Do you use a password manager?

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills.
AnEngineer
Posts: 2414
Joined: Sat Jun 27, 2020 4:05 pm

Re: Do you use a password manager?

Post by AnEngineer »

MikeWillRetire wrote: Sun Jul 24, 2022 3:52 pm
AnEngineer wrote: Sun Jul 24, 2022 2:17 pm
MikeWillRetire wrote: Sun Jul 24, 2022 2:11 pm
AnEngineer wrote: Sat Jul 23, 2022 6:58 pm
MikeWillRetire wrote: Fri Jul 22, 2022 11:44 am
I found that if someone accesses your computer, they can access google password manager without needing the password. I couldn't find a good way to log out of google password manager. Even if you log out of your google account, the password manager still autofills the passwords. That's one of the reasons why I chose 1 Password. You can log out of it easily.
I don't understand this concern. If you let someone have access to your computer using using your account you'd better trust them completely, as they could install a variety of security compromises.
I'm not concerned about the people that I allow access to the computer. I'm more concerned about others who could gain access. Our home computer is awakened with a 4 digit pin, so if they somehow figure out the pin, they then have access to google passwords, even if I log out of chrome. For that reason, I chose 1 Password because it requires me to log in to use it.
I see the difference, but it still makes doesn't make sense to me. Anyone who gets past the pin can install a keylogger or something and get access to your passwords and more. Unauthorized access to my user account is game over in so many ways.
I am curious to find out what you do to prevent this unauthorized access?
I echo what the poster above wrote. Physical access is a big one. There's going to be some convenience vs security trade off that you may adjust based on your circumstances, so what I do kind of doesn't matter. My point is that it's weird to me to worry about password manager access when someone already has control of your computer. Maybe your pin is enough to protect you. Inside your house that could be very reasonable. In other cases maybe one has a strong boot password with full disk encryption and never leave the computer on unattended.
Ripcord
Posts: 48
Joined: Mon Oct 14, 2019 9:56 pm

Re: Do you use a password manager?

Post by Ripcord »

Long time LastPass user until they started charging for it. Switched to Bitwarden and am happy with it. both are essentially the same functionality and I don't have a preference. At work we use Lastpass. I still make it a habit to change passwords every few months. I use the auto generated ones that the password manager generates so I actually don't even know what my passwords are myself unless I look.
quietseas
Posts: 901
Joined: Fri Dec 27, 2013 3:43 pm

Re: Do you use a password manager?

Post by quietseas »

meadowrue wrote: Sun Jul 24, 2022 9:29 am
martincmartin wrote: Sun Jul 24, 2022 7:12 am
meadowrue wrote: Tue Jul 19, 2022 2:10 pm I have always used 3-4 different passwords and easily remember them
Have you seen which of them have been compromised?

https://haveibeenpwned.com/

https://haveibeenpwned.com/Passwords
Thanks for the links. My email address has been in 5 data breaches! My phone number is ok. I changed all my passwords yesterday across every single account while I decide about a password manager. I greatly appreciate all the responses here.
Glad you looked, you should never reuse passwords on important sites such as your email provider or any financial institution. Use a unique random password on every site (even unimportant ones) is best.
valleyrock
Posts: 1129
Joined: Sun Aug 12, 2018 7:12 am

Re: Do you use a password manager?

Post by valleyrock »

I use LastPass, but would use Bitwarden if starting fresh. Family plan on LastPass works well, and I can share passwords securely with family members. Then when I change a password, it updates the ones family members access

Passwords I often get from subsets of passwords generated at https://www.grc.com/passwords.htm .
User avatar
tuningfork
Posts: 885
Joined: Wed Oct 30, 2013 8:30 pm

Re: Do you use a password manager?

Post by tuningfork »

valleyrock wrote: Sun Jul 24, 2022 6:57 pm I use LastPass, but would use Bitwarden if starting fresh. Family plan on LastPass works well, and I can share passwords securely with family members. Then when I change a password, it updates the ones family members access

Passwords I often get from subsets of passwords generated at https://www.grc.com/passwords.htm .
It's quick and easy to export your passwords from Lastpass and import them into Bitwarden, if you want to give Bitwarden a try. While that grc page is fine (and the author is a trusted security expert), Lastpass, Bitwarden and the others all have their own strong password generation tools built-in that might be a little more convenient for anyone who is already using a password manager.
valleyrock
Posts: 1129
Joined: Sun Aug 12, 2018 7:12 am

Re: Do you use a password manager?

Post by valleyrock »

Yes, one can transfer from LastPass to bitwarden, but as I remember, special characters won't port over. A pain. Not sure if Bitwarden allows sharing with other accounts. That's very convenient.
tibbitts
Posts: 23716
Joined: Tue Feb 27, 2007 5:50 pm

Re: Do you use a password manager?

Post by tibbitts »

valleyrock wrote: Sun Jul 24, 2022 7:22 pm Yes, one can transfer from LastPass to bitwarden, but as I remember, special characters won't port over. A pain. Not sure if Bitwarden allows sharing with other accounts. That's very convenient.
I haven't tried but special characters are an interesting point. I had assumed there might be one character (the field separator for the exported data, whatever that might be) that could be problematic but never thought any others would be. Surely someone has experience with the export/import and will comment.
User avatar
tuningfork
Posts: 885
Joined: Wed Oct 30, 2013 8:30 pm

Re: Do you use a password manager?

Post by tuningfork »

tibbitts wrote: Sun Jul 24, 2022 7:31 pm
valleyrock wrote: Sun Jul 24, 2022 7:22 pm Yes, one can transfer from LastPass to bitwarden, but as I remember, special characters won't port over. A pain. Not sure if Bitwarden allows sharing with other accounts. That's very convenient.
I haven't tried but special characters are an interesting point. I had assumed there might be one character (the field separator for the exported data, whatever that might be) that could be problematic but never thought any others would be. Surely someone has experience with the export/import and will comment.
I moved from Lastpass to Bitwarden a year or so ago. My passwords are long random strings with special characters, and they all came over just fine. According to Bitwarden it's a bug in Lastpass that erroneously encodes HTML characters such as & < >. Perhaps that was a bug in an older version of Lastpass, or Lastpass never generated those particular characters in any of my passwords. https://bitwarden.com/help/import-from-lastpass/

Bitwarden has a family plan to share with other family members. It's $40/year I think.
newyorker
Posts: 1635
Joined: Sun May 17, 2020 7:59 am

Re: Do you use a password manager?

Post by newyorker »

I dont. Tried dashlane. It was clunky and ineffective.
jebmke
Posts: 25474
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: Do you use a password manager?

Post by jebmke »

newyorker wrote: Sun Jul 24, 2022 9:49 pm I dont. Tried dashlane. It was clunky and ineffective.
How was it ineffective?
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
valleyrock
Posts: 1129
Joined: Sun Aug 12, 2018 7:12 am

Re: Do you use a password manager?

Post by valleyrock »

tuningfork wrote: Sun Jul 24, 2022 9:48 pm
tibbitts wrote: Sun Jul 24, 2022 7:31 pm
valleyrock wrote: Sun Jul 24, 2022 7:22 pm Yes, one can transfer from LastPass to bitwarden, but as I remember, special characters won't port over. A pain. Not sure if Bitwarden allows sharing with other accounts. That's very convenient.
I haven't tried but special characters are an interesting point. I had assumed there might be one character (the field separator for the exported data, whatever that might be) that could be problematic but never thought any others would be. Surely someone has experience with the export/import and will comment.
I moved from Lastpass to Bitwarden a year or so ago. My passwords are long random strings with special characters, and they all came over just fine. According to Bitwarden it's a bug in Lastpass that erroneously encodes HTML characters such as & < >. Perhaps that was a bug in an older version of Lastpass, or Lastpass never generated those particular characters in any of my passwords. https://bitwarden.com/help/import-from-lastpass/

Bitwarden has a family plan to share with other family members. It's $40/year I think.
Around $50 for LastPass for family, 5 accounts.
ephu437
Posts: 39
Joined: Tue Oct 09, 2007 7:24 am

Re: Do you use a password manager?

Post by ephu437 »

This thread has been a great help - thank you to the community members here shared their experiences and feedback.

I'm posting now in the hopes of getting advice: Big picture, I'm looking for 2 things from adopting a password manager (PM):
1. Security for vital accounts
2. Managing hundreds of logins across multiple devices and family members (mostly teenage sons).

Up till now I've kept a master spreadsheet with my login/PW info, and use browser "remember login" for convenience. I've been lucky and not suffered any compromises or problems.

I'm concerned that some measures to achieve #1 work against #2. I don't worry about the security of my netflix, NY times, or bogleheads accounts (should I?), and I imagine that going through 2fa every time I wanted to use those sites would be a real bother.

The solution I'm considering is using two PMs, with the financial accounts and 2FA only on one of them. But that leaves the problem of my google account. Gmail is my main email account and I use google docs, drive, etc. Would I need to keep it in the secure PM because of its role in PW recovery?

Does that make sense? Any advice? Thanks!
evelynmanley
Posts: 1029
Joined: Tue Sep 21, 2010 9:13 am

Re: Do you use a password manager?

Post by evelynmanley »

ephu437 wrote: Wed Jul 27, 2022 11:24 am This thread has been a great help - thank you to the community members here shared their experiences and feedback.

I'm posting now in the hopes of getting advice: Big picture, I'm looking for 2 things from adopting a password manager (PM):
1. Security for vital accounts
2. Managing hundreds of logins across multiple devices and family members (mostly teenage sons).

Up till now I've kept a master spreadsheet with my login/PW info, and use browser "remember login" for convenience. I've been lucky and not suffered any compromises or problems.

I'm concerned that some measures to achieve #1 work against #2. I don't worry about the security of my netflix, NY times, or bogleheads accounts (should I?), and I imagine that going through 2fa every time I wanted to use those sites would be a real bother.

The solution I'm considering is using two PMs, with the financial accounts and 2FA only on one of them. But that leaves the problem of my google account. Gmail is my main email account and I use google docs, drive, etc. Would I need to keep it in the secure PM because of its role in PW recovery?

Does that make sense? Any advice? Thanks!
I may not be understanding your situation correctly, but FYI, in Bitwarden you can create separate vaults and also separate folders within each vault to keep things separate in terms of security priority, what you want to share or not share, etc. There are endless ways to use vaults and folders.
https://bitwarden.com/help/getting-started-webvault/

It might seem overwhelming if you're not familiar with Bitwarden, but, believe me, if I can figure it out, anyone can. My daughter is a systems architect and chose Bitwarden because she feels it provides the most security of all the PM options.

Most definitely you want to keep anything Google-associated as secure as possible, and not only because of PW recovery.
User avatar
bertilak
Posts: 10725
Joined: Tue Aug 02, 2011 5:23 pm
Location: East of the Pecos, West of the Mississippi

Re: Do you use a password manager?

Post by bertilak »

I use LastPass and am getting concerned about it. Just today I could not log on to Vanguard because the LastPass server was down.

I'm beginning to question the wisdom of a PW manager that requires access to a network server.

I like the way LastPass works so I wonder if there is some PW manager not dependent on a network server but otherwise just like LastPass. As far as I can tell, the only advantage to a server-based design is the ease of sharing passwords across platforms. KeePass can do the equivalent by storing its database on OneDrive, but KeePass gets confused by that (I'm not sure why but I think it tries to keep a local, cached, copy) and requires a bit of handholding.

Until recently I was using KeePass. it is clumsier than LastPass but more robust in that it works even if the Internet is down. I'm looking for the best of both worlds!
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
Marseille07
Posts: 16054
Joined: Fri Nov 06, 2020 12:41 pm

Re: Do you use a password manager?

Post by Marseille07 »

bertilak wrote: Wed Jul 27, 2022 6:22 pm I use LastPass and am getting concerned about it. Just today I could not log on to Vanguard because the LastPass server was down.

I'm beginning to question the wisdom of a PW manager that requires access to a network server.

I like the way LastPass works so I wonder if there is some PW manager not dependent on a network server but otherwise just like LastPass. As far as I can tell, the only advantage to a server-based design is the ease of sharing passwords across platforms. KeePass can do the equivalent by storing its database on OneDrive, but KeePass gets confused by that (I'm not sure why but I think it tries to keep a local, cached, copy) and requires a bit of handholding.

Until recently I was using KeePass. it is clumsier than LastPass but more robust in that it works even if the Internet is down. I'm looking for the best of both worlds!
Nothing wrong with KeePass. I don't use the autofill feature (I use Chrome for that), and I just carry around the password database file when I'm on the road. Works just fine.
User avatar
slowandsteadywins
Posts: 301
Joined: Tue Dec 20, 2016 2:13 pm

Re: Do you use a password manager?

Post by slowandsteadywins »

Privacy Guides is my go to resource, including for Password Managers. https://www.privacyguides.org/passwords/
"Nothing in this world can take the place of persistence; Persistence and determination alone are omnipotent." | -Calvin Coolidge
DoTheMath
Posts: 671
Joined: Sat Jul 04, 2015 1:11 pm
Location: The Plains

Re: Do you use a password manager?

Post by DoTheMath »

ephu437 wrote: Wed Jul 27, 2022 11:24 am This thread has been a great help - thank you to the community members here shared their experiences and feedback.

I'm posting now in the hopes of getting advice: Big picture, I'm looking for 2 things from adopting a password manager (PM):
1. Security for vital accounts
2. Managing hundreds of logins across multiple devices and family members (mostly teenage sons).

Up till now I've kept a master spreadsheet with my login/PW info, and use browser "remember login" for convenience. I've been lucky and not suffered any compromises or problems.

I'm concerned that some measures to achieve #1 work against #2. I don't worry about the security of my netflix, NY times, or bogleheads accounts (should I?), and I imagine that going through 2fa every time I wanted to use those sites would be a real bother.

The solution I'm considering is using two PMs, with the financial accounts and 2FA only on one of them. But that leaves the problem of my google account. Gmail is my main email account and I use google docs, drive, etc. Would I need to keep it in the secure PM because of its role in PW recovery?

Does that make sense? Any advice? Thanks!
1Password (and I'm sure others) allows for multiple password vaults, and allows for vaults to be shared among family members. This will let you bin together the passwords according to who should have access to them. No need for multiple password managers.

Personally, I don't worry about BH and other low level logins. Even if those are hacked, it gets the hacker no closer to getting into the important ones since the important ones have strong unique passwords (thanks to the password manager!) and 2FA. That said, I've been steadily migrating more and more accounts to the PM just because it's easier to have login info all in one place.

For gmail, YES! Your security is only as strong as its weakest link. As you correctly note, if it can be used to recover other passwords, then you definitely want gmail to have 2FA and to have a strong password.
“I am losing precious days. I am degenerating into a machine for making money. I am learning nothing in this trivial world of men. I must break away and get out into the mountains...” -- John Muir
ephu437
Posts: 39
Joined: Tue Oct 09, 2007 7:24 am

Re: Do you use a password manager?

Post by ephu437 »

My question is about using the same password manager to keep conveniently track and use my non-sensitive logins and to secure my sensitive ones. What I'm most trying to understand is where those are in conflict.

For example, I want it to be quick and easy to look up some random forum password. Would the following solution work: create 2 vaults in the PM, have 2FA and a strong password for the one, and for the other, chose "1234" as my PW? Would I need to create a second, non-sensitive email address just for that second vault?

Maybe I would want to create that second email account anyway, because "login with google" is a common convenience option these days. I could set up message forwarding from the new account without compromising my primary one's security?
User avatar
bertilak
Posts: 10725
Joined: Tue Aug 02, 2011 5:23 pm
Location: East of the Pecos, West of the Mississippi

Re: Do you use a password manager?

Post by bertilak »

ephu437 wrote: Thu Jul 28, 2022 9:23 am For example, I want it to be quick and easy to look up some random forum password.
What's easier yet is to not have to look it up at all.

LastPass does this for you.

When you first go to a web page and manually type in an ID/PW, LastPass offers to remember them.
From then on, LastPass will automatically "type" them in for you.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
selters
Posts: 702
Joined: Thu Feb 27, 2014 8:26 am

Re: Do you use a password manager?

Post by selters »

AnnetteLouisan wrote: Tue Jul 19, 2022 4:16 pm I just write the passwords down. No, not on the back of my hand (that’s for phone numbers and grocery lists), I use a sheet of paper called “Passwords.” It’s old school, but it works.
And unhackable.
Eno Deb
Posts: 757
Joined: Sun Feb 03, 2019 3:08 pm

Re: Do you use a password manager?

Post by Eno Deb »

mmse wrote: Tue Jul 19, 2022 9:14 pmWell... Good point, but...
Did you or anyone you trust review all the code?
Do you review it again after each update?
Do you build your binaries from the code you just reviewed or you use the pre-built ones? Why do you think nothing changed in-between?
Do you think I am unreasonably paranoid?
Yes on the latter question. :P But seriously, it's obviously not practical to constantly audit ever single bit of code you use (and even if you did that wouldn't mean nothing can slip through). But I don't know how much more trustworthy a password manager can possibly be.
User avatar
Metsfan91
Posts: 1019
Joined: Sat Jan 11, 2020 11:33 am
Location: Rust Belt

Re: Do you use a password manager?

Post by Metsfan91 »

jebmke wrote: Tue Jul 19, 2022 2:18 pm There are many good ones. The one I use is called Keepass

https://keepass.info/

I can keep the file and program on a USB drive

Many of the popular ones are online. I'm sure others will chime in with their favorite.
I use this. Works for me for safe keeping passwords.
"Know what you own, and know why you own it." — Peter Lynch
random_walker_77
Posts: 2212
Joined: Tue May 21, 2013 8:49 pm

Re: Do you use a password manager?

Post by random_walker_77 »

bertilak wrote: Wed Jul 27, 2022 6:22 pm I use LastPass and am getting concerned about it. Just today I could not log on to Vanguard because the LastPass server was down.

I'm beginning to question the wisdom of a PW manager that requires access to a network server.
Bitwarden works offline. Even when your bitwarden client is locked, it keep a cached copy of your encrypted vault for 30 days (90 days on your phone).
https://bitwarden.com/blog/configuring- ... ne-access/
User avatar
anon_investor
Posts: 15122
Joined: Mon Jun 03, 2019 1:43 pm

Re: Do you use a password manager?

Post by anon_investor »

bertilak wrote: Thu Jul 28, 2022 9:30 am
ephu437 wrote: Thu Jul 28, 2022 9:23 am For example, I want it to be quick and easy to look up some random forum password.
What's easier yet is to not have to look it up at all.

LastPass does this for you.

When you first go to a web page and manually type in an ID/PW, LastPass offers to remember them.
From then on, LastPass will automatically "type" them in for you.
I just use the Google password manager for those kind of logins that don't have financial ramifications. Keepass for the important stuff.
TN_Boy
Posts: 4134
Joined: Sat Jan 17, 2009 11:51 am

Re: Do you use a password manager?

Post by TN_Boy »

random_walker_77 wrote: Thu Jul 28, 2022 10:57 pm
bertilak wrote: Wed Jul 27, 2022 6:22 pm I use LastPass and am getting concerned about it. Just today I could not log on to Vanguard because the LastPass server was down.

I'm beginning to question the wisdom of a PW manager that requires access to a network server.
Bitwarden works offline. Even when your bitwarden client is locked, it keep a cached copy of your encrypted vault for 30 days (90 days on your phone).
https://bitwarden.com/blog/configuring- ... ne-access/
I don't use LastPass (though I do use a password manager), but this what the LastPass website says about server outages:
What happens if LastPass has an outage?

If the systems that support service to LastPass are experiencing an outage or are offline due to scheduled maintenance, you can check the current service status and sign up for real-time notifications at https://status.lastpass.com.

When you log in to your LastPass account via desktop or mobile device while you have an Internet connection, you are creating a locally cached version of your encrypted data to the local drive. This is the data that LastPass loads when you log in to LastPass while offline. Any LastPass browser extension, desktop app, or mobile app can be logged into without an Internet connection, and will default to offline mode when no connection is present, if allowed to do so.
From that, I'd assume that LastPass acts like Bitwarden per random_walker_77's post (and like the password manager I use), i.e. if you have previously used LastPass on a device, and you later try to use and it cannot get to the LastPass servers, it will use the local cached version of the database. Which of course might be out of date, but it is generally better than nothing (don't know if you can change entries in the local database without a connection).

There are a couple of things I find slightly ambiguous about the wording in that post, but it implies to me that having the LastPass servers down should not have impeded use of the local cached version of the database. All the password managers supporting a distributed database will of course need access to the central servers when doing updates.
irr
Posts: 95
Joined: Thu Aug 19, 2021 10:01 am
Location: Carolinas

Re: Do you use a password manager?

Post by irr »

I used Lastpass for 10 years. It was decent but clunky. I switched to Bitwarden and couldn't be happier. Easy to use across different operating systems and devices. You can install it on your desktop or as an extension in your web browser.

My favorite feature is that I can require the master password to log into specific sites or apps while still maintaining the ease of use logging into forums, reddit, etc..
Real estate, where even the most mediocre can become wealthy.
mptfan
Posts: 7217
Joined: Mon Mar 05, 2007 8:58 am

Re: Do you use a password manager?

Post by mptfan »

anon_investor wrote: Thu Jul 28, 2022 11:25 pm I just use the Google password manager for those kind of logins that don't have financial ramifications. Keepass for the important stuff.
That is a reasonable approach, but I prefer to keep all of my login credentials in one place.
User avatar
bertilak
Posts: 10725
Joined: Tue Aug 02, 2011 5:23 pm
Location: East of the Pecos, West of the Mississippi

Re: Do you use a password manager?

Post by bertilak »

TN_Boy wrote: Fri Jul 29, 2022 8:38 am
What happens if LastPass has an outage?

If the systems that support service to LastPass are experiencing an outage or are offline due to scheduled maintenance, you can check the current service status and sign up for real-time notifications at https://status.lastpass.com.

When you log in to your LastPass account via desktop or mobile device while you have an Internet connection, you are creating a locally cached version of your encrypted data to the local drive. This is the data that LastPass loads when you log in to LastPass while offline. Any LastPass browser extension, desktop app, or mobile app can be logged into without an Internet connection, and will default to offline mode when no connection is present, if allowed to do so
There must be more to it than that because I couldn't to log on when LastPass's serve was down. There was no indication it was (trying to?) use a cached copy. The above "if allowed to do so" hints there must be away to "allow" It, but I don't see that in any of the settings. I do have "save a disabled one-time password locally" set but that looks like something else. I don't know how to use that saved password, so maybe that is it. Presumably there re on-line instructions on how to use it. I'll look around for future reference.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
TN_Boy
Posts: 4134
Joined: Sat Jan 17, 2009 11:51 am

Re: Do you use a password manager?

Post by TN_Boy »

bertilak wrote: Fri Jul 29, 2022 9:33 am
TN_Boy wrote: Fri Jul 29, 2022 8:38 am
What happens if LastPass has an outage?

If the systems that support service to LastPass are experiencing an outage or are offline due to scheduled maintenance, you can check the current service status and sign up for real-time notifications at https://status.lastpass.com.

When you log in to your LastPass account via desktop or mobile device while you have an Internet connection, you are creating a locally cached version of your encrypted data to the local drive. This is the data that LastPass loads when you log in to LastPass while offline. Any LastPass browser extension, desktop app, or mobile app can be logged into without an Internet connection, and will default to offline mode when no connection is present, if allowed to do so.
Ther must be more to it than that because I couldn't to log on when LastPass's serve was down. There was no indication it was (trying to?) use a cached copy. The above "if allowed to do so" hints there must be away to "allow" It, but I don't see that in any of the settings. I do have "save a disabled one-time password locally" set but that looks like something else. I don't know how to use that saved password, so maybe that's it. Presumably there re on-line instructions on how to use it. I'll look around for future reference.
I'd certainly *think* it would allow you to access the cached copy, to handle the exact problem you encountered.

If there is some setting that needed to be tweaked, that would account for the problem. Or if you'd never used LastPass on that device (or maybe not used LastPass recently on that device and the cached copy is discarded due to age conditions ...but I'm guessing there).

At the risk of confusing the issue, I did find the text I quoted mildly confusing. Off the top of my head, for example, I can think of three different "failure to connect" scenarios, e.g.:

1) No internet access. So, obviously you can't get to LastPass
2) Internet is fine, but LastPass servers are down. Here you'd certainly expect access to a cached copy if it exists.
3) Internet is fine, LastPass servers are fine, but the connection to LastPass servers has an authentication failure.

These are all different failure cases. I could see 3) refusing access to the cached copy.

Here their description of how to setup offline access:
Enable offline access for your account

Enable offline access for your LastPass account so you can still access your vault even without an the presence of an Internet connection.

Log in to LastPass and access your vault by doing either of the following:
In your web browser toolbar, click the LastPass icon active LastPass icon and select Open My Vault.
Go to https://lastpass.com/?ac=1 and log in with your email address and master password.
Select Account Settings in the left navigation.
Select the Multifactor Options tab.
Select the Edit icon Edit option for your desired multifactor option.
For the "Enabled" option, use the drop-down menu to select Yes.
For the "Permit Offline Access" option, use the drop-down menu to select Allow. This will store an encrypted vault locally so you can log in without using multifactor authentication in case of a connectivity issue.
Configure all other required fields for your authenticator (if applicable), then select Update when finished.
Enter your master password, then select Continue.

Troubleshooting: If you have not already set up multifactor authentication for your selected multifactor option, follow the steps to enroll your device. Instructions will vary depending on the authenticator option you selected.

You have enabled offline access for your selected multifactor option, and will be able to access your LastPass vault while you are offline.
This almost implies you must have MFA setup to enable access to a local cache. But some LastPass guru should come to my aid here, I'm only guessing.
User avatar
bertilak
Posts: 10725
Joined: Tue Aug 02, 2011 5:23 pm
Location: East of the Pecos, West of the Mississippi

Re: Do you use a password manager?

Post by bertilak »

TN_Boy wrote: Fri Jul 29, 2022 9:46 am
bertilak wrote: Fri Jul 29, 2022 9:33 am
TN_Boy wrote: Fri Jul 29, 2022 8:38 am
What happens if LastPass has an outage?

If the systems that support service to LastPass are experiencing an outage or are offline due to scheduled maintenance, you can check the current service status and sign up for real-time notifications at https://status.lastpass.com.

When you log in to your LastPass account via desktop or mobile device while you have an Internet connection, you are creating a locally cached version of your encrypted data to the local drive. This is the data that LastPass loads when you log in to LastPass while offline. Any LastPass browser extension, desktop app, or mobile app can be logged into without an Internet connection, and will default to offline mode when no connection is present, if allowed to do so.
Ther must be more to it than that because I couldn't to log on when LastPass's serve was down. There was no indication it was (trying to?) use a cached copy. The above "if allowed to do so" hints there must be away to "allow" It, but I don't see that in any of the settings. I do have "save a disabled one-time password locally" set but that looks like something else. I don't know how to use that saved password, so maybe that's it. Presumably there re on-line instructions on how to use it. I'll look around for future reference.
I'd certainly *think* it would allow you to access the cached copy, to handle the exact problem you encountered.

If there is some setting that needed to be tweaked, that would account for the problem. Or if you'd never used LastPass on that device (or maybe not used LastPass recently on that device and the cached copy is discarded due to age conditions ...but I'm guessing there).

At the risk of confusing the issue, I did find the text I quoted mildly confusing. Off the top of my head, for example, I can think of three different "failure to connect" scenarios, e.g.:

1) No internet access. So, obviously you can't get to LastPass
2) Internet is fine, but LastPass servers are down. Here you'd certainly expect access to a cached copy if it exists.
3) Internet is fine, LastPass servers are fine, but the connection to LastPass servers has an authentication failure.

These are all different failure cases. I could see 3) refusing access to the cached copy.

Here their description of how to setup offline access:
Enable offline access for your account

Enable offline access for your LastPass account so you can still access your vault even without an the presence of an Internet connection.

Log in to LastPass and access your vault by doing either of the following:
In your web browser toolbar, click the LastPass icon active LastPass icon and select Open My Vault.
Go to https://lastpass.com/?ac=1 and log in with your email address and master password.
Select Account Settings in the left navigation.
Select the Multifactor Options tab.
Select the Edit icon Edit option for your desired multifactor option.
For the "Enabled" option, use the drop-down menu to select Yes.
For the "Permit Offline Access" option, use the drop-down menu to select Allow. This will store an encrypted vault locally so you can log in without using multifactor authentication in case of a connectivity issue.
Configure all other required fields for your authenticator (if applicable), then select Update when finished.
Enter your master password, then select Continue.

Troubleshooting: If you have not already set up multifactor authentication for your selected multifactor option, follow the steps to enroll your device. Instructions will vary depending on the authenticator option you selected.

You have enabled offline access for your selected multifactor option, and will be able to access your LastPass vault while you are offline.
This almost implies you must have MFA setup to enable access to a local cache. But some LastPass guru should come to my aid here, I'm only guessing.
Thanks. My situation was definitely number 2 (Internet is fine, but LastPass servers are down.) Their web page acknowledged a server outage.

I followed the instructions you quoted and enabled "allow offline access." It does seem odd that it is buried deeply in the multifactor area. It would be better if it were raised to a more obvious rea, even if it had to have a note that it required MFA activation to work.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
TN_Boy
Posts: 4134
Joined: Sat Jan 17, 2009 11:51 am

Re: Do you use a password manager?

Post by TN_Boy »

bertilak wrote: Fri Jul 29, 2022 10:04 am
...

Thanks. My situation was definitely number 2 (Internet is fine, but LastPass servers are down.) Their web page acknowledged a server outage.

I followed the instructions you quoted and enabled "allow offline access." It does seem odd that it is buried deeply in the multifactor area. It would be better if it were raised to a more obvious rea, even if it had to have a note that it required MFA activation to work.
Hope it all works correctly for you now. I find password managers essential.
Turtles
Posts: 3
Joined: Wed Oct 20, 2021 10:24 pm

Re: Do you use a password manager?

Post by Turtles »

meadowrue wrote: Sat Jul 23, 2022 7:10 pm
Gaston wrote: Sat Jul 23, 2022 4:34 pm
case_of_ennui wrote: Tue Jul 19, 2022 4:08 pm I use a notepad in my nightstand drawer. I need to look into some of these. I just have trouble trusting third parties with my important passwords.
The above is a fair comment. Some might want to use a 3rd-party password manager but do not want to fully trust a 3rd-party. There is a solution for this that often is recommended to investigative journalists, diplomats and other high profile hacking targets for use on their key accounts. It goes something like this.

1. Invent a 4 or 6 digit secret code. Store it in your head or in your bank safety deposit box. Let's say it's 2246.

2. Let the 3rd-party password manager generate a password for a website that you wish to use. Let's say the password manager generates 275Hty@M4&b.

3. When you create the account for the website, let the password manager autofill the 275Hty@M4&b password, then manually enter 2246 at the end.

4. Every time you sign onto the website in the future, do the same as point #3 above. This way, only you know the full password.

In this model, you only have to remember a single secret code (2246) but you use it for all your key websites.
This is really clever. Thanks for sharing. I am the OP who is also a bit of a scaredy cat when it comes to anything other than the old-fashioned “write it down and lock it away.” I feel like I need a better strategy and this might be it!
I do this for my more critical accounts and it gives me some piece of mind that even if my password manager got hacked (which would be tough given I use a long password and MFA), my critical accounts also require me to manually type in the rest of my password.

I’ll also add that once you start using a password manager it’s hard to imagine life without it. I’ve got my wife and kids onboard and they were hard sell’s at first. I recommend starting with non-critical accounts and slowly moving over more and more accounts.
homesleym
Posts: 12
Joined: Sat Mar 22, 2014 10:36 am

Re: Do you use a password manager?

Post by homesleym »

I've used RoboForm since they first released it in 2000 and have been pretty happy with it overall. Still in the middle of a 5 year sub but I might consider something different at the end of the contract.
User avatar
bertilak
Posts: 10725
Joined: Tue Aug 02, 2011 5:23 pm
Location: East of the Pecos, West of the Mississippi

Re: Do you use a password manager?

Post by bertilak »

I was a long-time KeePass user and recently switched to LastPass. That was a big improvement, but it makes me wonder if there isn't something else even better.

I am trying Bitwarden because it has very good review. It is also nice, but I wonder how it will be long term.

Does anyone have advice on choosing between the two? First-hand experience with both would be great.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
User avatar
anon_investor
Posts: 15122
Joined: Mon Jun 03, 2019 1:43 pm

Re: Do you use a password manager?

Post by anon_investor »

bertilak wrote: Sat Jul 30, 2022 7:27 am I was a long-time KeePass user and recently switched to LastPass. That was a big improvement, but it makes me wonder if there isn't something else even better.

I am trying Bitwarden because it has very good review. It is also nice, but I wonder how it will be long term.

Does anyone have advice on choosing between the two? First-hand experience with both would be great.
What made you move away from KeePass?
mrtiger
Posts: 59
Joined: Sun Nov 13, 2016 8:35 pm

Re: Do you use a password manager?

Post by mrtiger »

1password is the way to go. They have built in military encryption and is approved by most IT departments.
User avatar
bertilak
Posts: 10725
Joined: Tue Aug 02, 2011 5:23 pm
Location: East of the Pecos, West of the Mississippi

Re: Do you use a password manager?

Post by bertilak »

anon_investor wrote: Sat Jul 30, 2022 7:30 am What made you move away from KeePass?
LastPass not only records ID/PW but automatically remembers them and fills them into a web page for me. I need not open up an application (KeePass) to copy and paste from. KeePass is a step up from using a spreadsheet but is still a manual process. The LastPass user interface is simpler. LastPass works with YubiKey for 2FA security.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
nguy44
Posts: 597
Joined: Sun Jul 09, 2017 1:52 pm

Re: Do you use a password manager?

Post by nguy44 »

I have used Keepass for years. It still meets my needs. My memory is still good and I use a password "algorithm" that helps me remember the passwords for my important sites without consulting it, but it is a good backup to that process.
User avatar
uaeebs86
Posts: 534
Joined: Sun Jun 26, 2022 1:29 pm
Location: Chandler, Arizona

Re: Do you use a password manager?

Post by uaeebs86 »

I use Password Safe, which is a lot like KeePass. It's also open source, interface looks very similar to KeePass. Runs on Windows/Android/Linux. Started using it years ago and just kind of stuck with it.

https://www.pwsafe.org

I never store my file anywhere but on my home computers and phone. I don't trust any PW managers that store in the cloud. I've dabbled with autofill but rarely use it. Just copy/paste. (Yes, I know it's much slower)
"Things work out best for those who make the best of the way things work out." ― John Wooden
User avatar
oldcomputerguy
Moderator
Posts: 17932
Joined: Sun Nov 22, 2015 5:50 am
Location: Tennessee

Re: Do you use a password manager?

Post by oldcomputerguy »

bertilak wrote: Sat Jul 30, 2022 7:48 am LastPass not only records ID/PW but automatically remembers them and fills them into a web page for me. I need not open up an application (KeePass) to copy and paste from. KeePass is a step up from using a spreadsheet but is still a manual process.
I use Keepass here, along with the KeePassHttp-Connector browser plugin. The plugin queries KeePass and fills in username/password fields for me.
There is only one success - to be able to spend your life in your own way. (Christopher Morley)
User avatar
bertilak
Posts: 10725
Joined: Tue Aug 02, 2011 5:23 pm
Location: East of the Pecos, West of the Mississippi

Re: Do you use a password manager?

Post by bertilak »

oldcomputerguy wrote: Sat Jul 30, 2022 9:42 am
bertilak wrote: Sat Jul 30, 2022 7:48 am LastPass not only records ID/PW but automatically remembers them and fills them into a web page for me. I need not open up an application (KeePass) to copy and paste from. KeePass is a step up from using a spreadsheet but is still a manual process.
I use Keepass here, along with the KeePassHttp-Connector browser plugin. The plugin queries KeePass and fills in username/password fields for me.
I prefer not to use add-ons that may or may not keep up with updates to the main program. It is just one more thing that needs to be managed. It's no big deal in and of itself, but these things pile up. It contributes to the one step forward, two steps back syndrome!
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
User avatar
bertilak
Posts: 10725
Joined: Tue Aug 02, 2011 5:23 pm
Location: East of the Pecos, West of the Mississippi

Re: Do you use a password manager?

Post by bertilak »

uaeebs86 wrote: Sat Jul 30, 2022 9:39 am I use Password Safe, which is a lot like KeePass. It's also open source, interface looks very similar to KeePass. Runs on Windows/Android/Linux. Started using it years ago and just kind of stuck with it.

https://www.pwsafe.org

I never store my file anywhere but on my home computers and phone. I don't trust any PW managers that store in the cloud. I've dabbled with autofill but rarely use it. Just copy/paste. (Yes, I know it's much slower)
I keep my KeePass data file on OneDrive, which I can access from my laptop and my Android phone. That works and does not depend on any extra cloud implementation -- that is, one that I am not already relying heavily on. Not every application, especially older ones, plays well with the cloud and I do see some oddities with KeePass but nothing fatal. Quicken, on the other hand, simply cannot have its data on the cloud -- near-instant corruption -- so I keep it local to my machine (no OneDrive) but compromise by putting its backups on OneDrive. That works well.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
User avatar
bertilak
Posts: 10725
Joined: Tue Aug 02, 2011 5:23 pm
Location: East of the Pecos, West of the Mississippi

Re: Do you use a password manager?

Post by bertilak »

mrtiger wrote: Sat Jul 30, 2022 7:43 am 1password is the way to go. They have built in military encryption and is approved by most IT departments.
Looking at it now. Appears to be about as nice as LastPass and Bitwarden. I will continue to look at both Bitwarden and 1Password as possible replacements (or not) for LastPass.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
GaryA505
Posts: 2907
Joined: Wed Feb 08, 2017 1:59 pm
Location: New Mexico

Re: Do you use a password manager?

Post by GaryA505 »

I use 1Password.
So far I like it.
Get most of it right and don't make any big mistakes. All else being equal, simpler is better. Simple is as simple does.
User avatar
bertilak
Posts: 10725
Joined: Tue Aug 02, 2011 5:23 pm
Location: East of the Pecos, West of the Mississippi

Re: Do you use a password manager?

Post by bertilak »

GaryA505 wrote: Sat Jul 30, 2022 1:13 pm I use 1Password.
So far I like it.
Can you compare it to LastPass and Bitwarden?
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
jebmke
Posts: 25474
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: Do you use a password manager?

Post by jebmke »

bertilak wrote: Sat Jul 30, 2022 2:54 pm
GaryA505 wrote: Sat Jul 30, 2022 1:13 pm I use 1Password.
So far I like it.
Can you compare it to LastPass and Bitwarden?
This seems to be a decent comparison.

https://blog.kamens.us/head-to-head-com ... tive-grid/
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
User avatar
bertilak
Posts: 10725
Joined: Tue Aug 02, 2011 5:23 pm
Location: East of the Pecos, West of the Mississippi

Re: Do you use a password manager?

Post by bertilak »

jebmke wrote: Sat Jul 30, 2022 2:58 pm
bertilak wrote: Sat Jul 30, 2022 2:54 pm
GaryA505 wrote: Sat Jul 30, 2022 1:13 pm I use 1Password.
So far I like it.
Can you compare it to LastPass and Bitwarden?
This seems to be a decent comparison.

https://blog.kamens.us/head-to-head-com ... tive-grid/
Great help!
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
GaryA505
Posts: 2907
Joined: Wed Feb 08, 2017 1:59 pm
Location: New Mexico

Re: Do you use a password manager?

Post by GaryA505 »

bertilak wrote: Sat Jul 30, 2022 2:54 pm
GaryA505 wrote: Sat Jul 30, 2022 1:13 pm I use 1Password.
So far I like it.
Can you compare it to LastPass and Bitwarden?
I haven't used any others.
Get most of it right and don't make any big mistakes. All else being equal, simpler is better. Simple is as simple does.
heywhoathere
Posts: 186
Joined: Mon Mar 14, 2022 7:18 pm

Re: Do you use a password manager?

Post by heywhoathere »

mrtiger wrote: Sat Jul 30, 2022 7:43 am 1password is the way to go. They have built in military encryption and is approved by most IT departments.
FWIW "military encryption" is just a marketing buzzword for AES-256 encryption, which is what everything uses nowadays. Not that that's a bad thing, but I wouldn't go making decisions based on that alone.
User avatar
CardinalRule
Posts: 1204
Joined: Sun Jan 15, 2017 10:01 am
Location: United States

Re: Do you use a password manager?

Post by CardinalRule »

This question comes up frequently on this forum, and as I’ve said in previous threads, 1Password, with the family plan, works great for DW and me. We have it on our computers (home and work) and mobile devices. Almost all of our passwords are shared across our vaults (work-related ones being the primary exception). I love how password changes on one device quickly update on others.

I feel good about the security of our passwords, and 1Password helps point out weak or reused passwords. We both have very strong master passwords, and even 1Password does not know what they are.

https://blog.1password.com/what-if-1pas ... ts-hacked/

There are some other good products out there, but 1Password has really done the job for us. We consider it to be an essential and worthwhile annual purchase.
Post Reply