Moderator: Community Team
betiko wrote:I don t ask myself so many questions. I have a few passwords and change them once in a while. I think it s better to have very little passwords and change them often rather than have one for each thing. I think it s better to find good way to remember your pw, and only you know how your memory works and how you are likely to remember it. You forgot it? No biggie you just reset your pw.
saxitoxin wrote:OK, I'm officially kicking the following people out of this thread:
Metsfanmax
notyou2
Dukasaur
I need to getting fucking secure and lock my shit down. I don't have time for your shenanigans and shit-ass suggestions.
Thunderbird? For fucks sake. Maybe I should just use a FAX machine!
“If you want to avoid having your identity stolen, use long passwords that contain digits, punctuation and no recognizable words. Make up a different password for every Web site. And change all of your passwords every 30 days.”
Have these security pundits ever listened to themselves?
That advice is clearly unfollowable. I currently have account names and passwords for 87 Web sites (banks, airlines, blogs, shopping, e-mail, Facebook, Twitter). How is anyone — even a security professional — supposed to memorize 87 long, complex password strings, let alone remember which goes with which Web site?
So most people use the same password over and over again, and live with the guilt.
There are solutions. Most Mac and Windows Web browsers now offer to memorize passwords for you. But that feature doesn’t work on all Web sites, and is generally of little help when you pick up your phone or tablet. At that point, the only person you’ve locked out of all your online accounts is you.
The only decent solution is to install a dedicated password memorization program (like Roboform, KeePass, LastPass, 1Password, and so on). Last week, one of the best was just improved: Dashlane, now at 2.0. It’s attractive, effective, loaded with timesaving features and available for Mac, Windows, iPhone and Android — and it’s free.
Installation is quick. Dashlane works in Safari, Chrome, Internet Explorer and Firefox. It can import existing password “vaults” from rival programs.
Dashlane has two primary features. First, yes, it’s a password memorizer. Every time you type your account name and password into a Web page and press enter, Dashlane pops up, offering to memorize that information and fill it in the next time.
In fact, it also offers to log you in — not just to enter your password, but also to click “log in” for you. In effect, Dashlane has just removed the login blockade entirely. When you go to Facebook, Twitter or Gmail, you just click your bookmark, smile at the briefest flash of the login screen and arrive at the site.
Since Dashlane is now storing and auto-entering your passwords, you’re now free to follow the security experts’ advice. You can make up long, unguessable passwords — a different one for every Web site, since you don’t have to remember any of them. In fact, each time you sign up for a new account, Dashlane offers to make up such a password for you, and then, of course, to memorize it.
Dashlane’s second huge feature is even more amazing. It can also fill in other kinds of Web site forms: your name/address/phone number, and even your credit card information.
When you’re buying something online, and you click into the credit card number box, Dashlane displays pictures of your credit cards: Visa, MasterCard, American Express or whatever — even PayPal.
When you click the one you want to use, Dashlane instantly fills in the long card number, your name, the expiration date, even that accursed security code, in the right boxes. Every time you order something online, you save between 30 seconds and five minutes, depending on whether you have your card information memorized or have to go burrow through your wallet.
When you make a purchase, Dashlane even offers to store all the details in a digital receipt that you can call up later, along with a screenshot of the Web site where you shopped. This feature makes online shopping so frictionless, every dot-com retailer on earth ought to be promoting Dashlane as if its profits depended on it.
In fact, Dashlane can fill in all kinds of forms automatically: phone numbers, job titles, tax numbers and so on. If you’ve ever recorded multiple answers — you have two different Twitter accounts, say — two tidy buttons appear beneath the name box, bearing the account names. Click the one you want.
Unlike some rival programs, Dashlane doesn’t require you to associate one set of personal information to each “profile.” If you have three addresses, for example, you’re always offered those three when filling in a form. You don’t have to create three personalities’ worth of personal information.
So far, Dashlane probably seems designed for convenience, and that’s true. Behind the scenes, of course, its ultimate goal is security.
No system is foolproof. But Dashlane notes that it doesn’t ever see your passwords or your credit card information. They’re all stored on your own computer, encoded by the AES-256 encryption method, an open-source standard approved by the National Security Agency. Your entire Dashlane universe is protected by a master password. It’s intended to prevent a laptop thief from heading online with your missing computer and going on a shopping spree.
In version 2.0, furthermore, you have the option of using two-factor authentication — fancy lingo for an extra layer of security. To unlock Dashlane, you have to enter your master password as well as a code that Dashlane texts to your phone. It’s a pain, yes, but it effectively ruins the day of any ne’er-do-well who was hoping to guess or steal your master password.
Version 2.0 also introduces a convenient security dashboard, which identifies reused and weak passwords. It also eliminates the baffling points system of 1.0, which rewarded you for logging into Web sites. Thank goodness. There are iPhone and Android phone versions of Dashlane — also free and also fantastic.
The other big change in Dashlane 2.0 isn’t quite so joyous. True, Dashlane can wirelessly synchronize all your passwords between your computer and phone, so that the phone, too, automatically enters them as you surf. But in 2.0, that feature now costs $20 a year. (It used to be free, and still is if you used earlier versions of Dashlane. The company does urge the earlier Dashlane fan to make a one-time contribution — $40 seems to be its favorite suggestion.)
An annual fee? Really? That seems a steep charge by a company that, until now, seemed remarkably customer-friendly. Alas, that seems to be the model these days. Dashlane’s archrival LastPass is also free for Mac and Windows computers, and also stores your credit card and other information. But to use LastPass on a phone, you have to pay $12 a year.
Still, Dashlane is much better looking, better designed and easier to use. To fill in credit card information, for example, LastPass requires you to choose a “Choose Profile and Credit Card” command from a menu. Dashlane saves you one step and six pounds of terminology.
It’s not perfect. Each time Dashlane stores a password for you, it also nudges you to put it into a category (e-mail or social media, for instance) and associate it with one of your e-mail addresses. The company says that all of that paperwork is only a convenience — you can click right past it — but it’s still a befuddlement every time.
Now and then, I found a Web site that Dashlane couldn’t auto-log into, too.
And Dashlane doesn’t work in the built-in browser on the iPhone. (No password keeper can, Dashlane says, thanks to Apple’s rigid programming rules.) Instead, it offers its own little iPhone browser. (The Dashlane app for Android also has its own built-in browser now.) It’s fast, it’s almost exactly like Safari and it auto-fills all the Dashlane-ish stuff, but it’s more trouble to find and open.
Still, complaining more than briefly about Dashlane’s drawbacks is like grumbling about the taxes when you win the lottery. It saves you infinite time and hassle, it’s (mostly) free, and it belongs on your computer and phone this very day.
saxitoxin wrote:Woodruff wrote: My recommendation would be to keep the password complexity but reduce the extremely high number of original passwords.
OK, this seems like a good idea. I just checked my first 22 accounts and, of those, 10 have no ability to conduct financial transactions, whereas 12 do (i.e. Amazon, iTunes, etc.). So maybe I'll start by uniforming those 10 passwords.
notyou2 wrote:I recommend cloning yourself. It won't help much in the immediate future but should pay massive dividends in 15 to 20 years.
notyou2 wrote:I use the keyboard to formulate a nonsensical word with numbers and upper and lower case letters.
Does anyone else use the keyboard?
saxitoxin wrote:How strong is your password?
https://www-ssl.intel.com/content/www/u ... rdwin.html
My email password, according to this, says it would take 68 million years to crack, but that doesn't sound right.
Woodruff wrote:saxitoxin wrote:How strong is your password?
https://www-ssl.intel.com/content/www/u ... rdwin.html
My email password, according to this, says it would take 68 million years to crack, but that doesn't sound right.
That seems unlikely, given the tools available today. Is your password 267 characters long?
Metsfanmax wrote:LastPass
Woodruff wrote:notyou2 wrote:I use the keyboard to formulate a nonsensical word with numbers and upper and lower case letters.
Does anyone else use the keyboard?
What's a keyboard?
BigBallinStalin wrote:Envision a 6-drawer dresser from Kohl's.
Each drawer represents some category of all your many accounts (e.g. the emails is the top-left drawer, the ones with your credit card info is the bottom right drawer--you know, where you store your favorite purple dildo, etc.).
Within each drawer, you're going place a unique password. For each password of your emails (suppose: 10), you'll need to slightly change the unique password for each account. So, each one is different, but if you have a mechanism in mind for changing it around, then it's simple to figure out.For examples, you could even tie-in two characters from the account name which represent the password, or you can recall that the account name reminds you of some time you've had in Canada with the Mounties. Another way is to reinvent stories behind each account, and tie-in the relevance of each story to a unique password (it's like memorizing Chinese characters, duh!). That helps with memorization.
I don't use the above. I use one password for everything: asdf
saxitoxin wrote:Metsfanmax wrote:LastPass
just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume
Metsfanmax wrote:saxitoxin wrote:Metsfanmax wrote:LastPass
just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume
Well, I kind of expected you'd value your comfort over your security, so no big deal.
saxitoxin wrote:Metsfanmax wrote:saxitoxin wrote:Metsfanmax wrote:LastPass
just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume
Well, I kind of expected you'd value your comfort over your security, so no big deal.
What if there is a fire where I live and my computer burns up? Then I am locked out of every site in existence forever. That doesn't seem very secure.
What I really need is a password diary that I can store on an encrypted USB drive that can only be accessed through a two-factor authentication process. Then I would make 4 USB drives. I would keep one on my keychain, I would keep one in my dresser drawer, I would put one in a safe deposit box and I would keep a fourth at my emergency relocation site. There should be an easy way to plug all four of these into a single computer and sync them all when I update the login credentials for a site.
Does anyone know of something like this?
Metsfanmax wrote:
saxitoxin wrote:Metsfanmax wrote:saxitoxin wrote:Metsfanmax wrote:LastPass
just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume
Well, I kind of expected you'd value your comfort over your security, so no big deal.
What if there is a fire where I live and my computer burns up? Then I am locked out of every site in existence forever. That doesn't seem very secure.
What I really need is a password diary that I can store on an encrypted USB drive that can only be accessed through a two-factor authentication process. Then I would make 4 USB drives. I would keep one on my keychain, I would keep one in my dresser drawer, I would put one in a safe deposit box and I would keep a fourth at my emergency relocation site. There should be an easy way to plug all four of these into a single computer and sync them all when I update the login credentials for a site.
Does anyone know of something like this?
aage wrote: Maybe you're right, but since we receive no handlebars from the mod I think we should get some ourselves.
AndyDufresne wrote:No system is foolproof. But Dashlane notes that it doesn’t ever see your passwords or your credit card information. They’re all stored on your own computer, encoded by the AES-256 encryption method, an open-source standard approved by the National Security Agency.
--Andy
Metsfanmax wrote:saxitoxin wrote:Metsfanmax wrote:saxitoxin wrote:Metsfanmax wrote:LastPass
just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume
Well, I kind of expected you'd value your comfort over your security, so no big deal.
What if there is a fire where I live and my computer burns up? Then I am locked out of every site in existence forever. That doesn't seem very secure.
You wouldn't be locked out as long as you committed your master password to memory.
rishaed wrote:Sure you pull up a Word doc. Put your passwords on it then encrypt and Password it (unsure of security from Word docs with such things). Choose a passphrase thats easy to remember hit save as and save it on your four flash drives and Voila.
nietzsche wrote:I use Keepass and have the file on dropbox. I'm not sure if there are apps for android but i've seen one for iphone, tho i didn't buy it.
Im sure there are options that have apps in both android and iphone.
my Keepass and Dropbox password is all i have to remember, or even only the Keepass password if i make the file public on dropbox
saxitoxin wrote:nietzsche wrote:I use Keepass and have the file on dropbox. I'm not sure if there are apps for android but i've seen one for iphone, tho i didn't buy it.
Im sure there are options that have apps in both android and iphone.
my Keepass and Dropbox password is all i have to remember, or even only the Keepass password if i make the file public on dropbox
Does this mean you have to download the file from Dropbox everytime you want to login? Could I use Keepass plus a USB? Also is there two factor authentication with Keepass? I've had complex passwords broken so many times I don't sneeze without two factor authentication these days.
saxitoxin wrote:Metsfanmax wrote:saxitoxin wrote:Metsfanmax wrote:saxitoxin wrote:Metsfanmax wrote:LastPass
just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume
Well, I kind of expected you'd value your comfort over your security, so no big deal.
What if there is a fire where I live and my computer burns up? Then I am locked out of every site in existence forever. That doesn't seem very secure.
You wouldn't be locked out as long as you committed your master password to memory.
How would you not be locked out? I thought LastPass stored your passwords locally?
saxitoxin wrote:just gave that a try, can't stand the pop-up - feels ultra-chintzy ... every single website I go to - even the CC forums - it keeps asking me if it wants me to remember the password ... the whole user experience makes me feel as secure as a nietzsche in the donkey costume
Return to Practical Explanation about Next Life,
Users browsing this forum: jonesthecurl, mookiemcgee