Jump to content

Menu

Recommended Posts

Posted

I know I should be using a different password for every app and website. I don’t. But my work has been pounding security into all of us. And my healthcare info was recently compromised. So, I know that bad things happen, and I know I should be doing something differently.

I actually don’t even understand what a password manager is. I mean, my browser asks me if I want it to remember my password. Is that the same as a password manager? What is it I’d be signing up for? Why isn’t one place that stores all my passwords a dangerous thing? 

And then, if I’ve been convinced to get one, I’ll need recommendations of free ones. 
 

Thanks

Posted

I’ve used Last Pass for years. They generate long, secure passwords for you and remember them for each site. You can specify what kind of special characters you’d like, how many characters you’d like, if you want it to be easy to dictate (avoiding O & 0 confusion), etc. It’s also helpful because if the domain appears to be your bank but is actually a scam site, it will not give your password. 
 

Browsers & even systems (Apple has their own PW memory feature across devices now) can remember passwords now, but IMO they still aren’t as helpful as a service like LastPass. I use the free version. 

  • Like 1
Posted

Thank you. This is helpful. 
 

Here’s a question: if the password manager is remembering the password for me, do I even need to know the password? Why would I care how many letters or special characters it uses?

Posted (edited)

We use Bitwarden. You have a master password that you remember and it keeps a bank of all your usernames and passwords for each site. I installed a browser extension and there is a tiny pop-up when I visit a site and Bitwarden has a remembered password. It also has a password generator, and if I change my password on a site, it’ll pop up and ask if I want it to remember the new log in for that site. 

I can even use it on my phone, though it’s not quite as streamlined as on the computer. I have an iPhone and you can install your own password manager instead of using the built in one. 

My son is in cybersecurity and this is the one he uses and recommends. It’s free, but you can upgrade to a paid version that has a few more features. I’ve never felt the need to have the extra features. 

Edited by Forget-Me-Not
Posted
9 minutes ago, Amethyst said:

Thank you. This is helpful. 
 

Here’s a question: if the password manager is remembering the password for me, do I even need to know the password? Why would I care how many letters or special characters it uses?

That’s the whole point of the password manager. You can generate long passwords with numbers/letters/special characters and it keeps them all for you and you just remember one master password to log into the manager itself and access all those other passwords. 
 

The only reason you’d care how many/what kind of characters is because different websites have different parameters for their required passwords. They might say you need 9 characters with at least one number and one special character. Bitwarden, the one I mentioned above, lets you set several parameters when you’re generating a passcode. Probably they all do, but Bitwarden is the only one I’ve used 😊

  • Like 1
Posted

When the idea of passwords came about, back in the dark ages, the fear was someone physically getting your device or getting your actual card and PIN number, or finding a list of passwords written down and stashed in your desk drawer, so us old folks were educated that a password should never be written down anywhere. As technology has evolved, it is much less likely that a “bad guy” will come in to your house and steal your list of passwords. It is much more likely that any such theft/hack will be done electronically from a remote location often by a computer instead of a person on their own computer like in the old movie War Games. Thus the need for complex passwords that cannot be quickly figured out by a computer program came in to being. These passwords are too complex and too numerous to be remembered by most people, so some sort of password management system is needed. I do use my main browser for that as I am not really worried about someone getting ahold of my physical device and using the save passwords for bad things. My DH has his own computer, and his own list of passwords that I don’t know, but I do know his primary password that will allow me into his list of passwords should I need that.

Posted
1 hour ago, Forget-Me-Not said:

We use Bitwarden. You have a master password that you remember and it keeps a bank of all your usernames and passwords for each site. I installed a browser extension and there is a tiny pop-up when I visit a site and Bitwarden has a remembered password. It also has a password generator, and if I change my password on a site, it’ll pop up and ask if I want it to remember the new log in for that site. 

I can even use it on my phone, though it’s not quite as streamlined as on the computer. I have an iPhone and you can install your own password manager instead of using the built in one. 

My son is in cybersecurity and this is the one he uses and recommends. It’s free, but you can upgrade to a paid version that has a few more features. I’ve never felt the need to have the extra features. 

“It keeps a bank of all your usernames and passwords for each site” - how is this better than the list I keep on my Notes app of all my passwords?

I also have an iPhone. There is a builtin password manager?? Maybe that’s a good place for me to start. 

Posted
3 hours ago, Halftime Hope said:

With all the data breaches, how would anyone trust a password manager site not to be a high value target for hackers?

I wondered that before I started using lastpass. IIRC, their encryption was something akin to crypto, essentially unbreakable. It seemed much better than me trusting a notebook or a notes file in my phone. Plus I’m not capable of constantly coming up with 16 digit, random, unbreakable passwords for every site I use. 

  • Thanks 1
Posted
3 hours ago, Amethyst said:

 

I also have an iPhone. There is a builtin password manager?? Maybe that’s a good place for me to start. 

Idk that it is, because for example, if your bank changes its secondary URL sites (our credit union did twice when they changed their name), I don’t know where you can get in and see the password for the old URL to use on the new one. It’s much easier to just use lastpass. 

Posted
4 hours ago, Amethyst said:

“It keeps a bank of all your usernames and passwords for each site” - how is this better than the list I keep on my Notes app of all my passwords?

I also have an iPhone. There is a builtin password manager?? Maybe that’s a good place for me to start. 

It’s much more secure. You need to have the master password to access the bank. 

Posted

We like LastPass. We only need to remain the main password for the system. It's very practical and user friendly.

Posted
8 hours ago, Halftime Hope said:

With all the data breaches, how would anyone trust a password manager site not to be a high value target for hackers?

This is my question as well. 

Posted
11 hours ago, Amethyst said:

if the password manager is remembering the password for me, do I even need to know the password? Why would I care how many letters or special characters it uses?

You don’t have to know the password. I don’t know and have never seen several of my passwords. My password manager generated the passwords and I copy/paste them without ever seeing the actual characters. 

 

12 hours ago, Amethyst said:

I mean, my browser asks me if I want it to remember my password. Is that the same as a password manager?

No, that is different from a password manager. That system is tied to a specific browser on a specific computer. You can only “see” a password when you use that browser on that computer to view that web page. A password manager still works if that browser or computer crashes. Just log into the password manager on a different device. A password manager will also generate passwords for you, evaluate the strength of a password, let you know if a password is reused, advise if more secure login is available such as two-factor authentication, and let you browse through and edit existing entries. 
 

10 hours ago, Halftime Hope said:

how would anyone trust a password manager site not to be a high value target for hackers?

I’m sure that these password manager companies are high value targets for hackers. The difference is that I expect a password manager company to have security drilled into every employee and every ounce of code.
 

For other companies, you may be surprised how many people touch data without really thinking about the security aspects of handling the data, much less thinking deeply about security. 
 

This is also why I pay for my password manager. I like some of the paid features, but I also believe that it is important for the company to generate enough money from subscribers to pay for quality software engineers.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...