleTurtle Well-Known Member

    Joined:
    10th Jan, 2016
    Posts:
    62
    Location:
    Melbourne
    Yes, but what password managers do is make it manageable to have unique passwords for every login. So when your password is compromised it is only one account that is affected, not a whole bunch of accounts for which you have used the same password.
     
    Simon Hampel and ChrisP73 like this.
  18. ShireBoy

    ShireBoy Well-Known Member

    Joined:
    14th Nov, 2017
    Posts:
    268
    Location:
    Sydney
    Pretty happy with Lastpass, here.
    Not sure if the other mobs have it, but I like the emergency sharing option. My partner and I have given each other access if we require it i.e. one of us gets incapacitated.
    We're slowly filling out our respective "What to do in the event of death" type notes. i.e. which social media accounts exist and need closing, funeral arrangements, etc.
     
    Gockie likes this.
  19. QldKoolies

    QldKoolies Well-Known Member

    Joined:
    28th Sep, 2018
    Posts:
    157
    Location:
    Brisbane
    2FA through either a hard key, device, txt/email or token makes it irrelevant. They are a requirement of the past.
     
    PurpleTurtle likes this.
  20. Simon Hampel

    Simon Hampel Founder Staff Member

    Joined:
    3rd Jun, 2015
    Posts:
    4,269
    Location:
    Sydney