• Welcome to the Two Wheeled Texans community! Feel free to hang out and lurk as long as you like. However, we would like to encourage you to register so that you can join the community and use the numerous features on the site. After registering, don't forget to post up an introduction!

Encouragement to update your TWT password

Forums New posts
Question about these password managers. I access the internet from my phone, a tablet, and up to 3 different PC's. How 'portable' is this password manager? Do I need to install separate instances and keep them up to date, or is it cloud based and I log into it from any device and it starts feeding all my passwords to me?
 
copb8 said:
Question about these password managers. I access the internet from my phone, a tablet, and up to 3 different PC's. How 'portable' is this password manager? Do I need to install separate instances and keep them up to date, or is it cloud based and I log into it from any device and it starts feeding all my passwords to me?
Click to expand...
Some store passwords locally. Some store in the cloud. Make sure they are being stored encrypted in the cloud. If you use Lastpass you can install the aps on your mobile devices and the plugin into your browser. Passwords are stored in the cloud.
 
don't even get me started


password_strength (1).png
 
Windmill said:
But I don't use a password to access S P site. Is there still danger?
Click to expand...
Back to the other aspect. Sloppy security in one place equals sloppy security elsewhere. Nefarious actor could plant malware on the site with poor security that could auto download just visiting.
 
copb8 said:
Question about these password managers. I access the internet from my phone, a tablet, and up to 3 different PC's. How 'portable' is this password manager? Do I need to install separate instances and keep them up to date, or is it cloud based and I log into it from any device and it starts feeding all my passwords to me?
Click to expand...
I use roboform across 3 computers and 2 phones. Stored in cloud
 
Texas T said:
While this is true, if you don't use the same PW on multiple sites then you are only compromised on the one site that itself has been compromised.
Click to expand...
Of course. Point is that the most secure PW in the world is of no benefit, if the user does not safeguard it properly. One slip-up (phishing email, etc.) and that 19 quintillion year password is compromised in a heartbeat.
 
Tracker said:
I use roboform across 3 computers and 2 phones. Stored in cloud
Click to expand...
I too use cloud based managers so everything is seamless; update on one machine and everything else gets the same info in the future. And even though it's in the Cloud, it's encrypted on my end before it is sent to them so even if they get hacked the hackers will still need to decode the encrypted information.
 
MidlifeCrisis said:
One slip-up (phishing email, etc.) and that 19 quintillion year password is compromised in a heartbeat.
Click to expand...
Which is the issue I faced in the past when running a help desk. We would teach the sales people about phishing, clicking on unknown links, etc, but as soon as we would walk away from them they would just go back to doing the same bad behaviors and we'd get hit again. Idiots.
 
Windmill said:
I changed mine last evening. How does Maria with numbers post over and over and it indicates it is her or his first post each time? Is it a new account every time,? It is all spooky on line these days.
Click to expand...

It is a different account each time. Normally ALL accounts are put in a queue where they have to be manually vetted and approved by an Admin. However, this particular spammer is getting around that system some how. If it possible to have the forum connected with Facebook so that people can register via Facebook and I did have that active, but has been deactivated for a while and the spammers are still getting in somehow. After asking around on the Xenforo support site and chatting with some other admins, the suggestion is that I disable the Tapatalk App. So I have disabled it for now to see if that stops them getting into the site. If it does, I will likely just leave it disabled permanently. I know some folks REALLY like it, but I can't have it causing problems. I would suggest folks try looking at the forum using a simple browser like any other website. The forum has a native mobile mode that is really good. If you are looking at the site on a large screen, just resize the browser window to make it really small and you will see exactly how it will look on a phone/tablet. It is actually fully functional, whereas Tapatalk does not give you access to all of the forum features.
 
All good stuff. Yubico's Yubikey combined with their Authenticator for the 2FA codes are nice if you are a security geek. All your codes are stored on the physical Yubikey, not on a pc to be stolen later.

Lastpass was bought by LogMeIn and has started shenanigans with pricing. BitWarden, Keepass and a few others are just as good without deal with the LogMeIn clowns. Use a password manager, create 30 character length entirely random passwords and forget trying to remember them all. It's like torque specs on the bike, I don't need to remember them all, I just need to remember where to find them.

Delete all the apps and use the website versions. Apps can track you much easier than a website.
 
2N2OUT said:
All good stuff. Yubico's Yubikey combined with their Authenticator for the 2FA codes are nice if you are a security geek. All your codes are stored on the physical Yubikey, not on a pc to be stolen later.

Lastpass was bought by LogMeIn and has started shenanigans with pricing. BitWarden, Keepass and a few others are just as good without deal with the LogMeIn clowns. Use a password manager, create 30 character length entirely random passwords and forget trying to remember them all. It's like torque specs on the bike, I don't need to remember them all, I just need to remember where to find them.
Click to expand...
Help me out here. If I lose or break my Yubikey what are my options?

As long as I'm using a PM such at BitWarden, the Yubikey is my 2FA to get into BitWarden and then everything else is normal after that?
 
You have 2 options depending on your risk tolerance.

1) Use a Yubikey or similar device as the 2nd factor to get into BitWarden. Store all remaining 2FA codes inside BitWarden.
2) Use BitWarden to store passwords, use Yubikey as BitWarden second factor, and use the same Yubikey/Authenticator to store the 2FA code generators.

Option 1 is easier, but if someone get's your vault, they get all the 2FA codes as well. Option 2 puts the 2FA codes on a physically device separate from the password vault and not on the computer's harddrive. More secure, but also more trouble.

There is a mis-conception that the 2FA QR codes can only be used once. As long as you have the QR code or manual key, you can create multiple devices that all work. I have multiple Yubikeys that all have the same codes on them. One gets stored away, one goes with me.

Other authenticator options include Google Authenticator, Microsoft Authenticator, Lastpass Authenticator, Duo Security, and a few others.
 
You definitely want more than one yubikey. One key you use and one for backup.

I have one, need to get another so I feel more comfortable committing to using it. I use it as a secondary 2FA option for the time being.
 
This whole password gig is so 20th Century. We should have moved pass it all by now. I like that some apps do 2-step authentication and fingerprint login on my phone and tablet. Nothing is 100% secure, of course, and everything has to balance with convenience and user-friendliness. If only tech industry would spare 1/10th of what they pour into data mining...
 
MidlifeCrisis said:
This whole password gig is so 20th Century. We should have moved pass it all by now. If only tech industry would spare 1/10th of what they pour into data mining...
Click to expand...
It's out there. I can't remember the last time I used my password to log into my work laptop. Part of the problem though is (rightfully so) paranoid security teams that are (not rightfully so) stuck in ten years ago. It's a continual fight between those who desire progress and those who fear all change because they don't know how to control it yet.
 
MidlifeCrisis said:
This whole password gig is so 20th Century. We should have moved pass it all by now. I like that some apps do 2-step authentication and fingerprint login on my phone and tablet. Nothing is 100% secure, of course, and everything has to balance with convenience and user-friendliness. If only tech industry would spare 1/10th of what they pour into data mining...
Click to expand...
and if only the bad guys wouldn't be bad.
 
You must log in or register to reply here.
Back
Top