Password managers

Oh is it? I assumed it had a standalone database with a browser extension linking to it. My bad.
 
Oh is it? I assumed it had a standalone database with a browser extension linking to it. My bad.

Actually, it is. You can access it without the browser plugin either through the website, or (as I use a lot) LastPass Pocket.

For the record, for the effectiveness of LastPass, I'll offer an antedote: A month or two ago, one of my old throwaway email addresses got broken into by a spammer and lots of spam sent. When I checked it, it was the only email that I hadn't bothered to fix the password for when I got LastPass.
 
I use a program called Password Safe, mainly to manage the gazillion passwords for servers and accounts I have to access at work. I don't use it for personal stuff.
 
It's been, like, a year since I started using KeePass and I still haven't changed the p/w to all my accounts yet! The important ones are done, the ones remaining are a bit bleh, but I still need to change them all.

I don't use a p/w manager at work, I just use a text file with all my usernames and passwords in it. This is in protest at IT insisting on using separate usernames and passwords instead of my Windows login to determine access in certain programs and systems. Oh, also, one system has the most ridiculous constraints of pw's EVER. 8-10 characters, no two consecutive chars the same, no pw that's "too similar" to the previous pw (no idea how that is defined!) so you can't just add 1 to the number... Unbelievable.
 
It's been, like, a year since I started using KeePass and I still haven't changed the p/w to all my accounts yet! The important ones are done, the ones remaining are a bit bleh, but I still need to change them all.

I don't use a p/w manager at work, I just use a text file with all my usernames and passwords in it. This is in protest at IT insisting on using separate usernames and passwords instead of my Windows login to determine access in certain programs and systems. Oh, also, one system has the most ridiculous constraints of pw's EVER. 8-10 characters, no two consecutive chars the same, no pw that's "too similar" to the previous pw (no idea how that is defined!) so you can't just add 1 to the number... Unbelievable.

The silly thing is also that just lifting the 10 characters max would make passwords a lot safer than all of this bs.
 
I don't use a p/w manager at work, I just use a text file with all my usernames and passwords in it. This is in protest at IT insisting on using separate usernames and passwords instead of my Windows login to determine access in certain programs and systems. Oh, also, one system has the most ridiculous constraints of pw's EVER. 8-10 characters, no two consecutive chars the same, no pw that's "too similar" to the previous pw (no idea how that is defined!) so you can't just add 1 to the number... Unbelievable.

As I've mentioned before, the goal of IT password policies is to cover IT's ass when something goes wrong, not to improve security in any meaningful way.
 
As I've mentioned before, the goal of IT password policies is to cover IT's ass when something goes wrong, not to improve security in any meaningful way.

Well, I don't know about that. Our password policies surely don't improve security, but I can't imagine that they provide any sort of cover. We have seven different systems at work that we are required to use the same password for, but that are unconnected in any other way (that I can tell from the outside, anyway). We're not supposed to connect non-college computers to the network, but we're allowed to boot our office computers from anything - CD, flash drive, additional hard drive - and all the classroom computers (which are connected to the network) have the same password giving access to administrator accounts on them; this password is prominently posted in some of the classrooms.
 
I've been using Last Pass for a couple weeks now, and I'm like it.

But it's not quite seamless. I've linked it to Google Authenticator, which is great. But too many websites aren't logging me off when i close chrome. Maybe gris is because I've listed a computer as trusted?

Also, im afraid that my phone is now my weakest link. That's the one I want to be mist secure, not least.

I really like the LastPass password generator idea, but it did not follow my instructions on characters to include.

I think it's worth the 12/year for mobile integration.
 
Back
Top Bottom