1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Password strategy

Discussion in 'Tech Talk - Gadgets, Gizmos and Technology' started by dpeters11, Jan 3, 2011.

Tags:
  1. Jan 3, 2011 #1 of 11
    dpeters11

    dpeters11 Hall Of Fame

    16,345
    503
    May 30, 2007
    Cincinnati
    After Gawker got hacked, I started to rethink my password strategy, even though from all my checking, my password was not compromised, and it wasn't one I used for anything sensitive.

    I think I found the right solution, and thought I'd share it with anyone that is interested. I do want to put it out there, that I have no financial interest in the company.

    The software is called LastPass, and they have plugins for IE, Firefox, Chrome and Safari and works on Windows, Mac, Linux and all the common mobile devices, though there are a few caveats on the mobile side.

    They do store your passwords, but in my research, they do it in a way that is impossible for them or anyone else to decrypt (unless someone can guess your master password), but then they take it about three steps further.

    Hope this is of help to someone. I'm not a crypto expert but can go into more detail of the security as I know it if anyones interested.

    I can go into detail for anyone interested, but it's as bulletproof as I think possible, and the end result is you can have each site you log into with a different random password that there are too many possibilities for a brute force hack, and if one site doesn't store passwords encrypted, it won't work anywhere else.

    Most of their features are free, except the mobile apps. That requires a Premium account, of $12 a year.
     
  2. Jan 3, 2011 #2 of 11
    RasputinAXP

    RasputinAXP Kwisatz Haderach of Cordcuttery

    3,145
    12
    Jan 23, 2008
    The Android mobile solution is awful. It's an entirely separate browser.
     
  3. Jan 3, 2011 #3 of 11
    dpeters11

    dpeters11 Hall Of Fame

    16,345
    503
    May 30, 2007
    Cincinnati
    I haven't looked at the Android browser, but I'm wondering if it's similar to iPhone. The problem may be that the Android browser doesn't support plugins, so they have to include their own browser to give you full functionality. There are times when they are limited by the device browser.
     
  4. Jan 4, 2011 #4 of 11
    The Merg

    The Merg 1*

    10,289
    35
    Jun 24, 2007
    Northern VA
    Interesting... I might need to look into it...

    - Merg
     
  5. Jan 4, 2011 #5 of 11
    dpeters11

    dpeters11 Hall Of Fame

    16,345
    503
    May 30, 2007
    Cincinnati
    I'm still finding features...they have it covered if you're using a public terminal, and you're concerned a keylogger is installed. If you set it up ahead of time, you can generate one time passwords that only work once, or use an on screen keyboard. They also support two factor through a Yubikey, or their own program, called Sesame on a USB key. I know Yubikey support is on the premium side. They do have a free multifactor function called the grid. It generates random letters and numbers in 26 columns and it will ask you the corresponding characters for 4 coordinates on the grid. Of course you can invalidate a grid and create a new one at any time. After entering the right characters, you can set a particular system to not need the grid, so you don't need it at home. Would assume it would be very inconvenient if you forget it at home when travelling (unless you had your database on a mobile device).

    Very good form filler as well, can import from Roboform, the browser etc.
     
  6. Jan 4, 2011 #6 of 11
    flexoffset

    flexoffset Godfather

    338
    0
    Jul 16, 2007
    I use 1Password and sync it to my Dropbox. Works on all my computers and iPhone. No matter where I am I have all my information. It also catalogs all your software.

    You can also run a filter on certain passwords and conditions to see if you have duplicates, etc. It also generates passwords up to 50 characters and you can select the ratio of numbers and symbols, too.

    Works in Chrome, Safari, Firefox, etc.

    http://agilewebsolutions.com/onepassword
     
  7. Jan 4, 2011 #7 of 11
    RasputinAXP

    RasputinAXP Kwisatz Haderach of Cordcuttery

    3,145
    12
    Jan 23, 2008
    That's the gist of it, yeah. Dolphin Browser supports plugins so they make a 1Password plugin for it, but otherwise it's their own browser. Understandable, but awful in my personal opinion.
     
  8. Jan 4, 2011 #8 of 11
    pfp

    pfp Whatever

    1,564
    0
    Apr 28, 2009
    Yup, something like this is definitely the way to go. Personally, I use Roboform.
     
  9. Jan 4, 2011 #9 of 11
    dpeters11

    dpeters11 Hall Of Fame

    16,345
    503
    May 30, 2007
    Cincinnati
    Does Roboform save a copy on the Internet? Having the same data on any PC I use was a major factor for me.
     
  10. pfp

    pfp Whatever

    1,564
    0
    Apr 28, 2009
    It can - it used to be called Roboform online and was free with the Pro product. Checking now it appears to be $20/yr and no longer included with Pro. It's all a bit confusing.

    I'm actually looking into LastPass as there are some things it does I might like better than Roboform.
     
  11. Mark Holtz

    Mark Holtz Day Sleeper DBSTalk Club

    10,565
    93
    Mar 23, 2002
    Sacramento, CA
    The solution I use is KeePass. I keep my passwords stored on my USB stick, and then back 'em up to a hard drive using FreeFileSync. There is also a Android App called KeePassDroid which uses the KeePass file, which I can then keep synced with the Android version of Dropbox.

    But, that's the solution that works for me.
     

Share This Page