New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Where we know all too well that cheap is not always equal to good.
And besides, the fact PCMAG thinks it's good is enough to be wary of it.
Why not to use most secure password and easy to remember: P@55wOrd#
I personally like to use the following website:
https://identitysafe.norton.com/password-generator
to generate the passwords like: B2ajaF7veBRApRUprU2Up2ujew7a!Ef?
hunter2
+1 for Roboform been using it for years
I will not trust to store the passwords with any software
Been using Enpass and been very happy with it, they supposedly are planning on adding multiple vaults in a future release (version 6?), but it doesn't yet support them, though the portable version might work for now, and definitely worth keeping an eye on them.
Trezor Password Manager - Still does not has all the features you want.. and it's a little bit expensive, but for me is the most secure password manager available on the market.
You can read the details at:
https://trezor.io/passwords/
https://blog.trezor.io/satoshilabs-launches-trezor-password-manager-the-ultimately-secure-no-master-password-cloud-1b260e5fbe6b
So then you're using the same password all over the place, or are using some sort of easily-guessable pattern system. There's really no other alternative because no human can memorize hundreds or even dozens of passwords.
Yeah, that’s a touch OTT.
Might get one for myself, but not one each for the family.
..or you could just write /dev/urandom to a 512MB SD card and shove it into a USB carrier and use that for part of your 2FA and save $85.
The obvious one: LastPass from the GREAT GREAT AND ONLY RESPECTABLE remote access and administration tool and company in that area... behold LOGMEIN ,INC.
Password managers for the win and all that. But you really should check out memory competitions in youtube to see what humans can memorise. Memory is a learned skill and it's awesome. It's a shame that not many people train it since Ancient Greeks figured out the principles.
cool people always told me they use the standard unix password manager and nothing else
Eventually NIST itself recommends correcthorsebatterystaple
as an alternative to passphrases, password managers are recommended.
Moreover, suggesting to use norton.com to generate a password in a browser (...) and then saying that you don't trust software to store them is pretty much a non sequitur
Well, there's this
I'd rather use qwerty1 but it's still a possibility
Lastpass has family sharing for 12 a year
It's not just you.
AFAIK paper still works. Only drawback is that you end up with a bunch of highly sensible sheets of it. Still 100% secure against any kind of electronic attack and lets face it, if you cant memorize at least your 5 most important gibberish passwords it's just not ment to be.
Keepass for crypt, Dropbox for syncing crypt-bits.
Haven't had to touch this solution in 9years.
SallaPass (tm) - Created by Harzem (R)
I wrote my own password manager years ago. It works by getting an input and producing a hashed output.
For example:
input: c9sj4+lowendtalk+harzem
output: JMr9hvhdUz-6EjbDZH+LDFj-
I only ever need to remember "c9sj4" part. Then I can attact a website name, account name, password version (1,2,3 etc) and it produces a unique password. I have a windows app, a javascript file, and an online version. I can use "Tp0*13??_" for server logins, by attaching a hostname after that and producing another output.
input: Tp0*13??_+fr.chicago.web
output: mZ.3-FeVvzbXZ54xG-9.b-MC
Possibilities are limitless, and I do not trust 3rd party password managers to keep track of my passwords.
I don't think Keepass is very idiot-friendly as any kind of browser integration requires a desktop application.
Bitwarden can be self-hosted and seems to have all the idiot-friendly tools like autofill browser extensions and iOS/Android apps (all free). The downside is that self-hosting seems to require a license (the free tier would've been enough for me) regardless of the number of users.
I'm not sure I trust all these companies. What happens if they go offline/bankrupt/lose interest? I'm also not sure what happens to a self-hosted Bitwarden db if their licensing server goes down. Do you lose access?
I guess that I'm old-fashioned. I keep my passwords in an encrypted text file that I update from time to time on my Nextcloud server. I also have a printed copy of this file, folded twice and hidden in one of my desk drawers.
This has worked so far, but obviously if someone really wanted to get hold of this file and/or printed copy, I could have problems.
No 'woo' factor though.
Clearly, that's for the uber-kool (yes, with a 'k') kidz (yes, with a 'z') that I could never hope to hang with.
Where? I see family sharing at $4/month.
Personally, I wouldn't if it was for me.
Not particularly slick in terms of integration though.
That's mainly what puts me off.
This is really interesting as something I'd use for myself, I still wouldn't use it for the fam as I don't want to be responsible for their data, I'd rather pay someone else for that.
I can't see any reference to a license fee for self-hosting though, I just went through the installation docs and it appears to just require an email address for the key to be sent to?
Which is fine up to a point; if you don't need to update things much, then there's no real problem with that, but these days it seems everything requires a logon to do anything (I'm looking at you, BBC iPlayer and All 4), so there's a constant stream of credentials that you need to capture, preferably relatively securely.
It might be free if you only have a single user (personal account), but sharing requires an organization account, which in turn requires a license for self-hosting. I don't think their documentation is very clear on all this - https://help.bitwarden.com/article/licensing-on-premise/
It's only $12/y for the family plan (only 5 users) though, which you can either self-host or use Bitwarden's cloud servers.
Bitwarden's free plan would actually be fine - I don't need sharing amongst vaults, just everyone can have their own vault and synchronise across multiple devices, although for the $12 it'd probably be worth getting the family plan.
Enpass is nice. Free for PC and browser integration. 5$ one time for mobile.
That's fucking awesome! Unless I'm failing to see an obvious security flaw in the logic.
I'll be implementing something similar on my free time. Cheers!
Bitwarden requires a license for premium features. (like U2F 2FA) but not for basic access.
You can also pay the bitwarden people for hosting. The 10$/y license comes with 1GB online space.
+1 for bitwarden
I don't mind sharing it. In fact I have sallapass.com registered for years. One day I'll make it public.