What is the best way to deal with so many accounts these days?

[Huntn]

Mine is 10MB so yeah, definitely will fit a thumb drive, but I'd recommend perhaps a full system backup. I mean if you don't backup your Mac, then you have bigger problems then trying to recover your passwords.

I use Time Machine. Buy 1password once and use it on all your devices I assume? And it syncs between devices? Answer: It synch's via wifi according to: http://www.guidingtech.com/47530/1password-over-lastpass/

Personally I'm not paying 69$ for something my Mac already does for free. Only down side is it doesn't sync with windows (for work) but I can easily pull up passwords on my phone.

Please clarify what you are referencing. Thanks!

_________________________________________________________
http://www.asecurelife.com/dashlane-vs-lastpass-vs-1password-vs-roboform-vs-keepass/#1password

 

[rhett7660]

A bad idea. Bad - if you trust the Office password protection. And yes, it is crackable.
Also, where is stored your decrypted file? Is it in the safe memory or?

The safest way is to use encrypted file by symmetric or asymmetric cipher, open source.
I use a plain text document with PGP encrypted information.

What about a DMG file that has a 15 character random password? That is where I store my encrypted password files. Actually it is something along the lines of:

DMG file number 1 (256) - 15 characters
DMG file number 2 (256) - nested inside of DMG File number 1 - with it own 15 character password
Encrypted excel file

I have not tried 1Password but the more I read about it, the more I might have to give it a try.

 

[zone23]

I use Time Machine. Buy 1password once and use it on all your devices I assume? And it syncs between devices? Answer: It synch's via wifi according to: http://www.guidingtech.com/47530/1password-over-lastpass/



Please clarify what you are referencing. Thanks!

_________________________________________________________
http://www.asecurelife.com/dashlane-vs-lastpass-vs-1password-vs-roboform-vs-keepass/#1password

I'm not going to pay for 1Password when my Mac and Safari will already create passwords and store them in keychain for free.

 

[Weaselboy]

I'm not going to pay for 1Password when my Mac and Safari will already create passwords and store them in keychain for free.

Yeah... I don't get it either. I can see 1Password and others for cross platform, but for OS X and iOS devices Keychain works perfectly for me and is free. Keychain can create/suggest and store passwords and has secure notes for things like serial numbers. I must have an account on about every web site on the planet and Keychain works just fine for me.

 

[zone23]

Yeah... I don't get it either. I can see 1Password and others for cross platform, but for OS X and iOS devices Keychain works perfectly for me and is free. Keychain can create/suggest and store passwords and has secure notes for things like serial numbers. I must have an account on about every web site on the planet and Keychain works just fine for me.

I could see using 1password before OSX included this feature and if I was using 1password before I would probably just continue to use it. Now things are a little different and its built into the OS so I personally don't see the need for it, or justify the cost. As far as cross platform it only takes a minute to open passwords on my iphone/Mac to see what said password is.. So yeah I totally agree with you.

 

[BernyMac]

Pen and paper.

This.

 

[Huntn]

I'm not going to pay for 1Password when my Mac and Safari will already create passwords and store them in keychain for free.

Thanks for clarifying. I want cross platform.

Yeah... I don't get it either. I can see 1Password and others for cross platform, but for OS X and iOS devices Keychain works perfectly for me and is free. Keychain can create/suggest and store passwords and has secure notes for things like serial numbers. I must have an account on about every web site on the planet and Keychain works just fine for me.

I'm thinking I'll continue to use my text file in a secure sparse image. I keep a copy in a secure pdf on my iOS devices. Yes, it's not as convenient, when I have to manually copy and paste my password into my browser, or copy a new master file over to my other computer/ios device, but honestly that does not happen too often as I let Firefox store passwords, but not for financial institutions, I manually enter those every time.

I do like that I can easily see my passwords and credit card numbers without relying on a program to do so and add notes into the file, such as keeping a payment record, or notes about conversations with a vendor or an ongoing issue.

 

[zone23]

Thanks for clarifying. I want cross platform.



I'm thinking I'll continue to use my text file in a secure sparse image. I keep a copy in a secure pdf on my iOS devices. Yes, it's not as convenient, when I have to manually copy and paste my password into my browser, or copy a new master file over to my other computer/ios device, but honestly that does not happen too often as I let Firefox store passwords, but not for financial institutions, I manually enter those every time.

I do like that I can easily see my passwords and credit card numbers without relying on a program to do so and add notes into the file, such as keeping a payment record, or notes about conversations with a vendor or an ongoing issue.

I'm not understanding why do you need the PDF if you have a iOS device? Why don't you just look on the device too see the passwords?

 

[0970373]

I'm not going to pay for 1Password when my Mac and Safari will already create passwords and store them in keychain for free.

If it's just passwords & logins you're looking for then Keychain should definitely be enough. It's not for everyone but 1Password does a lot more than that. I've found it to be worth every single penny. I bought it early so it was little less than it is now.

Just be sure that no one has access to your Mac login (not necessarily your iCloud login) otherwise they can easily get your passwords.

 

[Weaselboy]

Just be sure that no one has access to your Mac login (not necessarily your iCloud login) otherwise they can easily get your passwords.

You can setup Keychain with a separate password if you like.

 

[zone23]

If it's just passwords & logins you're looking for then Keychain should definitely be enough. It's not for everyone but 1Password does a lot more than that. I've found it to be worth every single penny. I bought it early so it was little less than it is now.

Just be sure that no one has access to your Mac login (not necessarily your iCloud login) otherwise they can easily get your passwords.

You know now that you mention it I probably shouldn't have text my login in password to the meth head next door, LOL JUST kidding he doesn't have a phone can't afford it..

If it's just passwords & logins you're looking for then Keychain should definitely be enough. It's not for everyone but 1Password does a lot more than that. I've found it to be worth every single penny. I bought it early so it was little less than it is now.

Just be sure that no one has access to your Mac login (not necessarily your iCloud login) otherwise they can easily get your passwords.

I haven't given my password out to any strangers except there was that one phone call, it did seem a little odd asking for my password. I guess it was legit.. LOL

 

[0970373]

You can setup Keychain with a separate password if you like.

Yes, I've done that in the past but I still found it less secure than 1Pass overall.

You know now that you mention it I probably shouldn't have text my login in password to the meth head next door, LOL JUST kidding he doesn't have a phone can't afford it..

I haven't given my password out to any strangers except there was that one phone call, it did seem a little odd asking for my password. I guess it was legit.. LOL

If you go to Mac Safari Preferences > Passwords, you can show your passwords. While I'm sure you knew that before your smart remark, my reply is in case there were others who didn't know how easy it was to reveal. Many families share a login to a computer. Many don't even make it that hard to guess. If you have that, you can reveal the password.

 

[zone23]

Yes, I've done that in the past but I still found it less secure than 1Pass overall.



If you go to Mac Safari Preferences > Passwords, you can show your passwords. While I'm sure you knew that before your smart remark, my reply is in case there were others who didn't know how easy it was to reveal. Many families share a login to a computer. Many don't even make it that hard to guess. If you have that, you can reveal the password.

It wasn't a smart remark it was a joke. Gees.
[doublepost=1453238595][/doublepost]and NO we don't share any accounts on the computer why would we want to do that? Makes no sense at all. Also yes the wife knows my password if thats a problem then I married the wrong person.

 

[Аррlе]

Be aware: if your login account's password automatically unlock the system's keychain, the password reset for login will open the keychain. Once I helped a person (who didn't log out for a year! - and forgotten the password) to reset her password. I could do alone by myself. So: SEPARATE PASSWORD for login keychain.

 

[0970373]

It wasn't a smart remark it was a joke. Gees.
[doublepost=1453238595][/doublepost]and NO we don't share any accounts on the computer why would we want to do that? Makes no sense at all. Also yes the wife knows my password if thats a problem then I married the wrong person.

You're awfully defensive about this whole thing. It's ok that people have various ways of managing their situations. I'm very happy for you that you married the right person. It would be bad if you knew she was the wrong person and married her anyway.

 

[zone23]

You're awfully defensive about this whole thing. It's ok that people have various ways of managing their situations. I'm very happy for you that you married the right person. It would be bad if you knew she was the wrong person and married her anyway.

Well she is pretty easy on the eyes so I probably would have..

 

[elthesensai]

Right now I use the safari keywords. What I wish is that Apple would allow those passwords to be saved and used on the actual apps.

 

[Аррlе]

What about a DMG file that has a 15 character random password? That is where I store my encrypted password files. Actually it is something along the lines of:

DMG file number 1 (256) - 15 characters
DMG file number 2 (256) - nested inside of DMG File number 1 - with it own 15 character password
Encrypted excel file

I have not tried 1Password but the more I read about it, the more I might have to give it a try.

The strength of your password has point only to prevent someone to brute-force it or guess it in order to open your file.

But being paranoid myself I would clarify what I think. When closed/encrypted, your DMG file is safe, as long no backdoor is implemented in neither encryption algorithm nor the file system. That is fine.
But when you "unlock" the DMG, and you need to open your file. When your file is opened, it is opened UNENCRYPTED, it means, in order to be able to read it, to edit, the file system must store it somewhere. How it is implemented - I am not sure. But having secure virtual memory ON, and file-vault ON would probably help there.

Another vote for not storing the passwords outside of the password managers is need to copy-paste your passwords from one to another application, or to type it. It is a huge security risk.

I am a big fan of PGP, and plaintext.
Also, I would ALWAYS use the open source (to prevent eventual backdoors) such as KeePassX or GPGTools, or finally TrueCrypt (audited!).

 

[MilfordHe]

Right now I use the safari keywords. What I wish is that Apple would allow those passwords to be saved and used on the actual apps.

That's sounds very good. Thanks for your sharing.


hulle6 Lumia 950 case

 

[Eltina]

Most website accepts facebook or twitter to login, so, but actually a big trouble.

 

[Huntn]

I'm not understanding why do you need the PDF if you have a iOS device? Why don't you just look on the device too see the passwords?

Yes, I could simply rely on my iOS device password, or my Mac's password, but my thinking is that it's an extra layer of security. When I open the PDF on iOS, it asks for a password. On my Mac I need a password to open the sparse image. I have the document alias from thre sparse image in my dock, so when I click on it, I'm asked for a password. Is there a better way?

The strength of your password has point only to prevent someone to brute-force it or guess it in order to open your file.

But being paranoid myself I would clarify what I think. When closed/encrypted, your DMG file is safe, as long no backdoor is implemented in neither encryption algorithm nor the file system. That is fine.
But when you "unlock" the DMG, and you need to open your file. When your file is opened, it is opened UNENCRYPTED, it means, in order to be able to read it, to edit, the file system must store it somewhere. How it is implemented - I am not sure. But having secure virtual memory ON, and file-vault ON would probably help there.

Another vote for not storing the passwords outside of the password managers is need to copy-paste your passwords from one to another application, or to type it. It is a huge security risk.

I am a big fan of PGP, and plaintext.
Also, I would ALWAYS use the open source (to prevent eventual backdoors) such as KeePassX or GPGTools, or finally TrueCrypt (audited!).

Why is copy paste a huge risk, bigger than using a password manager that inserts the password at the appropriate time?

 

[zhenya]

I will plug the version I use here which is much lesser-known. It's called Password Safe. It's open source and very simple to use. It's not quite as feature-packed as some of the commercial versions, but there are inexpensive paid versions for Mac, Windows, iOS, Android. I keep the encrypted file on Dropbox (file is useless without the master passphrase which is kept nowhere except in my head) which allows it to remain in sync across all of my devices. It integrates with TouchID.

Why is copy paste a huge risk, bigger than using a password manager that inserts the password at the appropriate time?

The Password Safe page has some information on why this is not secure. http://passwordsafe.sourceforge.net/readmore.shtml

 

[Weaselboy]

Be aware: if your login account's password automatically unlock the system's keychain, the password reset for login will open the keychain. Once I helped a person (who didn't log out for a year! - and forgotten the password) to reset her password. I could do alone by myself. So: SEPARATE PASSWORD for login keychain.

No it won't. If you change the password through Users & Groups in the GUI, that requires entering the existing password, then selecting a new one... and that will change the Keychain password to match. But if you do not know the existing password and use either single user mode or "resetpassword" from recovery to reset the password, that does not change the Keychain password and you will not have access to Keychain. It will still be locked with the old password.

 

[Huntn]

I will plug the version I use here which is much lesser-known. It's called Password Safe. It's open source and very simple to use. It's not quite as feature-packed as some of the commercial versions, but there are inexpensive paid versions for Mac, Windows, iOS, Android. I keep the encrypted file on Dropbox (file is useless without the master passphrase which is kept nowhere except in my head) which allows it to remain in sync across all of my devices. It integrates with TouchID.



The Password Safe page has some information on why this is not secure. http://passwordsafe.sourceforge.net/readmore.shtml

I'm not resisting your suggestion, but trying to understand. I looked at your link and saw nothing there about why copy and pasting a password into a web page logging was unsecured, or not as secure as using a password manager.

Maybe not copy/paste but this:

• File integrity checks: Even if the file's encrypted, it's not necessarily prtoected against unauthorized modification. Password Safe implements integrity checks on the file so that an attacker cannot modify it without knowing the master passphrase.

Can you clarify? If there is a good reason to be using a program like this, I'll be happy to. Btw, this product does not appear to have a Mac version. I need cross platform.

 

[nightcap965]

1Password is more than just passwords. If I clutch my chest and collapse, it's the one place my grieving widow will find everything: passwords, bank accounts, credit cards, software licenses, auto information (VIN, registration, etc.), receipt information, etc. About the only thing it won't do is scrub my browser history.