We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Password Managers and Banking?
Comments
-
Why do you think it couldn't? How do you think screen scrapers log into your account?gsmh said:Now that's interesting. Your bank login asks for the 5th character of your password and pwsafe supplies it? I've never heard of that! I use Bitwarden and it autofills whole passwords but there's no way it could supply a specific character.0 -
It's not a technical thing, AFAIK its due to the devs of most of these tools being unwilliing to add the feature. The argument often used is that is they can validate the password using just a few of characters, then they must be storing the password insecurely (is as plain text not a hash) and they aren't to encourage this
0 -
Thank you all for replying … I'm learning a lot from your replies … please keep them coming so I can make a more informed decision. A techie friend has recommended Keepass because it is open source and says that allows it to be checked by anyone with the appropriate skills to look for backdoors and report them. It's a steep learning curve for me, I knew very little about PM's before. I realise I am going to get a mix of opinions and recommendations, but that's better than none at all. Thanks0
-
You have to type the numbers into a box - E.g. "5 16 22" and it tells you what they are.gsmh said:Now that's interesting. Your bank login asks for the 5th character of your password and pwsafe supplies it? I've never heard of that! I use Bitwarden and it autofills whole passwords but there's no way it could supply a specific character.
It doesn't fill them in automatically.0 -
Bobblehat said:Thank you all for replying … I'm learning a lot from your replies … please keep them coming so I can make a more informed decision. A techie friend has recommended Keepass because it is open source and says that allows it to be checked by anyone with the appropriate skills to look for backdoors and report them. It's a steep learning curve for me, I knew very little about PM's before. I realise I am going to get a mix of opinions and recommendations, but that's better than none at all. ThanksKeepass is a good solution. Like colsten, I use Lastpass. Both are open protocol (i.e. what they do can be inspected), but only Keepass is open source (i.e. how it does it can be inspected). The advantage of Lastpass over Keepass is synchronisation between devices, for that price I personally am willing to compromise a little on openness. The Lastpass code was independently audited before it was acquired by Logmein and it continues to be run fairly independently.I have used Keepass for things I don't need to access away from my main PC.With banking logins, it is very unusual to be able to log in with just a simple username and password verbatim, so it should be fairly trivial to disguise your login details to the extent that someone seeing them won't obviously know how to use them, without making things harder for yourself.0
-
Of course a PW Manager is useful for these sites, even if the PW Manager cannot log you in automatically. For example, you can still [securely] store your full PW, and manually enter the random characters required for the login.gsmh said:A password manager is of limited use for most online accounts I have used - they usually require specific letters/digits of a password and sometimes one of several saved responses to specific questions. A password manager is of no use in these circumstances. The only place a password manager might be useful if if there is an initial username and password before the above.
A PW Manager is also very helpful for storing images of your cards, as well as the phone numbers for each card / account for emergencies. Not to talk of general emergency situations, where you want someone else (e.g. the person you have given a PoA) operate your account when you are unable to do so yourself. I know this comes with a whole host of different T&Cs but one has to make practical provisions.0 -
trient said:
Why do you think it couldn't? How do you think screen scrapers log into your account?gsmh said:Now that's interesting. Your bank login asks for the 5th character of your password and pwsafe supplies it? I've never heard of that! I use Bitwarden and it autofills whole passwords but there's no way it could supply a specific character.Asking you to supply only certain characters each time you log in means that malware would find it very difficult to work out your password. No-one in this thread has confirmed they use a password manager which can correctly supply a particular character requested by a website login. You sound like you have the answer. Please share which password manager does this. Of course you can look at your password in any PM app and work out the character requested, that's hardly difficult - even a basic spreadsheet of passwords would allow you to do that, but that's not what we're discussing.I use Bitwarden because it is open source and can be self-hosted should you wish to do this. Lastpass was acquired by LogMeIn which never had a particularly good reputation and has now been taken over by a private equity company. No way would I wish to use that product. There are three PMs I would recommend - Bitwarden, 1Password and Enpass. All three synchronise between iOS, Android, Windows and macOS. Bitwarden and Enpass are effectively free for most home users.
0 -
Password Safe is open source, and can supply random characters - but you have to specify which characters as noted above. It does not screen scrape for that information. Aside: sites asking for specific characters in your password could indicate they store your password in plain text.
I’m a Forum Ambassador and I support the Forum Team on the Credit Cards, Savings & investments, and Budgeting & Bank Accounts boards. If you need any help on these boards, do let me know. Please note that Ambassadors are not moderators. Any posts you spot in breach of the Forum Rules should be reported via the report button, or by emailing forumteam@moneysavingexpert.com.
All views are my own and not the official line of MoneySavingExpert.0 -
I am a very happy Lastpass (/Logmein) user as it's an industrial strength product which is deployed by many big companies. I'd rather use a PW Manager used by Fortune 500 companies than one developed and maintained by open source geeks who often operate on a shoestring budget, if they have one at all. I am also quite happy to pay an annual subscription, to help towards ongoing support and development.gsmh said:Lastpass was acquired by LogMeIn which never had a particularly good reputation and has now been taken over by a private equity company. No way would I wish to use that product.
1 -
My understanding is that Joe Siegrist is still in control of Lastpass and I have no reservations about continuing to use it while that remains the case.
0
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.8K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards