Hope you find them useful
One major issue that seems under-reported: the security of the ownership of a company such as LastPass.
Were a sizeable offer made for the company, ownership might change hands & the new owners may prove untrustworthy or downright nefarious.
Nobody would be the wiser - until the deeds were done.
There are several enterprise password managers. Pleasant Password Server is based on KeePass.
LP = LastPass, shortened. KP = KeePass, also shortened. PW - password. TOTP is a Time-based One-Time Password
.NET = a programming framework developed and used by Microsoft on Windows operating systems. See https://en.wikipedia.org/wiki/.NET_Framework
.REG = a file extension for a text-based file that contains information from the registry / to be imported into the registry. See http://filext.com/file-extension/REG
SSL = Secure Socket Layers, a method employed to make connections to networks more secure (in a nutshell, before others start trying to correct me here). See https://en.wikipedia.org/wiki/Transport_Layer_Security
URLs = Uniform Resource Locator - see https://en.wikipedia.org/wiki/Uniform_resource_locator
FTP = File Transfer Protocol, another method to access your files over a network, see https://en.wikipedia.org/wiki/File_Transfer_Protocol
UFD = USB Flash Device, see https://en.wikipedia.org/wiki/USB_flash_drive
HD = Hard Drive.
MSDN = Microsoft Developer Network. See https://en.wikipedia.org/wiki/Micros...eloper_Network
RDP = Remote Desktop Protocol. See https://en.wikipedia.org/wiki/Remote_Desktop_Protocol
TCATO is, according to KeePass's website, Two Channel Auto Type Obfuscation, and it is linked to the wiki page from KeePass explaining all about it.
TFA is two factor Authentication, as explained in the next sentence (and also called Two Step Verification).
I think that covers almost all of the ones I used.
Well I wasn't trying to write an estate planning guide. Just trying to remind people that this online stuff lives on after the owner shuffles on. Lots of tools in addition to a will are out there: transfer on death docs, designation of beneficiary docs, successor trustee doc, etc will give your survivor(s) legal access to the stuff you leave behind without having to involve the local and federal governments.
I have used Roboform account for many many years.It automatically sync's every day to my online everywhere account with them and I also do a printouts.I have over a hundred passwords and the important ones get changed every 3 months or so.All of the passwords are high strength.You can also set a master password for them all.I love it and no reason to ever change unless someone can prove my online everywhere account with them is not safe.
I have discovered yet another problem with the Chrome PW keeper. It never seems to forget, even if you ask it to! My bank uses a series of security questions (among other things) to increase the security. When I attempt to log in, using my userid, it enters whatever I answered the last time I answered one of the security questions! Then it errors out, and each time it enters a DIFFERENT answer, until the third attempt and then it locks me out! I have unchecked all the boxes in Chrome, yet it still tries to guess the answers. It's such an aggravation that I am near to pulling what little hair I have left, OUT! Password keepers just seem to me to be an ideal way for someone to hack into your system. Not really worth the trouble.
This is quite out of my field of knowledge, but I believe any password that is other than a completely random set of characters is vulnerable to decryption. The length of time (or cost) to decrypt the password will depend on the length of the key and the number of permutations in the character set. So, any key built with an algorithm is less than random regardless of the complexity of the algorithm. Someone with more knowledge of this topic might wish to comment? Also, I believe this is what compromised the Enigma machine for the German army/navy in WWII.
+10 for LastPass. Using a local password manager (KeePass for example) works great if it's just you AND you never loose the stupid thumb drive. I live in a household and the idea of trying to keep multiple independent password keepers in sync is a logistical nightmare. That's why I've opted for LastPass. Encrypted remotely. Encrypted locally. Available on pc, laptop, mac, windows, droid, kindle, you name it. I can download a copy of the password in the event that LP goes dark. Totally complex usernames and passwords for every site that I don't have to remember. I totally love this product.
As a side note, the only problems I've ever had with 'hacking' were all physical attacks. I had my cc number used without permission, most likely stolen from a place of business by the cashier and banking data stolen when an employee of a check processing center left with a box of tapes. My on-line life (which started with CompuServe in '85 or '86) has actually been pretty calm so, while there are concerns, I don't sweat it all that much.
A relatively simple password that is 20 characters long is inherently more secure than a short random password, plus it's easier to remember.
Test these two passwords at GRC and see how you get on.
STrange I don't see that anyone has mentioned Yubikey. Used in conjunction with lastpass and properly set up It is impregnable. And a darn site easier the TFA/ Well as long as you dont lose your yubikey. I cannot get into my LP account without Yubikey from anywhere, especially my phone.
I really wish access to my phone was tied to my Yubi as well but thats another story.
Yubikey is great, but it is a physical item which you must not lose. I find a password I can remember is a preferable method.
I use a 'system' for making passwords most of the time, so have some similarity between passwords, making some easy to remember. For financial accounts and my main e-mail, I use complex ones, and which might (as an example only) include the name of my first girlfriend, with 1stgf as part of the typed password, making it hard to crack if someone else does sight it in spite of precautions. Such mnemonic systems only go so far though, as different websites have different password rules, hence the need to record them.
Never use Net cafes, I did a handful of times until I saw around two dozen malware processes running on the computer there. Management will claim they are safe, by which they mean (if it's not just spin) that the computers are re-imaged nightly. That won't save you unless you're the first customer of the day.
Call me a Luddite, but I still keep all my passwords in a Microsoft Word document. When travelling I have it on my laptop, in a document secured by the excellent freeware AxCrypt, as well as the laptop's boot password (and I password the BIOS when travelling, as well as requiring passwords on wake from sleep/hibernate). In case of laptop loss, major breakage or theft I have a copy online similarly secured in a personal file storage account (only when travelling), with a very good password on that account. That password would be needed in a disaster, so I put it (encoded) in the planner that goes with me everywhere. If I was travelling a month and lost my laptop, I'd buy a cheap replacement for the trip, and sell it afterwards and choose a better one (if not too cash strapped from all the holidaying).
And a fairly recent passwords list if the sh1te really hit the fan is available in my full offsite partition backup, on a small external hard drive, which is of course entirely encrypted and kept with a trusted family member. I swap it out with a more recent drive full of backups every couple of months.
The 'passwords in a document' system involves more typing than KeePass or similar, but I don't have to pay a company to store my passwords or rely on perhaps inferior freeware, don't have to have a website login method the password-storage program will work with, don't have to worry if the password software company gets hacked, and what guarantee is there that any company won't get hacked, especially those with something as inviting as thousands of users' complete passwords lists on their servers (encryptions have been broken in the past). Also, I can add whatever notes I want to each account name/password set, including the e-mail address used to sign up, which varies since I use Spamgourmet (which rules). I can even add a note when a site sucks by abusing the e-mail address I gave them, etc.
I'm not giving up the paper planner soon either, guess I'm part Luddite and part geek. A lot depends on personal preferences. But I will observe that in the decade I spent as systems analyst, I did learn that the lower tech solutions are sometimes by far the best solutions.
If you can take all those steps to keep an inherently insecure document pretty well secured, then just how secure would a KeePass database, that is already encrypted by default, be?
As for LastPass users, well, KeePass is Open Source, and other than the professional version relying upon .NET, it's completely free, with no advertising at all, and no fee to upgrade to a premium use.
It does take some work to get all of the features that I use it for to work (no inherent support for TFA challenge / response, you have to use a plugin, same goes for favicons for websites) but it also has the advantages of being able to store files, like SSL certificates, etc. and being available offline, with no usage restrictions on how many times you use it per hour / day / week / month / year.
Mind you, I'm not saying anyone here is wrong for their particular method of storing passwords - I'm simply pointing out that, given a chance, I think that KeePass would work very very well as a substitute for most of the methods posted here.