Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4

mdf

2231 posts

Uber Geek
+1 received by user: 687

Trusted
Subscriber

  # 1326117 16-Jun-2015 21:38
Send private message

richms: Time for a new masterpassword.

Good thing too because I was getting sick of the one I had with its too many alternating symbols and letters. Pain on the phone.


+1

I ended up changing some of the symbols on my master password because the old ones weren't on the number screen of my keyboard - had to go numbers then additional symbols. It's surprising just how niggly one extra keypress can be.

mdf

2231 posts

Uber Geek
+1 received by user: 687

Trusted
Subscriber

  # 1326120 16-Jun-2015 21:45
Send private message

freitasm: As I said I've installed Intel TrueKey. Basically you create an account and register your face. It is then your unlock key - it works on Windows (Internet Explorer and Chrome) and Android. It can also be used to log into Windows - activate it, lock Windows, unlock using your face then enter the Windows password. This associates it with your account.

Passwords are synchronised between devices but they don't have the key. Add 2FA where available (LinkedIn, Google account, Twitter, Facebook, Microsoft account, Dropbox, etc, etc) and you are getting closer to being safer. And remember not to repeat your password between services.



I've been waiting for my Nymi for a while now. I really hope it doesn't end up being vaporware. It's a mini ECG bracelet. Authenticates you by your "unique" cardiovascular signature.

My father-in-law is an exercise cardiologist and has confirmed that your ECG is unique. He was skeptical at just how good a reading you're going to get out of a sensor the size of a watch. It's entirely probable that someone in the world has a similar enough ECG to me that they could pretend to be me (particularly with a "low res" sensor). But the chances of that person getting their hands on my authentication token (and password - it's 2FA) are pretty slim.

 
 
 
 


348 posts

Ultimate Geek
+1 received by user: 83


  # 1326210 17-Jun-2015 00:28
Send private message

Personally, I'm super surprised by how many of these "password keepers" there are out there, and even more surprised by the number of people who USE them! 

I'm sorry, I'm not trying to troll, but come on, really people? Have you not heard of the good ol' passPHRASE?  One phrase or mnemonic, you substitute in the name of the site or whatever it relates to, and a number somewhere. Make sure you include a capital letter or two and it'll work for ANY site. Well, except maybe ASB's internet banking, where you can't have a password longer than 8 characters - yes, SERIOUSLY! 

956 posts

Ultimate Geek
+1 received by user: 346
Inactive user


  # 1326213 17-Jun-2015 00:51
Send private message

Yeah, I have over 150 sites in my database. There's no way I'm using a phrase with different numbers or something related to the site itself in the password.

Also, back in May ASB made changes so you can have up to 100 characters, might want to update your asb12345 passphrase now.

14906 posts

Uber Geek
+1 received by user: 2028


  # 1326214 17-Jun-2015 01:03
Send private message

markl: Personally, I'm super surprised by how many of these "password keepers" there are out there, and even more surprised by the number of people who USE them! 

I'm sorry, I'm not trying to troll, but come on, really people? Have you not heard of the good ol' passPHRASE?  One phrase or mnemonic, you substitute in the name of the site or whatever it relates to, and a number somewhere. Make sure you include a capital letter or two and it'll work for ANY site. Well, except maybe ASB's internet banking, where you can't have a password longer than 8 characters - yes, SERIOUSLY! 


So you manually type in passwords? the big benefit of lastpass, is that it automatically fills in the password details, and you set it to create random password, so you never need to ever know the password for any website. No risk of keyloggers intercepting it. I think it is a far safer system. If people don't trust these type of systems, then they should disconnect from the internet now, and not use any cloud based systems, including data backups, and put on their tin foil hat.

348 posts

Ultimate Geek
+1 received by user: 83


  # 1326215 17-Jun-2015 01:04
Send private message

JamesL: Yeah, I have over 150 sites in my database. There's no way I'm using a phrase with different numbers or something related to the site itself in the password.

Also, back in May ASB made changes so you can have up to 100 characters, might want to update your asb12345 passphrase now.


Thanks for the smartass reply mate. A phrase, in case you didn't do English in secondary school, usually consists if more than one word.

For example you could use "Iamlogginginto___12", where the ___ is the name of the website, system, etc. that it's protecting. Don't want to use a phase? Turn it into an acronym perhaps: Iali___12 - easy enough to remember either of those for hundreds and hundreds if sites. If you can remember the name of the site or system you're logging into, then you can remember the password.

WRT ASB and their (firmer) restrictions, it's great that they've done that - a whole month ago...good on them

348 posts

Ultimate Geek
+1 received by user: 83


  # 1326216 17-Jun-2015 01:05
Send private message

mattwnz:
markl: Personally, I'm super surprised by how many of these "password keepers" there are out there, and even more surprised by the number of people who USE them! 

I'm sorry, I'm not trying to troll, but come on, really people? Have you not heard of the good ol' passPHRASE?  One phrase or mnemonic, you substitute in the name of the site or whatever it relates to, and a number somewhere. Make sure you include a capital letter or two and it'll work for ANY site. Well, except maybe ASB's internet banking, where you can't have a password longer than 8 characters - yes, SERIOUSLY! 


So you manually type in passwords? the big benefit of lastpass, is that it automatically fills in the password details, and you set it to create random password, so you never need to ever know the password for any website. No risk of keyloggers intercepting it. I think it is a far safer system. If people don't trust these type of systems, then they should disconnect from the internet now, and not use any cloud based systems, including data backups, and put on their tin foil hat.


Yeah, clearly I'm less lazy than the rest of the universe...I don't mind typing a few characters on my keyboard...

 
 
 
 


14906 posts

Uber Geek
+1 received by user: 2028


  # 1326217 17-Jun-2015 01:12
Send private message

markl:
mattwnz:
markl: Personally, I'm super surprised by how many of these "password keepers" there are out there, and even more surprised by the number of people who USE them! 

I'm sorry, I'm not trying to troll, but come on, really people? Have you not heard of the good ol' passPHRASE?  One phrase or mnemonic, you substitute in the name of the site or whatever it relates to, and a number somewhere. Make sure you include a capital letter or two and it'll work for ANY site. Well, except maybe ASB's internet banking, where you can't have a password longer than 8 characters - yes, SERIOUSLY! 


So you manually type in passwords? the big benefit of lastpass, is that it automatically fills in the password details, and you set it to create random password, so you never need to ever know the password for any website. No risk of keyloggers intercepting it. I think it is a far safer system. If people don't trust these type of systems, then they should disconnect from the internet now, and not use any cloud based systems, including data backups, and put on their tin foil hat.


Yeah, clearly I'm less lazy than the rest of the universe...I don't mind typing a few characters on my keyboard...


I can see your logic, but the problem is that many websites require you to regually change you password, so using your system may mean that you have to invent a new one, and you may not know which version you are using. Also entering passwords on a touchscreen device is painful. Really any password system like the current ones, are not the solution for the future.

348 posts

Ultimate Geek
+1 received by user: 83


  # 1326219 17-Jun-2015 01:20
Send private message

mattwnz: Really any password system like the current ones, are not the solution for the future.


Oh I quite agree. Saying that and making it happen are two different things though - Jo/Joe Average needs to be convinced to make a change away from passwords, and so far that's not looking like happening any time soon...



BDFL - Memuneh
63640 posts

Uber Geek
+1 received by user: 14095

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1326285 17-Jun-2015 09:30
Send private message

markl: Personally, I'm super surprised by how many of these "password keepers" there are out there, and even more surprised by the number of people who USE them! 

I'm sorry, I'm not trying to troll, but come on, really people? Have you not heard of the good ol' passPHRASE?  One phrase or mnemonic, you substitute in the name of the site or whatever it relates to, and a number somewhere. Make sure you include a capital letter or two and it'll work for ANY site. Well, except maybe ASB's internet banking, where you can't have a password longer than 8 characters - yes, SERIOUSLY! 


Many people already commented but. I have about 600 services in my LastPass. Some require change every 30 days, some I change because I want to keep it random. A passphrase is ok if you have one service and don't change often. Other than this, it's not humanly possible to keep on top of things.

On another note, a bit more polite replies here people or temporary bans will be handed out.





mdf

2231 posts

Uber Geek
+1 received by user: 687

Trusted
Subscriber

  # 1326302 17-Jun-2015 09:43
Send private message

freitasm: Many people already commented but. I have about 600 services in my LastPass. Some require change every 30 days, some I change because I want to keep it random. A passphrase is ok if you have one service and don't change often. Other than this, it's not humanly possible to keep on top of things.

On another note, a bit more polite replies here people or temporary bans will be handed out.



600!? Are all those regularly used, or are some from stupid webstores that insist on you creating an account even though the chances of you ever shopping there again are next to zero (I hate hate hate this - let me check out as a guest if I want!).

I thought I had a lot with ~100. And even that includes a lot of duplicates for things like work and personal log ons, and several kids library cards. I'd use about 10% of those stored details about 90% of the time, I reckon.





BDFL - Memuneh
63640 posts

Uber Geek
+1 received by user: 14095

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1326319 17-Jun-2015 10:05
Send private message

A very few are regularly used, of course. Now and then I look at these and if I can't remember a service being used I try and close the account. Most of these disappear over time - the number of SaaS offering the popup and disappear/merge/pivot is incredible.





286 posts

Ultimate Geek
+1 received by user: 70


  # 1326327 17-Jun-2015 10:17
Send private message

mdf: 600!? Are all those regularly used


I thought similar...just how many porn sites can one man be a member of?
In Lastpass there is a security check tool which gives you a score based on password 'strength', uniqueness and other categories (it also checks your known email addresses against security breach lists etc), but one bit I didn't like was a score based on how many services you had stored. I got a percentage deduction in that area simply because I only have 20 services. Part of me doesn't like them wanting more info...almost made it feel like they were fishing for my info...the details of the score break down and your actual position has now gone and been replaced by percentages which seems better (though less informative)

I currently get

 

 

93% - Your Security Score

 

 

 

Top 1% - Your LastPass Standing

 

 

 

100% - Master Password Score

One bit I really like here is how it shows you which sites support auto changing of passwords, so you can click one button and Lastpass will log in and change your password for you (very similar to how automated testing tools work), it is very impressive.

 





Amanzi
921 posts

Ultimate Geek
+1 received by user: 110

Trusted
Subscriber

  # 1326334 17-Jun-2015 10:24
One person supports this post
Send private message

Most security researchers agree that using a password manager is better than remembering individual passwords, though there are still a large number of security professionals that would put forward a strong case against using them. Personally, I think I'm far more secure only remembering one master password than lots of individual passwords.

Something interesting about the LastPass hack is that the hackers didn't manage to get hold of the Vault data which means that it's being stored in a separate system to the user accounts which is another sign of good security from LastPass. I think they've done about as well as can be expected in this circumstance so I'm comfortable sticking with LastPass for now.

348 posts

Ultimate Geek
+1 received by user: 83


  # 1326348 17-Jun-2015 10:33
Send private message

amanzi: Something interesting about the LastPass hack is that the hackers didn't manage to get hold of the Vault data which means that it's being stored in a separate system to the user accounts which is another sign of good security from LastPass. I think they've done about as well as can be expected in this circumstance so I'm comfortable sticking with LastPass for now.


That is a good point - on the strength of that report, they do clearly take the security of the data they're storing very seriously, as they should. I guess it's best to treat it as virtually inevitable that any service on the internet is hackable - it's just a fact of life. Whether it will or not is really just a question of how much effort the hacker would need to go to do it, and how much they'd gain from having done so.

1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35


Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18


E-scooter share scheme launches in Wellington
Posted 17-Jun-2019 12:34


Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51


Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47


100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35


5G uptake even faster than expected
Posted 12-Jun-2019 10:01


Xbox showcases 60 anticipated games
Posted 10-Jun-2019 20:24


Trend Micro Turns Public Hotspots into Secure Networks with WiFi Protection for Mobile Devices
Posted 5-Jun-2019 13:24


Bold UK spinoff for beauty software company Flossie
Posted 2-Jun-2019 14:10


Amazon Introduces Echo Show 5
Posted 1-Jun-2019 15:32



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.