Results 1 to 5 of 5
  1. #1
    5 Star Lounger
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    1,070
    Thanks
    42
    Thanked 132 Times in 86 Posts

    More good questions on password management




    LANGALIST PLUS


    More good questions on password management



    By Fred Langa

    As PC users rethink how they manage their passwords, interesting questions emerge. For example, what happens if someone hacks the site that's storing your passwords? And are browser-based password managers safe?


    The full text of this column is posted at windowssecrets.com/langalist-plus/more-good-questions-on-password-management/ (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.

  2. #2
    New Lounger
    Join Date
    Dec 2009
    Location
    Naples, Florida, USA & Bury, UK
    Posts
    10
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Hello Fred,

    I think that I may have raised this issue previously, but I still do not have a good answer to the problem.

    I use Lastpass, and have done so for many years. However, most bank sites in the UK require multiple levels of login information.

    The first screen usually asks for the standard username/userid and password. Then a second screen asks for random characters from another piece of information. A third screen may even ask for more digits from yet another memorized number, sometimes using an onscreen keyboard with randomised numbers.

    Sometimes I have been able to use Lastpass to store several pieces of information for one website (say, one entry per screen with different URLs), but that does not help with random requests.

    I do not have an answer, as I said before.

    Th bottom line is that I use Lastpass wherever possible and to the extent that it will allow, but I cannot see how Lastpass (or any other password manager) could cope with these enhanced security features on UK banks' websites.

  3. #3
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 984 Times in 914 Posts
    I use KeePass and it handles "random" data requests easily, but this use requires you to manually set up the process in KeePass, which can be a bit of work. Luckily the KeePass forum is very helpful.

    cheers, Paul

  4. #4
    2 Star Lounger
    Join Date
    May 2002
    Location
    Londonderry, Ireland, Northern
    Posts
    159
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Fred Langa says "So the best password managers bypass the keyboard buffer. "
    Which are they,please?
    All help gratefully received!

  5. #5
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,191
    Thanks
    48
    Thanked 984 Times in 914 Posts
    Bypassing the keyboard buffer can be done by using drag n drop or injecting the data directly into your browser. Unfortunately the bad guys know how to extract the data from the browsers so if your computer is compromised all bets are off.
    I suggest you try a few managers and see which one works for you, then invest time and maybe money in ensuring your PC is free from malicious software.

    cheers, Paul

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •