Password Storage ??

fwor

stevemcol wrote: »

Or am I still missing the point?

To me the point is that you are entrusting your password data to a third party whose business is keeping your data secure, and they failed.

If I use something Open Source like KeyPass I can find out how securely it encrypts my password data. I don't have a clue how securely LastPass encrypts master password data on their servers, and if they told me, I would have no way to confirm or refute their claims.

njm123

I'd recommend KeePass or LastPass but use a strong Password as described here https://www.xkpasswd.net/c/index.cgi and look at the cartoon at the bottom of the page to see why m0n3ys4v1ng@ isn't a particularly good password.

Also dont put finance accounts details in the safe - at least not without masking them in a way only you will remember.

Use a different e-mail account for forums and gaming to that which you use for anything important like banking.

mttylad

I us Lastpass, IMO its excellent - I cannot remember all the website I use let alone the passwords.
I used to use the same password all over the place, a rather easy one to figure out TBH.

But now I have really strong passwords and a helpful tool that will log me into the websites I save.

It also works on my Blackberry because I signed up for the pro version for only £7 and given that I had recently had a PC disaster requiring a reinstall it certainly was worth it IMO.

As for the old hacking thing - dont you think that after that they would have doubled their protection?

chunter

...a sheet of paper on the wall behind the computer screen with reminders to the passwords, not the passwords themselves.

MonkeyBiz

I would avoid online storage at all costs, just use a text file on your computer or traditional pen and paper, it all depends who you want to hide it from mainly, if its someone in your house with direct access to your drawers/computer then go for something encrypted, otherwise someone would have to hack your computer first before getting to your passwords and they may just try other ways to access your account which are easier than hacking your computer directly!

scottme

In my view there's significant benefit and no significant risk to storing a properly encrypted password database online; the important thing is it must be properly encrypted, using a well-designed and ideally open source password manager (so that the algorithms it uses can be independently verified).

The benefit is that you can get at your passwords and other vital security data, even when you've lost your computer (or the paper you've written them down on). You can also keep the "same" list of items in sync across multiple devices.

Keepass is my chosen password manager, and I have used a lengthy but memorable (to me) passphrase as the key. No-one's likely to guess it, nor would it be likely to succumb to a brute-force attack because the keyspace is just so large.

I have copies of the database on my laptop(s) and on my smartphones, and they are all kept in sync via Dropbox. The database is in a private folder on Dropbox so only my userid can access it.

I've been using this approach with total success and ease for a decade (using USB memory sticks prior to Dropbox) and I can't contemplate going back to any other way of doing it.

Guardsman

Where do you store the password that you use to get into the site you stored your passwords in.