Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsDesktop computingStrong random passwords, where to keep, when to change and what to do if site says has been breached?
TeaLeaf

4636 posts

Uber Geek


#281308 10-Feb-2021 10:00
Send private message

Sorry I looked for an IT security type thread but couldnt find one, so apologies if this is not the right place for this. :-) Thank you.

Thanks to Geekzone for alerting me how to check if ive been "pwned".

It will take me a long time to go through my email addresses, but one I checked said has been breached twice but never pasted, not sure what that means?

So using a random password generator, they are near impossible to remember, so where is somewhere safe but easy to reach that I should store the password should I ever forget?

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5
Linux
9114 posts

Uber Geek

Trusted
Lifetime subscriber

  #2650838 10-Feb-2021 10:05
Send private message

keepass is a good PW manager

Affiliate link
 
 
 

Affiliate link: Find your next Lenovo laptop, desktop, workstation or tablet now.
Batman
Mad Scientist
28029 posts

Uber Geek

Trusted
Lifetime subscriber

  #2650839 10-Feb-2021 10:10
Send private message

Following with keen interest. Exactly my issue.




Involuntary autocorrect in operation on mobile device. Apologies in advance.

xpd

xpd
Trash bandit
12009 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #2650845 10-Feb-2021 10:16
Send private message

Breached but not pasted is most likely meaning that although a site you use has been breached, your records were not seen on sites such as pastebin.com which is/was a common dumping ground for databases.

 

I use a mix of KeePass and LastPass - KeePass mainly for my offline stuff or passwords I don't want "online" in the off chance LastPass was breached. 

 

 




       Gavin / xpd / FastRaccoon

 

Website - Photo Gallery - Instagram

 

 



SumnerBoy
1889 posts

Uber Geek

ID Verified
Subscriber

  #2650876 10-Feb-2021 10:33
Send private message

I am using self-hosted Bitwarden which i have been very happy with (after being a KeePass + Nextcloud user for years)

TeaLeaf

4636 posts

Uber Geek


  #2650878 10-Feb-2021 10:40
Send private message

Thanks all.

 

xpd: passwords I don't want "online" in the off chance LastPass was breached. 

 

 

This is something I worry about.
So you put all your passwords on these sites, what if that site gets hacked? Or is the threat very minimal?

If I have created a very strong password, is it ok to use that for the majority of my logins etc? Some I wont as they are shared. But makes sense to. 

 

Do these password managers automatically fill in your password or you have to go to their site, login and get your password? I ask as my samsung phone has been asking to do this for me for ages. 

Is time for me to get with 2021 and beyond, still stuck in 2005 haha.

dt

dt
1090 posts

Uber Geek


  #2650879 10-Feb-2021 10:41
Send private message

I use a subscription based password manager called Dashlane, who do active dark web monitoring on the darkweb for up to 5 nominated email addresses and will alert you if any of your accounts that have been breached.

 

they have mobile app and browser extensions for auto filling in un/pw for websites, forms, credit card details etc.

 

They have integrations with some sites as well where its just a one click password change from the app which is pretty cool but not supported with that many sites yet

 

You also get a vpn included with the subscription

 

also, when you first set it up it you get it to import all your saved passwords and it gives you a security score of weak and reused passwords on a dashboard, it takes a bit of time go through and change each one but well worth the hour or two worth of effort 

Groucho
443 posts

Ultimate Geek


  #2650880 10-Feb-2021 10:41
Send private message

I've been using the free version of LastPass for a couple of years.  Does everything I need it to do plus works across Mac, PC and Android which was the decider.



lxsw20
2950 posts

Uber Geek


  #2650881 10-Feb-2021 10:41
Send private message

I use Bitwarden for passwords and Authy for 2fa codes. It allows me to access these from phone/laptop/browers etc. Bitwarden (same as most password tools) has a built in secure password generator too.  

 

I think Bitwarden is $10US for the premium version but the free one should do everything you want. 

 

Every account you have that supports it should have 2 Factor security enabled too. 

TeaLeaf

4636 posts

Uber Geek


  #2650882 10-Feb-2021 10:43
Send private message

dt:

 

You also get a vpn included with the subscription

 

 

That sounds good, but how much are they charging? And how quick is the VPN, for streaming non local geo content?

lxsw20
2950 posts

Uber Geek


  #2650883 10-Feb-2021 10:44
Send private message

TeaLeaf:

 



If I have created a very strong password, is it ok to use that for the majority of my logins etc? Some I wont as they are shared. But makes sense to. 


 

 

 

 

No, don't do that. You're still at risk of credential stuffing if you do that. Each login should have its own unique password. 

TeaLeaf

4636 posts

Uber Geek


  #2650886 10-Feb-2021 10:46
Send private message

lxsw20:

 

I use Bitwarden for passwords and Authy for 2fa codes.

 



The name Bitwarden alone sounds "Staunch" ;-)

What kind of places need 2fa codes? I only ask out curiosity as I have not used one that does. Cheers

lxsw20
2950 posts

Uber Geek


  #2650890 10-Feb-2021 10:48
Send private message

Everything should have 2fa codes. Email, Geekzone, social media, you name it. Anything you want to decrease the chances of someone gaining access to your account. 

Linux
9114 posts

Uber Geek

Trusted
Lifetime subscriber

  #2650891 10-Feb-2021 10:52
Send private message

1pass is another good PW manager

TeaLeaf

4636 posts

Uber Geek


  #2650936 10-Feb-2021 11:58
Send private message

Linux: 1pass is another good PW manager


That sounds really familiar, not sure if its the one that keeps trying to get me to sign up on my phone.

Do you use it Linux? Given your knowledge I expect you would know if its good enough for what I need, just storage of passwords, and if available extensions for my phone and web browser for passwords etc.

How does that work, does it just automatically fill the right password, or do you have to enter a central password first?

The free version should be capable for what I need?

Thanks all, I think this is a big issue that most people, even IT folk, are pretty lax on, but using these tough generated passwords is becoming a mandatory imo now, how to keep them usable and safe is very helpful information for a lot of people not currently doing so. Cheers

Batman
Mad Scientist
28029 posts

Uber Geek

Trusted
Lifetime subscriber

  #2650946 10-Feb-2021 12:01
Send private message

xpd:

Breached but not pasted is most likely meaning that although a site you use has been breached, your records were not seen on sites such as pastebin.com which is/was a common dumping ground for databases.


I use a mix of KeePass and LastPass - KeePass mainly for my offline stuff or passwords I don't want "online" in the off chance LastPass was breached. 


 



Can keepass be breached?




Involuntary autocorrect in operation on mobile device. Apologies in advance.

 1 | 2 | 3 | 4 | 5
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

OPPO Launches ColorOS 13 Global Version
Posted 19-Aug-2022 11:30

GoTo Launches IT Helpdesk Functionality Within GoTo Connect
Posted 18-Aug-2022 16:55

HP on Track With Recycling Program
Posted 18-Aug-2022 16:51

Belkin Screenforce Tempered Glass Screen Protector and Bumper - Apple Watch
Posted 15-Aug-2022 17:20

Samsung Introducing Galaxy Z Flip4 and Galaxy Z Fold4
Posted 11-Aug-2022 01:00

Samsung Unveils Health Innovations with Galaxy Watch5 and Galaxy Watch5 Pro
Posted 11-Aug-2022 01:00

Google Bringing First Cloud Region to Aotearoa New Zealand
Posted 10-Aug-2022 08:51

ANZ To Move to FIS Modern Banking Platform
Posted 10-Aug-2022 08:28

GoPro Hero10 Black Review
Posted 8-Aug-2022 17:41

Amazon to Acquire iRobot
Posted 6-Aug-2022 11:41

Samsung x LIFE Picture Collection Brings Iconic Moments in History to The Frame
Posted 4-Aug-2022 17:04

Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media
Posted 4-Aug-2022 16:50

Microsoft Announces New Solutions for Threat Intelligence and Attack Surface Management
Posted 3-Aug-2022 21:54

Seagate Addresses Hyperscale Workloads with Enterprise-Class Nytro SSDs
Posted 3-Aug-2022 21:50

Visa Launching Eco-friendly Payment Solutions in New Zealand
Posted 3-Aug-2022 21:48








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







GoodSync is the easiest file sync and backup for Windows and Mac



RSS feeds
Main feed
Forums feed
Copyright
©2002-2022 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Slack
Geekzone on Twitter
Affiliate links
Mighty Ape
Sharesies
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.