HI
I cannot post in Sales Corner I am a newbie but I have been following the Talk over there re A/Cs being hacked and people urging strong passwords
I use Last Pass which is a password manager it runs as an extension in your Browser you can get it to generate a password for you I just did and this is the password it generated for me "AdAmGr1oHsXHwFIXVGfaB46kgcqq7a6aHz4hJ0UlKI04s 4sl"
As you can see its pretty hard to crack but the beauty for me is I dont have to remember any of these passwords as Lastpass keeps them in an encrypted vault and automatically fills in my login when i visit a site
If I am travelling ang log on to a pc that does not have the lastpass extension then I simply login to my lastpass A/C and it then does everything for me
I have a different password for all sites because they are generated at random by lastpass
There is also a Lastpass app for android so I can use it on my Phone and tablet you can even have 2 step Verification with Yubikey
I find it great and I only ever have to remember one password thats my lastpass one
I have no affilation with this product just I use it and find it great
mylesm
Thanks for the heads up, I checked into this and worryingly the first 2 links were about hacks to their site on June 15th (albeit to the master password on their site and not the ones contained within). I hope you have changed your password since then!!
http://www.forbes.com/sites/katevint...ter-passwords/
http://www.theregister.co.uk/2015/06...s_data_breach/
Yes I saw that but they actually never got to the password vault and because its encrypted and decrypted locally and I use a yubikey as well so that means even if someone gets my master password unless the have the yubikey as well which is a small key generator that I have on my keychain they cannot access my vaultOriginally Posted by SIB
But I know you are only as safe as you can try to be but there is always a risk but I think with the yubikey as well its pretty safe
https://www.yubico.com/products/yubi...are/yubikey-2/
Thanks
Mylesm
Last edited by mylesm; 17th September 2015 at 15:35.
I also use Lastpass with a Yubikey. Great kit, very secure and works across all platforms (android, iOS etc).
Regards,
Si
That looks pretty secure to me, I might have to invest in something similar myself. Looking at the amount of accounts I have across various forums / emails accounts / gaming platforms / etc it's actually quite surprising and yes I'm guilty of having the same passwords for several of them!
If you want you can download the free version and use the app google authenticator to give you 2 step verification so you log into lastpass and then you have to enter a code as well from Authenticator giving you 2 step verification I have the pc in my house set as a trusted computer in lastpass so It logs in automatically and I only need to use my password if I log in from another location
You can do this all free
Mylesm
The 5127R that I had for sale in the SC was also hacked.
And the price was dropped significantly, thankfully some eagle eyed members saw what was happening. But that time I had already lost control, of not only on this forum, but also Timezone & TRF.
Thanks to Eddie, I am now back up running, well on this site at least :)
Thanks for the info regarding Lastpass I shall take a look.
May I also recommend last pass, especially if used with 2 stage authentication. Yubikey is good but can be a pain to have with you at all times. Google's Authenticator app does the trick with login codes on your mobile which is usually with you.
It goes without saying that passwords should be different for each site. Last pass enables you to set complicated ones but I still like to be able to have a chance at remembering it. I use a scheme. Think of a 4 digit number add a word and then have a site specific word. So for example 1066speedyeddie could be a TZUK password and 1066speedysubdate could be for TRF.
Sadly it's a dangerous world out there. An acquaintance was scammed this week to the tune of tens of thousands of pounds by means of a spoofed email. He feels a fool. He's not they are clever and despicable.
David
Infinite Diversity in Infinite Combinations
I use roboform with blowfish level encryption and min 8 character random generator on every site.
They don't store your master password either so if ever was hacked data would still be encrypted to whichever level to choose.
It syncs across all my devices so no updating each machine or device etc
Without it if be stuck as I have over 150 sites that have logins with username and passwords
Far safer then a fair few friends who have the same password for every site
But of info on key features and always loads of offers on last time I renewed paid £20 for 3 years🏼
http://www.roboform.com/key-features
Last edited by Seamaster77; 18th September 2015 at 10:00.
I changed form last pass to Password Safe a couple of years ago.
For a few reasons: the free version of last pas didn't integrate with Android devices, this is opensource software, I value the security backgound of Bruce Schneier, and I prefer to have my passwords under my control and not in a 3rd party web site.
The software just runs from a folder, so you can store it on drop box if you wish to access it across the web and has been ported to run on android devices.
Posting Permissions
Reply With Quote
