Cable Forum

Cable Forum (https://www.cableforum.uk/board/index.php)
-   Internet Discussion (https://www.cableforum.uk/board/forumdisplay.php?f=25)
-   -   Password managers. (https://www.cableforum.uk/board/showthread.php?t=33705223)

RichardCoulter 03-08-2017 17:06

Password managers.
 
After watching something about internet security, they advised upon getting a password manager.

How safe are these?

Is there any evidence of unscrupulous people using these in order to obtain passwords?

Can anyone recommend a good one?

What if the password manager itself gets hacked?

Thanks.

Paul 03-08-2017 19:13

Re: Password managers.
 
I have been testing "Lastpass" for a couple of months, it seems to work ok.

pip08456 03-08-2017 19:50

Re: Password managers.
 
Quote:

Originally Posted by Paul M (Post 35910644)
I have been testing "Lastpass" for a couple of months, it seems to work ok.

I've been using LastPass for a few years now. They got hacked a couple of years ago but due the the encription no-ones passwords were comprimised.

All in all very happy with it.

Onramp 03-08-2017 19:51

I would never trust any password manager.

RichardCoulter 03-08-2017 20:27

Re: Password managers.
 
Thanks for the replies everyone.

Why wouldn't you trust them Infamous, have you had a bad experience with one?

progers 03-08-2017 22:01

Re: Password managers.
 
A lot of password managers store your details on a web server, although they might be encrypted, passwords can still be broken using brute force dictionary methods.

I use Steganos Password Manager which saves the files to your PC which, IMHO, makes it inherently safer

Onramp 04-08-2017 01:03

Something feels wrong about providing someone else with your passwords. It is a centralized, externally-managed, more-humans-involved-than-just-you point of failure, which if not accidentally mishandled, could otherwise be deliberately misused.

SnoopZ 04-08-2017 02:15

Re: Password managers.
 
Last Pass is awesome, i use it on a PC.

RichardCoulter 04-08-2017 14:09

Re: Password managers.
 
Quote:

Originally Posted by RichardCoulter (Post 35910669)
Thanks for the replies everyone.

Why wouldn't you trust them Onramp, have you had a bad experience with one?

Corrected (spellcheck).

v0id 04-08-2017 15:32

Re: Password managers.
 
Quote:

Originally Posted by SnoopZ (Post 35910725)
Last Pass is awesome, i use it on a PC.

I use it on both PC and mobile, since you no longer need premium to do so

Hom3r 04-08-2017 15:37

Re: Password managers.
 
I use lastpass on my mobile, which requires my fingerprint.

TBH in your own home you could just write them down

Paul 04-08-2017 20:27

Re: Password managers.
 
Quote:

Originally Posted by Hom3r (Post 35910775)
TBH in your own home you could just write them down

Lastpass auto fills them, and auto logs you in.

Qtx 05-08-2017 18:30

Re: Password managers.
 
Quote:

Originally Posted by pip08456 (Post 35910654)
I've been using LastPass for a few years now. They got hacked a couple of years ago but due the the encription no-ones passwords were comprimised.



They got hacked at one point and encrypted passwords stolen. That was probably less of an issue than:

1) the problems with their browser extensions (which fill in the passwords for you) that actually meant anyone running a website could completely pwn your computer. Remote code execution.

2) again an extension/addon issue which allowed any website to read your unencrypted password for any site they wanted. Basically it tricked the addon in to thinking you was on the site the password was for.

Both extremely bad issues and as with ANY software, it's unknown if there are other issues waiting to be found.

In reply to original poster....TL;DR Use Lastpass or Keepass2/KeepassX. Lastpass has prettiest interface and less hassle auto password entry. Keepass has not such a great interface and the way it inputs passwords is a bit of a hack on windows if I remember rightly. might not be everyones cup of tea. Keepass you can keep locally off the cloud if you want or sync to something like dropbox or manually if you want to use the passwords elsewhere too. Ignore 1Password.

At least having different passwords for different sites is a good start but you should let the password manager generate a secure password for you.
I'm paranoid through 'being involved in security' and penetrated enough systems and decrypted enough databases which has scared me enough to never want to store anything on the cloud, so would never use Lastpass, but for the average person it's an ok choice. I would recommend it to family as an easy choice, if I had not set them up other options.

Saying all that about LastPass...the other password managers, especially ones where your passwords are stored locally on your computer have another issues. Once you enter your master password to decrypt your password database, the decrypted passwords are in memory. Even though some try and make it difficult to just read the passwords straight from memory, it can be done and there are public/private tools to do so.

You already need to be infected by something to do that though. Whereas RAT's or traditional malware may have keyloggers or read your browser when you login to get passwords for the sites you visit, having a password manager open could potentially mean someone could read the memory and get ALL your passwords, even for sites you have not visited since infection. The chances of this happening are slim. Unless you are a journalist or something that the NSA/GCHQ's of the world are targeting, you shouldn't really worry. A determined hacker targeting you for whatever reason and is aware enough to read the process's, spot the password manager and then know about the tools to read the memory, is possible but again slim.

There is more of a chance that the sites you visit will get compromised and your username/passwords stolen from those, than your password manager.

Matthew 06-08-2017 07:41

Re: Password managers.
 
I use Last Pass and even bought the next one up so I can use it with the app on my mobile. Yes there is some risk with it all but its mainly forums and other none important sites I have on there, all the important ones either have a different password I know or I use 2 factor like I do to even access my last pass.

heero_yuy 06-08-2017 10:24

Re: Password managers.
 
I use the manager that's built into Firefox. The passwords are stored locally and can be protected with a master password.

I've not heard that it's ever been compromised but anything is possible.


All times are GMT +1. The time now is 07:19.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.