OzBoz Posted April 11, 2022 ID:1510935 Share Posted April 11, 2022 (edited) Good morning, "Never use the same password on more than one site." I often see this quoted on numerous sites, and while I can see the purpose for this, I have one very serious reservation. I have 60+ sites for which I have passwords stored in LastPass. I have one very secure and memorable password to open LastPass, and 60+ reasonably secure passwords on all the other sites. My concern is what happens if LastPass (or any other password manager) somehow crashes or goes out of business leaving me with 60 passwords I can't remember. I am left then with trying to log into those sites one at a time, and using the "Forgot Password" facility. In addition, some sites I've used, have asked for old password before requiring entry of a new one. What, if any, are the security aspects of having a singe password of 16 or more digits, of all types, one that I can remember, for all my sites? The word seems to be that it would take 1 trillion years to crack that password. I realise that this is a trade off between security and convenience, but at that kind of time frame to crack, I would argue that convenience comes out on top. I'm looking for views, particularly pointing out something I haven't considered, so please feel free to shoot me down. Edited April 11, 2022 by AdvancedSetup Corrected font issue 1 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted April 11, 2022 Root Admin ID:1510944 Share Posted April 11, 2022 I use Keepass and even if the Open Source software stops being supported it's still local and it will continue to work regardless of their site. You can store an old password in the database too. I do that myself. I put the date I changed the password and what the previous password was. https://keepass.info 1 1 Link to post Share on other sites More sharing options...
Insomnimatic Posted April 30, 2022 ID:1513597 Share Posted April 30, 2022 AdvancedSetup's suggestion to use KeePass is probably the best option for anyone that is worried about using remote password managing software. I "used" to use (I still do on my phone) Avast's password manager, which has been basically discontinued for some time, now. The way things went when they decided to remove the product: Avast did make it known that their manager was basically going to be discontinued for the time being, but they actually decided to keep the servers online. So anyone that still has Avast Passwords installed on their device(s) can actually still use it. They aren't accepting new users, but thankfully all current users, free and premium, can access and use Avast Passwords. I don't think many others would go this route, but I imagine that if a password managing company was going under, they would at least give their customers a very early warning due to the highly sensitive data they are storing. I'm going to try to add to AdvancedSetup's post with a bit more information and some things to avoid when setting up / using KeePass: KeePass allows you to: Create multiple database backups Keep your database files synced. store database files via (S)FTP, local storage, or on an external device. Set up a lot of useful / convenient options that can make your experience better than the vanilla setup. I would recommend having at least 2 - 3 database backups that manually get updated as soon as you add or remove an item to your "main" or "daily use" database (only if one or more of your database backups are not accessible to the syncing function). This next part is fairly obvious but figured I should mention: You should try to come up with a decently secure Master Password for your database(s). If your database somehow ends up in someone else's hands and your master password is something you commonly use or a slight variant, it's possible that it could be cracked / brute forced. I also want to warn you that you probably will want to avoid using the "Windows User Account" option. If you have a database that is locked with this option and something happens where you need to do a factory reset or if you upgrade/downgrade Windows versions on your machine, you've basically bricked the database (SourceForge KeePass WUA Discussion). Even if you create your new Windows account with the exact same name, password, etc... KeePass does not recognize the new account as the original user account. I would recommend instead that you use a combination of the master password and a key file (KeePass Key File Information). I keep my key file on a flash drive that I keep at my desk. That's all that I use it for and I keep a few backups of the key file on multiple storage devices, just in case the flash drive decides to fail. It sounds like a lot of maintenance, upkeep, and somewhat inconvenient, but once you get comfortable with KeePass or a similar local password manager, you'll at least feel at ease knowing your passwords won't just disappear, you have full control over the storage and security of your database(s), and it's much less likely that your passwords will be leaked / stolen. Helpful Links: First Steps Tutorial KeePass Forums Installation and Update Database Synchronization Plugins information and Plugins list Link to post Share on other sites More sharing options...
Recommended Posts