Do You Trust Your Password Manager?

[TromboneAl]

As time goes by, I go to more and more secure passwords. The next step would be to allow my password manager (EnPass, recommended over LastPass*) complete control to create passwords, fill them in, and store them.


My worry is that a password like



*^%#uyh*9076__&5$#@!


would be trouble if EnPass ever died. Having 100 passwords like that would be worse.


Does you give your password manager complete control?


*I used to use LastPass, but found that EnPass lets me fill in a password with fewer clicks of the mouse. It has some other advantages as well.

 

[Oz investor]

i store NO passwords on my computer ( and flush the cache regularly )

( yes the note book can be destroyed as well , but you have to find the correct notebook first , a lot harder to do digitally )

i use the theory an encrypted mass ( of data ) will attract extra curiosity and effort ...

maybe i should store some encrypted (encapsulated ) malware for the curious to discover

 

[savory]

I do not store my passwords on the web or my commuter. I store my keepass passwords on a Kingston thumb drive and back it up with another Kingston.

Keepass has a one click feature to fill in user name and password. Many sites do not accept it but for those that do, it is easier. Keepass also will create your password as I expect others do. I am guessing that the features are similar to other well done PW managers.

The thumb drive is a bit of a hassle. I need to open it each time I want to do something on the computer.

My passwords are protected with two passwords. One to open the Kingston (5 or 10 chances, I can't remember) and it will lock. So, if stolen or lost, you have some protection. Then, another password to open the Keepass program located on the thumb drive.

I keep my Kingston password on a piece of paper. I also keep my Keepass password on different sheet of paper. They are sophisticated but memorable.

For traveling, I can take my Kingston with me and safely use with a VPN connection. (I typically do not use it however or try not to when travelling). I am assuming the VPN I am using is safe but there might be others that can provide some thoughts.

 

[easysurfer]

My passwords are stored with password manager as a password file. Also, have a couple of backups of the password file in case somehow the original file gets corrupted (has never happened, but better safe than sorry).

I keep backup copies of the password manager program too as another precaution.

 

[Fedup]

I don’t trust anybody(except my family members of course) including password manager.

 

[The Cosmic Avenger]

I use LastPass, and so does our IT department. I like that I can require two-factor authentication, and it warns me if there are logins from areas where I haven't logged in from before.

 

[GalaxyBoy]

My worry is that a password like

*^%#uyh*9076__&5$#@!

would be trouble if EnPass ever died. Having 100 passwords like that would be worse.

I figure if that ever happened then I'd be clicking on a lot of "forgot password" links on 100 web pages. Since my computer gets continually backed up, it doesn't bother me.

 

[davebarnes]

Yes

 

[mountainsoft]

I wrote my own password manager and it's security is good enough for me.

For starters, I'm really not that special. It's highly unlikely a hacker is going to purposely hunt down my encrypted file and try to extract my passwords from it. There are millions of easier targets out there. Just send out some emails from Nigeria, pretend to be PayPal, etc. and many folks will hand over sensitive information willingly. Or maybe you get a phone call from the IRS or Medicare wanting your account details, just for verification of course. How often do you hand your credit card to a waiter at a restaurant as they take it in back to "process" it?

At some point you'll have to "use" that fancy obfuscated password you've come up with. A keylogger running in the background can simply record whatever characters you type in or paste from the clipboard. No decryption needed.

Most security breaches aren't hacking your personal passwords anyway. They usually go after the systems you are trying to access - Facebook, Sony, Target, etc. Bigger rewards. It doesn't matter how good the lock is on your front door if the thief can walk in through the back door.

You might install an extra thick steel door with dual titanium reinforced deadbolts, a steel reinforced jamb bolted into the house framing, retinal scanners, and a pressure sensitive door mat. The thief breaks the 1/8" glass window on the side of the house and climbs right in.

 

[Oz investor]

I wrote my own password manager and it's security is good enough for me.

For starters, I'm really not that special. It's highly unlikely a hacker is going to purposely hunt down my encrypted file and try to extract my passwords from it. There are millions of easier targets out there. Just send out some emails from Nigeria, pretend to be PayPal, etc. and many folks will hand over sensitive information willingly. Or maybe you get a phone call from the IRS or Medicare wanting your account details, just for verification of course. How often do you hand your credit card to a waiter at a restaurant as they take it in back to "process" it?

At some point you'll have to "use" that fancy obfuscated password you've come up with. A keylogger running in the background can simply record whatever characters you type in or paste from the clipboard. No decryption needed.

Most security breaches aren't hacking your personal passwords anyway. They usually go after the systems you are trying to access - Facebook, Sony, Target, etc. Bigger rewards. It doesn't matter how good the lock is on your front door if the thief can walk in through the back door.

You might install an extra thick steel door with dual titanium reinforced deadbolts, a steel reinforced jamb bolted into the house framing, retinal scanners, and a pressure sensitive door mat. The thief breaks the 1/8" glass window on the side of the house and climbs right in.

becoming a nerd at a late age , i studied the original ( bad boy ) hackers and some of the most (in) famous were just extra curious teens ( what is the REAL story on aliens .. let's see what NASA has .. etc etc etc )

the original ones did it for curiosity , later bragging rights and eventually genuine criminals saw money to be made , crime (and past deeds ) to be forgotten and covered up .

me ? i don't have social media accounts so you won't see a photo of my car/watch/guitar/family , rave on about the latest eatery i visited etc. etc

just like in real life i don't appear to be worth the effort of robbing ( physically or digitally )

BTW when i am out out the back door is heavily bolted as well ( might be TWICE as hard as the locked front door and solid hardwood to keep those bolts in place )

 

[Katsmeow]

I use LastPass and I do generally trust it. It is possible however to export your saved passwords and then to print them out and put them in a safety deposit box (or wherever). As mentioned, I mostly think I could click on forgot password if I didn't have the password. It would be a pain but not irrevocable.

I do not however, save my password to LastPass itself anywhere online or on my computer.

 

[mountainsoft]

when i am out out the back door is heavily bolted as well

Yep, we always lock all our doors and windows, even when we are home. We learned our lesson years ago in our previous house. All doors and windows were locked except for a tiny kitchen window about eight feet off the ground that we left open for fresh air. It was so high off the ground and so small we never dreamed anyone could come in that way. Somehow they did. Thankfully they really didn't take much of value, a camera and some sentimental jewelry from our youth.

Lesson learned - criminals look for the easiest point of entry. They're probably not going to try picking even the most basic deadbolt. They're probably not going to waste time trying to decrypt your password. They'll look for the areas you leave unsecured and come in that way.

 

[Chuckanut]

Completely? No.

More than any other password security system I have used and/or evaluated? Yes.

Like my old grand pappy used to say, "Never let perfection become the enemy of the good."

 

[Rustic23]

Lastpass-yes Why, because I have to!

 

[jim584672]

Don't use a PW manager. Never trusted them. I can't disclose the method of PW management I use.

Ok, all may passwords are password1234.., stored in the password folder.

 

[easysurfer]

Don't use a PW manager. Never trusted them. I can't disclose the method of PW management I use.

Ok, all may passwords are password1234.., stored in the password folder.

Well, all my passwords are password12345 to add more complexity .

I definitely use a password manager. Not only for passwords but also to store those challenge questions like "What's your favorite color?". Instead of an answer like "blue" I can store something like "blue 638272" .

 

[Oz investor]

Well, all my passwords are password12345 to add more complexity .

I definitely use a password manager. Not only for passwords but also to store those challenge questions like "What's your favorite color?". Instead of an answer like "blue" I can store something like "blue 638272" .

being a long term HEAVY metal fan , my passwords ( and security answers ) are ..... eccentric ( ?? )

i do NOT use the same user-name or password in multiple places

sadly some places i have logins have limitations of which characters ( and how many ) can be used so have to resort to 'reverse passwords ( like 3drowssap3 or enirgnat, not real passwords i use )

 

[aja8888]

Well, all my passwords are password12345 to add more complexity .

I definitely use a password manager. Not only for passwords but also to store those challenge questions like "What's your favorite color?". Instead of an answer like "blue" I can store something like "blue 638272" .

The answer to all my security questions is "banana". That keeps it simple.

Like:

Q. What was your first car?

A. Banana

etc.

(it's really not banana)

 

[easysurfer]

I'm a firm believer that the best password is one I don't know. In other words, nicely randomized.

 

[pjigar]

The answer to all my security questions is "banana". That keeps it simple.

Like:

Q. What was your first car?

A. Banana

etc.

(it's really not banana)

I have came across a security question in the past: Did you forgot your password?

Can you guess the answer?

 

[Scuba]

The answer to all my security questions is "banana". That keeps it simple.



Like:



Q. What was your first car?



A. Banana



etc.



(it's really not banana)

Good idea!

 

[Fedup]

I have came across a security question in the past: Did you forgot your password?

Can you guess the answer?

Banana?

 

[MBAustin]

I use 1Password for nearly all passwords except for a couple that I have memorized. For less important (non-financial) passwords I also keep them in Safari keychain so that they sync to my iPhone. The password for 1Password is a phrase of random short words with some other random stuff thrown in the middle. I do print out all of the passwords periodically and put a copy in our safe deposit box.

 

[braumeister]

^^^^^^
Exactly what I've done for many years.

 

[Willers]

I have a really ignorant question regarding these products. Don't you have one password that unlocks the password manager? If someone get that one password, do they get the keys to everything? Sorry if this is a dumb question, but I don;t have any experience with these.