password safety

Lsbcal said:
Truecrpt is apparently not supported anymore. See Wikipedia on it.
Click to expand...

Yep, I don't need support.
But I will look to see if somehow after they spent years perfecting it, maybe someone figured out a global hack to it.

There is one conspiracy theory that the NSA convinced the authors to give it up and claim it was broken because it was so good an encryption.
 
From the TrueCrypt WIkipedia page:
Though development of TrueCrypt has ceased, an independent audit of TrueCrypt has concluded that no significant flaws are present.
Possibly there are zero-day exploits. If the software is not supported, these will not be readily fixed when found.

Development has stopped because of various legal disputes.
 
target2019 said:
From the TrueCrypt WIkipedia page:
Though development of TrueCrypt has ceased, an independent audit of TrueCrypt has concluded that no significant flaws are present.
Possibly there are zero-day exploits. If the software is not supported, these will not be readily fixed when found......
Click to expand...

So I looked up TrueCrypt and the work has been taken over by VeraCrypt which forked from it and is up to date with with releases ongoing.

I will probably migrate over because you are correct, someone might come up with some hack that will spread far and wide since TrueCrypt is frozen in development.
 
Sunset said:
So I looked up TrueCrypt and the work has been taken over by VeraCrypt which forked from it and is up to date with with releases ongoing.

I will probably migrate over because you are correct, someone might come up with some hack that will spread far and wide since TrueCrypt is frozen in development.
Click to expand...

Let us know how you like the forked version.
 
Passwords are hard enough, now those password recovery questions are getting pretty cruel:


17BAJ
 
Frank, Dont feel bad... Im a techie Luddite myself... I keep mine on a small spiraled index card notebook. I use my passwords almost everyday and still cant remember them because they are too long and random. I do put some bogus letters on the front and back of the passwords just in case it ever got stolen, so it would just frustrate them. I can barely remember myself which letter and numbers are the bogus ones when I look to use them. :)
 
GalaxyBoy said:
keepass
Click to expand...

+1000
Free. Very safe. More features than you'll ever need. Totally open source, which for security is a good thing. Highest level of encryption. Research it. Get it. Use it.

And as for storing on the cloud...I can agree to some extent that storing on the cloud can have issues, but heck, someone can steal my machine and break in as well. I keep my encrypted keepass DB in the cloud so I have access to it anywhere. The math tells me that they will have to spend a considerable amount of time and effort trying to break the keys. For the amount of work they would have to do to break the cloud security and then the blowfish encryption, well suffice to say it would not be easy....possible yes, but easy no. I don't think they are after the smaller fish.
 
Last edited:
Mulligan said:
Frank, Dont feel bad... Im a techie Luddite myself... I keep mine on a small spiraled index card notebook. I use my passwords almost everyday and still cant remember them because they are too long and random. I do put some bogus letters on the front and back of the passwords just in case it ever got stolen, so it would just frustrate them. I can barely remember myself which letter and numbers are the bogus ones when I look to use them. :)
Click to expand...

Just having a long password with mixture of upper/lower case, alpha numeric with special characters where I had to manually enter (no copy/paste) each time would frustrate me. IMO, another reason to put the passwords stored whether is encrypted spreadsheet or password keeper.
 
Open source has no correlation to security, unless you are a security expert who reads and understands ALL the source code and you compile the sources yourself (with a compiler that you have also analyzed personally for security issues.) In my experience, open source software tends to have more security issues because not enough of the developers are motivated to find and fix issues. Just look at all the problems OpenSSL has had over the years (Heartbleed, etc.) This is not a knock on Keepass, but as a long-time software developer I am weary of unsubstantiated claims made for "open source".

Personally, I use LastPass as I trust its security model that has been independently audited. It is easy to use and I don't have to worry about losing (or having stolen) a paper record of passwords.
 
I use the premium version of Lastpass. It is very important to me that I can access stuff through their app on my phone when traveling. I also have gone to using their generated passwords for most sites, as they are way better than the ones I have used in the past.
 
jonat said:
Open source has no correlation to security.
Click to expand...

I believe you state this as a fact, which most certainly it is not.

We agree to disagree. Granted this is more a philosophical approach to the problem but with respect to open source and transparency in general, many believe it brings over time, a better solution. There are more people interested in getting a bullet proof solution to security than there are those who want to break it. It's my belief that the more the details of security are hidden behind a curtain the more people are interested in looking behind it. There have been multiple papers written that bolster this approach

If the strongest element of a security solution is secrecy, it's in trouble.
 
Last edited:
Lastpass. Prior to that I used e-wallet and still have some things there. I have used Lastpass for about 18 months and have been happy with it.
 
Sarah in SC said:
I use the premium version of Lastpass. It is very important to me that I can access stuff through their app on my phone when traveling. I also have gone to using their generated passwords for most sites, as they are way better than the ones I have used in the past.
Click to expand...

Hi Sarah,
Is there something about the premium version of Lastpass that helps out while traveling? I have been using the free version for about a year now.

Thanks
-gauss
 
I think LogMeIn overpaid for LastPass, and I don't trust their future plans to earn it back:
"On October 9, 2015, LastPass was acquired by LogMeIn, Inc. for $125 million"
https://en.wikipedia.org/wiki/LastPass#Overview

As to LastPass premium, the $12/yr enables the Premium account to share passwords with other accounts. So you can setup a password for a joint bank account, and share it with your significant other. If you both have the free version, you can't do that.

Both LastPass and KeePass can automatically fill in username & passwords for websites if you let them. That's really convenient. I tend to exit my browser and restart it later, so KeePass suits me better since it keeps running and doesn't require me to login again. I also get very nervous when LastPass had connection issues - denial of service means denial of service everywhere.
 
Sarah in SC said:
Gauss, the premium version has full access through the phone app. It is $12 per year, so I figured that made it worthwhile.
Click to expand...
That, and it updates all versions on all platforms whenever any change is made. That is very convenient for people with multiple devices on different platforms (iPhone, iPad, laptop).
 
mpeirce said:
When using Apple phones and computers you can use the integrated Keychain. It's shared across your iPhone, iPad, and macintosh computers. And it's free once you own the devices.

I use if for almost all my passwords and it works virtually flawlessly.

I do keep my most important accounts (where I keep my largest balances) committed to memory - not stored on the computer, not written down. It's only a couple, so it's doable.
Click to expand...

DH uses keychain for everything.

I use keychain for less sensitive passwords, and my own password protected files on an encrypted and password protected virtual drive (disk image) for the sensitive passwords (financial institutions and govt. agencies).
 
MichaelB said:
That, and it updates all versions on all platforms whenever any change is made. That is very convenient for people with multiple devices on different platforms (iPhone, iPad, laptop).
Click to expand...

That, too. One cool thing it did was when Dropbox had that password scare recently, when I went to change the passwords on a couple of old Dropbox accounts, it did it automatically, with "one button" resets. Very easy and painless.
 
MichaelB said:
That, and it updates all versions on all platforms whenever any change is made. That is very convenient for people with multiple devices on different platforms (iPhone, iPad, laptop).
Click to expand...

Just to be clear, are you talking about updating the LastPass software itself?

I have been under the assumption that the actual "user content" ie passwords etc. stored in LastPass were stored "in the cloud "and would be automatically available between devices on the free version. If I am mistaken about this, this would be very good to know.

I mainly use Lastpass on my laptop but expect to be able to access it via phone (web access) or whatever if I am on the road in a pinch.

Thanks!
 
Last edited:
You must log in or register to reply here.

Similar threads

R
E-mail address compromised, need advice to stay safe.
2
Replies
44
Views
4K
RetiredAndLovingIt
R
B
Rental car safety issues
Replies
22
Views
1K
cbo111
cbo111
Y
How to decide if you can live off investments or need to draw them down
2 3 4
Replies
93
Views
8K
pb4uski
pb4uski
calmloki
wireless mesh router?
2
Replies
28
Views
2K
calmloki
calmloki
T
Scanner over pricing laws
Replies
14
Views
933
audreyh1
audreyh1

Latest posts

Back
Top Bottom