I shared a story the other day about a guy losing all of his crypto assets because of lax security measures he’s put in place for his online accounts.
My question to everyone is, what are you guys doing to make sure your accounts are not insecure? What password manager do you use and do you use 2FA or something like a YubiKey?
Be interesting to see responses here.
I don’t trust these things. I don’t know how they work because I have never used them. Do not even save passwords for anything in browsers to speed up logins. Write stuff down in a book and hide it somewhere. Having been in the IT business most of my working life and having written software over the years: it just seems to me that all of these password managers and the like are a risk. You’re saving your passwords in a file or online somewhere. Seems to me that it wouldn’t be a stretch for the developers of that software to get access to that information even if it’s encrypted. Dunno. Just never felt comfortable with stuff like this. But I am old fashioned and suspicious by nature so there’s that of course.
My password manager is purely analogue, haha.
Lastpass and use Google Authenticator. I am aware of Lastpass’ parent company’s (LogMeIn) history in this arena, but was using Lastpass before they were acquired.
Solid product on desktop and mobile, password generator, online access, shared passwords with the mrs.
I just have too many passwords to even try and remember. I now that I used randomly generated passwords for everything, there’s no way to remember all of those.
Used Roboform for the longest time.
I write my passwords down also. I think it’s the safest! Copy the recommended password somewhere and then write it down. Just too tedious though.
For me - I do agree that you really need to written down in the book like someone advice passwords for all very sensible info, for all the rest just do something like you really should do for a password for it just being a password and not more than that.
Yeah this is one of my concerns too but I have a friend who’s a developer and he does say that companies like LastPass are so much better at handling secure passwords than coming up with your own “safe” password. I like the randomly generated aspect of it, harder to crack esp if you have one account that gets compromised.
Can you imagine though if you’re traveling somewhere but then had to log in to an account but don’t have your notebook? What then? Or what if it gets lost or something…
I’ve started using 12-16 character passwords, randomly generated by Lastpass. I used to use the same password, plus a unique couple characters at the end, but that leads a would-be attacker to know my system, if he ever got hold of a couple of them. So I don’t do that any more. And manually entering 12-16 character passwords, whether just once or several times, really isn’t fun, especially with random characters, including special characters, not just numbers and letters. Lastpass will autofill the password based on the URL, or give you the option to select from multiple username/password pairs if you have them (say you have multiple email accounts with Google). Even on mobile!
I always have my phone with me, so I always have access to any site or app. And with 2FA, you get another layer of security. I actually don’t want to think about life without a password manager.
Have you ever looked into the possibility that LastPass gets compromised? I haven’t done my research on that yet but I would assume they have everything covered.
Good you have 2FA. Sim-based authentication seems to be really problematic.
I use 2FA now for security purpose but don’t know what this Yubikey is?
It’s basically a 2FA tool that’s tied to a physical device. You know how your 2FA right now is tied to your mobile phone and you could still use it even if you change sims etc? It can still be insecure because it’s hooked up to a wi-fi or some other thing your phone is connected to. This device is solely for 2FA and you bring it around with you.
It happened in 2015 actually. They got hacked. Some user data got stolen. But that’s the nature of the connected world. I don’t think you’re ever totally safe.
But at least LP does certain things to add complexity to a hack of user data (as opposed to whatever they do on their end). Multifactor authentication, local-only encryption, strong encryption protocols. Very similar to bank level security. But banks get hacked too, right. LP at least as the resources to fix issues quickly and continuously develop the product. Plus they have an Enterprise grade product, so that’s good for the consumer too.
Speaking of hacks, Equifax just got fined like $750 million for getting hacked!
Yup. Which is why some people will never leave their way of physically writing down passwords and them thinking their made up password is safe enough.
Then this happened.
Chrome and Opera browsers only. Still, the security researchers say the benefits of using a password manager far outweigh relying on just your memory or similar passwords for everything.
My broker has 2FA, that’s everything that I have… should I ramp it up?
That’s just great.
Take a look at Master Password. It’s a very unique password manager.
For 2FA I use OTP Auth.
How long have you been using this one?
Do you like OTP Auth better than Authy?
Master Password for about 2 years if I recall correctly. I have not used Authy so I cannot compare the two.