I echo what the poster above wrote. Physical access is a big one. There's going to be some convenience vs security trade off that you may adjust based on your circumstances, so what I do kind of doesn't matter. My point is that it's weird to me to worry about password manager access when someone already has control of your computer. Maybe your pin is enough to protect you. Inside your house that could be very reasonable. In other cases maybe one has a strong boot password with full disk encryption and never leave the computer on unattended.MikeWillRetire wrote: ↑Sun Jul 24, 2022 3:52 pmI am curious to find out what you do to prevent this unauthorized access?AnEngineer wrote: ↑Sun Jul 24, 2022 2:17 pmI see the difference, but it still makes doesn't make sense to me. Anyone who gets past the pin can install a keylogger or something and get access to your passwords and more. Unauthorized access to my user account is game over in so many ways.MikeWillRetire wrote: ↑Sun Jul 24, 2022 2:11 pmI'm not concerned about the people that I allow access to the computer. I'm more concerned about others who could gain access. Our home computer is awakened with a 4 digit pin, so if they somehow figure out the pin, they then have access to google passwords, even if I log out of chrome. For that reason, I chose 1 Password because it requires me to log in to use it.AnEngineer wrote: ↑Sat Jul 23, 2022 6:58 pmI don't understand this concern. If you let someone have access to your computer using using your account you'd better trust them completely, as they could install a variety of security compromises.MikeWillRetire wrote: ↑Fri Jul 22, 2022 11:44 am
I found that if someone accesses your computer, they can access google password manager without needing the password. I couldn't find a good way to log out of google password manager. Even if you log out of your google account, the password manager still autofills the passwords. That's one of the reasons why I chose 1 Password. You can log out of it easily.
Do you use a password manager?
-
- Posts: 2414
- Joined: Sat Jun 27, 2020 4:05 pm
Re: Do you use a password manager?
Re: Do you use a password manager?
Long time LastPass user until they started charging for it. Switched to Bitwarden and am happy with it. both are essentially the same functionality and I don't have a preference. At work we use Lastpass. I still make it a habit to change passwords every few months. I use the auto generated ones that the password manager generates so I actually don't even know what my passwords are myself unless I look.
Re: Do you use a password manager?
Glad you looked, you should never reuse passwords on important sites such as your email provider or any financial institution. Use a unique random password on every site (even unimportant ones) is best.meadowrue wrote: ↑Sun Jul 24, 2022 9:29 amThanks for the links. My email address has been in 5 data breaches! My phone number is ok. I changed all my passwords yesterday across every single account while I decide about a password manager. I greatly appreciate all the responses here.martincmartin wrote: ↑Sun Jul 24, 2022 7:12 amHave you seen which of them have been compromised?
https://haveibeenpwned.com/
https://haveibeenpwned.com/Passwords
-
- Posts: 1129
- Joined: Sun Aug 12, 2018 7:12 am
Re: Do you use a password manager?
I use LastPass, but would use Bitwarden if starting fresh. Family plan on LastPass works well, and I can share passwords securely with family members. Then when I change a password, it updates the ones family members access
Passwords I often get from subsets of passwords generated at https://www.grc.com/passwords.htm .
Passwords I often get from subsets of passwords generated at https://www.grc.com/passwords.htm .
- tuningfork
- Posts: 885
- Joined: Wed Oct 30, 2013 8:30 pm
Re: Do you use a password manager?
It's quick and easy to export your passwords from Lastpass and import them into Bitwarden, if you want to give Bitwarden a try. While that grc page is fine (and the author is a trusted security expert), Lastpass, Bitwarden and the others all have their own strong password generation tools built-in that might be a little more convenient for anyone who is already using a password manager.valleyrock wrote: ↑Sun Jul 24, 2022 6:57 pm I use LastPass, but would use Bitwarden if starting fresh. Family plan on LastPass works well, and I can share passwords securely with family members. Then when I change a password, it updates the ones family members access
Passwords I often get from subsets of passwords generated at https://www.grc.com/passwords.htm .
-
- Posts: 1129
- Joined: Sun Aug 12, 2018 7:12 am
Re: Do you use a password manager?
Yes, one can transfer from LastPass to bitwarden, but as I remember, special characters won't port over. A pain. Not sure if Bitwarden allows sharing with other accounts. That's very convenient.
Re: Do you use a password manager?
I haven't tried but special characters are an interesting point. I had assumed there might be one character (the field separator for the exported data, whatever that might be) that could be problematic but never thought any others would be. Surely someone has experience with the export/import and will comment.valleyrock wrote: ↑Sun Jul 24, 2022 7:22 pm Yes, one can transfer from LastPass to bitwarden, but as I remember, special characters won't port over. A pain. Not sure if Bitwarden allows sharing with other accounts. That's very convenient.
- tuningfork
- Posts: 885
- Joined: Wed Oct 30, 2013 8:30 pm
Re: Do you use a password manager?
I moved from Lastpass to Bitwarden a year or so ago. My passwords are long random strings with special characters, and they all came over just fine. According to Bitwarden it's a bug in Lastpass that erroneously encodes HTML characters such as & < >. Perhaps that was a bug in an older version of Lastpass, or Lastpass never generated those particular characters in any of my passwords. https://bitwarden.com/help/import-from-lastpass/tibbitts wrote: ↑Sun Jul 24, 2022 7:31 pmI haven't tried but special characters are an interesting point. I had assumed there might be one character (the field separator for the exported data, whatever that might be) that could be problematic but never thought any others would be. Surely someone has experience with the export/import and will comment.valleyrock wrote: ↑Sun Jul 24, 2022 7:22 pm Yes, one can transfer from LastPass to bitwarden, but as I remember, special characters won't port over. A pain. Not sure if Bitwarden allows sharing with other accounts. That's very convenient.
Bitwarden has a family plan to share with other family members. It's $40/year I think.
Re: Do you use a password manager?
I dont. Tried dashlane. It was clunky and ineffective.
Re: Do you use a password manager?
How was it ineffective?
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
-
- Posts: 1129
- Joined: Sun Aug 12, 2018 7:12 am
Re: Do you use a password manager?
Around $50 for LastPass for family, 5 accounts.tuningfork wrote: ↑Sun Jul 24, 2022 9:48 pmI moved from Lastpass to Bitwarden a year or so ago. My passwords are long random strings with special characters, and they all came over just fine. According to Bitwarden it's a bug in Lastpass that erroneously encodes HTML characters such as & < >. Perhaps that was a bug in an older version of Lastpass, or Lastpass never generated those particular characters in any of my passwords. https://bitwarden.com/help/import-from-lastpass/tibbitts wrote: ↑Sun Jul 24, 2022 7:31 pmI haven't tried but special characters are an interesting point. I had assumed there might be one character (the field separator for the exported data, whatever that might be) that could be problematic but never thought any others would be. Surely someone has experience with the export/import and will comment.valleyrock wrote: ↑Sun Jul 24, 2022 7:22 pm Yes, one can transfer from LastPass to bitwarden, but as I remember, special characters won't port over. A pain. Not sure if Bitwarden allows sharing with other accounts. That's very convenient.
Bitwarden has a family plan to share with other family members. It's $40/year I think.
Re: Do you use a password manager?
This thread has been a great help - thank you to the community members here shared their experiences and feedback.
I'm posting now in the hopes of getting advice: Big picture, I'm looking for 2 things from adopting a password manager (PM):
1. Security for vital accounts
2. Managing hundreds of logins across multiple devices and family members (mostly teenage sons).
Up till now I've kept a master spreadsheet with my login/PW info, and use browser "remember login" for convenience. I've been lucky and not suffered any compromises or problems.
I'm concerned that some measures to achieve #1 work against #2. I don't worry about the security of my netflix, NY times, or bogleheads accounts (should I?), and I imagine that going through 2fa every time I wanted to use those sites would be a real bother.
The solution I'm considering is using two PMs, with the financial accounts and 2FA only on one of them. But that leaves the problem of my google account. Gmail is my main email account and I use google docs, drive, etc. Would I need to keep it in the secure PM because of its role in PW recovery?
Does that make sense? Any advice? Thanks!
I'm posting now in the hopes of getting advice: Big picture, I'm looking for 2 things from adopting a password manager (PM):
1. Security for vital accounts
2. Managing hundreds of logins across multiple devices and family members (mostly teenage sons).
Up till now I've kept a master spreadsheet with my login/PW info, and use browser "remember login" for convenience. I've been lucky and not suffered any compromises or problems.
I'm concerned that some measures to achieve #1 work against #2. I don't worry about the security of my netflix, NY times, or bogleheads accounts (should I?), and I imagine that going through 2fa every time I wanted to use those sites would be a real bother.
The solution I'm considering is using two PMs, with the financial accounts and 2FA only on one of them. But that leaves the problem of my google account. Gmail is my main email account and I use google docs, drive, etc. Would I need to keep it in the secure PM because of its role in PW recovery?
Does that make sense? Any advice? Thanks!
-
- Posts: 1029
- Joined: Tue Sep 21, 2010 9:13 am
Re: Do you use a password manager?
I may not be understanding your situation correctly, but FYI, in Bitwarden you can create separate vaults and also separate folders within each vault to keep things separate in terms of security priority, what you want to share or not share, etc. There are endless ways to use vaults and folders.ephu437 wrote: ↑Wed Jul 27, 2022 11:24 am This thread has been a great help - thank you to the community members here shared their experiences and feedback.
I'm posting now in the hopes of getting advice: Big picture, I'm looking for 2 things from adopting a password manager (PM):
1. Security for vital accounts
2. Managing hundreds of logins across multiple devices and family members (mostly teenage sons).
Up till now I've kept a master spreadsheet with my login/PW info, and use browser "remember login" for convenience. I've been lucky and not suffered any compromises or problems.
I'm concerned that some measures to achieve #1 work against #2. I don't worry about the security of my netflix, NY times, or bogleheads accounts (should I?), and I imagine that going through 2fa every time I wanted to use those sites would be a real bother.
The solution I'm considering is using two PMs, with the financial accounts and 2FA only on one of them. But that leaves the problem of my google account. Gmail is my main email account and I use google docs, drive, etc. Would I need to keep it in the secure PM because of its role in PW recovery?
Does that make sense? Any advice? Thanks!
https://bitwarden.com/help/getting-started-webvault/
It might seem overwhelming if you're not familiar with Bitwarden, but, believe me, if I can figure it out, anyone can. My daughter is a systems architect and chose Bitwarden because she feels it provides the most security of all the PM options.
Most definitely you want to keep anything Google-associated as secure as possible, and not only because of PW recovery.
- bertilak
- Posts: 10725
- Joined: Tue Aug 02, 2011 5:23 pm
- Location: East of the Pecos, West of the Mississippi
Re: Do you use a password manager?
I use LastPass and am getting concerned about it. Just today I could not log on to Vanguard because the LastPass server was down.
I'm beginning to question the wisdom of a PW manager that requires access to a network server.
I like the way LastPass works so I wonder if there is some PW manager not dependent on a network server but otherwise just like LastPass. As far as I can tell, the only advantage to a server-based design is the ease of sharing passwords across platforms. KeePass can do the equivalent by storing its database on OneDrive, but KeePass gets confused by that (I'm not sure why but I think it tries to keep a local, cached, copy) and requires a bit of handholding.
Until recently I was using KeePass. it is clumsier than LastPass but more robust in that it works even if the Internet is down. I'm looking for the best of both worlds!
I'm beginning to question the wisdom of a PW manager that requires access to a network server.
I like the way LastPass works so I wonder if there is some PW manager not dependent on a network server but otherwise just like LastPass. As far as I can tell, the only advantage to a server-based design is the ease of sharing passwords across platforms. KeePass can do the equivalent by storing its database on OneDrive, but KeePass gets confused by that (I'm not sure why but I think it tries to keep a local, cached, copy) and requires a bit of handholding.
Until recently I was using KeePass. it is clumsier than LastPass but more robust in that it works even if the Internet is down. I'm looking for the best of both worlds!
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
-
- Posts: 16054
- Joined: Fri Nov 06, 2020 12:41 pm
Re: Do you use a password manager?
Nothing wrong with KeePass. I don't use the autofill feature (I use Chrome for that), and I just carry around the password database file when I'm on the road. Works just fine.bertilak wrote: ↑Wed Jul 27, 2022 6:22 pm I use LastPass and am getting concerned about it. Just today I could not log on to Vanguard because the LastPass server was down.
I'm beginning to question the wisdom of a PW manager that requires access to a network server.
I like the way LastPass works so I wonder if there is some PW manager not dependent on a network server but otherwise just like LastPass. As far as I can tell, the only advantage to a server-based design is the ease of sharing passwords across platforms. KeePass can do the equivalent by storing its database on OneDrive, but KeePass gets confused by that (I'm not sure why but I think it tries to keep a local, cached, copy) and requires a bit of handholding.
Until recently I was using KeePass. it is clumsier than LastPass but more robust in that it works even if the Internet is down. I'm looking for the best of both worlds!
- slowandsteadywins
- Posts: 301
- Joined: Tue Dec 20, 2016 2:13 pm
Re: Do you use a password manager?
Privacy Guides is my go to resource, including for Password Managers. https://www.privacyguides.org/passwords/
"Nothing in this world can take the place of persistence; Persistence and determination alone are omnipotent." |
-Calvin Coolidge
Re: Do you use a password manager?
1Password (and I'm sure others) allows for multiple password vaults, and allows for vaults to be shared among family members. This will let you bin together the passwords according to who should have access to them. No need for multiple password managers.ephu437 wrote: ↑Wed Jul 27, 2022 11:24 am This thread has been a great help - thank you to the community members here shared their experiences and feedback.
I'm posting now in the hopes of getting advice: Big picture, I'm looking for 2 things from adopting a password manager (PM):
1. Security for vital accounts
2. Managing hundreds of logins across multiple devices and family members (mostly teenage sons).
Up till now I've kept a master spreadsheet with my login/PW info, and use browser "remember login" for convenience. I've been lucky and not suffered any compromises or problems.
I'm concerned that some measures to achieve #1 work against #2. I don't worry about the security of my netflix, NY times, or bogleheads accounts (should I?), and I imagine that going through 2fa every time I wanted to use those sites would be a real bother.
The solution I'm considering is using two PMs, with the financial accounts and 2FA only on one of them. But that leaves the problem of my google account. Gmail is my main email account and I use google docs, drive, etc. Would I need to keep it in the secure PM because of its role in PW recovery?
Does that make sense? Any advice? Thanks!
Personally, I don't worry about BH and other low level logins. Even if those are hacked, it gets the hacker no closer to getting into the important ones since the important ones have strong unique passwords (thanks to the password manager!) and 2FA. That said, I've been steadily migrating more and more accounts to the PM just because it's easier to have login info all in one place.
For gmail, YES! Your security is only as strong as its weakest link. As you correctly note, if it can be used to recover other passwords, then you definitely want gmail to have 2FA and to have a strong password.
“I am losing precious days. I am degenerating into a machine for making money. I am learning nothing in this trivial world of men. I must break away and get out into the mountains...” -- John Muir
Re: Do you use a password manager?
My question is about using the same password manager to keep conveniently track and use my non-sensitive logins and to secure my sensitive ones. What I'm most trying to understand is where those are in conflict.
For example, I want it to be quick and easy to look up some random forum password. Would the following solution work: create 2 vaults in the PM, have 2FA and a strong password for the one, and for the other, chose "1234" as my PW? Would I need to create a second, non-sensitive email address just for that second vault?
Maybe I would want to create that second email account anyway, because "login with google" is a common convenience option these days. I could set up message forwarding from the new account without compromising my primary one's security?
For example, I want it to be quick and easy to look up some random forum password. Would the following solution work: create 2 vaults in the PM, have 2FA and a strong password for the one, and for the other, chose "1234" as my PW? Would I need to create a second, non-sensitive email address just for that second vault?
Maybe I would want to create that second email account anyway, because "login with google" is a common convenience option these days. I could set up message forwarding from the new account without compromising my primary one's security?
- bertilak
- Posts: 10725
- Joined: Tue Aug 02, 2011 5:23 pm
- Location: East of the Pecos, West of the Mississippi
Re: Do you use a password manager?
What's easier yet is to not have to look it up at all.
LastPass does this for you.
When you first go to a web page and manually type in an ID/PW, LastPass offers to remember them.
From then on, LastPass will automatically "type" them in for you.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
Re: Do you use a password manager?
And unhackable.AnnetteLouisan wrote: ↑Tue Jul 19, 2022 4:16 pm I just write the passwords down. No, not on the back of my hand (that’s for phone numbers and grocery lists), I use a sheet of paper called “Passwords.” It’s old school, but it works.
Re: Do you use a password manager?
Yes on the latter question. But seriously, it's obviously not practical to constantly audit ever single bit of code you use (and even if you did that wouldn't mean nothing can slip through). But I don't know how much more trustworthy a password manager can possibly be.mmse wrote: ↑Tue Jul 19, 2022 9:14 pmWell... Good point, but...
Did you or anyone you trust review all the code?
Do you review it again after each update?
Do you build your binaries from the code you just reviewed or you use the pre-built ones? Why do you think nothing changed in-between?
Do you think I am unreasonably paranoid?
Re: Do you use a password manager?
I use this. Works for me for safe keeping passwords.jebmke wrote: ↑Tue Jul 19, 2022 2:18 pm There are many good ones. The one I use is called Keepass
https://keepass.info/
I can keep the file and program on a USB drive
Many of the popular ones are online. I'm sure others will chime in with their favorite.
"Know what you own, and know why you own it." — Peter Lynch
-
- Posts: 2212
- Joined: Tue May 21, 2013 8:49 pm
Re: Do you use a password manager?
Bitwarden works offline. Even when your bitwarden client is locked, it keep a cached copy of your encrypted vault for 30 days (90 days on your phone).
https://bitwarden.com/blog/configuring- ... ne-access/
- anon_investor
- Posts: 15122
- Joined: Mon Jun 03, 2019 1:43 pm
Re: Do you use a password manager?
I just use the Google password manager for those kind of logins that don't have financial ramifications. Keepass for the important stuff.
Re: Do you use a password manager?
I don't use LastPass (though I do use a password manager), but this what the LastPass website says about server outages:random_walker_77 wrote: ↑Thu Jul 28, 2022 10:57 pmBitwarden works offline. Even when your bitwarden client is locked, it keep a cached copy of your encrypted vault for 30 days (90 days on your phone).
https://bitwarden.com/blog/configuring- ... ne-access/
From that, I'd assume that LastPass acts like Bitwarden per random_walker_77's post (and like the password manager I use), i.e. if you have previously used LastPass on a device, and you later try to use and it cannot get to the LastPass servers, it will use the local cached version of the database. Which of course might be out of date, but it is generally better than nothing (don't know if you can change entries in the local database without a connection).What happens if LastPass has an outage?
If the systems that support service to LastPass are experiencing an outage or are offline due to scheduled maintenance, you can check the current service status and sign up for real-time notifications at https://status.lastpass.com.
When you log in to your LastPass account via desktop or mobile device while you have an Internet connection, you are creating a locally cached version of your encrypted data to the local drive. This is the data that LastPass loads when you log in to LastPass while offline. Any LastPass browser extension, desktop app, or mobile app can be logged into without an Internet connection, and will default to offline mode when no connection is present, if allowed to do so.
There are a couple of things I find slightly ambiguous about the wording in that post, but it implies to me that having the LastPass servers down should not have impeded use of the local cached version of the database. All the password managers supporting a distributed database will of course need access to the central servers when doing updates.
Re: Do you use a password manager?
I used Lastpass for 10 years. It was decent but clunky. I switched to Bitwarden and couldn't be happier. Easy to use across different operating systems and devices. You can install it on your desktop or as an extension in your web browser.
My favorite feature is that I can require the master password to log into specific sites or apps while still maintaining the ease of use logging into forums, reddit, etc..
My favorite feature is that I can require the master password to log into specific sites or apps while still maintaining the ease of use logging into forums, reddit, etc..
Real estate, where even the most mediocre can become wealthy.
Re: Do you use a password manager?
That is a reasonable approach, but I prefer to keep all of my login credentials in one place.anon_investor wrote: ↑Thu Jul 28, 2022 11:25 pm I just use the Google password manager for those kind of logins that don't have financial ramifications. Keepass for the important stuff.
- bertilak
- Posts: 10725
- Joined: Tue Aug 02, 2011 5:23 pm
- Location: East of the Pecos, West of the Mississippi
Re: Do you use a password manager?
There must be more to it than that because I couldn't to log on when LastPass's serve was down. There was no indication it was (trying to?) use a cached copy. The above "if allowed to do so" hints there must be away to "allow" It, but I don't see that in any of the settings. I do have "save a disabled one-time password locally" set but that looks like something else. I don't know how to use that saved password, so maybe that is it. Presumably there re on-line instructions on how to use it. I'll look around for future reference.TN_Boy wrote: ↑Fri Jul 29, 2022 8:38 amWhat happens if LastPass has an outage?
If the systems that support service to LastPass are experiencing an outage or are offline due to scheduled maintenance, you can check the current service status and sign up for real-time notifications at https://status.lastpass.com.
When you log in to your LastPass account via desktop or mobile device while you have an Internet connection, you are creating a locally cached version of your encrypted data to the local drive. This is the data that LastPass loads when you log in to LastPass while offline. Any LastPass browser extension, desktop app, or mobile app can be logged into without an Internet connection, and will default to offline mode when no connection is present, if allowed to do so
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
Re: Do you use a password manager?
I'd certainly *think* it would allow you to access the cached copy, to handle the exact problem you encountered.bertilak wrote: ↑Fri Jul 29, 2022 9:33 amTher must be more to it than that because I couldn't to log on when LastPass's serve was down. There was no indication it was (trying to?) use a cached copy. The above "if allowed to do so" hints there must be away to "allow" It, but I don't see that in any of the settings. I do have "save a disabled one-time password locally" set but that looks like something else. I don't know how to use that saved password, so maybe that's it. Presumably there re on-line instructions on how to use it. I'll look around for future reference.TN_Boy wrote: ↑Fri Jul 29, 2022 8:38 amWhat happens if LastPass has an outage?
If the systems that support service to LastPass are experiencing an outage or are offline due to scheduled maintenance, you can check the current service status and sign up for real-time notifications at https://status.lastpass.com.
When you log in to your LastPass account via desktop or mobile device while you have an Internet connection, you are creating a locally cached version of your encrypted data to the local drive. This is the data that LastPass loads when you log in to LastPass while offline. Any LastPass browser extension, desktop app, or mobile app can be logged into without an Internet connection, and will default to offline mode when no connection is present, if allowed to do so.
If there is some setting that needed to be tweaked, that would account for the problem. Or if you'd never used LastPass on that device (or maybe not used LastPass recently on that device and the cached copy is discarded due to age conditions ...but I'm guessing there).
At the risk of confusing the issue, I did find the text I quoted mildly confusing. Off the top of my head, for example, I can think of three different "failure to connect" scenarios, e.g.:
1) No internet access. So, obviously you can't get to LastPass
2) Internet is fine, but LastPass servers are down. Here you'd certainly expect access to a cached copy if it exists.
3) Internet is fine, LastPass servers are fine, but the connection to LastPass servers has an authentication failure.
These are all different failure cases. I could see 3) refusing access to the cached copy.
Here their description of how to setup offline access:
This almost implies you must have MFA setup to enable access to a local cache. But some LastPass guru should come to my aid here, I'm only guessing.Enable offline access for your account
Enable offline access for your LastPass account so you can still access your vault even without an the presence of an Internet connection.
Log in to LastPass and access your vault by doing either of the following:
In your web browser toolbar, click the LastPass icon active LastPass icon and select Open My Vault.
Go to https://lastpass.com/?ac=1 and log in with your email address and master password.
Select Account Settings in the left navigation.
Select the Multifactor Options tab.
Select the Edit icon Edit option for your desired multifactor option.
For the "Enabled" option, use the drop-down menu to select Yes.
For the "Permit Offline Access" option, use the drop-down menu to select Allow. This will store an encrypted vault locally so you can log in without using multifactor authentication in case of a connectivity issue.
Configure all other required fields for your authenticator (if applicable), then select Update when finished.
Enter your master password, then select Continue.
Troubleshooting: If you have not already set up multifactor authentication for your selected multifactor option, follow the steps to enroll your device. Instructions will vary depending on the authenticator option you selected.
You have enabled offline access for your selected multifactor option, and will be able to access your LastPass vault while you are offline.
- bertilak
- Posts: 10725
- Joined: Tue Aug 02, 2011 5:23 pm
- Location: East of the Pecos, West of the Mississippi
Re: Do you use a password manager?
Thanks. My situation was definitely number 2 (Internet is fine, but LastPass servers are down.) Their web page acknowledged a server outage.TN_Boy wrote: ↑Fri Jul 29, 2022 9:46 amI'd certainly *think* it would allow you to access the cached copy, to handle the exact problem you encountered.bertilak wrote: ↑Fri Jul 29, 2022 9:33 amTher must be more to it than that because I couldn't to log on when LastPass's serve was down. There was no indication it was (trying to?) use a cached copy. The above "if allowed to do so" hints there must be away to "allow" It, but I don't see that in any of the settings. I do have "save a disabled one-time password locally" set but that looks like something else. I don't know how to use that saved password, so maybe that's it. Presumably there re on-line instructions on how to use it. I'll look around for future reference.TN_Boy wrote: ↑Fri Jul 29, 2022 8:38 amWhat happens if LastPass has an outage?
If the systems that support service to LastPass are experiencing an outage or are offline due to scheduled maintenance, you can check the current service status and sign up for real-time notifications at https://status.lastpass.com.
When you log in to your LastPass account via desktop or mobile device while you have an Internet connection, you are creating a locally cached version of your encrypted data to the local drive. This is the data that LastPass loads when you log in to LastPass while offline. Any LastPass browser extension, desktop app, or mobile app can be logged into without an Internet connection, and will default to offline mode when no connection is present, if allowed to do so.
If there is some setting that needed to be tweaked, that would account for the problem. Or if you'd never used LastPass on that device (or maybe not used LastPass recently on that device and the cached copy is discarded due to age conditions ...but I'm guessing there).
At the risk of confusing the issue, I did find the text I quoted mildly confusing. Off the top of my head, for example, I can think of three different "failure to connect" scenarios, e.g.:
1) No internet access. So, obviously you can't get to LastPass
2) Internet is fine, but LastPass servers are down. Here you'd certainly expect access to a cached copy if it exists.
3) Internet is fine, LastPass servers are fine, but the connection to LastPass servers has an authentication failure.
These are all different failure cases. I could see 3) refusing access to the cached copy.
Here their description of how to setup offline access:
This almost implies you must have MFA setup to enable access to a local cache. But some LastPass guru should come to my aid here, I'm only guessing.Enable offline access for your account
Enable offline access for your LastPass account so you can still access your vault even without an the presence of an Internet connection.
Log in to LastPass and access your vault by doing either of the following:
In your web browser toolbar, click the LastPass icon active LastPass icon and select Open My Vault.
Go to https://lastpass.com/?ac=1 and log in with your email address and master password.
Select Account Settings in the left navigation.
Select the Multifactor Options tab.
Select the Edit icon Edit option for your desired multifactor option.
For the "Enabled" option, use the drop-down menu to select Yes.
For the "Permit Offline Access" option, use the drop-down menu to select Allow. This will store an encrypted vault locally so you can log in without using multifactor authentication in case of a connectivity issue.
Configure all other required fields for your authenticator (if applicable), then select Update when finished.
Enter your master password, then select Continue.
Troubleshooting: If you have not already set up multifactor authentication for your selected multifactor option, follow the steps to enroll your device. Instructions will vary depending on the authenticator option you selected.
You have enabled offline access for your selected multifactor option, and will be able to access your LastPass vault while you are offline.
I followed the instructions you quoted and enabled "allow offline access." It does seem odd that it is buried deeply in the multifactor area. It would be better if it were raised to a more obvious rea, even if it had to have a note that it required MFA activation to work.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
Re: Do you use a password manager?
Hope it all works correctly for you now. I find password managers essential.bertilak wrote: ↑Fri Jul 29, 2022 10:04 am
...
Thanks. My situation was definitely number 2 (Internet is fine, but LastPass servers are down.) Their web page acknowledged a server outage.
I followed the instructions you quoted and enabled "allow offline access." It does seem odd that it is buried deeply in the multifactor area. It would be better if it were raised to a more obvious rea, even if it had to have a note that it required MFA activation to work.
Re: Do you use a password manager?
I do this for my more critical accounts and it gives me some piece of mind that even if my password manager got hacked (which would be tough given I use a long password and MFA), my critical accounts also require me to manually type in the rest of my password.meadowrue wrote: ↑Sat Jul 23, 2022 7:10 pmThis is really clever. Thanks for sharing. I am the OP who is also a bit of a scaredy cat when it comes to anything other than the old-fashioned “write it down and lock it away.” I feel like I need a better strategy and this might be it!Gaston wrote: ↑Sat Jul 23, 2022 4:34 pmThe above is a fair comment. Some might want to use a 3rd-party password manager but do not want to fully trust a 3rd-party. There is a solution for this that often is recommended to investigative journalists, diplomats and other high profile hacking targets for use on their key accounts. It goes something like this.case_of_ennui wrote: ↑Tue Jul 19, 2022 4:08 pm I use a notepad in my nightstand drawer. I need to look into some of these. I just have trouble trusting third parties with my important passwords.
1. Invent a 4 or 6 digit secret code. Store it in your head or in your bank safety deposit box. Let's say it's 2246.
2. Let the 3rd-party password manager generate a password for a website that you wish to use. Let's say the password manager generates 275Hty@M4&b.
3. When you create the account for the website, let the password manager autofill the 275Hty@M4&b password, then manually enter 2246 at the end.
4. Every time you sign onto the website in the future, do the same as point #3 above. This way, only you know the full password.
In this model, you only have to remember a single secret code (2246) but you use it for all your key websites.
I’ll also add that once you start using a password manager it’s hard to imagine life without it. I’ve got my wife and kids onboard and they were hard sell’s at first. I recommend starting with non-critical accounts and slowly moving over more and more accounts.
Re: Do you use a password manager?
I've used RoboForm since they first released it in 2000 and have been pretty happy with it overall. Still in the middle of a 5 year sub but I might consider something different at the end of the contract.
- bertilak
- Posts: 10725
- Joined: Tue Aug 02, 2011 5:23 pm
- Location: East of the Pecos, West of the Mississippi
Re: Do you use a password manager?
I was a long-time KeePass user and recently switched to LastPass. That was a big improvement, but it makes me wonder if there isn't something else even better.
I am trying Bitwarden because it has very good review. It is also nice, but I wonder how it will be long term.
Does anyone have advice on choosing between the two? First-hand experience with both would be great.
I am trying Bitwarden because it has very good review. It is also nice, but I wonder how it will be long term.
Does anyone have advice on choosing between the two? First-hand experience with both would be great.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
- anon_investor
- Posts: 15122
- Joined: Mon Jun 03, 2019 1:43 pm
Re: Do you use a password manager?
What made you move away from KeePass?bertilak wrote: ↑Sat Jul 30, 2022 7:27 am I was a long-time KeePass user and recently switched to LastPass. That was a big improvement, but it makes me wonder if there isn't something else even better.
I am trying Bitwarden because it has very good review. It is also nice, but I wonder how it will be long term.
Does anyone have advice on choosing between the two? First-hand experience with both would be great.
Re: Do you use a password manager?
1password is the way to go. They have built in military encryption and is approved by most IT departments.
- bertilak
- Posts: 10725
- Joined: Tue Aug 02, 2011 5:23 pm
- Location: East of the Pecos, West of the Mississippi
Re: Do you use a password manager?
LastPass not only records ID/PW but automatically remembers them and fills them into a web page for me. I need not open up an application (KeePass) to copy and paste from. KeePass is a step up from using a spreadsheet but is still a manual process. The LastPass user interface is simpler. LastPass works with YubiKey for 2FA security.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
Re: Do you use a password manager?
I have used Keepass for years. It still meets my needs. My memory is still good and I use a password "algorithm" that helps me remember the passwords for my important sites without consulting it, but it is a good backup to that process.
Re: Do you use a password manager?
I use Password Safe, which is a lot like KeePass. It's also open source, interface looks very similar to KeePass. Runs on Windows/Android/Linux. Started using it years ago and just kind of stuck with it.
https://www.pwsafe.org
I never store my file anywhere but on my home computers and phone. I don't trust any PW managers that store in the cloud. I've dabbled with autofill but rarely use it. Just copy/paste. (Yes, I know it's much slower)
https://www.pwsafe.org
I never store my file anywhere but on my home computers and phone. I don't trust any PW managers that store in the cloud. I've dabbled with autofill but rarely use it. Just copy/paste. (Yes, I know it's much slower)
"Things work out best for those who make the best of the way things work out." ― John Wooden
- oldcomputerguy
- Moderator
- Posts: 17932
- Joined: Sun Nov 22, 2015 5:50 am
- Location: Tennessee
Re: Do you use a password manager?
I use Keepass here, along with the KeePassHttp-Connector browser plugin. The plugin queries KeePass and fills in username/password fields for me.
There is only one success - to be able to spend your life in your own way. (Christopher Morley)
- bertilak
- Posts: 10725
- Joined: Tue Aug 02, 2011 5:23 pm
- Location: East of the Pecos, West of the Mississippi
Re: Do you use a password manager?
I prefer not to use add-ons that may or may not keep up with updates to the main program. It is just one more thing that needs to be managed. It's no big deal in and of itself, but these things pile up. It contributes to the one step forward, two steps back syndrome!oldcomputerguy wrote: ↑Sat Jul 30, 2022 9:42 amI use Keepass here, along with the KeePassHttp-Connector browser plugin. The plugin queries KeePass and fills in username/password fields for me.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
- bertilak
- Posts: 10725
- Joined: Tue Aug 02, 2011 5:23 pm
- Location: East of the Pecos, West of the Mississippi
Re: Do you use a password manager?
I keep my KeePass data file on OneDrive, which I can access from my laptop and my Android phone. That works and does not depend on any extra cloud implementation -- that is, one that I am not already relying heavily on. Not every application, especially older ones, plays well with the cloud and I do see some oddities with KeePass but nothing fatal. Quicken, on the other hand, simply cannot have its data on the cloud -- near-instant corruption -- so I keep it local to my machine (no OneDrive) but compromise by putting its backups on OneDrive. That works well.uaeebs86 wrote: ↑Sat Jul 30, 2022 9:39 am I use Password Safe, which is a lot like KeePass. It's also open source, interface looks very similar to KeePass. Runs on Windows/Android/Linux. Started using it years ago and just kind of stuck with it.
https://www.pwsafe.org
I never store my file anywhere but on my home computers and phone. I don't trust any PW managers that store in the cloud. I've dabbled with autofill but rarely use it. Just copy/paste. (Yes, I know it's much slower)
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
- bertilak
- Posts: 10725
- Joined: Tue Aug 02, 2011 5:23 pm
- Location: East of the Pecos, West of the Mississippi
Re: Do you use a password manager?
Looking at it now. Appears to be about as nice as LastPass and Bitwarden. I will continue to look at both Bitwarden and 1Password as possible replacements (or not) for LastPass.
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
Re: Do you use a password manager?
I use 1Password.
So far I like it.
So far I like it.
Get most of it right and don't make any big mistakes. All else being equal, simpler is better. Simple is as simple does.
- bertilak
- Posts: 10725
- Joined: Tue Aug 02, 2011 5:23 pm
- Location: East of the Pecos, West of the Mississippi
Re: Do you use a password manager?
Can you compare it to LastPass and Bitwarden?
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
Re: Do you use a password manager?
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
- bertilak
- Posts: 10725
- Joined: Tue Aug 02, 2011 5:23 pm
- Location: East of the Pecos, West of the Mississippi
Re: Do you use a password manager?
Great help!
May neither drought nor rain nor blizzard disturb the joy juice in your gizzard. -- Squire Omar Barker (aka S.O.B.), the Cowboy Poet
Re: Do you use a password manager?
I haven't used any others.
Get most of it right and don't make any big mistakes. All else being equal, simpler is better. Simple is as simple does.
-
- Posts: 186
- Joined: Mon Mar 14, 2022 7:18 pm
Re: Do you use a password manager?
FWIW "military encryption" is just a marketing buzzword for AES-256 encryption, which is what everything uses nowadays. Not that that's a bad thing, but I wouldn't go making decisions based on that alone.
- CardinalRule
- Posts: 1204
- Joined: Sun Jan 15, 2017 10:01 am
- Location: United States
Re: Do you use a password manager?
This question comes up frequently on this forum, and as I’ve said in previous threads, 1Password, with the family plan, works great for DW and me. We have it on our computers (home and work) and mobile devices. Almost all of our passwords are shared across our vaults (work-related ones being the primary exception). I love how password changes on one device quickly update on others.
I feel good about the security of our passwords, and 1Password helps point out weak or reused passwords. We both have very strong master passwords, and even 1Password does not know what they are.
https://blog.1password.com/what-if-1pas ... ts-hacked/
There are some other good products out there, but 1Password has really done the job for us. We consider it to be an essential and worthwhile annual purchase.
I feel good about the security of our passwords, and 1Password helps point out weak or reused passwords. We both have very strong master passwords, and even 1Password does not know what they are.
https://blog.1password.com/what-if-1pas ... ts-hacked/
There are some other good products out there, but 1Password has really done the job for us. We consider it to be an essential and worthwhile annual purchase.