Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 

mdf

2550 posts

Uber Geek

Trusted
Subscriber

  #1326349 17-Jun-2015 10:33
Send private message

I do periodic culls too, though finding the "delete my account" thing is often a right royal pain. It would be nice to get something similar to the "unsubscribe" spam email thing - a prominent (and functional) "delete my account".

278 posts

Ultimate Geek


  #1326520 17-Jun-2015 14:01
Send private message

This thread illustrates just how hard it is to do the 'right' thing in managing passwords.  It would seem there is no 'right' way as experts have different points of view.  I have over 300 passwords in my 1Password vault, some of those are work related, some have unique passwords, some have weak passwords, some have passwords that need to be changed every 90 days and so forth. Just like everyone else I suspect.  Those who say "this is THE answer' are only really saying "this works well for me".  If we who post here, who I imagine have a higher technical IQ than most of the population, have different views on the best approach to managing and storing passwords, imagine what it is like for the average user?  Putting a password on a post-it note and attaching it the screen may seem silly and dangerous to us, but perhaps that works best for a great many people.  The complexity around managing a large number of systems across multiple devices is enough to deter many from implementing robust or comprehensive processes and tools.  




Tinshed
Wellington, New Zealand


 
 
 
 


290 posts

Ultimate Geek


  #1326525 17-Jun-2015 14:11
Send private message

Tinshed: ....  Putting a password on a post-it note and attaching it the screen may seem silly and dangerous to us, but perhaps that works best for a great many people.  ....


natural selection

one of the best bits of this season of silicon valley right there.




16186 posts

Uber Geek


  #1326533 17-Jun-2015 14:26
Send private message

Tinshed: This thread illustrates just how hard it is to do the 'right' thing in managing passwords.  It would seem there is no 'right' way as experts have different points of view.  I have over 300 passwords in my 1Password vault, some of those are work related, some have unique passwords, some have weak passwords, some have passwords that need to be changed every 90 days and so forth. Just like everyone else I suspect.  Those who say "this is THE answer' are only really saying "this works well for me".  If we who post here, who I imagine have a higher technical IQ than most of the population, have different views on the best approach to managing and storing passwords, imagine what it is like for the average user?  Putting a password on a post-it note and attaching it the screen may seem silly and dangerous to us, but perhaps that works best for a great many people.  The complexity around managing a large number of systems across multiple devices is enough to deter many from implementing robust or comprehensive processes and tools.  

 

A post it note though is not as secure as last pass, if you have got a password on your computer, and you have got last pass to log you out each time you exit the browser. The way to possibly tell the best solution is to ask banks what whey recommend, and whether using a system like lastpass is acceptable. I doubt a post it note would be acceptable, as it isn't encrypted or secure.

961 posts

Ultimate Geek

Trusted

  #1326542 17-Jun-2015 14:44
Send private message

mattwnz: A post it note though is not as secure as last pass, if you have got a password on your computer, and you have got last pass to log you out each time you exit the browser. The way to possibly tell the best solution is to ask banks what whey recommend, and whether using a system like lastpass is acceptable. I doubt a post it note would be acceptable, as it isn't encrypted or secure.


If you have complete physical security of your computer, e.g. you live alone, then the post-it note should be more secure than LastPass. And if someone has access to your computer then you're probably screwed anyway - even if you're using LastPass.

458 posts

Ultimate Geek

Subscriber

  #1326601 17-Jun-2015 15:45
Send private message

amanzi: If you have complete physical security of your computer, e.g. you live alone, then the post-it note should be more secure than LastPass. And if someone has access to your computer then you're probably screwed anyway - even if you're using LastPass.


I'm guessing that theft of your computer/phone is a big vulnerability, since it's a fairly common occurrence and it exposes every account to cracking a single password again. At least in that event you usually know it's happened and you can try to shut down key accounts.

I got started on LastPass then chickened out after reading on their forums what happens after you commit all your accounts to passwords generated by LastPass and then something gets corrupted. Recovering from that doesn't bear thinking about.  I'm sure it's rare but it obviously happens.

KeePass looks safer in that respect but is a lot less convenient to use.  Plus for a Windows phone you a have to rely on an "unauthorised" app with access to the database, which is entirely unacceptable IMHO.

Not an easy one for the average person.




McLean


897 posts

Ultimate Geek

Subscriber

  #1326699 17-Jun-2015 17:00
Send private message

mclean:
amanzi: If you have complete physical security of your computer, e.g. you live alone, then the post-it note should be more secure than LastPass. And if someone has access to your computer then you're probably screwed anyway - even if you're using LastPass.


I'm guessing that theft of your computer/phone is a big vulnerability, since it's a fairly common occurrence and it exposes every account to cracking a single password again. At least in that event you usually know it's happened and you can try to shut down key accounts.

I got started on LastPass then chickened out after reading on their forums what happens after you commit all your accounts to passwords generated by LastPass and then something gets corrupted. Recovering from that doesn't bear thinking about.  I'm sure it's rare but it obviously happens.

KeePass looks safer in that respect but is a lot less convenient to use.  Plus for a Windows phone you a have to rely on an "unauthorised" app with access to the database, which is entirely unacceptable IMHO.

Not an easy one for the average person.


I have used lastpass both at the enterprise side managing multiple people yubikeys etc.. along with using lastpass personally for what mustn't be far off 10 years have never seen this personally only thing was now and again local cache can get corrupt and user has to click lastpass advanced tools clear local cache and it re-pulls your vault data.

You can also export lastpass data for backup purposes.

Security of lastpass vs keepass stored in dropbox seems negligible - 2 factor auth would be a better option.

Having your phone stolen is a worry in multiple ways not just lastpass - one thing I like with the iphone 6 is the finger print reader is better than some and can be used by lastpass to unlock the vault rather than entering a password all the time.

 
 
 
 


3500 posts

Uber Geek

Trusted
Lifetime subscriber

  #1326703 17-Jun-2015 17:11
Send private message

rphenix:
mclean:
amanzi: If you have complete physical security of your computer, e.g. you live alone, then the post-it note should be more secure than LastPass. And if someone has access to your computer then you're probably screwed anyway - even if you're using LastPass.


I'm guessing that theft of your computer/phone is a big vulnerability, since it's a fairly common occurrence and it exposes every account to cracking a single password again. At least in that event you usually know it's happened and you can try to shut down key accounts.

I got started on LastPass then chickened out after reading on their forums what happens after you commit all your accounts to passwords generated by LastPass and then something gets corrupted. Recovering from that doesn't bear thinking about.  I'm sure it's rare but it obviously happens.

KeePass looks safer in that respect but is a lot less convenient to use.  Plus for a Windows phone you a have to rely on an "unauthorised" app with access to the database, which is entirely unacceptable IMHO.

Not an easy one for the average person.


I have used lastpass both at the enterprise side managing multiple people yubikeys etc.. along with using lastpass personally for what mustn't be far off 10 years have never seen this personally only thing was now and again local cache can get corrupt and user has to click lastpass advanced tools clear local cache and it re-pulls your vault data.

You can also export lastpass data for backup purposes.

Security of lastpass vs keepass stored in dropbox seems negligible - 2 factor auth would be a better option.

Having your phone stolen is a worry in multiple ways not just lastpass - one thing I like with the iphone 6 is the finger print reader is better than some and can be used by lastpass to unlock the vault rather than entering a password all the time.


What I find great about last pass is you can remove the device/authorization and even if they have password/pin it won't let them access the data.


278 posts

Ultimate Geek


  #1326741 17-Jun-2015 18:20
Send private message

mattwnz:
Tinshed: This thread illustrates just how hard it is to do the 'right' thing in managing passwords.  It would seem there is no 'right' way as experts have different points of view.  I have over 300 passwords in my 1Password vault, some of those are work related, some have unique passwords, some have weak passwords, some have passwords that need to be changed every 90 days and so forth. Just like everyone else I suspect.  Those who say "this is THE answer' are only really saying "this works well for me".  If we who post here, who I imagine have a higher technical IQ than most of the population, have different views on the best approach to managing and storing passwords, imagine what it is like for the average user?  Putting a password on a post-it note and attaching it the screen may seem silly and dangerous to us, but perhaps that works best for a great many people.  The complexity around managing a large number of systems across multiple devices is enough to deter many from implementing robust or comprehensive processes and tools.  

A post it note though is not as secure as last pass, if you have got a password on your computer, and you have got last pass to log you out each time you exit the browser. The way to possibly tell the best solution is to ask banks what whey recommend, and whether using a system like lastpass is acceptable. I doubt a post it note would be acceptable, as it isn't encrypted or secure.


My point was that given the complexity and differences of opinion about the best way to handle passwords, many people will resort to very simple/unsecure solutions, such as post-it notes.  It is simply too hard for many people to manage access to multiple systems with multiple passwords. So they resort to the easiest solution.  And to be honest in some cases, so  do I.  For example, for many sites I use the same password. It is simply too hard to have industrial strength passwords for those myriad of sites that require a basic level of logon.  Not my bank password of course! So no matter if my bank finds a post-it note acceptable or not, for many people (not me) it is the best answer.




Tinshed
Wellington, New Zealand


16186 posts

Uber Geek


  #1326746 17-Jun-2015 18:36
Send private message

mclean:
amanzi: If you have complete physical security of your computer, e.g. you live alone, then the post-it note should be more secure than LastPass. And if someone has access to your computer then you're probably screwed anyway - even if you're using LastPass.


I'm guessing that theft of your computer/phone is a big vulnerability, since it's a fairly common occurrence and it exposes every account to cracking a single password again. At least in that event you usually know it's happened and you can try to shut down key accounts.

I got started on LastPass then chickened out after reading on their forums what happens after you commit all your accounts to passwords generated by LastPass and then something gets corrupted. Recovering from that doesn't bear thinking about.  I'm sure it's rare but it obviously happens.

KeePass looks safer in that respect but is a lot less convenient to use.  Plus for a Windows phone you a have to rely on an "unauthorised" app with access to the database, which is entirely unacceptable IMHO.

Not an easy one for the average person.


I have been using last pass for many years and never had a problem with corruption, or even heard about it. I don't however change my master password that often, and that is likely when it could occur, as it goes through a process of reencrypting it all again. I was recommended lastpass by a security expert. But guess like all experts, there are conflicting views.

897 posts

Ultimate Geek

Subscriber

  #1326807 17-Jun-2015 20:59
Send private message

mattwnz:
 I was recommended lastpass by a security expert. But guess like all experts, there are conflicting views.


True about conflicting views.  However I don't think its a big deal its not as if someone has a copy of both the encrypted vault data and encrypted password and can spend cpu cycles brute-forcing it - all they would get is a password that's already been changed and if someone doesn't do that - IP restrictions are in place requiring email authentication from unknown IP's.

I've had my details on compromised lists before .e.g Adobe and where lastpass is great I know that password isnt used elsewhere so all I have to do is change it on the affected service with a random password.  It was Lastpass that notified me first by email of the Adobe breach and that my email address was listed before Adobe did.


278 posts

Ultimate Geek


  #1326815 17-Jun-2015 21:20
Send private message

A further point to consider: what would happen to your passwords if you got run over by the proverbial bus? Until you get to a certain age, such a question has no meaning, but above a certain age the issue of "digital death" becomes a real issue.  Whatever solution you have for all your passwords, a good question to ask yourself is what would happen in the event of your death? For many, the response will be, "Ask me in thirty years". But having been recently confronted with this issue, a solution that enables others to easily access your passwords and therefore delete your digital presence should be at least considered.  Only because I had helped my mother-in-law setup her Gmail and Facebook accounts was I able to easily delete these after her passing. Unless you have been confronted with such an issue, it may not seem like much, but, trust me, it can quite distressing for family to continue to see a continuing digital presence of a loved one who has recently died. Having ready access to passwords can make a difference in such circumstances. I do believe that this will become an issue more and more people will be faced with.  However bullet-proof you feel now, do think about this when implementing your password management solution.




Tinshed
Wellington, New Zealand


1 | 2 | 3 | 4 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

OPPO Find X2 Lite brings flagship features to mid-range 5G smartphone
Posted 29-May-2020 12:52


Sony introduces the digital camera ZV-1 for content creators
Posted 27-May-2020 12:47


Samsung Announces 2020 QLED TV Range
Posted 20-May-2020 16:29


D-Link A/NZ launches AI-Powered body temperature measuring system
Posted 20-May-2020 16:22


NortonLifeLock Online Banking Protection now available for New Zealand banks
Posted 20-May-2020 16:14


SD Express delivers new gigabyte speeds for SD memory cards
Posted 20-May-2020 15:00


D-Link A/NZ launches Nuclias cloud managed network solution hosted in Australia
Posted 11-May-2020 17:53


Logitech introduces new video streaming solution for home studios
Posted 11-May-2020 17:48


Next generation Volvo cars to be powered by Luminar LiDAR technology
Posted 7-May-2020 13:56


D-Link A/NZ launches Wi-Fi Certified EasyMesh system
Posted 7-May-2020 13:51


Spark teams up with Microsoft to bring Xbox All Access to New Zealand
Posted 7-May-2020 13:01


Microsoft plans to establish its first datacenter region in New Zealand
Posted 6-May-2020 11:35


Genesis School-gen has joined forces with Mind Lab Kids
Posted 1-May-2020 12:53


Malwarebytes expands into privacy with fast, frictionless VPN
Posted 30-Apr-2020 16:06


Kordia to donate TV airtime on Channel 200 to community groups
Posted 30-Apr-2020 16:00



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.