- This topic has 6 replies, 6 voices, and was last updated 6 years, 11 months ago by
.
-
Posts
-
PC Magazine just published their best passwords for 2018. The link is below. They list the ones they rated the best. I’d like to know who is using what and your experience. Many have been hacked including Last Pass. Thank you.
I forgot to enter the link. It is: https://www.pcmag.com/article2/0,2817,24011970,00.asp
Thank you.I’ve been using Keeper and recommend it to my clients and family. Can be used for more than just passwords as well. Accessible on all platforms and easy to use. Remembering one password is so much easier than hundreds!
Last year DashLane and LastPass were both the top picks. I went with a “Team” subcription to LastPass, and “share” folders with my individual clients. It serves the purpose. They offer a Free version for clients, but LastPass restricts access to same types of devices unless you go with the Premium version. Premium was $1 per month and now went up to $2 per month recently.
IT Professionals used the hack of the LastPass system was a demonstration of how good LastPass’ encryption is, because the hackers couldn’t get to the personal information.
A couple of my clients use DashLane. I don’t have any experience with that app, but the price is about twice as much.
I like Lastpass. In addition to storing passwords, I also store images of documents like our passports, social security cards, birth certificates, etc. I also use it for keeping information such as software licenses, etc.
You can also “share” passwords with family members that have an account. For example, I manage our electricity bill and cable/internet. I can share that password with my husband in case he needs to access that information as well.
And lastly, they have a “trusted contacts” feature where someone you designate can request access to your Lastpass account. You set a time limit of hours, days, weeks or months in which they need to wait to have access.
The way it works is that they request access to your account. An alert will come up on your phone or when you log in saying “this person wants to access your account.” If you don’t deny them access within the period you select (hours, days, weeks or months), Lastpass will give them access to your account. This is valuable in the case that someone is either incapacitated or dies.
I touched on this topic at the AADMM conference for digital security. My personal preference is an offline program called Keepass https://keepass.info/. I’ve been using it for over 8 years, it is very secure and is open source and free to use.
I have multiple keepass files, one for my business, one for my personal use, one that is shared with my wife, etc. If I need online access, I use dropbox, oneDrive or Google Drive. Another free offline password manger I have used is called PasswordSafe https://pwsafe.org/ I can also highly recommend.
For online password managers, you can use any of the major players which include Lastpass, 1Password, Dashlane, EnPass, Keeper, iCloud Keychain or Roboform. While what Keeley said about Lastpass may be true, you should also know that this does not mean that these programs do not have problems that can expose passwords. If you look at this article https://thehackernews.com/2017/02/password-manager-apps.html it explains that while the passwords on the server cannot be accessed, researchers were able to get password due to flaws in the apps that were created by these companies.
Since I work for a network security company, I’m a little more paranoid then your average user. Besides my keepass files and enabling 2-factor authentication for most accounts, I recently decided to use a company located in Switzerland called SecureSafe https://securesafe.com. The employ a zero knowledge technique where they do not keep your master password. That way, no one (including you) can reset your password by clicking on a link. They also have the data inheritance feature that Kendra mentioned. It is a two party system where your trusted friend/relative will notify them if you die and then after a set number of days, access to your passwords are given to whomever you designate. The delay is there so that if someone tries to implement the data inheritance feature before you pass, you are able to stop it from occurring. Even if you don’t use the data inheritance feature, you should always make sure that someone else knows the master password in case something happens to you.
I applaud you in taking this step. Besides using a password manager, other recommendations from my talk is to use secure passwords (longer is better than complex), use 2-factor authentication on important accounts (including email) and have multiple backups.
Thank you Steve. I was at the conference and saw your speech. I came home right away and changed all my passwords as you had recommended. I am now trying to figure out which password manager would be best because it is exhausting trying to keep them all in order and taking on clients to help them be secure means I need something to help me manage this. I am also looking into digital data and making sure that those files are safe. One of the programs I was looking at was Crashplan and the other was Carbonite. I need easy and accessible.
- You must be logged in to reply to this topic.