We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Best Way to Save Bank Passwords
Comments
-
I normally get into all my banking apps with a fingerprint which is stored into android phones .Works very well . Banks also mostly use a secondary security which is linked to my mobile which they message with a 6 digit code0
-
Several things to point out.
Those writing passwords in a book and keeping it at home. You are far more likely to get burgled than you are to have a password manager hacked.
For those paying for Lastpass, there is no need as there are better options for free and you should not use a password manager which is closed source, only one which is open source.
Keeping your password manager local is no more secure than on the password managers cloud. Due to the way in which they encrypt / decrypt the database (that is all done locally not on the cloud).
Bitwarden is the most recommended password manager by security experts who have been through the code (its open source). Has a good interface, not the best but up there with the best ones.
Keepass is also a decent alternative option1 -
400ixl said:Keeping your password manager local is no more secure than on the password managers cloud. Due to the way in which they encrypt / decrypt the database (that is all done locally not on the cloud).This is only true if you have verified that the password manager actually encrypts the whole database locally before transmitting to the cloud, and that encryption is unbreakable. There have been famous instances where this was promised but not actually done, including a password manager that was formerly recommended by many security experts. There have also been instances where the security of the database was not upgraded to keep up with improvements in brute force attacks.Humans are incredibly bad at finding security issues in code, even when looking for them very carefully. This is why issues are periodically found with open source code that's been in circulation for years (e.g. OpenSSL).The benefit of physically securing the database is that someone needs to break in to your premises AND find a weakness in whatever encryption is in place.2
-
They just need access to your running device from the internet. No more or less likely than getting access to online vaults really.
As for where the encryption happens, thats why you should only go with open source password managers.
People asking about how to secure passwords are not the ones to be looking at how to host their own vault and be able to access it from multiple devices. Keep the advice simple and hopefully more people will adopt a security posture, not be put off by thinking they have to be a geek to do it.
Hopefully passkeys will take off more quickly and combined with vaults / key chains will help get rid of the weak password issues.2 -
400ixl said:They just need access to your running device from the internet. No more or less likely than getting access to online vaults really.Most running devices will not be accessible remotely over the internet. But the key difference is that a user's device is a much less attractive target, possibly holding one encrypted vault, as compared with a cloud system where the number could run into the millions.
Open source is no panacea, although I do agree it is preferable. I've been happily running Linux as my main OS for many years. I can't say it's been free of security issues though. Some have gone unnoticed for over a decade.400ixl said:As for where the encryption happens, thats why you should only go with open source password managers.But coming back to cloud storage of password data, the issue that gets me most is that there is often a long delay between data breaches and disclosure, whereas if someone breaks in to my home I expect I'll notice.2 -
400ixl said:Several things to point out.
Those writing passwords in a book and keeping it at home. You are far more likely to get burgled than you are to have a password manager hacked.
....Are there published statistics for that?Anyway, for the comparison to be meaningful you'd need to compare the risk of having a password manager being hacked to the risk of being burgled by someone seeking your list of written down passwords.I'd guess the significant majority of burglaries involve the intent to steal items of value that can be readily converted to cash - for example jewellery, electronics, tools etc, or to obtain the keys to a valuable car sitting on the drive outside. Buglaries with the specific intent of stealing paper-based password documents must be relatively less common, I'd think.In which case the risk from a casual burglar stealing the paper list of passwords could be largely mitigated by a) keeping the list in a place where it isn't likely to be found or taken in error by a burglar and/or b) maintaining the list in a partially coded form so multiple attempts would need to be made before the correct password might be guessed.
And as masonic just said - you are probably more likely to notice your home has been burgled than someone has been able to gain remote access to your electronic password storage, meaning you would be aware there was a risk of passwords being compromised and therefore able to take action.
4 -
I have my passwords in a password manager, as well as in a note within the Notes app on my phone.
The Notes app itself cannot be accessed without FaceID or a Passcode being entered.
That particular note is then password protected with a separate password.
So basically the passwords are behind two layers of security.
I'm sure someone will find something wrong with this as well, but it works for me.0 -
Bear in mind that if your phone gets snatched while unlocked (a very common crime) potentially they can get into Notes and see everything.GadgetGuru said:I have my passwords in a password manager, as well as in a note within the Notes app on my phone.
The Notes app itself cannot be accessed without FaceID or a Passcode being entered.
That particular note is then password protected with a separate password.
So basically the passwords are behind two layers of security.
I'm sure someone will find something wrong with this as well, but it works for me.0 -
If you really want to get into someone else's phone there are much easier ways than snatching an unlocked phone.jaypers said:
Bear in mind that if your phone gets snatched while unlocked (a very common crime) potentially they can get into Notes and see everything.GadgetGuru said:I have my passwords in a password manager, as well as in a note within the Notes app on my phone.
The Notes app itself cannot be accessed without FaceID or a Passcode being entered.
That particular note is then password protected with a separate password.
So basically the passwords are behind two layers of security.
I'm sure someone will find something wrong with this as well, but it works for me.Past caring about first world problems.0 -
Is Last Pass safe and secure
Looking over all of the comments I think I will write my password in coded form in two note pads
I will photo each page and store it in a secure folder in Google Photos
Is Google Photos Safe and Secure
What measures can I take to achieve maximum security
I will save copies of the above photos on two secured Scandisc Memory Sticks
How do I add security to the Memory Cards
I'm trying to think of a location away from home where I can store one of the notepads and Memory Sticks0
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.8K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 453K Spending & Discounts
- 242.7K Work, Benefits & Business
- 619.5K Mortgages, Homes & Bills
- 176.3K Life & Family
- 255.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards