Password management
category: offtopic [glöplog]
Managing all my passwords is becoming a serious headache:
- tons of websites requiring a password
- different password for each site
- secure passwords, that just aren't rememberable
- accessing all this from a bunch of different devices (desktop, laptop, work computer, phone, ipad...)
Any suggestions for a good way of managing them all?
I just had a good look at lastpass, then a much closer look because I'm not much for the idea of storing all my passwords on their servers. They did actually get hacked recently. Seems there was no real damage, as they have pretty good systems in place, but still I'm not too keen on the whole concept.
I guess the ideal solution would be something like lastpass (heavily encrypted file containing all my login details, master password to access it, some kind of browser integration) but with me hosting the file myself somewhere. This way I can protect it however i want, and there's little incentive to go after it (one file containing unknown stuff for one person isn't going to have the appeal of a big site with details for thousands of people, which pretty much guarantees major loot). Anything like that exist?
- tons of websites requiring a password
- different password for each site
- secure passwords, that just aren't rememberable
- accessing all this from a bunch of different devices (desktop, laptop, work computer, phone, ipad...)
Any suggestions for a good way of managing them all?
I just had a good look at lastpass, then a much closer look because I'm not much for the idea of storing all my passwords on their servers. They did actually get hacked recently. Seems there was no real damage, as they have pretty good systems in place, but still I'm not too keen on the whole concept.
I guess the ideal solution would be something like lastpass (heavily encrypted file containing all my login details, master password to access it, some kind of browser integration) but with me hosting the file myself somewhere. This way I can protect it however i want, and there's little incentive to go after it (one file containing unknown stuff for one person isn't going to have the appeal of a big site with details for thousands of people, which pretty much guarantees major loot). Anything like that exist?
LastPass has worked well for me. And just to be clear, the encryption happens BEFORE it is uploaded to their servers, so they don't store your plaintext passwords at any point.
Use the "forgot my password" at every website on every log-in!
okkie: i'm already heavily dependent on that :D
menace: yeah, it does look good. The only 'issue' as I see it, is that they're storing a large number of these encrypted files that they don't have keys to. That's an appealing target still, because if you can get access to their system, you own the bank vault. If you have access to that, it's likely not impossible to add something to the site that captures keys as the customers log in. It would be *hard*, but the nature of the contents means it's a desirable target. Thus, I'd prefer something distributed (or local).
menace: yeah, it does look good. The only 'issue' as I see it, is that they're storing a large number of these encrypted files that they don't have keys to. That's an appealing target still, because if you can get access to their system, you own the bank vault. If you have access to that, it's likely not impossible to add something to the site that captures keys as the customers log in. It would be *hard*, but the nature of the contents means it's a desirable target. Thus, I'd prefer something distributed (or local).
roboform!
ofcourse a great majority of sites with a "forgot your password?" link send unencrypted emails with the new pass or link the to where you can change it is.
anyone snooping your traffic can get it before you do. but maybe thats just me being paranoid ;)
anyone snooping your traffic can get it before you do. but maybe thats just me being paranoid ;)
It's 100x more likely that a site you use somewhere is storing unencrypted passwords along with your other details and also has a simple sql injection flaw, and some guy somewhere has access to one of your accounts. Which is why you need different passwords everywhere, making it impossible to remember them all :/
yes. it is. just saying, dont bet your security on emails.
amen to all the above.
passwords are a constant fucking headache.
passwords, pin numbers, it's never ending. rolling passwords.. peh.
numbers, characters, case changes... every now and then some new prick site wants to throw another curveball to remember (Your Password does not have alternating symbols with numbers followed by a random non-dictionary sequence of vowels and constenants). ffs.
someone who comes up with a sensible solution is going to be a multi fuckin trillionare.
passwords are a constant fucking headache.
passwords, pin numbers, it's never ending. rolling passwords.. peh.
numbers, characters, case changes... every now and then some new prick site wants to throw another curveball to remember (Your Password does not have alternating symbols with numbers followed by a random non-dictionary sequence of vowels and constenants). ffs.
someone who comes up with a sensible solution is going to be a multi fuckin trillionare.
http://keepass.info/
works on most os / mobile phone
e.g. put the encrypted db in a dropbox and access from android phone etc...
works on most os / mobile phone
e.g. put the encrypted db in a dropbox and access from android phone etc...
I'm liking the look of keepass
if only i could trust dropbox
http://thenextweb.com/insider/2011/04/08/dropbox-security-hole-could-let-others-access-your-files/
http://thenextweb.com/insider/2011/04/08/dropbox-security-hole-could-let-others-access-your-files/
or random public wifi networks where i can login to things with my phone being secure.
or wifi networks in general for that matter.
sorry, i'll take off my tinfoil hat now :)
keepass seems nice.
been using mac osx's keychain lately. fully aware that it isnt all that secure either. ;) but atleast it gets automatically backuped with the rest of the stuff :)
or wifi networks in general for that matter.
sorry, i'll take off my tinfoil hat now :)
keepass seems nice.
been using mac osx's keychain lately. fully aware that it isnt all that secure either. ;) but atleast it gets automatically backuped with the rest of the stuff :)
maybe get rid of the accounts
+ focus doing your own thing
'tons' of sites only messes with your head, think about how much you can accomplish without all these services
you got tops 10k days left, the 'evil-loop' has soon decremented @ -1
+ focus doing your own thing
'tons' of sites only messes with your head, think about how much you can accomplish without all these services
you got tops 10k days left, the 'evil-loop' has soon decremented @ -1
why do you give a fuck if on a stupid website your account gets stolen ?
Oswald: because many of these sites have access to financial stuff? I don't care about the password, it's the money that follows it ;) Yes, I could do most of this stuff offline. But it eats much more time than worrying about passwords, and I'll be fucked if I'm spending a good chunk of my life in a queue somewhere.
+1 KeePass
ps: yes, I've also been using keychain. Better still, if you have mobile me it syncs your keychain between computers, so I can access stuff between my various computers + also at work. Looks like that will disappear though, it seems to be unsupported by icloud and mobile me is closing :( Hopefully that will be fixed at some point.
I'll have a look at keepass (wtf with the name? kee-pass is terrible, keep-ass is at least english, but wtf would that mean? :D )
I'll have a look at keepass (wtf with the name? kee-pass is terrible, keep-ass is at least english, but wtf would that mean? :D )
stores links to all the ass pr0n in the intrawebs!
This is why we need more websites that use OpenID.
http://passwordmaker.org/ Is also a option.
lastpass, really it rocks.
it's also the only app that i know that really tried to make a version for every damn (modern) platform out there. as an opera+nokia user, typically nothing works for me. lastpass, no problemo.
it's also the only app that i know that really tried to make a version for every damn (modern) platform out there. as an opera+nokia user, typically nothing works for me. lastpass, no problemo.
ps. i really don't see how a keepass file hosted on dropbox is better than lastpass. it has all the same safety (locally encrypted, then hosted at some service provider's cloud), and way less of the usability (auto-type? oh come on.)
lastpass is rather web-focused, though. if most of your passwords are to SSH servers, keepass might do it better.
lastpass is rather web-focused, though. if most of your passwords are to SSH servers, keepass might do it better.
Write your passwords on a sheet of paper and store it at a safe place...