New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Lastpass all the way.....
Sorry for bumping this thread but I don't think it deserves a new topic.
What is the best password manager that is cross platformed? So atleast Windows and Mac. Androind and iOS are a + nut not really needed.
KeepassX, or if you want hosted Lastpass
I use LastPass with 2-factor authentication... When I get my next phone (which will have NFC) I will consider upgrading the security to Yubikey NEO.
https://www.pwdhash.com/ and http://code.google.com/p/axpasgen/ don't store any password data; passwords are generated for each account using hashing based on a main passphrase, a salt, and a special name you provide for each account (like "lowendtalk" or "gmail"). So then you get a different password for each account and nothing that could be decrypted is stored (you just need to remember your passphrase and the special name); also that means that when you get a new password, you don't have to do any syncing (you only have to copy the salt and application once).
I think that is kind of useless. What is everyone going to use for the name of the entry? The name if the site. So this doesn't seem to buy you anything.
+1 to LastPass
Did they fix autocomplete on OS X? There was unofficial patch for 1.something with it, but does autocomplete work on the version 2.0 alphas?
I just don't trust LastPass. I have no specific reason not to, but giving someone my password safe needlessly seems like a risk, especially when it's also the app that is responsible for saving the data. I've read interviews with those guys and they seem on the ball, but still...
Also, LP is very good for web but lousy for non-web. I mean, the "Add Site" page doesn't even have a "generate password" button. The interface is kind of wonky - you can generate a password from the menu (or Alt-G), but if you don't like it, you can't regen another via key shortcut, etc. It's really designed for non-technical endusers who have 100% of their passwords on the web...whereas about 50% of mine are non-web (ssh, mysql, etc.)
I like KeePass (much better interface) but it doesn't behave well on Dropbox[*]. If you forget to close on computer #1, opening on computer #2 can cause corruption. I tried the various triggers but they can result in GUI spin cycles where you have to kill the app. What KP should do is open the file, make a change, and then close the file, not leave a file descriptor open. That's what PasswordSafe does.
[*] Yeah, I know what you will say - you don't trust LastPass but you store your PasswordSafe DB on Dropbox. It's not the same thing. LastPass controls the application and the storage. Dropbox only controls the storage. Dropbox has no way to modify the code that I use to store the safe. And its not like I name the safe with a .psafe3 extension anyway :-)
2-factor is really the way to go whenever possible.
Excell and Google drive. Simple and secure.
Why would it be useless just because people use the name of the site? That's the whole point - you use something easy to remember and combine this with a passphrase that you memorize and salt settings that are stored in a file (and salt is same for all websites). Then, you get a different password for each website, because it's hashed with both the website name, your passphrase, and a salt; so you never have to worry about other accounts if one account is compromised, and it takes minimal effort to use. If two people use the same site name, then it's still different because of the different passphrase; and even if passphrase is the same, they still get different generated passwords due to different salts.
This sounds interesting. In some way, this will help you to don't lose your passwords because they can be "recreated".
Unless you lose your salt file (or you can disable salt it I guess)
.
Maybe I misunderstood...I was assuming:
master password + name of site -> hash = password used
My point was that "name of site" is kind of useless because the name of site is very easily guessable. Most people would use "lowendtalk" if they were making a password for lowendtalk.com. So since it's very likely a known factor, the equation is just
master password + (something easy to guess) -> hash = password used
I hadn't seen the mention of salt, so:
master password + (something easy to guess) + salt -> hash = password used
OK, better. But not sure that it's better than just a random string.
The intention is so that all you have to store is a program and a salt, and if you create a new account you don't have to sync anything.
viencrypt
I am also going to be guilty of bumping this one but..Has any one ever tried Clipperz? Was going to throw that in
And some where in the past few months I got too caught up to do it!
I am not happy to see it going premium But still time to get locked in.
We're now using PassPack.
what about Evernote with encryption for selected text?
Hahahahahahahahahahahahahahahahahahaha
Best joke I heard all day!
/sarcasm
Not really that bad once you password protect the Excell file
LastPass
I am using Roboform, one license for Desktop, Notebookm Tablet and Phone
We use PassPack
KeePass mainly privately and unnamed software private/corporate
keepass with browser plugin,
also use a password + keyfile!
You know these are easily cracked, right? There's tons of applications for it. Also, I don't think it's encrypted like Keepass.
Everything can be cracked. some one can break into my house and steal everything. Some one can loginto my email and cancel all my services. But can not live a paranoid life.
Completely true. But the alternatives to excel are so easy and so much more secure.
By the way: just trying to give some friendly advice here. Sorry if I come off a bit harsh.
I just keep it simple. Server root passwords: "p@$$w0rd". Bank account password: "1337p@$$". Email Password: "y0ur34||1d107". Pretty simple, no?