Page 3 of 4 FirstFirst 1234 LastLast
Results 31 to 45 of 48
  1. #31
    3 Star Lounger
    Join Date
    Jul 2010
    Location
    Raleigh, NC
    Posts
    207
    Thanks
    10
    Thanked 19 Times in 16 Posts

    Arrow Asking the wrong question?

    Quote Originally Posted by DavidToronto View Post
    I'm not locked in to a single computer: I often use the computers of friends or colleagues, or an iPod. Do I have to make sure I have Roboform on a thumb drive every time I go out the front door? Some computers don't allow thumb drives.
    I'm a RoboForm fan. Like a previous poster, the initial v7 upgrade from v6 was a disaster (shame on RoboForm for that), but they quickly released an update, and since then all has been well.

    In v7, the RoboForm Everywhere sounds like it might help you somewhat (but not entirely). Creating mnemonic passwords might also help (such as using a run-on sentence that's easier to remember than an abstract character string).

    The bigger issue is that you want to securely access important sites (banking? investing? email?) on computers over which you don't have any control (which is why you can't use RoboFormToGo on a flash drive or install a RoboForm Everywhere client). In my mind, the real question is whether this promiscuous computing is really such a good idea. Even unique, strong passwords can be trapped by key-logging or WiFi sniffing, and a strange computer may have more security holes than you can shake a stick at. Yeah, it's convenient to just grab any old keyboard and go, but all it takes is one major security breach to blow that convenience factor all to hell (one identity theft can follow you around for a decade or two, as my wife can attest).

    One last thought (though it doesn't mitigate everything I just said): I've read about flash-drive devices that carry an entire operating environment (with browser and mobile apps), bypassing any malware that runs from the computer's HDD. As long as a system can boot from USB, you can use such a device, even on a system that blocks USB after boot. This still doesn't address the possible network vulnerabilities, though.

  2. #32
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,306
    Thanks
    138
    Thanked 113 Times in 97 Posts
    Quote Originally Posted by bmeacham View Post
    What about Linux and Mac? I regularly use both Win 7 and Mac and occasionally a Linux machine. Is there a program I can put on a USB drive that would work with all three? Or a web-based solution that would work with all three?
    LastPass works for all three OSes.
    -- Bob Primak --

  3. #33
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,306
    Thanks
    138
    Thanked 113 Times in 97 Posts
    Quote Originally Posted by G.B.Davis View Post
    Anyone ever give a look at PasswordCard http://www.passwordcard.org/en ? I keep coming back to it, but haven't invested a lot of energy in it yet. I suspect it is either a really good and clever idea, or a really stinky one -- no middle ground, one or the other. I first came across it in June 2010, but haven't seen any buzz about it elsewhere. They've recently added mobile apps (iPhone/iPod, Android, etc.), which may mean nothing in the long run.

    Anyway, just curious if there are any opinions one way or the other.

    JustGeorge
    I'd give an experienced hacker twenty minutes to crack this or any other handwritten cryptographic mnemonic card.
    -- Bob Primak --

  4. #34
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,306
    Thanks
    138
    Thanked 113 Times in 97 Posts
    Quote Originally Posted by captaink View Post
    I also have been using Last Pass for over a year now. I occasionally get a minor hiccup (like having to tell it to fill in my user name and password) but find it to be 99% functional.

    I generally create my own passwords but with variations I could never remember. Because I am not a very trusting type I also list all of my sites and their passwords in a folder in MS Outlook and keep it current "just in case". That folder is also included with my critical daily backups.
    And can't the whole Universe see and read that Outlook Folder? Why use any passwords at all if anyone who hacks into your Outlook Account has all your passwords at their fingertips?
    -- Bob Primak --

  5. #35
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,306
    Thanks
    138
    Thanked 113 Times in 97 Posts
    Quote Originally Posted by bethel95 View Post
    I'm a RoboForm fan. Like a previous poster, the initial v7 upgrade from v6 was a disaster (shame on RoboForm for that), but they quickly released an update, and since then all has been well.

    In v7, the RoboForm Everywhere sounds like it might help you somewhat (but not entirely). Creating mnemonic passwords might also help (such as using a run-on sentence that's easier to remember than an abstract character string).

    The bigger issue is that you want to securely access important sites (banking? investing? email?) on computers over which you don't have any control (which is why you can't use RoboFormToGo on a flash drive or install a RoboForm Everywhere client). In my mind, the real question is whether this promiscuous computing is really such a good idea. Even unique, strong passwords can be trapped by key-logging or WiFi sniffing, and a strange computer may have more security holes than you can shake a stick at. Yeah, it's convenient to just grab any old keyboard and go, but all it takes is one major security breach to blow that convenience factor all to hell (one identity theft can follow you around for a decade or two, as my wife can attest).

    One last thought (though it doesn't mitigate everything I just said): I've read about flash-drive devices that carry an entire operating environment (with browser and mobile apps), bypassing any malware that runs from the computer's HDD. As long as a system can boot from USB, you can use such a device, even on a system that blocks USB after boot. This still doesn't address the possible network vulnerabilities, though.
    If you do not control the computer, it is very unlikely that the owner of the computer will allow use of Flash-Drive based Operating Systems. They can be blocked, and are almost always blocked at public computers. This is a security precaution to prevent hacking the computer or its network. This is also why U3 Portable Apps never really caught on.
    -- Bob Primak --

  6. #36
    New Lounger
    Join Date
    Dec 2009
    Location
    Appleton, WI
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Back in the days when I had a Palm, I found SplashID very useful. It had a desktop component that synced up with the Palm. I installed the desktop component on several computers (all PCs) which I used daily, and I had easy access to all my passwords. Now I have a Blackberry, and although I had to buy SplashID again for the new smartphone, and it had a different desktop component, I was able to transfer my passwords without any trouble. (Export from the old one, import into the new one.) Recently, I was without my Blackberry for a few days, but was still able to retrieve my passwords using the desktop software. When the replacement arrived, I was also able to restore them to the Blackberry. SplashID may have a cost for its use, but being able to preserve my passwords through all the various platforms that come and go in my life has been worth it to me.

    I use Xmarks for syncing bookmarks across the various browsers I have to use, and they were bought by LastPass. XMarks has worked flawlessly for me. Enough so that if I ever find that SplashID no longer works for me, I would seriously consider switching to LastPass.

  7. #37
    4 Star Lounger
    Join Date
    Mar 2011
    Posts
    551
    Thanks
    3
    Thanked 35 Times in 30 Posts
    Quote Originally Posted by bobprimak View Post
    And can't the whole Universe see and read that Outlook Folder? Why use any passwords at all if anyone who hacks into your Outlook Account has all your passwords at their fingertips?
    Please tell us how to protect Outlook, or anything else, from hackers, now that you have raised the subject.

  8. #38
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Milwaukee, WI
    Posts
    737
    Thanks
    23
    Thanked 63 Times in 51 Posts
    Quote Originally Posted by bobprimak View Post
    I'd give an experienced hacker twenty minutes to crack this or any other handwritten cryptographic mnemonic card.
    I think this would actually be pretty secure. There are hundreds if not thousands of possibilities and you could easily add your own spin to it, for example, every capital E in specific columns is really a 3. Anyone who want to hack a password uses a powerful computer to do it, they won't sit and do so manually. This all assumes they know the person they are trying to hack is using this card.

    Where I have trouble with the idea of the "password card" is that memorizing the color codes and symbols is no easier than remembering passwords for dozens if not hundreds of accounts. I have at least 25 different accounts for work alone! And at least 50 for personal use.
    Chuck

  9. #39
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Milwaukee, WI
    Posts
    737
    Thanks
    23
    Thanked 63 Times in 51 Posts
    Quote Originally Posted by bethel95 View Post
    The bigger issue is that you want to securely access important sites (banking? investing? email?) on computers over which you don't have any control (which is why you can't use RoboFormToGo on a flash drive or install a RoboForm Everywhere client). In my mind, the real question is whether this promiscuous computing is really such a good idea. Even unique, strong passwords can be trapped by key-logging or WiFi sniffing, and a strange computer may have more security holes than you can shake a stick at. Yeah, it's convenient to just grab any old keyboard and go, but all it takes is one major security breach to blow that convenience factor all to hell (one identity theft can follow you around for a decade or two, as my wife can attest).
    My answer to this is a couple of questions: Why make yourself a victim by logging into personal finance sites on a public computer? You wouldn't leave valuables in motel room or your cell phone or camera visible on the front seat of your locked car, would you? At least I don't. And neither will I use public computers for personal business. I do carry a netbook when traveling that has no personal data on it. Then if I really need to access my bank account, I can do so and my most used passwords are memorized so need for a password manager, but I never use it for that anyway. I also carry a flash drive with a copy of Password Safe, again if I really need it. The netbook is used primarily for checking the weather, dropping photos on while traveling, and playing games when sitting and waiting for something to happen.
    Chuck

  10. #40
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Milwaukee, WI
    Posts
    737
    Thanks
    23
    Thanked 63 Times in 51 Posts
    Quote Originally Posted by dogberry View Post
    Please tell us how to protect Outlook, or anything else, from hackers, now that you have raised the subject.
    We had a joke where I used to work that Outlook was a VTP. Virus Transfer Protocol. That said, Outlook is a fine program for calendaring, e-mail and a host of other things, but it is not secure unless you are connecting to an Exchange server. Storing passwords in personal copy of Outlook is dangerous because they are in clear text. As Mr. Primak said, there is no security to this way of storing them, so why use a strong password if your going to store them in unencrypted. One might as well write them on a piece of paper and post them next the PC.

    Securing Outlook or anything else is a matter of using common sense, a large part of which is securing your entire PC and your home network.
    Chuck

  11. #41
    New Lounger
    Join Date
    Dec 2009
    Location
    Massachusetts
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by ruirib View Post
    A bit off topic, but I agree with you about the cloud. Even the bigger players have huge issues. A few weeks ago, Amazon had huge problems with people and enterprises locked out of their accounts for days. This week Google's blogger service hasn't yet recovered from a maintenace release. Now imagine this happening to you... either with a regular PC, or even the upcoming Chrome laptop.
    So I do enjoy the cloud, but nothing serious for me goes on there. Not without a local copy, or better, multiple local copies.
    I agree with your cloud sentiments...but let me clarify that with respect to LastPass. Your passwords are not stored in the cloud via LastPass. Only hashed and salted versions of them are there. So, it effectively takes a double hack (access to the encrypted hashes, and then decryption) to access your private data from LastPass. Not impossible, but...

  12. #42
    Lounger
    Join Date
    Apr 2010
    Location
    Philadelphia, PA
    Posts
    38
    Thanks
    11
    Thanked 0 Times in 0 Posts
    I've used a few different password managers a few years ago, but settled on KeePass. I keep the app and the database on a thumb drive and its backed up on an external HD in addition, on my laptop. I've had no problems and it works perfectly for me. I have a 20+ character master password.

  13. #43
    2 Star Lounger cyberdiva's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    131
    Thanks
    15
    Thanked 6 Times in 6 Posts
    I was a longtime RoboForm user and fan. When I bought a netbook, I put LastPass on it and liked it so much that I eventually put it on my old desktop and now my new desktop as well. Indeed, even though I had bought a license for RoboForm 7 (desktop), intending to put it on my new computer, I've found I like LastPass so much that I haven't bothered to install RoboForm.

  14. #44
    New Lounger
    Join Date
    Jun 2013
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have been using Password Depot, http://www.password-depot.com/, for many years.
    It works very well, and if you program it, simple, it will fill in user name and password
    for a website with a single click. Very good, well programmed, useful password manager.

  15. #45
    New Lounger
    Join Date
    May 2010
    Location
    Washington State USA
    Posts
    15
    Thanks
    6
    Thanked 0 Times in 0 Posts
    A BIG warning on Steganos Password Manager. I use an older version (7.x) on an old WinXP machine. All available updates for the software were applied. The company has since moved to newer versions with yearly enhancements. I stuck with Ver 7 as I didn't need the newer features.

    BIG mistake!!! A recent series of Windows .NET updates from Microsoft blew out Password Manager. It won't open and gives a typical debug message. And, it apparently scrambled the actual password file. I tried importing into a later version (12) that I use on my Win7 PC. No luck as it won't recognize the password for the Ver 7 password file. Even the backup file won't work. I tried a Restore Point recovery on the XP box but that didn't help either.

    So, just because you keep your legacy software updated don't assume some other company (Microsoft) can't break it. I've just spent the better part of two days going through the various password reset procedures for the sites I can remember. I'm concerned about the stored passwrods for hardware devices, etc. The Steganos sync feature isn't helpful here because the passwords from the Win7 and XP boxes need to be separate and distinct.

    I know, I know, get off the old systems and software you say. Sounds fine in theory, but the practice sometimes won't allow it.

    Ron

Page 3 of 4 FirstFirst 1234 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •