Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4

dpw

832 posts

Ultimate Geek
+1 received by user: 14

Trusted

  # 1325649 16-Jun-2015 11:17
Send private message

I know the topic is about LastPass but, while we're talking about options, has anyone tried out Dashlane? I am an avid user of Swiftkey on Android and I noticed they have partnered up with Dashlane.




Android user, software developer, a semi-typical (not a gamer) geek, and a Bernese Mountain Dog nut!

http://savitarbernese.com | https://nz.linkedin.com/in/danywu

3277 posts

Uber Geek
+1 received by user: 873

Trusted
Lifetime subscriber

  # 1325665 16-Jun-2015 11:30
Send private message

dpw: I know the topic is about LastPass but, while we're talking about options, has anyone tried out Dashlane? I am an avid user of Swiftkey on Android and I noticed they have partnered up with Dashlane.


I used it for a while, this is when it was $19.99US a year, was not really worth the price then and just notice it has gone up to $40US a year.

They do most of it via a desktop app you install and it runs in the back ground.

 
 
 
 


Amanzi
921 posts

Ultimate Geek
+1 received by user: 110

Trusted
Subscriber

  # 1325748 16-Jun-2015 13:34
Send private message

dpw: I know the topic is about LastPass but, while we're talking about options, has anyone tried out Dashlane? I am an avid user of Swiftkey on Android and I noticed they have partnered up with Dashlane.


I really like the look of Dashlane but for me the LastPass wins because of the Chrome extension and Android app. When I last looked Dashlane it didn't have a Chrome extension (needed a Windows app to be installed) and the Android app couldn't autofill apps and browser windows (like LastPass can).

14874 posts

Uber Geek
+1 received by user: 2017


  # 1325817 16-Jun-2015 14:53
Send private message

I use lastpass, and haven't received any notification about this from them to change my password. Nor is it on their websites homepage. Not good that they have only put it on their blog, because who actually reads their blog?

3700 posts

Uber Geek
+1 received by user: 1003


  # 1325823 16-Jun-2015 15:03
Send private message

I only recieved an email from Lastpass at 12pm, so perhaps it's taking them a while to contact all users?

14874 posts

Uber Geek
+1 received by user: 2017


  # 1325828 16-Jun-2015 15:13
Send private message

I think this statement by lastpass is a bit wishywashy, and is complicating it with meaningless jargon for 99% of people reading it. It is either secure or it isn't. I've changed my password even though it says not to until I am emailed.

"We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed."

Amanzi
921 posts

Ultimate Geek
+1 received by user: 110

Trusted
Subscriber

  # 1325853 16-Jun-2015 15:33
Send private message

mattwnz: I think this statement by lastpass is a bit wishywashy, and is complicating it with meaningless jargon for 99% of people reading it. It is either secure or it isn't. I've changed my password even though it says not to until I am emailed.

"We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed."


It is secure *if* you have a good password. But even if you have a low-strength password then it should still be reasonably secure due to the server-side encryption they use. But all the encryption in the world can't help people who insist on using crappy passwords...

 
 
 
 


14874 posts

Uber Geek
+1 received by user: 2017


  # 1325864 16-Jun-2015 15:43
Send private message

amanzi:
mattwnz: I think this statement by lastpass is a bit wishywashy, and is complicating it with meaningless jargon for 99% of people reading it. It is either secure or it isn't. I've changed my password even though it says not to until I am emailed.

"We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed."


It is secure *if* you have a good password. But even if you have a low-strength password then it should still be reasonably secure due to the server-side encryption they use. But all the encryption in the world can't help people who insist on using crappy passwords...


This is more about the encryption measures, rather than a good password, as it would go without saying that the password would need a 'good' rating. I use a long paraphase with mixed characters and numbers, and it was detected as being very strong. But the problem is remembering it, and the if you are forced to change it, coming up with a good new one and remembering that. At least with last pass, there is just one password you need to remember.

Edit: just had the email from them.

591 posts

Ultimate Geek
+1 received by user: 160


  # 1326024 16-Jun-2015 19:39
One person supports this post
Send private message

Just remember that there is no universal password meter standard against which passwords are evaluated. Many will indicate a strong password just by using 8 characters, one number and a special character (how many out there put the special characters at the beginning or ends of their passwords?). Passwords like these are relatively trivial to brute force.

22149 posts

Uber Geek
+1 received by user: 4726

Trusted
Subscriber

  # 1326029 16-Jun-2015 19:44
Send private message

you mean like making the monthly password you have to change be something like June2015! ? Never seen that happen ;)




Richard rich.ms

mdf

2229 posts

Uber Geek
+1 received by user: 686

Trusted
Subscriber

  # 1326033 16-Jun-2015 19:46
Send private message

wsnz: Just remember that there is no universal password meter standard against which passwords are evaluated. Many will indicate a strong password just by using 8 characters, one number and a special character (how many out there put the special characters at the beginning or ends of their passwords?). Passwords like these are relatively trivial to brute force 


Most password strength meter things also don't look at things like common words (which are easily subject to a dictionary attack), even with c0mm0n 5ub5t1ut10n5 or stringingseveralwordstogether. Or, as wsnz said, with a number or symbol at the start or end. The famous XKCD password strength cartoon is one of the few things I think Randall actually got wrong.

The only secure password is something truly random or quasi random like a good mnemonic.



BDFL - Memuneh
63563 posts

Uber Geek
+1 received by user: 14052

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1326050 16-Jun-2015 20:09
Send private message

As I said I've installed Intel TrueKey. Basically you create an account and register your face. It is then your unlock key - it works on Windows (Internet Explorer and Chrome) and Android. It can also be used to log into Windows - activate it, lock Windows, unlock using your face then enter the Windows password. This associates it with your account.

Passwords are synchronised between devices but they don't have the key. Add 2FA where available (LinkedIn, Google account, Twitter, Facebook, Microsoft account, Dropbox, etc, etc) and you are getting closer to being safer. And remember not to repeat your password between services.





2152 posts

Uber Geek
+1 received by user: 545


  # 1326065 16-Jun-2015 20:43
Send private message

Switched from keepass to lastpass earlier this year, its so much easier and convenient. 


22149 posts

Uber Geek
+1 received by user: 4726

Trusted
Subscriber

  # 1326095 16-Jun-2015 21:19
One person supports this post
Send private message

Time for a new masterpassword.

Good thing too because I was getting sick of the one I had with its too many alternating symbols and letters. Pain on the phone.




Richard rich.ms

14874 posts

Uber Geek
+1 received by user: 2017


  # 1326102 16-Jun-2015 21:26
Send private message

freitasm: As I said I've installed Intel TrueKey. Basically you create an account and register your face. It is then your unlock key - it works on Windows (Internet Explorer and Chrome) and Android. It can also be used to log into Windows - activate it, lock Windows, unlock using your face then enter the Windows password. This associates it with your account.



What if you have a major accident or illness which deforms your face though? Although rare, it does happen. Also presume it needs a camera, good lighting etc.  I like the windows picture password feature when you draw a pattern on the screen over the top of an image. Easy to remember, and can't be keylogged. But if someone came out with the perfect password system, they would be multi-billionaires

1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51


Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47


100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35


5G uptake even faster than expected
Posted 12-Jun-2019 10:01


Xbox showcases 60 anticipated games
Posted 10-Jun-2019 20:24


Trend Micro Turns Public Hotspots into Secure Networks with WiFi Protection for Mobile Devices
Posted 5-Jun-2019 13:24


Bold UK spinoff for beauty software company Flossie
Posted 2-Jun-2019 14:10


Amazon Introduces Echo Show 5
Posted 1-Jun-2019 15:32


Epson launches new 4K Pro-UHD projector technology
Posted 1-Jun-2019 15:26


Lenovo and Qualcomm unveil first 5G PC called Project Limitless
Posted 28-May-2019 20:23


Intel introduces new 10th Gen Intel Core Processors and Project Athena
Posted 28-May-2019 19:28


Orcon first to trial residential 10Gbps broadband
Posted 28-May-2019 11:20


Video game market in New Zealand passes half billion dollar mark
Posted 24-May-2019 16:15


WLG-X festival to celebrate creativity and innovation
Posted 22-May-2019 17:53


HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.