Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 

mdf

2230 posts

Uber Geek
+1 received by user: 687

Trusted
Subscriber

  # 1326349 17-Jun-2015 10:33
Send private message

I do periodic culls too, though finding the "delete my account" thing is often a right royal pain. It would be nice to get something similar to the "unsubscribe" spam email thing - a prominent (and functional) "delete my account".

277 posts

Ultimate Geek
+1 received by user: 57


  # 1326520 17-Jun-2015 14:01
Send private message

This thread illustrates just how hard it is to do the 'right' thing in managing passwords.  It would seem there is no 'right' way as experts have different points of view.  I have over 300 passwords in my 1Password vault, some of those are work related, some have unique passwords, some have weak passwords, some have passwords that need to be changed every 90 days and so forth. Just like everyone else I suspect.  Those who say "this is THE answer' are only really saying "this works well for me".  If we who post here, who I imagine have a higher technical IQ than most of the population, have different views on the best approach to managing and storing passwords, imagine what it is like for the average user?  Putting a password on a post-it note and attaching it the screen may seem silly and dangerous to us, but perhaps that works best for a great many people.  The complexity around managing a large number of systems across multiple devices is enough to deter many from implementing robust or comprehensive processes and tools.  




Tinshed
Wellington, New Zealand


 
 
 
 


286 posts

Ultimate Geek
+1 received by user: 70


  # 1326525 17-Jun-2015 14:11
One person supports this post
Send private message

Tinshed: ....  Putting a password on a post-it note and attaching it the screen may seem silly and dangerous to us, but perhaps that works best for a great many people.  ....


natural selection

one of the best bits of this season of silicon valley right there.




14884 posts

Uber Geek
+1 received by user: 2019


  # 1326533 17-Jun-2015 14:26
Send private message

Tinshed: This thread illustrates just how hard it is to do the 'right' thing in managing passwords.  It would seem there is no 'right' way as experts have different points of view.  I have over 300 passwords in my 1Password vault, some of those are work related, some have unique passwords, some have weak passwords, some have passwords that need to be changed every 90 days and so forth. Just like everyone else I suspect.  Those who say "this is THE answer' are only really saying "this works well for me".  If we who post here, who I imagine have a higher technical IQ than most of the population, have different views on the best approach to managing and storing passwords, imagine what it is like for the average user?  Putting a password on a post-it note and attaching it the screen may seem silly and dangerous to us, but perhaps that works best for a great many people.  The complexity around managing a large number of systems across multiple devices is enough to deter many from implementing robust or comprehensive processes and tools.  

 

A post it note though is not as secure as last pass, if you have got a password on your computer, and you have got last pass to log you out each time you exit the browser. The way to possibly tell the best solution is to ask banks what whey recommend, and whether using a system like lastpass is acceptable. I doubt a post it note would be acceptable, as it isn't encrypted or secure.

Amanzi
921 posts

Ultimate Geek
+1 received by user: 110

Trusted
Subscriber

  # 1326542 17-Jun-2015 14:44
Send private message

mattwnz: A post it note though is not as secure as last pass, if you have got a password on your computer, and you have got last pass to log you out each time you exit the browser. The way to possibly tell the best solution is to ask banks what whey recommend, and whether using a system like lastpass is acceptable. I doubt a post it note would be acceptable, as it isn't encrypted or secure.


If you have complete physical security of your computer, e.g. you live alone, then the post-it note should be more secure than LastPass. And if someone has access to your computer then you're probably screwed anyway - even if you're using LastPass.

389 posts

Ultimate Geek
+1 received by user: 90

Subscriber

  # 1326601 17-Jun-2015 15:45
Send private message

amanzi: If you have complete physical security of your computer, e.g. you live alone, then the post-it note should be more secure than LastPass. And if someone has access to your computer then you're probably screwed anyway - even if you're using LastPass.


I'm guessing that theft of your computer/phone is a big vulnerability, since it's a fairly common occurrence and it exposes every account to cracking a single password again. At least in that event you usually know it's happened and you can try to shut down key accounts.

I got started on LastPass then chickened out after reading on their forums what happens after you commit all your accounts to passwords generated by LastPass and then something gets corrupted. Recovering from that doesn't bear thinking about.  I'm sure it's rare but it obviously happens.

KeePass looks safer in that respect but is a lot less convenient to use.  Plus for a Windows phone you a have to rely on an "unauthorised" app with access to the database, which is entirely unacceptable IMHO.

Not an easy one for the average person.




McLean


890 posts

Ultimate Geek
+1 received by user: 64

Subscriber

  # 1326699 17-Jun-2015 17:00
Send private message

mclean:
amanzi: If you have complete physical security of your computer, e.g. you live alone, then the post-it note should be more secure than LastPass. And if someone has access to your computer then you're probably screwed anyway - even if you're using LastPass.


I'm guessing that theft of your computer/phone is a big vulnerability, since it's a fairly common occurrence and it exposes every account to cracking a single password again. At least in that event you usually know it's happened and you can try to shut down key accounts.

I got started on LastPass then chickened out after reading on their forums what happens after you commit all your accounts to passwords generated by LastPass and then something gets corrupted. Recovering from that doesn't bear thinking about.  I'm sure it's rare but it obviously happens.

KeePass looks safer in that respect but is a lot less convenient to use.  Plus for a Windows phone you a have to rely on an "unauthorised" app with access to the database, which is entirely unacceptable IMHO.

Not an easy one for the average person.


I have used lastpass both at the enterprise side managing multiple people yubikeys etc.. along with using lastpass personally for what mustn't be far off 10 years have never seen this personally only thing was now and again local cache can get corrupt and user has to click lastpass advanced tools clear local cache and it re-pulls your vault data.

You can also export lastpass data for backup purposes.

Security of lastpass vs keepass stored in dropbox seems negligible - 2 factor auth would be a better option.

Having your phone stolen is a worry in multiple ways not just lastpass - one thing I like with the iphone 6 is the finger print reader is better than some and can be used by lastpass to unlock the vault rather than entering a password all the time.

 
 
 
 


3278 posts

Uber Geek
+1 received by user: 878

Trusted
Lifetime subscriber

  # 1326703 17-Jun-2015 17:11
Send private message

rphenix:
mclean:
amanzi: If you have complete physical security of your computer, e.g. you live alone, then the post-it note should be more secure than LastPass. And if someone has access to your computer then you're probably screwed anyway - even if you're using LastPass.


I'm guessing that theft of your computer/phone is a big vulnerability, since it's a fairly common occurrence and it exposes every account to cracking a single password again. At least in that event you usually know it's happened and you can try to shut down key accounts.

I got started on LastPass then chickened out after reading on their forums what happens after you commit all your accounts to passwords generated by LastPass and then something gets corrupted. Recovering from that doesn't bear thinking about.  I'm sure it's rare but it obviously happens.

KeePass looks safer in that respect but is a lot less convenient to use.  Plus for a Windows phone you a have to rely on an "unauthorised" app with access to the database, which is entirely unacceptable IMHO.

Not an easy one for the average person.


I have used lastpass both at the enterprise side managing multiple people yubikeys etc.. along with using lastpass personally for what mustn't be far off 10 years have never seen this personally only thing was now and again local cache can get corrupt and user has to click lastpass advanced tools clear local cache and it re-pulls your vault data.

You can also export lastpass data for backup purposes.

Security of lastpass vs keepass stored in dropbox seems negligible - 2 factor auth would be a better option.

Having your phone stolen is a worry in multiple ways not just lastpass - one thing I like with the iphone 6 is the finger print reader is better than some and can be used by lastpass to unlock the vault rather than entering a password all the time.


What I find great about last pass is you can remove the device/authorization and even if they have password/pin it won't let them access the data.


277 posts

Ultimate Geek
+1 received by user: 57


  # 1326741 17-Jun-2015 18:20
Send private message

mattwnz:
Tinshed: This thread illustrates just how hard it is to do the 'right' thing in managing passwords.  It would seem there is no 'right' way as experts have different points of view.  I have over 300 passwords in my 1Password vault, some of those are work related, some have unique passwords, some have weak passwords, some have passwords that need to be changed every 90 days and so forth. Just like everyone else I suspect.  Those who say "this is THE answer' are only really saying "this works well for me".  If we who post here, who I imagine have a higher technical IQ than most of the population, have different views on the best approach to managing and storing passwords, imagine what it is like for the average user?  Putting a password on a post-it note and attaching it the screen may seem silly and dangerous to us, but perhaps that works best for a great many people.  The complexity around managing a large number of systems across multiple devices is enough to deter many from implementing robust or comprehensive processes and tools.  

A post it note though is not as secure as last pass, if you have got a password on your computer, and you have got last pass to log you out each time you exit the browser. The way to possibly tell the best solution is to ask banks what whey recommend, and whether using a system like lastpass is acceptable. I doubt a post it note would be acceptable, as it isn't encrypted or secure.


My point was that given the complexity and differences of opinion about the best way to handle passwords, many people will resort to very simple/unsecure solutions, such as post-it notes.  It is simply too hard for many people to manage access to multiple systems with multiple passwords. So they resort to the easiest solution.  And to be honest in some cases, so  do I.  For example, for many sites I use the same password. It is simply too hard to have industrial strength passwords for those myriad of sites that require a basic level of logon.  Not my bank password of course! So no matter if my bank finds a post-it note acceptable or not, for many people (not me) it is the best answer.




Tinshed
Wellington, New Zealand


14884 posts

Uber Geek
+1 received by user: 2019


  # 1326746 17-Jun-2015 18:36
One person supports this post
Send private message

mclean:
amanzi: If you have complete physical security of your computer, e.g. you live alone, then the post-it note should be more secure than LastPass. And if someone has access to your computer then you're probably screwed anyway - even if you're using LastPass.


I'm guessing that theft of your computer/phone is a big vulnerability, since it's a fairly common occurrence and it exposes every account to cracking a single password again. At least in that event you usually know it's happened and you can try to shut down key accounts.

I got started on LastPass then chickened out after reading on their forums what happens after you commit all your accounts to passwords generated by LastPass and then something gets corrupted. Recovering from that doesn't bear thinking about.  I'm sure it's rare but it obviously happens.

KeePass looks safer in that respect but is a lot less convenient to use.  Plus for a Windows phone you a have to rely on an "unauthorised" app with access to the database, which is entirely unacceptable IMHO.

Not an easy one for the average person.


I have been using last pass for many years and never had a problem with corruption, or even heard about it. I don't however change my master password that often, and that is likely when it could occur, as it goes through a process of reencrypting it all again. I was recommended lastpass by a security expert. But guess like all experts, there are conflicting views.

890 posts

Ultimate Geek
+1 received by user: 64

Subscriber

  # 1326807 17-Jun-2015 20:59
Send private message

mattwnz:
 I was recommended lastpass by a security expert. But guess like all experts, there are conflicting views.


True about conflicting views.  However I don't think its a big deal its not as if someone has a copy of both the encrypted vault data and encrypted password and can spend cpu cycles brute-forcing it - all they would get is a password that's already been changed and if someone doesn't do that - IP restrictions are in place requiring email authentication from unknown IP's.

I've had my details on compromised lists before .e.g Adobe and where lastpass is great I know that password isnt used elsewhere so all I have to do is change it on the affected service with a random password.  It was Lastpass that notified me first by email of the Adobe breach and that my email address was listed before Adobe did.


277 posts

Ultimate Geek
+1 received by user: 57


  # 1326815 17-Jun-2015 21:20
Send private message

A further point to consider: what would happen to your passwords if you got run over by the proverbial bus? Until you get to a certain age, such a question has no meaning, but above a certain age the issue of "digital death" becomes a real issue.  Whatever solution you have for all your passwords, a good question to ask yourself is what would happen in the event of your death? For many, the response will be, "Ask me in thirty years". But having been recently confronted with this issue, a solution that enables others to easily access your passwords and therefore delete your digital presence should be at least considered.  Only because I had helped my mother-in-law setup her Gmail and Facebook accounts was I able to easily delete these after her passing. Unless you have been confronted with such an issue, it may not seem like much, but, trust me, it can quite distressing for family to continue to see a continuing digital presence of a loved one who has recently died. Having ready access to passwords can make a difference in such circumstances. I do believe that this will become an issue more and more people will be faced with.  However bullet-proof you feel now, do think about this when implementing your password management solution.




Tinshed
Wellington, New Zealand


1 | 2 | 3 | 4 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35


Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18


E-scooter share scheme launches in Wellington
Posted 17-Jun-2019 12:34


Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51


Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47


100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35


5G uptake even faster than expected
Posted 12-Jun-2019 10:01


Xbox showcases 60 anticipated games
Posted 10-Jun-2019 20:24


Trend Micro Turns Public Hotspots into Secure Networks with WiFi Protection for Mobile Devices
Posted 5-Jun-2019 13:24


Bold UK spinoff for beauty software company Flossie
Posted 2-Jun-2019 14:10


Amazon Introduces Echo Show 5
Posted 1-Jun-2019 15:32



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.