Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5
lxsw20
2939 posts

Uber Geek


  #2650948 10-Feb-2021 12:04
Send private message

Assuming talking about 1Password here, it's a great product, one of the most refined out there IMO. I don't think they do a free version, it's $2.99US a month.

 

I manage LastPass Enterprise at work and can't stand it, ever since logmein brought it its not been a good experience.

 

 

 

Would suggest you sign up to a trial or one or two to get your head around it, it's pretty easy once you're up and running.  


Affiliate link
 
 
 

Affiliate link: Find your next Lenovo laptop, desktop, workstation or tablet now.
lxsw20
2939 posts

Uber Geek


  #2650949 10-Feb-2021 12:07
Send private message

Batman: Can keepass be breached?

 

 

 

Possibly if someone got their hands on your password db i guess.

 

As I understand Keepass is historically an offline platform, so it comes with all the downsides of an offline platform too. As in managing your own backups, can't be shared over multiple devices etc. 


sidefx
3611 posts

Uber Geek

Trusted

  #2650955 10-Feb-2021 12:18
Send private message

lxsw20:

 

Possibly if someone got their hands on your password db i guess.

 

As I understand Keepass is historically an offline platform, so it comes with all the downsides of an offline platform too. As in managing your own backups, can't be shared over multiple devices etc. 

 

 

 

 

You can put the keepass database online, but have your key file offline combined with good master password. That's what I do.   I think (hope) that makes it really hard to breach even if someone gets your DB. 

 

 

 

PS: discussion around this here: https://security.stackexchange.com/questions/45272/storing-keepass-database-in-cloud-how-safe 





"I was born not knowing and have had only a little time to change that here and there."         | Electric Kiwi | Sharesies
              - Richard Feynman




dt

dt
1088 posts

Uber Geek


  #2650958 10-Feb-2021 12:22
Send private message

TeaLeaf:

 

dt:

 

You also get a vpn included with the subscription

 

 

That sounds good, but how much are they charging? And how quick is the VPN, for streaming non local geo content?

 

 

 

 

I found a promo code online for 5 year premium sub for $150, vpn is all good.. it has a bunch of servers around the world you can choose from. I don't use it a heck of a lot but its always been helpful when ive needed it

 

I've got a referral code if you end up deciding its for you, you'll get 6 months of premium for free.. feel free to pm me if you would like it 


Wheelbarrow01
1231 posts

Uber Geek

Trusted
Chorus

  #2650960 10-Feb-2021 12:28
Send private message

TeaLeaf:

 

Thanks all.

 

xpd: passwords I don't want "online" in the off chance LastPass was breached. 

 

 

This is something I worry about.
So you put all your passwords on these sites, what if that site gets hacked? Or is the threat very minimal?

If I have created a very strong password, is it ok to use that for the majority of my logins etc? Some I wont as they are shared. But makes sense to. 

 

Do these password managers automatically fill in your password or you have to go to their site, login and get your password? I ask as my samsung phone has been asking to do this for me for ages. 

Is time for me to get with 2021 and beyond, still stuck in 2005 haha.


 

 

 

 

"With Lastpass, Your data is encrypted and decrypted at the device level. Data stored in your vault is kept secret, even from LastPass. Your master password, and the keys used to encrypt and decrypt data, are never sent to LastPass’ servers, and are never accessible by LastPass".

 

The above quote is from their website. I have used Lastpass for a few years and have found it ok. Then last week I actually took the time to learn how to use it properly and now I love it.

 

I was previously logging into my lastpass app on my phone to view stored login and password information - but didn't realise I could get browser extensions to auto-login to sites on my PC and phone. I had literally been doing it the hard way for no reason! This revelation has literally changed my life LOL.

 

Lastpass now sets up strong randomised passwords for every site I visit, and stores these in my vault for quick recall when required. All my devices have strong passwords or biometric logins so the auto-fill functions are still hidden behind my device logins.


nzkc
1062 posts

Uber Geek


  #2650964 10-Feb-2021 12:41
Send private message

lxsw20:

 

I use Bitwarden for passwords and Authy for 2fa codes.

 

 

Its not clear if you're using two apps here - I think so. Its possible for BitWarden to do the 2FA codes too (it can handle both Authy and Google Authenticator in the free version too).  Since its difficult to backup (or at least was) I moved all my MFA to BitWarden too. Works on phone and web!


SaltyNZ
6225 posts

Uber Geek

Trusted
Lifetime subscriber

  #2650965 10-Feb-2021 12:41
Send private message

I use eWallet. It syncs with cloud accounts e.g. Dropbox for storage, and supports Windows, Mac, Android & iOS. It supports unlock via fingerprint/face recognition on iOS. I assume that's true of Android as well, but I'd rather be dragged over broken glass for half a mile than give up my iPhone. ;-)





iPad Pro 11" + iPhone XS + 2degrees 4tw!

 

These comments are my own and do not represent the opinions of 2degrees.




xpd

xpd
Trash bandit
11995 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

  #2651964 10-Feb-2021 12:45
Send private message

Batman:
xpd:

 

Breached but not pasted is most likely meaning that although a site you use has been breached, your records were not seen on sites such as pastebin.com which is/was a common dumping ground for databases.

 

 

 

I use a mix of KeePass and LastPass - KeePass mainly for my offline stuff or passwords I don't want "online" in the off chance LastPass was breached. 

 

 

 

 

 



Can keepass be breached?

 

Considering its stored locally in an encrypted database file, only if the "hacker" has access to my home server.

 

There is/was a way to access the data locally known as "keefarce" but apparently the way it does it, is common amongst almost all password systems, so its not considered a program flaw/exploit.

 

 





       Gavin / xpd / FastRaccoon

 

Website - Photo Gallery - Instagram

 

 


lxsw20
2939 posts

Uber Geek


  #2652972 10-Feb-2021 13:11
Send private message

nzkc:

 

Its not clear if you're using two apps here - I think so. Its possible for BitWarden to do the 2FA codes too (it can handle both Authy and Google Authenticator in the free version too).  Since its difficult to backup (or at least was) I moved all my MFA to BitWarden too. Works on phone and web!

 

 

 

 

Yeap 2 separate apps. I need somewhere to keep my Bitwarden 2FA so just decided to keep all my 2FA in Authy. It does exactly the same as Google Authenticator, except you can back it up codes to cloud, so its not a massive pain when you change phone. They also have desktop/browser apps, so just as handy as having them in Bitwarden really. 


neb

neb
6526 posts

Uber Geek

Trusted
Lifetime subscriber

  #2654630 11-Feb-2021 13:40
Send private message

lxsw20:

Everything should have 2fa codes. Email, Geekzone, social media, you name it. Anything you want to decrease the chances of someone gaining access to your account. 

 

 

Every account of value, not everything. I have between one and two hundred accounts, the vast majority of which I use at most once a year, and the vast majority of which have no value to anyone, for example allowing you to post as a non-guest to a message board about things like soldering techniques. So definitely protect your valuable accounts, but there's no need to go out of your way to protect accounts that only exist for purposes like spam control.

neb

neb
6526 posts

Uber Geek

Trusted
Lifetime subscriber

  #2654632 11-Feb-2021 13:47
Send private message

lxsw20:

Possibly if someone got their hands on your password db i guess.

 

 

Depends on the implementation. The best one I know of takes a user password and uses that to key a cryptographic MAC run over the site URL, so you get a cryptographically strong unique value per site. There's nothing to store since everything is derived from the user password and the site URL, so it's zero-footprint. Downside is that you have to use the password the password manager gives you.

 

 

I haven't picked apart existing password managers to see which ones do this, so I can't point to any unfortunately.

outdoorsnz
348 posts

Ultimate Geek


  #2654635 11-Feb-2021 13:48
Send private message

In the past I used Evernote and encrypted the password with something I would remember. But really that wasn't very secure.

 

Now I use Firefox Lockwise. Works for me. I can use it across multiple desktops / devices and on my phone I can use my finger print scanner to unlock.

 

 

 

 


lxsw20
2939 posts

Uber Geek


  #2654658 11-Feb-2021 14:20
Send private message

neb:
lxsw20:

 

Everything should have 2fa codes. Email, Geekzone, social media, you name it. Anything you want to decrease the chances of someone gaining access to your account. 

 

Every account of value, not everything. I have between one and two hundred accounts, the vast majority of which I use at most once a year, and the vast majority of which have no value to anyone, for example allowing you to post as a non-guest to a message board about things like soldering techniques. So definitely protect your valuable accounts, but there's no need to go out of your way to protect accounts that only exist for purposes like spam control.

 

 

 

Thats like, your opinion man.

 

 

 

Anything that has any of my personal information in it, inc email address, and supports 2FA has it enabled. Why wouldn't it. 


neb

neb
6526 posts

Uber Geek

Trusted
Lifetime subscriber

  #2654660 11-Feb-2021 14:24
Send private message

lxsw20:

Thats like, your opinion man.

 

 

And how long before Joe Sixpack gets tired of pulling up his 2FA app twenty times a day and just clicks "stay permanently signed in" on every site he visits? In order for security to be effective it also has to be usable.

lxsw20
2939 posts

Uber Geek


  #2654666 11-Feb-2021 14:32
Send private message

Put your 2FA code in your password app and turn on autofill. Easy. 


1 | 2 | 3 | 4 | 5
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Amazon to Acquire iRobot
Posted 6-Aug-2022 11:41


Samsung x LIFE Picture Collection Brings Iconic Moments in History to The Frame
Posted 4-Aug-2022 17:04


Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media
Posted 4-Aug-2022 16:50


Microsoft Announces New Solutions for Threat Intelligence and Attack Surface Management
Posted 3-Aug-2022 21:54


Seagate Addresses Hyperscale Workloads with Enterprise-Class Nytro SSDs
Posted 3-Aug-2022 21:50


Visa Launching Eco-friendly Payment Solutions in New Zealand
Posted 3-Aug-2022 21:48


NCR Delivers Services to Run Bank of New Zealand ATM Network
Posted 30-Jul-2022 11:06


New HP Portfolio Supports New Era of Hybrid Work
Posted 28-Jul-2022 17:14


Harman Kardon Launches Citation MultiBeam 1100 Soundbar
Posted 28-Jul-2022 17:10


Nanogirl Labs Launches Creator Project
Posted 28-Jul-2022 17:05


Marvel Snap Launches as an Action Collectible Card Game
Posted 26-Jul-2022 17:46


Jabra Talk 65 Review
Posted 26-Jul-2022 17:31


Huawei Watch D Review
Posted 26-Jul-2022 17:26


Huawei Introduces Watch Fit 2
Posted 14-Jul-2022 17:06


Huawei Launches Watch D in New Zealand
Posted 14-Jul-2022 17:05









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







Backblaze unlimited backup