Seconded. We use it and very happy with it. Going on 10 years now.Dave55 wrote: ↑Wed Jul 20, 2022 8:24 amAnnette, may I suggest 1Password. You can read the reviews of it online. I have used to for many years once I graduated from the sheet of paper technique.AnnetteLouisan wrote: ↑Tue Jul 19, 2022 4:16 pm I just write the passwords down. No, not on the back of my hand (that’s for phone numbers and grocery lists), I use a sheet of paper called “Passwords.” It’s old school, but it works.
Dave
Do you use a password manager?
Re: Do you use a password manager?
- bertilak
- Posts: 10725
- Joined: Tue Aug 02, 2011 5:23 pm
- Location: East of the Pecos, West of the Mississippi
Re: Do you use a password manager?
LastPass has some sort of recovery mechanism. I'm assuming I'll figure it out or remember if needed.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
-
- Posts: 2414
- Joined: Sat Jun 27, 2020 4:05 pm
Re: Do you use a password manager?
I think there are several ways to recover.
1. The account manager may offer a method of doing so. Keep in mind that if they offer such an option, you should look into how it's implemented since this mean the company has some way of accessing your vault content. Last pass seems to offer some sort of account recovery. Bitwarden pay offers an emergency access. I think the intention is if something happens to you, your designed person can access your account, but you can probably use that for recovery.
2. Store a copy of your master password in the vault. This seems like a odd thing to do, but let's say your memory fails you and you can get your master password, you may have biometric login on some of your other devices and can get into the vault and look up the master password.
3. Backup your vault. Most password manager allow you to export your vault for backup. The last time I suggested this on another forum, several people got really hostile becaues the export process may leave temp files. In my opinion, this is acceptible risk. In my opinion, the risk is that the vault may get corrupted, the vendor may suddenly go out of business without notice. You will want to double-check that you can restore. I tested the Bitwarden backup and noticed that encrypted export will fail because you can only import an encrypted export on the same account. I end up exporting it as a unencrypted JSON and then sticking it into a encrypted drive. You make the decision on what you want to do.
1. The account manager may offer a method of doing so. Keep in mind that if they offer such an option, you should look into how it's implemented since this mean the company has some way of accessing your vault content. Last pass seems to offer some sort of account recovery. Bitwarden pay offers an emergency access. I think the intention is if something happens to you, your designed person can access your account, but you can probably use that for recovery.
2. Store a copy of your master password in the vault. This seems like a odd thing to do, but let's say your memory fails you and you can get your master password, you may have biometric login on some of your other devices and can get into the vault and look up the master password.
3. Backup your vault. Most password manager allow you to export your vault for backup. The last time I suggested this on another forum, several people got really hostile becaues the export process may leave temp files. In my opinion, this is acceptible risk. In my opinion, the risk is that the vault may get corrupted, the vendor may suddenly go out of business without notice. You will want to double-check that you can restore. I tested the Bitwarden backup and noticed that encrypted export will fail because you can only import an encrypted export on the same account. I end up exporting it as a unencrypted JSON and then sticking it into a encrypted drive. You make the decision on what you want to do.
- Doom&Gloom
- Posts: 5417
- Joined: Thu May 08, 2014 3:36 pm
Re: Do you use a password manager?
I have two master passphrases I must remember: one for a database that contains the passwords to my investment accounts, the other for a database that contains all my other passwords.
I have been typing the passphrase to my "general" database on average more than once/day for 15 years or more. Due to that and the way I created that passphrase, I consider it practically unforgettable. But if I do forget it, I am merely inconvenienced by trying to recover my passwords to various websites or establish new login credentials to them. Not that I would be likely to accomplish much at that point.
The passphrase for the database to my investment accounts is less "unforgettable" to me, it was created less than a decade ago, and I probably only type it about twice a month. I am much more likely to forget it than the other passphrase. If I forget the one to my investment accounts, it is probably best that I am unable to access those accounts.
I have been typing the passphrase to my "general" database on average more than once/day for 15 years or more. Due to that and the way I created that passphrase, I consider it practically unforgettable. But if I do forget it, I am merely inconvenienced by trying to recover my passwords to various websites or establish new login credentials to them. Not that I would be likely to accomplish much at that point.
The passphrase for the database to my investment accounts is less "unforgettable" to me, it was created less than a decade ago, and I probably only type it about twice a month. I am much more likely to forget it than the other passphrase. If I forget the one to my investment accounts, it is probably best that I am unable to access those accounts.
Re: Do you use a password manager?
I don't take it lightly when I say this - if you are not using a password manager today, you MUST start using one ASAP.
The specifics of _which_ password manager to use is not as important as using one. Even built-in password managers in your browser will be miles better than you using the same password (or a variation of the same password) on multiple sites.
Personally I am a fan of Bitwarden and the fact that their code is open source on GitHub for experts to look at an vet. It meets my bar, but like I said, any password manager will be a significant improvement in security over not having one.
The specifics of _which_ password manager to use is not as important as using one. Even built-in password managers in your browser will be miles better than you using the same password (or a variation of the same password) on multiple sites.
Personally I am a fan of Bitwarden and the fact that their code is open source on GitHub for experts to look at an vet. It meets my bar, but like I said, any password manager will be a significant improvement in security over not having one.
(AGE minus 23%) Bonds | 5% REITs | Balance 80% US (75/25 TSM/SCV) + 20% International (80/20 Developed/Emerging)
Re: Do you use a password manager?
Before you forget it you establish an email account with a service that allows you to send ‘out of office’ replies. Your out of office reply is password #1. You don’t tell anyone about this email address. When you forget your PW manager’s master password you send an email to your ‘out of office’ account and await the reply.what happens when you forget the password to the password manager?
The reply, password #1, is the password to an encrypted file or disk you can access, and this encrypted file has the master password to your password manager. You could ‘pepper’ the master password, and the pepper hint could be included with the master password in the encrypted file.
Re: Do you use a password manager?
It is precisely for this reason that I won't bother with a password manager, and secondly I don't trust 3rd party sites with my sensitive information either passwords, keys or financial data. Too many chances to be hacked and you may never know how many times they have been hacked. I got letters from one of the 3 big credit reporting agencies saying they were hacked and after working with the FBI they eventually sent letters out 6-12 months after the fact. For me they said they would pay for a credit monitoring service for a year and we had to get all new credit cards. All I had to do was agree not to sue them. What? Home Depot was hacked and we had to get a new credit card from a major company even though they were not supposed to store our credit card information but did anyway. Amazon AWS was most recently hacked in May 2022 (it just happens way too often). If you want to protect yourself, stay away from places that can be hacked including password managers. Just my $0.02 but if it's beyond my control, it's beyond my control and I have to trust others to do their security properly but if they get hacked, no skin loss for them, just those who entrusted them to protect their stuff. They could lose customers left and right and as many who leave will join them. People are too trusting in this information age, but if they are burned once or twice, they will re-think it.Peter G wrote: ↑Thu Aug 18, 2022 7:12 pmBefore you forget it you establish an email account with a service that allows you to send ‘out of office’ replies. Your out of office reply is password #1. You don’t tell anyone about this email address. When you forget your PW manager’s master password you send an email to your ‘out of office’ account and await the reply.what happens when you forget the password to the password manager?
The reply, password #1, is the password to an encrypted file or disk you can access, and this encrypted file has the master password to your password manager. You could ‘pepper’ the master password, and the pepper hint could be included with the master password in the encrypted file.
What happens if your forget this special email address?
What Goes Up Must come down -- David Clayton-Thomas (1968), BST
- squirrel1963
- Posts: 1253
- Joined: Wed Jun 21, 2017 10:12 am
- Location: Portland OR area
Re: Do you use a password manager?
I agree it can be confusing. It's because many of us who had direct professional exposure to cryptography and security software / products know a lot of technical details and can debate the fine points and tradeoffs, like when BH argue over bond funds vs individual bond ladders.GumSprings wrote: ↑Sat Aug 13, 2022 11:13 am All the opinions from tech savvy people is confusing. Every time I consider using a 3rd party product such as LastPass, I come back to the same conclusion. For better or worse, I’m fully imbedded in Apple’s ecosystem so KeyChain seems to make the most since for me. My MacBook is encrypted and protected with a strong password. The finger print biometric is super convenient. My iPhone would be difficult for someone to break into. It’s not a perfect plan but it keeps things very simple. It also minimizes the number of companies that I have to worry about getting hacked.
There is no perfection, and security is certainly not exempt from this.
All in all there are a lot of good solutions for password managers.
Professionally I used both LastPass and 1 Password and prefer them by far to offline managers like PasswordSafe, but password safe is good.
What is really important is to follow best practices always. The whole point about security is not to have the best security (which is also difficult to manage and expensive) but to have security above and beyond average users so that criminals will look somewhere else because they just don't want to spend too much time and money in hacking you.
Most hacking comes from phishing, downloading of dangerous software and several other social engineering techniques, and very rarely from flaws in well known reputable security software.
Same thing about hard tokens (eg yubikey usb/Bluetooth token) vs soft token (eg Auth app on the smartphone).
In theory hardware tokens are better, in practices they found several flaws in early versions. So again, it's all about making it difficult enough.
Personally I'm sufficiently happy with soft tokens, if I get hacked it won't be because soft token are slightly less secure than hard tokens.
LMP | Liability Matching Portfolio | safe portfolio: TIPS ladder + I-bonds + Treasuries | risky portfolio: US stocks / US REIT / International stocks
-
- Posts: 5735
- Joined: Wed May 18, 2022 12:42 pm
Re: Do you use a password manager?
Why don't you just use this secret email address as your password?Peter G wrote: ↑Thu Aug 18, 2022 7:12 pmBefore you forget it you establish an email account with a service that allows you to send ‘out of office’ replies. Your out of office reply is password #1. You don’t tell anyone about this email address. When you forget your PW manager’s master password you send an email to your ‘out of office’ account and await the reply.what happens when you forget the password to the password manager?
The reply, password #1, is the password to an encrypted file or disk you can access, and this encrypted file has the master password to your password manager. You could ‘pepper’ the master password, and the pepper hint could be included with the master password in the encrypted file.
petergsecretemail@gmail.com is a perfectly acceptable passphrase.
- squirrel1963
- Posts: 1253
- Joined: Wed Jun 21, 2017 10:12 am
- Location: Portland OR area
Re: Do you use a password manager?
It's not, it's essentially publicly known because it's too hard to keep secure. There is really no good substitute to remembering a strong passphrase. Writing down passwords in clear is just too dangerous and too easy to intercept.toddthebod wrote: ↑Fri Aug 19, 2022 1:46 amWhy don't you just use this secret email address as your password?Peter G wrote: ↑Thu Aug 18, 2022 7:12 pmBefore you forget it you establish an email account with a service that allows you to send ‘out of office’ replies. Your out of office reply is password #1. You don’t tell anyone about this email address. When you forget your PW manager’s master password you send an email to your ‘out of office’ account and await the reply.what happens when you forget the password to the password manager?
The reply, password #1, is the password to an encrypted file or disk you can access, and this encrypted file has the master password to your password manager. You could ‘pepper’ the master password, and the pepper hint could be included with the master password in the encrypted file.
petergsecretemail@gmail.com is a perfectly acceptable passphrase.
A a password manager like LastPass let's you print recovery codes on paper which you then store in a safe place (your bank safebox), you use recovery codes id you forget the password.
LMP | Liability Matching Portfolio | safe portfolio: TIPS ladder + I-bonds + Treasuries | risky portfolio: US stocks / US REIT / International stocks
Re: Do you use a password manager?
In one of your better protected email accounts, eg needs a PIN to open each time, you compose an innocent looking email addressed to this unrevealed email address, and you save it as a draft. Would that work? I'm making this up as I go, clearly.
-
- Posts: 5735
- Joined: Wed May 18, 2022 12:42 pm
Re: Do you use a password manager?
Well, I was trying to make a joke, because now instead of having to remember a secret password/phrase, you now also have to remember a secret email address, and remembering squirrel1963secretemail@hotmail is not any different than remembering correct horse battery staple.squirrel1963 wrote: ↑Fri Aug 19, 2022 2:49 amIt's not, it's essentially publicly known because it's too hard to keep secure. There is really no good substitute to remembering a strong passphrase. Writing down passwords in clear is just too dangerous and too easy to intercept.toddthebod wrote: ↑Fri Aug 19, 2022 1:46 amWhy don't you just use this secret email address as your password?Peter G wrote: ↑Thu Aug 18, 2022 7:12 pmBefore you forget it you establish an email account with a service that allows you to send ‘out of office’ replies. Your out of office reply is password #1. You don’t tell anyone about this email address. When you forget your PW manager’s master password you send an email to your ‘out of office’ account and await the reply.what happens when you forget the password to the password manager?
The reply, password #1, is the password to an encrypted file or disk you can access, and this encrypted file has the master password to your password manager. You could ‘pepper’ the master password, and the pepper hint could be included with the master password in the encrypted file.
petergsecretemail@gmail.com is a perfectly acceptable passphrase.
A a password manager like LastPass let's you print recovery codes on paper which you then store in a safe place (your bank safebox), you use recovery codes id you forget the password.
Re: Do you use a password manager?
I use a sentence to remember my password. Example "Jimmy and Alice married in Hawaii in summer of 1969" = "J&AmiHiso69"toddthebod wrote: ↑Fri Aug 19, 2022 8:03 amWell, I was trying to make a joke, because now instead of having to remember a secret password/phrase, you now also have to remember a secret email address, and remembering squirrel1963secretemail@hotmail is not any different than remembering correct horse battery staple.squirrel1963 wrote: ↑Fri Aug 19, 2022 2:49 amIt's not, it's essentially publicly known because it's too hard to keep secure. There is really no good substitute to remembering a strong passphrase. Writing down passwords in clear is just too dangerous and too easy to intercept.toddthebod wrote: ↑Fri Aug 19, 2022 1:46 amWhy don't you just use this secret email address as your password?Peter G wrote: ↑Thu Aug 18, 2022 7:12 pmBefore you forget it you establish an email account with a service that allows you to send ‘out of office’ replies. Your out of office reply is password #1. You don’t tell anyone about this email address. When you forget your PW manager’s master password you send an email to your ‘out of office’ account and await the reply.what happens when you forget the password to the password manager?
The reply, password #1, is the password to an encrypted file or disk you can access, and this encrypted file has the master password to your password manager. You could ‘pepper’ the master password, and the pepper hint could be included with the master password in the encrypted file.
petergsecretemail@gmail.com is a perfectly acceptable passphrase.
A a password manager like LastPass let's you print recovery codes on paper which you then store in a safe place (your bank safebox), you use recovery codes id you forget the password.
I find it's quite hard to forget it if the phrase is based on a personal incident. Say "My first speeding ticket was for driving at 80 in a 60 zone" = "Mfstwfd@80ia60z".
(AGE minus 23%) Bonds | 5% REITs | Balance 80% US (75/25 TSM/SCV) + 20% International (80/20 Developed/Emerging)
Re: Do you use a password manager?
I use a sentence to remember my password. Example "Jimmy and Alice married in Hawaii in summer of 1969" = "J&AmiHiso69"
I find it's quite hard to forget it if the phrase is based on a personal incident. Say "My first speeding ticket was for driving at 80 in a 60 zone" = "Mfstwfd@80ia60z".
[/quote]
when it would ask me for a password I would type: mftwf80ia60 or 80ia60 or mtw480n60 etc ...
then I'd be thinking "what made me think I could remember the exact phrase in the place? Doesn't it understand 80 in a 60?
I've used jingles in the past like "ilwydfmt" care to guess that one? I can't ever get it out of my head and it's been over 25 years, but today it would look like this: 1Lwydfm| to meet the special case character
What Goes Up Must come down -- David Clayton-Thomas (1968), BST
Re: Do you use a password manager?
Right, whatever works for you. The point is, it's not that hard to remember one or two strong passwords. Event, jingle, song, nursery rhymes - whatever works for you to remember the password.
(AGE minus 23%) Bonds | 5% REITs | Balance 80% US (75/25 TSM/SCV) + 20% International (80/20 Developed/Emerging)
- squirrel1963
- Posts: 1253
- Joined: Wed Jun 21, 2017 10:12 am
- Location: Portland OR area
Re: Do you use a password manager?
OK, got it I love XKCD btwtoddthebod wrote: ↑Fri Aug 19, 2022 8:03 amWell, I was trying to make a joke, because now instead of having to remember a secret password/phrase, you now also have to remember a secret email address, and remembering squirrel1963secretemail@hotmail is not any different than remembering correct horse battery staple.squirrel1963 wrote: ↑Fri Aug 19, 2022 2:49 amIt's not, it's essentially publicly known because it's too hard to keep secure. There is really no good substitute to remembering a strong passphrase. Writing down passwords in clear is just too dangerous and too easy to intercept.toddthebod wrote: ↑Fri Aug 19, 2022 1:46 amWhy don't you just use this secret email address as your password?Peter G wrote: ↑Thu Aug 18, 2022 7:12 pmBefore you forget it you establish an email account with a service that allows you to send ‘out of office’ replies. Your out of office reply is password #1. You don’t tell anyone about this email address. When you forget your PW manager’s master password you send an email to your ‘out of office’ account and await the reply.what happens when you forget the password to the password manager?
The reply, password #1, is the password to an encrypted file or disk you can access, and this encrypted file has the master password to your password manager. You could ‘pepper’ the master password, and the pepper hint could be included with the master password in the encrypted file.
petergsecretemail@gmail.com is a perfectly acceptable passphrase.
A a password manager like LastPass let's you print recovery codes on paper which you then store in a safe place (your bank safebox), you use recovery codes id you forget the password.
LMP | Liability Matching Portfolio | safe portfolio: TIPS ladder + I-bonds + Treasuries | risky portfolio: US stocks / US REIT / International stocks
-
- Posts: 2414
- Joined: Sat Jun 27, 2020 4:05 pm
Re: Do you use a password manager?
I don't even understand the concern with losing access to your passwords. It's inconvenient, but nothing is actually lost as you can just reset all the passwords and start over. It doesn't seem worth having some backup access. If we were talking about actual data or if your password manager is from your Apple or Google account, which you need for other reasons, then it makes sense.toddthebod wrote: ↑Fri Aug 19, 2022 8:03 amWell, I was trying to make a joke, because now instead of having to remember a secret password/phrase, you now also have to remember a secret email address, and remembering squirrel1963secretemail@hotmail is not any different than remembering correct horse battery staple.squirrel1963 wrote: ↑Fri Aug 19, 2022 2:49 amIt's not, it's essentially publicly known because it's too hard to keep secure. There is really no good substitute to remembering a strong passphrase. Writing down passwords in clear is just too dangerous and too easy to intercept.toddthebod wrote: ↑Fri Aug 19, 2022 1:46 amWhy don't you just use this secret email address as your password?Peter G wrote: ↑Thu Aug 18, 2022 7:12 pmBefore you forget it you establish an email account with a service that allows you to send ‘out of office’ replies. Your out of office reply is password #1. You don’t tell anyone about this email address. When you forget your PW manager’s master password you send an email to your ‘out of office’ account and await the reply.what happens when you forget the password to the password manager?
The reply, password #1, is the password to an encrypted file or disk you can access, and this encrypted file has the master password to your password manager. You could ‘pepper’ the master password, and the pepper hint could be included with the master password in the encrypted file.
petergsecretemail@gmail.com is a perfectly acceptable passphrase.
A a password manager like LastPass let's you print recovery codes on paper which you then store in a safe place (your bank safebox), you use recovery codes id you forget the password.
- bertilak
- Posts: 10725
- Joined: Tue Aug 02, 2011 5:23 pm
- Location: East of the Pecos, West of the Mississippi
Re: Do you use a password manager?
It will not be easy setting a new password if you don't know the old one. Often there are hoops you can go through, but it may involve (re)establishing your identity through other means.AnEngineer wrote: ↑Fri Aug 19, 2022 7:36 pm I don't even understand the concern with losing access to your passwords. It's inconvenient, but nothing is actually lost as you can just reset all the passwords and start over. It doesn't seem worth having some backup access. If we were talking about actual data or if your password manager is from your Apple or Google account, which you need for other reasons, then it makes sense.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
-
- Posts: 2414
- Joined: Sat Jun 27, 2020 4:05 pm
Re: Do you use a password manager?
Really? What kind of accounts? In my experience, it's pretty easy to reset a password. In many cases, I just get an email to compete the process. In other cases they want an account number or a SSN. Honestly, it was easier to reset than remember some less common passwords in my days before using a manager.bertilak wrote: ↑Fri Aug 19, 2022 7:57 pmIt will not be easy setting a new password if you don't know the old one. Often there are hoops you can go through, but it may involve (re)establishing your identity through other means.AnEngineer wrote: ↑Fri Aug 19, 2022 7:36 pm I don't even understand the concern with losing access to your passwords. It's inconvenient, but nothing is actually lost as you can just reset all the passwords and start over. It doesn't seem worth having some backup access. If we were talking about actual data or if your password manager is from your Apple or Google account, which you need for other reasons, then it makes sense.
Re: Do you use a password manager?
Password Safe
www.pwsafe.org
I've been using it on Windows for years.
I like that it requires a master passphrase to open the store, and even if you idle the gui store full of your sites, usernames and passwords for a little while it goes non-volatile, and you must open it with your passphrase again.
It's very UNIX-Y, open-sourcey, kind of clunky GUI, but I think it's strong. I haven't seen later versions, but what I've seen it does not lend itself to replication, duplication, backup-restore of its database through the Cloud over the internet.
If you want to update your database and sync across 2+ devices, you have to make a backup to local disk, and then you transport the backup via usb key, shared network drive on private network, ftp, sftp etc, to the target 2nd device.
One thing everybody has to be careful about is of-course your lexical, Human-readable password(s) getting pilfered, but also the cryptogram, hashed version of your passwords. Hackers are more likely to see the latter. Then they "beat" on the gibberish hash to crack the password that is likely unchanged. It takes a ton of computing resources, but some of these people have farms of machines with high-power GPU graphics cards that do the cracking.
So, it's good to have a password manager, in my opinion, that has nothng to do with moving hashes of passwords anywhere to the Cloud or across the internet. The programs are still likely strong, like the tunnel to the cloud is encrypted, and the Cloud database of hashes is itself hashed in a tough algorithm. But why take the chance. Be under physical control like DOD DISA.
www.pwsafe.org
I've been using it on Windows for years.
I like that it requires a master passphrase to open the store, and even if you idle the gui store full of your sites, usernames and passwords for a little while it goes non-volatile, and you must open it with your passphrase again.
It's very UNIX-Y, open-sourcey, kind of clunky GUI, but I think it's strong. I haven't seen later versions, but what I've seen it does not lend itself to replication, duplication, backup-restore of its database through the Cloud over the internet.
If you want to update your database and sync across 2+ devices, you have to make a backup to local disk, and then you transport the backup via usb key, shared network drive on private network, ftp, sftp etc, to the target 2nd device.
One thing everybody has to be careful about is of-course your lexical, Human-readable password(s) getting pilfered, but also the cryptogram, hashed version of your passwords. Hackers are more likely to see the latter. Then they "beat" on the gibberish hash to crack the password that is likely unchanged. It takes a ton of computing resources, but some of these people have farms of machines with high-power GPU graphics cards that do the cracking.
So, it's good to have a password manager, in my opinion, that has nothng to do with moving hashes of passwords anywhere to the Cloud or across the internet. The programs are still likely strong, like the tunnel to the cloud is encrypted, and the Cloud database of hashes is itself hashed in a tough algorithm. But why take the chance. Be under physical control like DOD DISA.
- tuningfork
- Posts: 885
- Joined: Wed Oct 30, 2013 8:30 pm
Re: Do you use a password manager?
Many people store additional information in the password manager, such as answers to security questions, 2fa backup codes, etc. Some sites may require you to know the answers to those security questions in order to reset your password. And we all know we should never answer those questions truthfully, right?AnEngineer wrote: ↑Fri Aug 19, 2022 7:36 pm I don't even understand the concern with losing access to your passwords. It's inconvenient, but nothing is actually lost as you can just reset all the passwords and start over. It doesn't seem worth having some backup access. If we were talking about actual data or if your password manager is from your Apple or Google account, which you need for other reasons, then it makes sense.
- ThereAreNoGurus
- Posts: 970
- Joined: Fri Jan 24, 2014 10:41 pm
Re: Do you use a password manager?
I used to use Veracrypt which you can obtain here: https://www.veracrypt.fr/en/Downloads.htmlThereAreNoGurus wrote: ↑Sun Aug 28, 2022 12:31 amCan you share some details on your setup for encrypting flash-drive? Especially it would be good to know how the keys are managed for KeePass and Flash-drive encryption. And if you have faced any issues?techrover wrote: ↑Sat Aug 27, 2022 11:58 pm
I use keepass. If somebody walks off with my laptop, they still won't have access to my keepass data. I store it on an encrypted flash-drive. And the password database is encrypted. If somebody obtains my flash-drive... good luck getting my passwords. One could do the same on one's own computer as well.. Simply encrypt the keepass database. There are other ways of protecting the keepass database as well, but I'll stop here.
I have used truecrypt in pass for such storage encryption, but faced couple issues and lost some data(could very well be due to some issue at my end:)). Have not setup again due to time crunch on my end, but would like to try a setup that works reliably.
I switched to Cryptomator: https://cryptomator.org/
Both products are free. Veracrypt works fine, but it's a bit slower to decrypt and I don't need all of the features it offers. I find the Cryptomator interface easier to use. (I donate a small amount of money annually to Cryptomator.)
I've had zero issues with either software... Never lost any encrypted data and have been doing it this way for several years. Of course I back-up my flash-drives.... (As an aside, I purposely have put a couple of flash drives in the washing machine and have not lost any data)
I will correct something I said on the previous post... I do not encrypt the keepass database... I encrypt a portion of the flash-drive that contains the keepass database (so of course it will be encrypted, also). And the keepass database is password protected... I only use a password... One can use other methods as well to protect it but I feel encryption is safe enough for me.
I like having all of my important data on a flash-drive. I have one on my keychain when I travel. It's convenient for me.
Using the cloud is probably easier, and I'm sure it's safe, but I'll stick with keepass.
Trade the news and you will lose.
Re: Do you use a password manager?
It depends on the account, but in some cases this is true. So many people (rightfully) spend so much time and effort to create strong random passwords and debate the various ways to save them in various forms while ignoring how easy it can be for someone to simply reset your password if they have access to your email.AnEngineer wrote: ↑Fri Aug 19, 2022 8:00 pmIn my experience, it's pretty easy to reset a password. In many cases, I just get an email to compete the process. In other cases they want an account number or a SSN. Honestly, it was easier to reset than remember some less common passwords in my days before using a manager.
Re: Do you use a password manager?
Absolutely, in some ways the most useful bits of information in my password manager are the security question answers (I enjoy making up interesting answers), maybe some information about the account, etc.tuningfork wrote: ↑Fri Aug 19, 2022 9:09 pmMany people store additional information in the password manager, such as answers to security questions, 2fa backup codes, etc. Some sites may require you to know the answers to those security questions in order to reset your password. And we all know we should never answer those questions truthfully, right?AnEngineer wrote: ↑Fri Aug 19, 2022 7:36 pm I don't even understand the concern with losing access to your passwords. It's inconvenient, but nothing is actually lost as you can just reset all the passwords and start over. It doesn't seem worth having some backup access. If we were talking about actual data or if your password manager is from your Apple or Google account, which you need for other reasons, then it makes sense.
Re: Do you use a password manager?
Thanks for sharing disk encryption tools.ThereAreNoGurus wrote: ↑Sun Aug 28, 2022 12:55 amI used to use Veracrypt which you can obtain here: https://www.veracrypt.fr/en/Downloads.htmlThereAreNoGurus wrote: ↑Sun Aug 28, 2022 12:31 amCan you share some details on your setup for encrypting flash-drive? Especially it would be good to know how the keys are managed for KeePass and Flash-drive encryption. And if you have faced any issues?techrover wrote: ↑Sat Aug 27, 2022 11:58 pm
I use keepass. If somebody walks off with my laptop, they still won't have access to my keepass data. I store it on an encrypted flash-drive. And the password database is encrypted. If somebody obtains my flash-drive... good luck getting my passwords. One could do the same on one's own computer as well.. Simply encrypt the keepass database. There are other ways of protecting the keepass database as well, but I'll stop here.
I have used truecrypt in pass for such storage encryption, but faced couple issues and lost some data(could very well be due to some issue at my end:)). Have not setup again due to time crunch on my end, but would like to try a setup that works reliably.
I switched to Cryptomator: https://cryptomator.org/
Both products are free. Veracrypt works fine, but it's a bit slower to decrypt and I don't need all of the features it offers. I find the Cryptomator interface easier to use. (I donate a small amount of money annually to Cryptomator.)
I've had zero issues with either software... Never lost any encrypted data and have been doing it this way for several years. Of course I back-up my flash-drives.... (As an aside, I purposely have put a couple of flash drives in the washing machine and have not lost any data)
I will correct something I said on the previous post... I do not encrypt the keepass database... I encrypt a portion of the flash-drive that contains the keepass database (so of course it will be encrypted, also). And the keepass database is password protected... I only use a password... One can use other methods as well to protect it but I feel encryption is safe enough for me.
I like having all of my important data on a flash-drive. I have one on my keychain when I travel. It's convenient for me.
Using the cloud is probably easier, and I'm sure it's safe, but I'll stick with keepass.
- ThereAreNoGurus
- Posts: 970
- Joined: Fri Jan 24, 2014 10:41 pm
Re: Do you use a password manager?
This has definitely been an area I have been lagging. I have used an excel spreadsheet up to now (password protected), simple passwords that I made myself and I have saved it on Google drive. This is convenient but I realize not very secure, although the password on the spreadsheet certainly helped. I think I'm ready to use a password manager. Read through some of this thread. I have used Google's password manager to save my simple passwords and non-financial accounts. I started to play with Google's password manager using strong passwords and picked another one at random - 1password. Certainly 1password offers some extra goodies for it's $2.99/month price (for example, 1GB of storage). Purely from a security standpoint, is it really better than Google? In both cases I need to remember one master password. In both cases they are generating strong passwords and auto-filling them when needed across multiple devices. I did see on 1password that a 1Password Emergency Kit.pdf gets generated I think in case you forget your main password. Wasn't even sure where I was supposed to keep this file. I guess it offers some extra protection in that if someone stole my identity, they may be able to reset my Google main password.
Re: Do you use a password manager?
Hmm...so anyone have any thoughts, other than the goodies provided by the stand-alone password managers, about whether there is any difference between the Google Chrome password manager vs the standalone ones such as 1password? I'm interested in opinions purely from a security point of view. Are the strong passwords generated better? Is the safety provided better in some other way?
Re: Do you use a password manager?
For those not comfortable storing their passwords in the cloud, there is always "PasswordsFast"...
https://youtu.be/VNtZcYjsPbE
https://youtu.be/VNtZcYjsPbE
- CardinalRule
- Posts: 1204
- Joined: Sun Jan 15, 2017 10:01 am
- Location: United States
Re: Do you use a password manager?
I'm a a big 1Password fan, and the Google ecosystem isn't that useful on our iPhones and iPads, but it seems like the fairly recent on-device encryption improvement is a good thing for the Google Password Manager.privateID wrote: ↑Sun Sep 18, 2022 10:46 am Hmm...so anyone have any thoughts, other than the goodies provided by the stand-alone password managers, about whether there is any difference between the Google Chrome password manager vs the standalone ones such as 1password? I'm interested in opinions purely from a security point of view. Are the strong passwords generated better? Is the safety provided better in some other way?
https://support.google.com/accounts/answer/11350823
(Sorry if this has been mentioned earlier in the multi-page thread.)
Last edited by CardinalRule on Sun Sep 18, 2022 2:15 pm, edited 1 time in total.
-
- Posts: 399
- Joined: Mon Nov 04, 2013 10:46 pm
Re: Do you use a password manager?
I recently migrated over to a password manager with hardware hardware key , who knows if it’s over kill or not. Was using password manager with 2fa via Google authenticate before.
- anon_investor
- Posts: 15122
- Joined: Mon Jun 03, 2019 1:43 pm
Re: Do you use a password manager?
Reminds me of those electronic dictionaries.mptfan wrote: ↑Sun Sep 18, 2022 10:53 am For those not comfortable storing their passwords in the cloud, there is always "PasswordsFast"...
https://youtu.be/VNtZcYjsPbE
-
- Posts: 88
- Joined: Fri Mar 08, 2019 10:43 pm
Re: Do you use a password manager?
Does the password manager built into Chrome allow you to save additional secure notes along with the password? Being able to make up random answers to security questions and save them alongside your password improves security quite a bit.privateID wrote: ↑Sun Sep 18, 2022 10:46 am Hmm...so anyone have any thoughts, other than the goodies provided by the stand-alone password managers, about whether there is any difference between the Google Chrome password manager vs the standalone ones such as 1password? I'm interested in opinions purely from a security point of view. Are the strong passwords generated better? Is the safety provided better in some other way?
Another thing to consider is phone apps - a standalone password manager can autofill passwords in your phone apps, which is pretty handy. The manager built into Chrome can only autofill logins on websites inside chrome.
Finally, definitely take a look at BitWarden (it's free, and very secure). 1Password works fine, but unless there's some feature you need that 1Password has but that BitWarden doesn't, it doesn't make a lot of sense to pay more for 1Password.
Portfolio: 75% VT, 25% BNDW/I-bonds/HYSA
Re: Do you use a password manager?
Pretty sure I haven't seen any secure notes option on Google.stefan_lec wrote: ↑Sun Sep 18, 2022 2:10 pmDoes the password manager built into Chrome allow you to save additional secure notes along with the password? Being able to make up random answers to security questions and save them alongside your password improves security quite a bit.privateID wrote: ↑Sun Sep 18, 2022 10:46 am Hmm...so anyone have any thoughts, other than the goodies provided by the stand-alone password managers, about whether there is any difference between the Google Chrome password manager vs the standalone ones such as 1password? I'm interested in opinions purely from a security point of view. Are the strong passwords generated better? Is the safety provided better in some other way?
Another thing to consider is phone apps - a standalone password manager can autofill passwords in your phone apps, which is pretty handy. The manager built into Chrome can only autofill logins on websites inside chrome.
Finally, definitely take a look at BitWarden (it's free, and very secure). 1Password works fine, but unless there's some feature you need that 1Password has but that BitWarden doesn't, it doesn't make a lot of sense to pay more for 1Password.
I use Google Chrome for everything on my computer and phone. I have a Google Pixel phone. So, I am all in on Google. On my phone, I didn't think it would autofill passwords using the password manager, but it did ask me when I opened an app if I want to use the password saved by the password manager, so there is at least some support for apps. To be honest, I don't use a ton of apps and it is easy enough to go into the password manager and copy the password if I need to.
I may want these features one day, but for now I think my only priorities are convenience of autofill in Chrome and generating a secure password. If there were other security benefits elsewhere that could sway me to something else.
Re: Do you use a password manager?
I have one other question if anybody knows. I wanted to turn on the passphrase encryption on Google. From what I read, if I do that I can't view saved passwords on passwords.google.com. So is there another way to see them?
I'm guessing on Chrome on the desktop I can do it in the browser with chrome://settings/passwords. Is that right? How about on my Android phone?
I'm guessing on Chrome on the desktop I can do it in the browser with chrome://settings/passwords. Is that right? How about on my Android phone?
Re: Do you use a password manager?
If any of you use Synology NAS at home, they have a password manager as well. The "cloud" in this case is at your home and you can access it on all your devices. I haven't tried it but given that it's a free package if you have the NAS it may be something to look intomeadowrue wrote: ↑Tue Jul 19, 2022 2:10 pm If so, which one would you recommend? I have always used 3-4 different passwords and easily remember them (though they are not “easy” passwords per se) but I handle all the finances in our house and fear that my mental recall of passwords would leave DH in quite a bind were something to happen to me. Not to mention the hacking/security risk of using the same password for more than one site (I know, this is not smart!) How safe are password managers, and how exactly do they work? Thank you!
What Goes Up Must come down -- David Clayton-Thomas (1968), BST
Re: Do you use a password manager?
Both work. I use this setup.privateID wrote: ↑Mon Sep 19, 2022 7:49 pm I have one other question if anybody knows. I wanted to turn on the passphrase encryption on Google. From what I read, if I do that I can't view saved passwords on passwords.google.com. So is there another way to see them?
I'm guessing on Chrome on the desktop I can do it in the browser with chrome://settings/passwords. Is that right? How about on my Android phone?
Desktop: What you said.
Android: Settings > Passwords.
Re: Do you use a password manager?
Thanks. I assumed so, but saw all these warnings about not able to see the passwords by going to passwords.google.com, that it made it sound like a big deal. If I can get to settings on the desktop and phone, then I'm not sure why it's such a big deal.aawc wrote: ↑Tue Sep 20, 2022 1:13 amBoth work. I use this setup.privateID wrote: ↑Mon Sep 19, 2022 7:49 pm I have one other question if anybody knows. I wanted to turn on the passphrase encryption on Google. From what I read, if I do that I can't view saved passwords on passwords.google.com. So is there another way to see them?
I'm guessing on Chrome on the desktop I can do it in the browser with chrome://settings/passwords. Is that right? How about on my Android phone?
Desktop: What you said.
Android: Settings > Passwords.
This whole concept of a passphrase vs a password is a bit confusing. My Google password is already a very long password comprised of multiple words. Here's what Google says about the passphrase:
I don't understand why my password can't just be the same as my passphrase? Do you need to remember two things - Google password and Google passphrase? Or maybe you use a strong password generated by Google for the password and you make the Passphrase the one unique thing you remember?When you have a sync passphrase:
You'll need your passphrase whenever you turn on sync somewhere new.
You'll need to enter your new passphrase on your devices where you have already turned on sync.
Your feed won’t show suggestions based on sites you browse in Chrome.
You can't view your saved passwords on passwords.google.com or use Smart Lock for Passwords.
All your history won't sync on all devices. Only web addresses that you type in Chrome's address bar will sync.
-
- Posts: 399
- Joined: Mon Nov 04, 2013 10:46 pm
Re: Do you use a password manager?
I have always wondered how safe are browser saved passwords are compared to stand alone, you think it’s safe enough ?aawc wrote: ↑Tue Sep 20, 2022 1:13 amBoth work. I use this setup.privateID wrote: ↑Mon Sep 19, 2022 7:49 pm I have one other question if anybody knows. I wanted to turn on the passphrase encryption on Google. From what I read, if I do that I can't view saved passwords on passwords.google.com. So is there another way to see them?
I'm guessing on Chrome on the desktop I can do it in the browser with chrome://settings/passwords. Is that right? How about on my Android phone?
Desktop: What you said.
Android: Settings > Passwords.
Re: Do you use a password manager?
My understanding is that if you use the Google Password manager with separate strong passwords created for all accounts (something you would need to do for any stand-alone password manager that uses a Chrome extension) and you turn on passphrase encryption which encrypts your data on Google, then it as secure as all the other standalone Password Managers such as 1Password. Granted, these standalone Password Managers offers some extra goodies, but as far as being secure, they are equal. If others feel otherwise, I'd love to hear.mongstradamus wrote: ↑Tue Sep 20, 2022 8:07 amI have always wondered how safe are browser saved passwords are compared to stand alone, you think it’s safe enough ?aawc wrote: ↑Tue Sep 20, 2022 1:13 amBoth work. I use this setup.privateID wrote: ↑Mon Sep 19, 2022 7:49 pm I have one other question if anybody knows. I wanted to turn on the passphrase encryption on Google. From what I read, if I do that I can't view saved passwords on passwords.google.com. So is there another way to see them?
I'm guessing on Chrome on the desktop I can do it in the browser with chrome://settings/passwords. Is that right? How about on my Android phone?
Desktop: What you said.
Android: Settings > Passwords.
-
- Posts: 399
- Joined: Mon Nov 04, 2013 10:46 pm
Re: Do you use a password manager?
Makes sense sometimes am lazy and use iCloud for passwords , was just wondering how they all compare with each other. I do use Bitwarden with hardware key/authenticator app as well. Never knew how safe they are in comparison with each other.privateID wrote: ↑Tue Sep 20, 2022 12:58 pmMy understanding is that if you use the Google Password manager with separate strong passwords created for all accounts (something you would need to do for any stand-alone password manager that uses a Chrome extension) and you turn on passphrase encryption which encrypts your data on Google, then it as secure as all the other standalone Password Managers such as 1Password. Granted, these standalone Password Managers offers some extra goodies, but as far as being secure, they are equal. If others feel otherwise, I'd love to hear.mongstradamus wrote: ↑Tue Sep 20, 2022 8:07 amI have always wondered how safe are browser saved passwords are compared to stand alone, you think it’s safe enough ?aawc wrote: ↑Tue Sep 20, 2022 1:13 amBoth work. I use this setup.privateID wrote: ↑Mon Sep 19, 2022 7:49 pm I have one other question if anybody knows. I wanted to turn on the passphrase encryption on Google. From what I read, if I do that I can't view saved passwords on passwords.google.com. So is there another way to see them?
I'm guessing on Chrome on the desktop I can do it in the browser with chrome://settings/passwords. Is that right? How about on my Android phone?
Desktop: What you said.
Android: Settings > Passwords.
Re: Do you use a password manager?
"Safe" is a relative word and a matter of perspective. I agree that the built in Chrome password manager is "safe" in the sense that it protects your passwords from attack from an unknown hacker, i.e. someone who does not have access to your computer or your Google account. But, I don't agree it is just as "safe" as a stand alone password manager in the sense that if someone where to gain access to your computer or your Google account, possibly somone close to you, they would then have access to all of the passwords that are conveniently available to them in Chrome, so you have a single point of failure. But if you use a stand alone password manager, then that same person would have to also access the separate password manager, and if it is configured properly, they will be unsuccesful.privateID wrote: ↑Tue Sep 20, 2022 12:58 pm My understanding is that if you use the Google Password manager with separate strong passwords created for all accounts (something you would need to do for any stand-alone password manager that uses a Chrome extension) and you turn on passphrase encryption which encrypts your data on Google, then it as secure as all the other standalone Password Managers such as 1Password. Granted, these standalone Password Managers offers some extra goodies, but as far as being secure, they are equal. If others feel otherwise, I'd love to hear.
Re: Do you use a password manager?
In google, to have access in the case I describe, you would need to have the passphrase (or perhaps my finger print) to see passwords. Isn't that how the stand alone password manager works (you can see passwords if you have the master password)? I'm sure there are fancier ways to do it that are more secure, but just trying to compare vanilla google password manager+google passphrase encryption to vanilla stand alone password manager.mptfan wrote: ↑Tue Sep 20, 2022 3:30 pm"Safe" is a relative word and a matter of perspective. I agree that the built in Chrome password manager is "safe" in the sense that it protects your passwords from attack from an unknown hacker, i.e. someone who does not have access to your computer or your Google account. But, I don't agree it is just as "safe" as a stand alone password manager in the sense that if someone where to gain access to your computer or your Google account, possibly somone close to you, they would then have access to all of the passwords that are conveniently available to them in Chrome, so you have a single point of failure. But if you use a stand alone password manager, then that same person would have to also access the separate password manager, and if it is configured properly, they will be unsuccesful.privateID wrote: ↑Tue Sep 20, 2022 12:58 pm My understanding is that if you use the Google Password manager with separate strong passwords created for all accounts (something you would need to do for any stand-alone password manager that uses a Chrome extension) and you turn on passphrase encryption which encrypts your data on Google, then it as secure as all the other standalone Password Managers such as 1Password. Granted, these standalone Password Managers offers some extra goodies, but as far as being secure, they are equal. If others feel otherwise, I'd love to hear.
Re: Do you use a password manager?
I use Chrome OS (Chromebooks and Chromeboxes). I have to enter my password when I log on to my Chromebook or Chromebox using my Google account, but once I log in it's possible someone else may get access to my computer while it is running, perhaps I may leave it open or leave my Chromebook somewhere, or I forget to log out, or any other of a number of possibilities, and in that case the person who has access to my computer would then have access to all of my passwords if they were stored in Chrome. By contrast, if I use a standalone password manager, the person would not have access to my passwords unless my password manager was also open and unlocked. In other words, they would also have to gain access to the separate password manager and that is another step that I can control, either by not logging in, or logging out, or locking, or timing out. So even if someone got access to my computer with my Google account open and running, it is likely that they would not have access to my passwords. I like being able to control access to my passwords as a separate step that is different from access to my computer.
The same is true for a hacker who was able to hack into my Google account.
Re: Do you use a password manager?
I am a software engineer where someone getting my password could mean accessing confidential information or costing lots of money for a business. Here's what works for me:
Bitwarden the password manager I trust with my data. I trust the team behind it and they recently got a lot of financing while still sticking to their commitments. I use their chrome extension to fill in passwords and generate passwords, and use the app on ios to fill in passwords on mobile.
My master password (which you will enter relatively frequently) is a string of five words that I randomly generated but is easy to remember (something like "gush-froggy-chrome-task-oink") so it's easy for me to type in.
The magic happens with 2FA. I bought three yubikeys and associated all three with every service I could -- bitwarden, google, AWS, facebook, paypal, among others. It's much much much more secure than getting a text message since there have been instances of phone numbers getting hijacking. I keep one key on my keychain, one in my desk at home, and the third at a trusted third party's house. Sometimes I will need to assign the third key but it's easy enough to bring my laptop over there.
Bitwarden the password manager I trust with my data. I trust the team behind it and they recently got a lot of financing while still sticking to their commitments. I use their chrome extension to fill in passwords and generate passwords, and use the app on ios to fill in passwords on mobile.
My master password (which you will enter relatively frequently) is a string of five words that I randomly generated but is easy to remember (something like "gush-froggy-chrome-task-oink") so it's easy for me to type in.
The magic happens with 2FA. I bought three yubikeys and associated all three with every service I could -- bitwarden, google, AWS, facebook, paypal, among others. It's much much much more secure than getting a text message since there have been instances of phone numbers getting hijacking. I keep one key on my keychain, one in my desk at home, and the third at a trusted third party's house. Sometimes I will need to assign the third key but it's easy enough to bring my laptop over there.
- anon_investor
- Posts: 15122
- Joined: Mon Jun 03, 2019 1:43 pm
Re: Do you use a password manager?
This is not entirely true, you can add encryption to your stored Chrome passwords, so bad guy need an extra passphrase to access even if you leave your computer unlocked.mptfan wrote: ↑Tue Sep 20, 2022 5:52 pmI use Chrome OS (Chromebooks and Chromeboxes). I have to enter my password when I log on to my Chromebook or Chromebox using my Google account, but once I log in it's possible someone else may get access to my computer while it is running, perhaps I may leave it open or leave my Chromebook somewhere, or I forget to log out, or any other of a number of possibilities, and in that case the person who has access to my computer would then have access to all of my passwords if they were stored in Chrome. By contrast, if I use a standalone password manager, the person would not have access to my passwords unless my password manager was also open and unlocked. In other words, they would also have to gain access to the separate password manager and that is another step that I can control, either by not logging in, or logging out, or locking, or timing out. So even if someone got access to my computer with my Google account open and running, it is likely that they would not have access to my passwords. I like being able to control access to my passwords as a separate step that is different from access to my computer.
The same is true for a hacker who was able to hack into my Google account.
-
- Posts: 399
- Joined: Mon Nov 04, 2013 10:46 pm
Re: Do you use a password manager?
Is that chrome only feature or is that available on all browsers that have remember password function ?anon_investor wrote: ↑Tue Sep 20, 2022 7:01 pmThis is not entirely true, you can add encryption to your stored Chrome passwords, so bad guy need an extra passphrase to access even if you leave your computer unlocked.mptfan wrote: ↑Tue Sep 20, 2022 5:52 pmI use Chrome OS (Chromebooks and Chromeboxes). I have to enter my password when I log on to my Chromebook or Chromebox using my Google account, but once I log in it's possible someone else may get access to my computer while it is running, perhaps I may leave it open or leave my Chromebook somewhere, or I forget to log out, or any other of a number of possibilities, and in that case the person who has access to my computer would then have access to all of my passwords if they were stored in Chrome. By contrast, if I use a standalone password manager, the person would not have access to my passwords unless my password manager was also open and unlocked. In other words, they would also have to gain access to the separate password manager and that is another step that I can control, either by not logging in, or logging out, or locking, or timing out. So even if someone got access to my computer with my Google account open and running, it is likely that they would not have access to my passwords. I like being able to control access to my passwords as a separate step that is different from access to my computer.
The same is true for a hacker who was able to hack into my Google account.
- anon_investor
- Posts: 15122
- Joined: Mon Jun 03, 2019 1:43 pm
Re: Do you use a password manager?
Chrome has it, dunno about others.mongstradamus wrote: ↑Tue Sep 20, 2022 7:04 pmIs that chrome only feature or is that available on all browsers that have remember password function ?anon_investor wrote: ↑Tue Sep 20, 2022 7:01 pmThis is not entirely true, you can add encryption to your stored Chrome passwords, so bad guy need an extra passphrase to access even if you leave your computer unlocked.mptfan wrote: ↑Tue Sep 20, 2022 5:52 pmI use Chrome OS (Chromebooks and Chromeboxes). I have to enter my password when I log on to my Chromebook or Chromebox using my Google account, but once I log in it's possible someone else may get access to my computer while it is running, perhaps I may leave it open or leave my Chromebook somewhere, or I forget to log out, or any other of a number of possibilities, and in that case the person who has access to my computer would then have access to all of my passwords if they were stored in Chrome. By contrast, if I use a standalone password manager, the person would not have access to my passwords unless my password manager was also open and unlocked. In other words, they would also have to gain access to the separate password manager and that is another step that I can control, either by not logging in, or logging out, or locking, or timing out. So even if someone got access to my computer with my Google account open and running, it is likely that they would not have access to my passwords. I like being able to control access to my passwords as a separate step that is different from access to my computer.
The same is true for a hacker who was able to hack into my Google account.
Re: Do you use a password manager?
Even without passphrase encryption, you would have to enter your Google password to actually see a password in the Password Manager. In other words, my browser is open, I am logged into Google and Google still does not let me see the saved passwords unless I enter the password even though I am logged in. Google is not stupid. They understand what the competition is doing and I expect them to make things as secure as their competitors.anon_investor wrote: ↑Tue Sep 20, 2022 7:01 pmThis is not entirely true, you can add encryption to your stored Chrome passwords, so bad guy need an extra passphrase to access even if you leave your computer unlocked.mptfan wrote: ↑Tue Sep 20, 2022 5:52 pmI use Chrome OS (Chromebooks and Chromeboxes). I have to enter my password when I log on to my Chromebook or Chromebox using my Google account, but once I log in it's possible someone else may get access to my computer while it is running, perhaps I may leave it open or leave my Chromebook somewhere, or I forget to log out, or any other of a number of possibilities, and in that case the person who has access to my computer would then have access to all of my passwords if they were stored in Chrome. By contrast, if I use a standalone password manager, the person would not have access to my passwords unless my password manager was also open and unlocked. In other words, they would also have to gain access to the separate password manager and that is another step that I can control, either by not logging in, or logging out, or locking, or timing out. So even if someone got access to my computer with my Google account open and running, it is likely that they would not have access to my passwords. I like being able to control access to my passwords as a separate step that is different from access to my computer.
The same is true for a hacker who was able to hack into my Google account.
I am not familiar with what the other browsers do, but Google is really good at syncing data among devices.