Password Managers

[MikeB]

I've used the free version of LastPass for forever, I think it was one of the first password managers. Never had a problem but in the last couple years I've read of some data breaches, one they initially said was only in the development environment and later admitted user data was hacked and stolen, although encrypted. My confidence level wasn't high so I read reviews and gave 1Password a try on a Black Friday 50% off sale. Works pretty well, you can import the old credentials from the old product or export/import a csv. The critical part is changing the passwords on the sites, especially financial ones otherwise you're importing old passwords that may be hacked. My wife had a hacking event at her job so I also froze all three credit bureau accts.

Curious what, if anything, others may be doing to combat this problem. 

[Gator]

6 hours ago, MikeB said:

I've used the free version of LastPass for forever, I think it was one of the first password managers. Never had a problem but in the last couple years I've read of some data breaches, one they initially said was only in the development environment and later admitted user data was hacked and stolen, although encrypted. My confidence level wasn't high so I read reviews and gave 1Password a try on a Black Friday 50% off sale. Works pretty well, you can import the old credentials from the old product or export/import a csv. The critical part is changing the passwords on the sites, especially financial ones otherwise you're importing old passwords that may be hacked. My wife had a hacking event at her job so I also froze all three credit bureau accts.

Curious what, if anything, others may be doing to combat this problem. 

I too had LastPass, but dropped them several years ago after their first data breach. Obviously I changed all my passwords as well. I started using Apple’s password manager, but given the number of data breaches that seemingly occur every day I changed to Sticky Password.

Sticky gives you the option of cloud storage or keeping your passwords only on your devices (which IMHO is the safest way you can go) and back them up onto a secure flash or external hard drive. You can sync your passwords across all your devices via your home WiFi. Occasionally they offer a lifetime premium membership for about 40$. (Not an ad for them nor am I affiliated with them either)

[Lee]

8 hours ago, MikeB said:

Curious what, if anything, others may be doing to combat this problem

I avoid the password manager issue altogether by writing my passwords down and consulting the list as required. The list is typically stored in an out of the way location.

A duplicate list serves as a backup if the original becomes misplaced.

[Me2]

I use Roboform. Been using them for years and very happy with them. When I first signed up it was free for a limited number of entries. No idea if that's still the case. I pay $23.88/yr.

The only problem I have had was when I couldn't remember my password for Roboform. I had to rebuild the entire database. PITA!! 

[Possum]

I've been using Keeper for a few years, seems to be OK.

Being a Luddite I also print out my passwords every 6 months or so and put the list in an undisclosed location

[MikeB]

10 hours ago, Gator said:

I too had LastPass, but dropped them several years ago after their first data breach.

Yea, I should have dropped them years ago, just laziness. Having the data breach is bad enough w/o lying about it. The new one seems to have a lot better features.

Freezing the credit reports seems like a no-brainer, won't stop cc fraud if they already have your info but should prevent anyone from opening a new acct in your name. Seems like it would be a lot harder dealing with identity theft or fraud in your home country while living overseas, especially if the lender didn't know you were. 

[Guy F.]

I've been using the password manager which is an integral part of the Firefox browser. Haven't had a problem in 15+ years. I use 2 separate services which monitor the web and dark web for data pertaining to me. Have only had one notification of a minor leak in all these years.

[OnMyWay]

I will play completely dumb here and maybe gain some knowledge.

I keep all my passwords in Excel.  I have never succumbed to using a password manager as it always seemed to me that giving all my passwords to a third party was risky.  I don't let my browsers remember passwords either.

What would be the advantages for me to start using a password manager?  Less risky than Excel?  Better overall security? Ease of logging into websites?  Better backup / recovery when disaster strikes?

[Gator]

1 hour ago, OnMyWay said:

I will play completely dumb here and maybe gain some knowledge.

I keep all my passwords in Excel.  I have never succumbed to using a password manager as it always seemed to me that giving all my passwords to a third party was risky.  I don't let my browsers remember passwords either.

What would be the advantages for me to start using a password manager?  Less risky than Excel?  Better overall security? Ease of logging into websites?  Better backup / recovery when disaster strikes?

Nothing wrong with what you’re doing Don, and it’s probably one of the safest ways as well (as long as no one else except those you trust can access it). However, if you’re using long passwords with a lot of caps, special characters etc, doesn’t it get tedious each time you log onto a website and need to refer to your Excel spreadsheet?

IMHO the main advantage of a password manager is it allows you to have very long and complicated passwords, which are unique to each website, that you don’t have to type in each time. Therefore you get better overall security and it’s easier to sign in.

If you’re a little paranoid about trusting a password manager to securely store your passwords in the cloud, then get one that allows you to only store them on your devices. Some allow you to print out hard copies (you can always take screen shots and print those out) and most will allow you to export your passwords to a flash drive or external hard drive as well. 

Edited November 29, 2023 by Gator

[MikeB]

2 hours ago, OnMyWay said:

What would be the advantages for me to start using a password manager? 

As Gator says, the main thing is convenience. The single point of failure is the master p/w. With that you can login and export the credentials to a csv in a couple clicks, IF you don't have 2FA. But that's not stored anywhere but with you. Even if they hacked the pw manager database the data is encrypted so I don't think they could do anything with it. Your credit card liability is capped by federal law at $50 if it's fraud and most don't charge that if reported promptly. Identity theft is a bigger concern to me, I've read some horror stories of people being arrested, losing excellent credit, bankruptcy, etc.