Join Early Retirement Today
Reply
 
Thread Tools Display Modes
Do You Trust Your Password Manager?
Old 09-28-2018, 05:07 PM   #1
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
TromboneAl's Avatar
 
Join Date: Jun 2006
Posts: 12,880
Do You Trust Your Password Manager?

As time goes by, I go to more and more secure passwords. The next step would be to allow my password manager (EnPass, recommended over LastPass*) complete control to create passwords, fill them in, and store them.


My worry is that a password like



*^%#uyh*9076__&5$#@!


would be trouble if EnPass ever died. Having 100 passwords like that would be worse.


Does you give your password manager complete control?


*I used to use LastPass, but found that EnPass lets me fill in a password with fewer clicks of the mouse. It has some other advantages as well.
__________________
Al
TromboneAl is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 09-28-2018, 05:39 PM   #2
Full time employment: Posting here.
Oz investor's Avatar
 
Join Date: Jun 2018
Location: Brisbane
Posts: 855
i store NO passwords on my computer ( and flush the cache regularly )

( yes the note book can be destroyed as well , but you have to find the correct notebook first , a lot harder to do digitally )

i use the theory an encrypted mass ( of data ) will attract extra curiosity and effort ...

maybe i should store some encrypted (encapsulated ) malware for the curious to discover
__________________
i hold the Australian listed versions of AU ( Anglo Ashanti ) , BHP , and JHG .

You must learn from the mistakes of others. You can't possibly live long enough to make them all yourself.

Samuel Levenson
Oz investor is offline   Reply With Quote
Old 09-28-2018, 06:15 PM   #3
Thinks s/he gets paid by the post
 
Join Date: Jul 2011
Posts: 1,281
I do not store my passwords on the web or my commuter. I store my keepass passwords on a Kingston thumb drive and back it up with another Kingston.

Keepass has a one click feature to fill in user name and password. Many sites do not accept it but for those that do, it is easier. Keepass also will create your password as I expect others do. I am guessing that the features are similar to other well done PW managers.

The thumb drive is a bit of a hassle. I need to open it each time I want to do something on the computer.

My passwords are protected with two passwords. One to open the Kingston (5 or 10 chances, I can't remember) and it will lock. So, if stolen or lost, you have some protection. Then, another password to open the Keepass program located on the thumb drive.

I keep my Kingston password on a piece of paper. I also keep my Keepass password on different sheet of paper. They are sophisticated but memorable.

For traveling, I can take my Kingston with me and safely use with a VPN connection. (I typically do not use it however or try not to when travelling). I am assuming the VPN I am using is safe but there might be others that can provide some thoughts.
savory is offline   Reply With Quote
Old 09-28-2018, 06:30 PM   #4
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 13,130
My passwords are stored with password manager as a password file. Also, have a couple of backups of the password file in case somehow the original file gets corrupted (has never happened, but better safe than sorry).

I keep backup copies of the password manager program too as another precaution.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 09-28-2018, 06:32 PM   #5
Thinks s/he gets paid by the post
Fedup's Avatar
 
Join Date: Mar 2014
Location: Southern Cal
Posts: 4,032
I don’t trust anybody(except my family members of course) including password manager.
Fedup is offline   Reply With Quote
Old 09-28-2018, 07:28 PM   #6
Thinks s/he gets paid by the post
The Cosmic Avenger's Avatar
 
Join Date: May 2016
Location: Mid-Atlantic
Posts: 2,654
I use LastPass, and so does our IT department. I like that I can require two-factor authentication, and it warns me if there are logins from areas where I haven't logged in from before.
__________________
-Looking to FIRE in the mid-2020s, which would be our mid-50s.
The Cosmic Avenger is online now   Reply With Quote
Old 09-28-2018, 07:32 PM   #7
Thinks s/he gets paid by the post
GalaxyBoy's Avatar
 
Join Date: Jul 2009
Location: The Beautiful Blue Ridge Mountains
Posts: 2,781
Quote:
Originally Posted by TromboneAl View Post
My worry is that a password like

*^%#uyh*9076__&5$#@!

would be trouble if EnPass ever died. Having 100 passwords like that would be worse.
I figure if that ever happened then I'd be clicking on a lot of "forgot password" links on 100 web pages. Since my computer gets continually backed up, it doesn't bother me.
GalaxyBoy is offline   Reply With Quote
Old 09-28-2018, 09:24 PM   #8
gone traveling
 
Join Date: Dec 2015
Location: Berkeley, Denver, CO, USA
Posts: 1,406
Yes
davebarnes is offline   Reply With Quote
Old 09-28-2018, 11:23 PM   #9
Thinks s/he gets paid by the post
 
Join Date: Nov 2016
Location: Washington State
Posts: 2,349
I wrote my own password manager and it's security is good enough for me.

For starters, I'm really not that special. It's highly unlikely a hacker is going to purposely hunt down my encrypted file and try to extract my passwords from it. There are millions of easier targets out there. Just send out some emails from Nigeria, pretend to be PayPal, etc. and many folks will hand over sensitive information willingly. Or maybe you get a phone call from the IRS or Medicare wanting your account details, just for verification of course. How often do you hand your credit card to a waiter at a restaurant as they take it in back to "process" it?

At some point you'll have to "use" that fancy obfuscated password you've come up with. A keylogger running in the background can simply record whatever characters you type in or paste from the clipboard. No decryption needed.

Most security breaches aren't hacking your personal passwords anyway. They usually go after the systems you are trying to access - Facebook, Sony, Target, etc. Bigger rewards. It doesn't matter how good the lock is on your front door if the thief can walk in through the back door.

You might install an extra thick steel door with dual titanium reinforced deadbolts, a steel reinforced jamb bolted into the house framing, retinal scanners, and a pressure sensitive door mat. The thief breaks the 1/8" glass window on the side of the house and climbs right in.
mountainsoft is offline   Reply With Quote
Old 09-28-2018, 11:39 PM   #10
Full time employment: Posting here.
Oz investor's Avatar
 
Join Date: Jun 2018
Location: Brisbane
Posts: 855
Quote:
Originally Posted by mountainsoft View Post
I wrote my own password manager and it's security is good enough for me.

For starters, I'm really not that special. It's highly unlikely a hacker is going to purposely hunt down my encrypted file and try to extract my passwords from it. There are millions of easier targets out there. Just send out some emails from Nigeria, pretend to be PayPal, etc. and many folks will hand over sensitive information willingly. Or maybe you get a phone call from the IRS or Medicare wanting your account details, just for verification of course. How often do you hand your credit card to a waiter at a restaurant as they take it in back to "process" it?

At some point you'll have to "use" that fancy obfuscated password you've come up with. A keylogger running in the background can simply record whatever characters you type in or paste from the clipboard. No decryption needed.

Most security breaches aren't hacking your personal passwords anyway. They usually go after the systems you are trying to access - Facebook, Sony, Target, etc. Bigger rewards. It doesn't matter how good the lock is on your front door if the thief can walk in through the back door.

You might install an extra thick steel door with dual titanium reinforced deadbolts, a steel reinforced jamb bolted into the house framing, retinal scanners, and a pressure sensitive door mat. The thief breaks the 1/8" glass window on the side of the house and climbs right in.
becoming a nerd at a late age , i studied the original ( bad boy ) hackers and some of the most (in) famous were just extra curious teens ( what is the REAL story on aliens .. let's see what NASA has .. etc etc etc )

the original ones did it for curiosity , later bragging rights and eventually genuine criminals saw money to be made , crime (and past deeds ) to be forgotten and covered up .

me ? i don't have social media accounts so you won't see a photo of my car/watch/guitar/family , rave on about the latest eatery i visited etc. etc

just like in real life i don't appear to be worth the effort of robbing ( physically or digitally )

BTW when i am out out the back door is heavily bolted as well ( might be TWICE as hard as the locked front door and solid hardwood to keep those bolts in place )
__________________
i hold the Australian listed versions of AU ( Anglo Ashanti ) , BHP , and JHG .

You must learn from the mistakes of others. You can't possibly live long enough to make them all yourself.

Samuel Levenson
Oz investor is offline   Reply With Quote
Old 09-29-2018, 01:10 AM   #11
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Katsmeow's Avatar
 
Join Date: Jul 2009
Posts: 5,307
I use LastPass and I do generally trust it. It is possible however to export your saved passwords and then to print them out and put them in a safety deposit box (or wherever). As mentioned, I mostly think I could click on forgot password if I didn't have the password. It would be a pain but not irrevocable.

I do not however, save my password to LastPass itself anywhere online or on my computer.
Katsmeow is offline   Reply With Quote
Old 09-29-2018, 10:03 AM   #12
Thinks s/he gets paid by the post
 
Join Date: Nov 2016
Location: Washington State
Posts: 2,349
Quote:
Originally Posted by Oz investor View Post
when i am out out the back door is heavily bolted as well
Yep, we always lock all our doors and windows, even when we are home. We learned our lesson years ago in our previous house. All doors and windows were locked except for a tiny kitchen window about eight feet off the ground that we left open for fresh air. It was so high off the ground and so small we never dreamed anyone could come in that way. Somehow they did. Thankfully they really didn't take much of value, a camera and some sentimental jewelry from our youth.

Lesson learned - criminals look for the easiest point of entry. They're probably not going to try picking even the most basic deadbolt. They're probably not going to waste time trying to decrypt your password. They'll look for the areas you leave unsecured and come in that way.
mountainsoft is offline   Reply With Quote
Old 09-29-2018, 12:24 PM   #13
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 17,169
Completely? No.

More than any other password security system I have used and/or evaluated? Yes.

Like my old grand pappy used to say, "Never let perfection become the enemy of the good."
__________________
Comparison is the thief of joy

The worst decisions are usually made in times of anger and impatience.
Chuckanut is online now   Reply With Quote
Old 09-29-2018, 02:20 PM   #14
Thinks s/he gets paid by the post
Rustic23's Avatar
 
Join Date: Dec 2005
Location: Lake Livingston, Tx
Posts: 4,203
Lastpass-yes Why, because I have to!
__________________
If it is after 5:00 when I post I reserve the right to disavow anything I posted.
Rustic23 is offline   Reply With Quote
Old 09-29-2018, 04:01 PM   #15
Thinks s/he gets paid by the post
 
Join Date: Feb 2014
Posts: 3,054
Don't use a PW manager. Never trusted them. I can't disclose the method of PW management I use.

Ok, all may passwords are password1234.., stored in the password folder.
jim584672 is offline   Reply With Quote
Old 09-29-2018, 04:29 PM   #16
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 13,130
Quote:
Originally Posted by jim584672 View Post
Don't use a PW manager. Never trusted them. I can't disclose the method of PW management I use.

Ok, all may passwords are password1234.., stored in the password folder.
Well, all my passwords are password12345 to add more complexity .

I definitely use a password manager. Not only for passwords but also to store those challenge questions like "What's your favorite color?". Instead of an answer like "blue" I can store something like "blue 638272" .
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 09-29-2018, 04:51 PM   #17
Full time employment: Posting here.
Oz investor's Avatar
 
Join Date: Jun 2018
Location: Brisbane
Posts: 855
Quote:
Originally Posted by easysurfer View Post
Well, all my passwords are password12345 to add more complexity .

I definitely use a password manager. Not only for passwords but also to store those challenge questions like "What's your favorite color?". Instead of an answer like "blue" I can store something like "blue 638272" .

being a long term HEAVY metal fan , my passwords ( and security answers ) are ..... eccentric ( ?? )

i do NOT use the same user-name or password in multiple places

sadly some places i have logins have limitations of which characters ( and how many ) can be used so have to resort to 'reverse passwords ( like 3drowssap3 or enirgnat, not real passwords i use )
__________________
i hold the Australian listed versions of AU ( Anglo Ashanti ) , BHP , and JHG .

You must learn from the mistakes of others. You can't possibly live long enough to make them all yourself.

Samuel Levenson
Oz investor is offline   Reply With Quote
Old 09-29-2018, 05:02 PM   #18
Moderator Emeritus
aja8888's Avatar
 
Join Date: Apr 2011
Location: Conroe, Texas
Posts: 18,643
Quote:
Originally Posted by easysurfer View Post
Well, all my passwords are password12345 to add more complexity .

I definitely use a password manager. Not only for passwords but also to store those challenge questions like "What's your favorite color?". Instead of an answer like "blue" I can store something like "blue 638272" .
The answer to all my security questions is "banana". That keeps it simple.

Like:

Q. What was your first car?

A. Banana

etc.

(it's really not banana)
__________________
*********Go Astros!*********
aja8888 is offline   Reply With Quote
Old 09-29-2018, 05:02 PM   #19
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 13,130
I'm a firm believer that the best password is one I don't know. In other words, nicely randomized.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 09-29-2018, 07:19 PM   #20
Thinks s/he gets paid by the post
 
Join Date: Mar 2014
Location: Dallas
Posts: 1,150
Quote:
Originally Posted by aja8888 View Post
The answer to all my security questions is "banana". That keeps it simple.

Like:

Q. What was your first car?

A. Banana

etc.

(it's really not banana)
I have came across a security question in the past: Did you forgot your password?

Can you guess the answer?
pjigar is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Qualified Income Trust/Miller Trust tps7742 Other topics 7 02-22-2019 01:55 PM
Password Manager SW MichaelB Other topics 42 11-09-2015 01:57 PM
Rental property basis in trust vs. not in trust Dash man FIRE and Money 2 04-19-2014 07:20 AM
Your Password or Your Freedom? easysurfer Other topics 6 11-06-2010 06:29 PM
Work: Do you ever do things to have your manager STFU? cube_rat Young Dreamers 2 04-07-2006 06:33 PM

» Quick Links

 
All times are GMT -6. The time now is 08:49 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2024, vBulletin Solutions, Inc.