Altcoins Talks - Cryptocurrency Forum
Crypto Discussion Forum => Cryptocurrency discussions => Technical Discussion => Topic started by: Forsyth Jones on October 03, 2024, 10:51:07 PM
-
Do you use a password manager for your online accounts, exchanges, 2FA and wallets?
Which one do you use and why? Share your experiences.
What do you think of closed-source password managers like 1Password?
And open-source ones like Keepass?
Here is a comparison of most password managers (https://docs.google.com/spreadsheets/d/1Flrc_iT86qWsodrfi8vq0tSwEHT9JNVOVEuyXgMUm-U/edit?gid=1036735176#gid=1036735176) (I don't know if the list is up to date), which may help you in your choice.
(https://www.talkimg.com/images/2024/10/03/is99d.png) (https://keepass.info/)
-
Do you use a password manager for your online accounts, exchanges, 2FA and wallets?
Yes, although i don't store 2FA secret key or wallet on it.
Which one do you use and why? Share your experiences.
I use KeePassXC since it's available on Windows, Mac and Linux. Most Linux distro also provide it on their reposutory, so i also can install it easily using command such as apt-get install keepassxc.
What do you think of closed-source password managers like 1Password?
And open-source ones like Keepass?
I don't use closed-source ones, since it means they're less transparent and i need to trust them more. Although i don't have skill to read and understand KeePassXC code either.
-
Yes, I used to use Lastpass but moved my stuff from there when they were breached a while ago and now I am using offline password manager called Password safe [1], and make regular encrypted backups of data.
For 2FA stuff, I use Aegis authenticator [2].
[1] Password Safe (https://play.google.com/store/apps/details?id=com.reneph.passwordsafe)
[2] Aegis Authenticator (https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis)
-
Yes, although i don't store 2FA secret key or wallet on it.
You can use a unique database.kbdx for your 2FA secret keys on another device to reduce attack vectors if you want, although the worst app for saving 2FA keys is Auth, I used it for many years, but today I use either Apple Passwords or KeePass itself.
I use KeePassXC since it's available on Windows, Mac and Linux. Most Linux distro also provide it on their reposutory, so i also can install it easily using command such as apt-get install keepassxc.
I also use keepassxc on Linux and Keepass2 on Windows, recently I started using Keepassxc on Windows too, it's fascinating to use biometrics to unlock the database and the browser extension!
Although these features are possible in keepass2 through plugins, it's always good to have this native in the keepassxc software.
One of the interesting features in Keepass2 is the fact that you can use a Trezor device (https://keepass.info/plugins.html#kptrezor) as a key file through the challenge-response similar to the yubikey, however, to use the trezor as a key file you need to install a third-party plugin for this, but it works well. Installing a plugin means depending on third-party security, which I consider a disadvantage, however if it's open source it can be audited by the community.
I don't use closed-source ones, since it means they're less transparent and i need to trust them more. Although i don't have skill to read and understand KeePassXC code either.
I really don't see the point in using a proprietary password manager where you rely on third-party infrastructure and trust, although it does offer more convenience for those who are not tech-savvy.
In Keepass, besides being free and open source, we have all these features, including Passkeys in keepassxc (https://keepassxc.org/docs/KeePassXC_UserGuide#_passkeys).
Yes, I used to use Lastpass but moved my stuff from there when they were breached a while ago and now I am using offline password manager called Password safe [1], and make regular encrypted backups of data.
For 2FA stuff, I use Aegis authenticator [2].
[1] Password Safe (https://play.google.com/store/apps/details?id=com.reneph.passwordsafe)
[2] Aegis Authenticator (https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis)
I didn't know about Password Safe, and about this Aegis Authenticator, can I import/export my secret keys if I want to switch services? As far as I know, Auth sucks for this, although some services don't allow it for security reasons.
On the iPhone I use Strongbox, which is a version of Keepass for iOS, it's also open source and supports passwords, storing 2FA keys, attaching files, etc and has a very beautiful and sophisticated UI.
-
Yes, I used to use Lastpass but moved my stuff from there when they were breached a while ago and now I am using offline password manager called Password safe [1], and make regular encrypted backups of data.
For 2FA stuff, I use Aegis authenticator [2].
[1] Password Safe (https://play.google.com/store/apps/details?id=com.reneph.passwordsafe)
[2] Aegis Authenticator (https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis)
I didn't know about Password Safe, and about this Aegis Authenticator, can I import/export my secret keys if I want to switch services? As far as I know, Auth sucks for this, although some services don't allow it for security reasons.
Yes, you can export/import database.
This was major reason for my switch as Google authenticator didn't support backing up database then, and it was cumbersome to manually write entries each time I would switch a device.
-
The only password manager I used was the one in the browser (Firefox), but only for a short time because I decided to trust myself more than any software in this regard. It's not that I don't understand the need for some people to use such programs, considering that they may have tens or hundreds of passwords, but I'm more in favor of the old-fashioned approach of storing them offline on paper.
In addition to multiple copies of such backups, which is logical, I protect myself additionally by having a part of each password that is saved separately (and is identical for all passwords), say something like a passphrase. In other words, even if someone finds all the passwords, they can't do any harm with them, because in addition to the key being in my head, it's also stored in an extra secure location.
-
The only password manager I used was the one in the browser (Firefox), but only for a short time because I decided to trust myself more than any software in this regard. It's not that I don't understand the need for some people to use such programs, considering that they may have tens or hundreds of passwords, but I'm more in favor of the old-fashioned approach of storing them offline on paper.
The same thing with me, with the fact that I use several different browsers and I have classified each one for different things. For example, in Opera I have login information for some important things like primary email, some of the exchanges etc... Firefox is the second level and there are some things related to work, while Chrome is the 3rd level and that includes everything else, accounts for various testing and the like, mostly without major risk.
-
Yes, although i don't store 2FA secret key or wallet on it.
You can use a unique database.kbdx for your 2FA secret keys on another device to reduce attack vectors if you want, although the worst app for saving 2FA keys is Auth, I used it for many years, but today I use either Apple Passwords or KeePass itself.
That's good point. Although i got used using 2FA application on mobile device, which also offer backup feature.
I don't use closed-source ones, since it means they're less transparent and i need to trust them more. Although i don't have skill to read and understand KeePassXC code either.
I really don't see the point in using a proprietary password manager where you rely on third-party infrastructure and trust, although it does offer more convenience for those who are not tech-savvy.
In Keepass, besides being free and open source, we have all these features, including Passkeys in keepassxc (https://keepassxc.org/docs/KeePassXC_UserGuide#_passkeys).
I also don't see the point either. But it's popular since they usually spend more money on advertising. As for convenience, i believe BitWarden offer similar convenience with proprietary ones. Although you still need to trust them, since you can't inspect code on their server.
-
The only password manager I used was the one in the browser (Firefox), but only for a short time because I decided to trust myself more than any software in this regard. It's not that I don't understand the need for some people to use such programs, considering that they may have tens or hundreds of passwords, but I'm more in favor of the old-fashioned approach of storing them offline on paper.
The same thing with me, with the fact that I use several different browsers and I have classified each one for different things. For example, in Opera I have login information for some important things like primary email, some of the exchanges etc... Firefox is the second level and there are some things related to work, while Chrome is the 3rd level and that includes everything else, accounts for various testing and the like, mostly without major risk.
It already makes sense when we talk about risk reduction because not all passwords are found in one browser - but the vulnerabilities that are often discovered in most browsers just completely put me off using them as password managers. Somehow, it is much more logical (safer) for me that they are completely offline, although even with such storage I always have a certain fear that some keylogger will get into my system and somehow compromise every entered password.
Of course, such a possibility is minimal considering that I do not download any suspicious files and try to maintain the hygiene of the computer and online activities at the maximum level as possible.
-
-snip-
On the iPhone I use Strongbox, which is a version of Keepass for iOS, it's also open source and supports passwords, storing 2FA keys, attaching files, etc and has a very beautiful and sophisticated UI.
On the iPhone, I use the built-in Password feature from iOS. So far, it has been effective when I need to open certain accounts or applications that require a password; moreover, I often make password combinations randomly.
Meanwhile, for backup, I manually create an Excel file that is encrypted and stored on a special flash disk.
For some reason, I'm wary of using third-party password managers, especially after reading articles like the following:
https://thehackernews.com/2023/05/keepass-exploit-allows-attackers-to.html (https://thehackernews.com/2023/05/keepass-exploit-allows-attackers-to.html)
https://www.coindesk.com/business/2023/10/30/lastpass-hack-victims-lose-44m-in-a-single-day/ (https://www.coindesk.com/business/2023/10/30/lastpass-hack-victims-lose-44m-in-a-single-day/)
-
This is an application or software that creates and remembers different passwords for all your accounts. You just need to choose a strong password master password to enter the password manager and remember only that. User keeps all his data encrypted. As a result, even if the passwords are stored in the memory of the software then no person from that company can see them.
The user original master password is usually not stored in the password manager memory. And it comes with two-factor-authentication. So any hacker would need to collect a variety of information to look at the information stored in your password manager.
-
I use proton pass and Firefox password manager.
Both are good.
The it is a very important password, I just add 2FA in another software (aegis)
Everyone should use a password manager. You should use different passwords for every service , so when a password leeks it doesn't compromise your other accounts.
-
For some reason, I'm wary of using third-party password managers, especially after reading articles like the following:
https://thehackernews.com/2023/05/keepass-exploit-allows-attackers-to.html (https://thehackernews.com/2023/05/keepass-exploit-allows-attackers-to.html)
https://www.coindesk.com/business/2023/10/30/lastpass-hack-victims-lose-44m-in-a-single-day/ (https://www.coindesk.com/business/2023/10/30/lastpass-hack-victims-lose-44m-in-a-single-day/)
I think the nature of the LastPass breach and KeePass exploit is quite different. At the very least, with Keepass the attacker has to gain access to our devices before they can exploit it. I believe we can manually anticipate these potential attacks and prepare accordingly, while we can't do much with using LastPass. I don't think it's a good idea to store your seedphrase on a password manager anyway. Btw, I use KeePass too, works well so far on my phone and PC. Still need to have decent awareness to avoid phishing links and so on though. CMIIW.
-
~snip~
Everyone should use a password manager. You should use different passwords for every service , so when a password leeks it doesn't compromise your other accounts.
What if all the data from the password manager leaks? In the event that you do not have 2FA on all created accounts, all but one of them are compromised - and that is the biggest risk of storing such data in one place. There are many examples of why it is bad to entrust the storage of passwords to such programs, in my opinion it is almost as unsafe as the storage of cryptocurrencies on CEXs.
-
~snip~
Everyone should use a password manager. You should use different passwords for every service , so when a password leeks it doesn't compromise your other accounts.
What if all the data from the password manager leaks? In the event that you do not have 2FA on all created accounts, all but one of them are compromised - and that is the biggest risk of storing such data in one place. There are many examples of why it is bad to entrust the storage of passwords to such programs, in my opinion it is almost as unsafe as the storage of cryptocurrencies on CEXs.
I have used nearly a thousand services, I can't save those passwords in my mind.
Good services won't get hacked, and if they do I have 2fa of important services
-
Is saving logins when browsers like chome asks us to save it, a passowrd manager? Just wanted to ask.
I have the habit of saving it when the browser asks after loging in for the first time. It helps me login easy because I have the habit of forgetting. But I'm also unsure whether we could trust these browsers.
-
Is saving logins when browsers like chome asks us to save it, a passowrd manager? Just wanted to ask.
I have the habit of saving it when the browser asks after loging in for the first time. It helps me login easy because I have the habit of forgetting. But I'm also unsure whether we could trust these browsers.
Look, browsers have probably improved their security over time. They are definitely more secure today than they were 5 years ago. On my Chrome on Windows, it asks me to authenticate via Windows Hello (biometrics) whenever Chrome asks for a password to log in to a website.
But I still prefer to use a password manager specifically for password management. Browsers are specific applications for consuming content on the internet. In addition, a password manager like Keepass is offline. You decide whether you want to keep the database locally or synchronized with your cloud folder (or both). It is zero-knowledge (only you have control, access to the database and the master key). It is also open source.
In Keepassxc there is an official keepassxc extension to integrate with your locally saved database, so it auto-fills by unlocking your database using your master key and/or biometrics (yes, keepassxc supports Windows Hello, you can optionally disable it), but this only works on Windows and Mac, on Linux you have to enter the master key to unlock the database.
-
Do you use a password manager for your online accounts, exchanges, 2FA and wallets?
Which one do you use and why? Share your experiences.
What do you think of closed-source password managers like 1Password?
And open-source ones like Keepass?
Here is a comparison of most password managers (https://docs.google.com/spreadsheets/d/1Flrc_iT86qWsodrfi8vq0tSwEHT9JNVOVEuyXgMUm-U/edit?gid=1036735176#gid=1036735176) (I don't know if the list is up to date), which may help you in your choice.
(https://www.talkimg.com/images/2024/10/03/is99d.png) (https://keepass.info/)
I’ve been using 1Password for years and it’s been a game-changer. Super secure, easy to use, and perfect for managing everything from my exchanges to 2FA. The closed-source aspect doesn’t bother me since they’re constantly audited and reliable!
-
Is saving logins when browsers like chome asks us to save it, a passowrd manager? Just wanted to ask.
I have the habit of saving it when the browser asks after loging in for the first time. It helps me login easy because I have the habit of forgetting. But I'm also unsure whether we could trust these browsers.
I also have started saving some of not-so important passwords in browser for convenience purposes but these are not password managers, and I don't trust anything online secure enough to hold my passwords tbh, even the password managers themselves, recent Lastpass breach made me so cautious of anything online.
I’ve been using 1Password for years and it’s been a game-changer. Super secure, easy to use, and perfect for managing everything from my exchanges to 2FA. The closed-source aspect doesn’t bother me since they’re constantly audited and reliable!
Well tbh; it's is secure, until it's not. Anyway, let's just hope 1password stays secure for a long time.
-
Is saving logins when browsers like chome asks us to save it, a passowrd manager? Just wanted to ask.
I have the habit of saving it when the browser asks after loging in for the first time. It helps me login easy because I have the habit of forgetting. But I'm also unsure whether we could trust these browsers.
I consider it a password manager.
I don't use chrome. However when I used it, it didn't offer to create new strong passwords randomly. This is probably the most important feature of a password manager. Because having a different password for every service will save your other accounts if one of the leaks
-
For some reason, I'm wary of using third-party password managers, especially after reading articles like the following:
https://thehackernews.com/2023/05/keepass-exploit-allows-attackers-to.html (https://thehackernews.com/2023/05/keepass-exploit-allows-attackers-to.html)
https://www.coindesk.com/business/2023/10/30/lastpass-hack-victims-lose-44m-in-a-single-day/ (https://www.coindesk.com/business/2023/10/30/lastpass-hack-victims-lose-44m-in-a-single-day/)
It's good to be wary or cautious. Although example you mentioned aren't best example since,
1. Exploit on KeePass require the attacker to comprise victim's computer first.
2. LastPass have long history of security incident or hack.
~snip~
Everyone should use a password manager. You should use different passwords for every service , so when a password leeks it doesn't compromise your other accounts.
What if all the data from the password manager leaks? In the event that you do not have 2FA on all created accounts, all but one of them are compromised - and that is the biggest risk of storing such data in one place. There are many examples of why it is bad to entrust the storage of passwords to such programs, in my opinion it is almost as unsafe as the storage of cryptocurrencies on CEXs.
That's true, although you could reduce the risk by using ones which doesn't connect to internet or support encryption with hardware key (e.g. Yubikey).
-
For some reason, I'm wary of using third-party password managers, especially after reading articles like the following:
https://thehackernews.com/2023/05/keepass-exploit-allows-attackers-to.html (https://thehackernews.com/2023/05/keepass-exploit-allows-attackers-to.html)
https://www.coindesk.com/business/2023/10/30/lastpass-hack-victims-lose-44m-in-a-single-day/ (https://www.coindesk.com/business/2023/10/30/lastpass-hack-victims-lose-44m-in-a-single-day/)
I think the nature of the LastPass breach and KeePass exploit is quite different. At the very least, with Keepass the attacker has to gain access to our devices before they can exploit it. I believe we can manually anticipate these potential attacks and prepare accordingly, while we can't do much with using LastPass. I don't think it's a good idea to store your seedphrase on a password manager anyway. Btw, I use KeePass too, works well so far on my phone and PC. Still need to have decent awareness to avoid phishing links and so on though. CMIIW.
The Password* Manager feature that I use in the iPhone default application is not for storing seed phrases but for storing usernames/emails and passwords for access to certain accounts so that they can be automatically filled in when I want to log in. To open the Password feature, I set it using Face ID. Of course, I use other applications for accounts that use additional 2FA, and so far, I have used Authy.
*
(https://i.imgur.com/PbZrnEV.jpeg)
-
I used to avail of a services of one before but right now not anymore since I realized that they can be hacked too and that I am not actually a part of multitudes of services. So I am just recording my passwords in my notebook though it can be hard sometimes as they don't usually similar. Next year, I can be looking for a good password manager that can be more secure and is known to withstood the test of time and the hackers. I am hoping to see some recommendations here.
-
I have used nearly a thousand services, I can't save those passwords in my mind.
Good services won't get hacked, and if they do I have 2fa of important services
No one says that you should keep them in your mind, that is impossible and makes no sense. I already wrote that saving passwords in a password manager makes sense precisely for those who have hundreds or thousands of passwords, but certainly not for me, who has several dozen of them, of which less than ten are very important to me. Therefore, I will quite easily continue to use paper and pencil, no matter how old-fashioned it may sound to some.
-
Yes I'm using a password manager, LastPass but I created my own parameters to safeguard all my passwords storedd in password manager, I laso make sure that all the sites I'm log in have 2FA or email or text verification.
Password managers is a goodway if you're working on many sites but you also have to put safety parameters, don't trust everything on passowrd managers.
-
Is saving logins when browsers like chome asks us to save it, a passowrd manager? Just wanted to ask.
I have the habit of saving it when the browser asks after loging in for the first time. It helps me login easy because I have the habit of forgetting. But I'm also unsure whether we could trust these browsers.
yes it is a password manager but i do not think this is the safest option to be honest when you save it in chrome doesn’t it save in google? i have seen many get their google accounts get hacked or their devices get taken and their accounts are compromised
i guess it is okay for easier log in but you should back it up just in case in a different password manager
-
Yes I'm using a password manager, LastPass but I created my own parameters to safeguard all my passwords storedd in password manager, I laso make sure that all the sites I'm log in have 2FA or email or text verification.
Password managers is a goodway if you're working on many sites but you also have to put safety parameters, don't trust everything on passowrd managers.
Out of curiosity, since when do you use LastPass? After all, they had at least 3 security incident since 2022. I recall hacker stole user data, encrypted password vault and even their source code. It's better than doesn't use any password manager and re-using same/similar password, but i would advise you to use password manager with better history.
-
Out of curiosity, since when do you use LastPass? After all, they had at least 3 security incident since 2022. I recall hacker stole user data, encrypted password vault and even their source code. It's better than doesn't use any password manager and re-using same/similar password, but i would advise you to use password manager with better history.
Last pass is the worst password manager ever.
I don't get how they have so many users, even after their regular hacks. It will probably he hacked again within 2 years , just like in the past.
And they also have paid plans , so they make a lot of money
-
I used to avail of a services of one before but right now not anymore since I realized that they can be hacked too and that I am not actually a part of multitudes of services. So I am just recording my passwords in my notebook though it can be hard sometimes as they don't usually similar. Next year, I can be looking for a good password manager that can be more secure and is known to withstood the test of time and the hackers. I am hoping to see some recommendations here.
KeePass2 for Windows
KeePassXC for Windows, Linux and Mac
KeepassDx for Android or Keepass2Android.
Strongbox or Keepassium for iOS (I use the lifetime version of Strongbox).
They are all open source and based on Keepass, meaning you create a database, encrypt it with your master password and feed it with your passwords.
All of the alternatives mentioned are compatible with each other.
-
Last pass is the worst password manager ever.
I don't get how they have so many users, even after their regular hacks. It will probably he hacked again within 2 years , just like in the past.
And they also have paid plans , so they make a lot of money
How can a bad product still have many clients? I think that you simply need to have constant promotion, use all possible tricks and of course minimize every possible hack to the extent that you call those who talk about it a minority that wants to harm the company.
The Ledger guys have the same problem, but they are still ubiquitous and probably have a lot of customers for their devices. In the end, it all boils down to the fact that the majority have no idea that something has happened, and the few who leave the "product" are very quickly replaced by some new clients.
-
Last pass is the worst password manager ever.
I don't get how they have so many users, even after their regular hacks. It will probably he hacked again within 2 years , just like in the past.
And they also have paid plans , so they make a lot of money
How can a bad product still have many clients? I think that you simply need to have constant promotion, use all possible tricks and of course minimize every possible hack to the extent that you call those who talk about it a minority that wants to harm the company.
The Ledger guys have the same problem, but they are still ubiquitous and probably have a lot of customers for their devices. In the end, it all boils down to the fact that the majority have no idea that something has happened, and the few who leave the "product" are very quickly replaced by some new clients.
I mean if one wasn't keeping up to date with news, he would not have even known about the hack, since the app was working fine as usual. Myself only stopped using it because there was tweet about people's crypto being wiped out and common link was that they all used lastpass to store their sensitive stuff.
-
The Ledger guys have the same problem, but they are still ubiquitous and probably have a lot of customers for their devices. In the end, it all boils down to the fact that the majority have no idea that something has happened, and the few who leave the "product" are very quickly replaced by some new clients.
I think ledger problem is slightly different. They have a bad privacy , data leaks, etc, but their product was still safe until a few months ago.
I have an old ledger nano, which don't send the seeds to their servers. This is pretty good to me, and I am happy with my ledger. I can't say about the new devices, as I haven't researched if that cloud seed feature can be disabled..
Laspass on the other hand is very unsafe to use , which is basically what they sell, security
-
Right now i do not use any password manager, i write down everything, i have a place where i write down my passwords and other stuffs, but it is different from where i write out my seed phrases. I guess i should consider using an open source password manager, though my current method works for me and it has worked for me since the beginning.
-
The Password* Manager feature that I use in the iPhone default application is not for storing seed phrases but for storing usernames/emails and passwords for access to certain accounts so that they can be automatically filled in when I want to log in. To open the Password feature, I set it using Face ID. Of course, I use other applications for accounts that use additional 2FA, and so far, I have used Authy.
I believe this uses an Apple account just like MacOS right? I also use them on my Macbook but I don't trust them enough to move all of my passwords over, not to mention I use other devices other than iOS/MacOS too. I also use Authy but I'm in the process of moving my OTP to FreeOTP and Aegis Authenticator. It takes a bit of time since they don't offer an export or backup feature at all.
-
The Ledger guys have the same problem, but they are still ubiquitous and probably have a lot of customers for their devices. In the end, it all boils down to the fact that the majority have no idea that something has happened, and the few who leave the "product" are very quickly replaced by some new clients.
I think ledger problem is slightly different. They have a bad privacy , data leaks, etc, but their product was still safe until a few months ago.
I have an old ledger nano, which don't send the seeds to their servers. This is pretty good to me, and I am happy with my ledger. I can't say about the new devices, as I haven't researched if that cloud seed feature can be disabled..
Laspass on the other hand is very unsafe to use , which is basically what they sell, security
It seems you partially proof @Lucius statement. There are other security issue besides Ledger Recover, such as supply attack which affect Ledger Connect Kit and several security vulnerability on their hardware wallet (such as side-channel attack on OLED screen).
But i agree Lastpass overall doing worse since they getting hacked regularly.
-
I don't use any password manager, maybe except Google Password manager, but it's some of the sites that I frequently visited but it doesn't related to any crypto sites or like in this community or in the other. I just do the old and traditional stuff of writing it down then I'm good. But I used 2FA on some of my accounts too, so I feel safe. Although I wouldn't be surprised if there are people who uses a password manager, they might have bad memories memorizing their password but there are downside on it obviously.
-
The Ledger guys have the same problem, but they are still ubiquitous and probably have a lot of customers for their devices. In the end, it all boils down to the fact that the majority have no idea that something has happened, and the few who leave the "product" are very quickly replaced by some new clients.
I think ledger problem is slightly different. They have a bad privacy , data leaks, etc, but their product was still safe until a few months ago.
I have an old ledger nano, which don't send the seeds to their servers. This is pretty good to me, and I am happy with my ledger. I can't say about the new devices, as I haven't researched if that cloud seed feature can be disabled..
Laspass on the other hand is very unsafe to use , which is basically what they sell, security
If you start from the assumption that they, as a company, communicate honestly when they claim something, then you can believe that some of their devices are more secure than others - although it turns out that there is no evidence that their recovery feature cannot be implemented on all devices, including the old Nano S that you you probably think.
Don't get me wrong, I'm not saying that the Nano S is not immune to seed sharing, but Ledger always claimed that such a thing was not possible at all, and then it turned out that it was actually possible on some other models. This is about lost trust, exposing users to phishing, social engineering and possible physical attacks.
-
I see that some people have commented that they write down their passwords on a piece of paper/notebook, even if it isn't online. A diary, notebook, or notepad that is hidden but unprotected is very dangerous, because someone in your home could have access to this notebook and see all your notes.
I don't think this is a good idea, since we have password managers like Keepass that save the database locally and encrypted.
-
I see that some people have commented that they write down their passwords on a piece of paper/notebook, even if it isn't online. A diary, notebook, or notepad that is hidden but unprotected is very dangerous, because someone in your home could have access to this notebook and see all your notes.
I don't think this is a good idea, since we have password managers like Keepass that save the database locally and encrypted.
If you worry someone in your home would read your book without permission, i think you might have bigger problem. After all, they could also steal your money or other valuable while you're sleeping or going outside home. And FWIW, you could find notebook or diary with PIN lock on some online shop.
-
I see that some people have commented that they write down their passwords on a piece of paper/notebook, even if it isn't online. A diary, notebook, or notepad that is hidden but unprotected is very dangerous, because someone in your home could have access to this notebook and see all your notes.
I don't think this is a good idea, since we have password managers like Keepass that save the database locally and encrypted.
If you worry someone in your home would read your book without permission, i think you might have bigger problem. After all, they could also steal your money or other valuable while you're sleeping or going outside home. And FWIW, you could find notebook or diary with PIN lock on some online shop.
It all boils down to how much trust we have in the people we live with - but even if we trust someone, I believe that no one should be tempted to do something they shouldn't. What is important to us should be somewhere in a safe place, out of sight of other people, but also out of reach of pets like dogs, cats or hamsters.
Some small safe located in a hidden place would be a good solution for those who are not too paranoid.
-
I see that some people have commented that they write down their passwords on a piece of paper/notebook, even if it isn't online. A diary, notebook, or notepad that is hidden but unprotected is very dangerous, because someone in your home could have access to this notebook and see all your notes.
I don't think this is a good idea, since we have password managers like Keepass that save the database locally and encrypted.
I don't think that someone in your home would be a problem.
The biggest problem here is convenience and security of those passwords. They will probbaly be all the same or very similar, so if one leeks many accounts will be compromised.
Also, it is inconvenient to always go to that paper and look for your password. Also, you can lost the the paper ,then what?
You can't even properly backup because we change passwords more often then we would like and also create a lots of new accounts every month
-
I don't think this is a good idea, since we have password managers like Keepass that save the database locally and encrypted.
What about your seed phrase, do you store it in online password managers or don't you just write it down on paper, if you back up your seed phrase on paper, then you should have no problems backing up your passwords on paper or in a notebook too.
As for someone in your house, you are going to hide it and made it difficult for an intruder or even friends to find it.
-
I don't think this is a good idea, since we have password managers like Keepass that save the database locally and encrypted.
What about your seed phrase, do you store it in online password managers or don't you just write it down on paper, if you back up your seed phrase on paper, then you should have no problems backing up your passwords on paper or in a notebook too.
As for someone in your house, you are going to hide it and made it difficult for an intruder or even friends to find it.
My seed/mnemonic is written down offline on paper, but it's encrypted.
As bitmover said, it isn't at all practical to store passwords on paper. In addition to having to leaf through them looking for the credentials, it is insecure by definition, because if someone finds your notebook, if it is a malicious person, your passwords have been compromised. How do you generate these passwords? Are they being generated randomly? Password managers solve this problem.
-
How do you generate these passwords? Are they being generated randomly? Password managers solve this problem.
I create my passwords myself, i use very long passwords, upper case, lower case, numbers and characters, this is how i create my passwords for most of my online accounts and then i back them up, i use one password per account, so i have not had any problems with that. I know open source password managers are great, but as of this minute, i don't use them yet, i should consider them i guess.
-
As bitmover said, it isn't at all practical to store passwords on paper. In addition to having to leaf through them looking for the credentials, it is insecure by definition, because if someone finds your notebook, if it is a malicious person, your passwords have been compromised.
I get your point. Although some notebook comes with bookmark, where you can use it to split it either by alphabet or category (e.g. social media, exchange).
How do you generate these passwords? Are they being generated randomly? Password managers solve this problem.
FWIW, you could use password manager only to generate the password and write-down it on paper.
-
Good thread to learn more about password managers
For now I only use Google's system for the sites I use the most, but I need to organize my passwords better and use a program for that
As time goes by, passwords become practically impossible to remember due to the many services we have and each one may require passwords of different lengths or with special characters
I think I'll give Keepass a try
Oh, I almost forgot, I have some passwords in my iPhone too, managed by Apple with my face recognition
-
~snip~
Oh, I almost forgot, I have some passwords in my iPhone too, managed by Apple with my face recognition
I'm not sure, but I think I read somewhere that passwords from Apple devices are automatically stored in their cloud - although I may have misunderstood something. However, I think that locking with face recognition is not very reliable, and not only that someone else very similar to the owner can unlock the device, but also that in the case of a physical attack, the attacker can unlock the device very easily, but the level of security is similar with a fingerprint.
It is much better to use a PIN code, and to have all important things on the devices encrypted.
-
As bitmover said, it isn't at all practical to store passwords on paper. In addition to having to leaf through them looking for the credentials, it is insecure by definition, because if someone finds your notebook, if it is a malicious person, your passwords have been compromised.
I get your point. Although some notebook comes with bookmark, where you can use it to split it either by alphabet or category (e.g. social media, exchange).
How do you generate these passwords? Are they being generated randomly? Password managers solve this problem.
FWIW, you could use password manager only to generate the password and write-down it on paper.
I Think the point is that we generate new passwords nearly every week.
Will you carry that piece of paper with you all the times? Yesterday I had to create a new account in a website to buy some suplements.
Then, a few days ago, I had to create an account in a new airlines company which I never used to travel to a place I have never been.
I used a password manager which syncs with my phone, so I don't need to care about noting those passwords down in a paper if I am not home when I create those accounts, for example.
It is very convenient and protonpass is safe. As I said, I see no problem if someone is able to login into this airline company with my email,. He cant buy anything, just see my past trips.
-
--snip--
I Think the point is that we generate new passwords nearly every week.
Will you carry that piece of paper with you all the times? Yesterday I had to create a new account in a website to buy some suplements.
Then, a few days ago, I had to create an account in a new airlines company which I never used to travel to a place I have never been.
I used a password manager which syncs with my phone, so I don't need to care about noting those passwords down in a paper if I am not home when I create those accounts, for example.
It is very convenient and protonpass is safe. As I said, I see no problem if someone is able to login into this airline company with my email,. He cant buy anything, just see my past trips.
In such case, i can see why using paper/book is less convenient or secure. While someone could write on separate paper while they're outside and write it again on their main paper/book, it only partially reduce security issue.
-
--snip--
I Think the point is that we generate new passwords nearly every week.
Will you carry that piece of paper with you all the times? Yesterday I had to create a new account in a website to buy some suplements.
Then, a few days ago, I had to create an account in a new airlines company which I never used to travel to a place I have never been.
I used a password manager which syncs with my phone, so I don't need to care about noting those passwords down in a paper if I am not home when I create those accounts, for example.
It is very convenient and protonpass is safe. As I said, I see no problem if someone is able to login into this airline company with my email,. He cant buy anything, just see my past trips.
In such case, i can see why using paper/book is less convenient or secure.
In this case? Paper backups are fragile and inconvenient by nature. Paper backups are only for those who don't trust anything on Internet.
I personally don't find appeal of it at all, offline password managers like Keepass are fine middle ground between convenience of online password managers and security of paper backups.
-
I'm not sure, but I think I read somewhere that passwords from Apple devices are automatically stored in their cloud - although I may have misunderstood something. However, I think that locking with face recognition is not very reliable, and not only that someone else very similar to the owner can unlock the device, but also that in the case of a physical attack, the attacker can unlock the device very easily, but the level of security is similar with a fingerprint.
It is much better to use a PIN code, and to have all important things on the devices encrypted.
Yes, it's called iCloud Keychain, according to Apple, it's encrypted and not even Apple can see your data
To be honest I don't know any other method to save the passwords of apps in my Iphone, I have a pin code and my facial recognition
At least my main crypto passwords are not stored on my phone
...
I Think the point is that we generate new passwords nearly every week.
...
Exactly, I think it's the same with me, 3 or 4 new passwords per month, almost impossible to manage without any app or browser password manager
I find very difficult when I have to help elder people to save their password
-
Yes, it's called iCloud Keychain, according to Apple, it's encrypted and not even Apple can see your data
To be honest I don't know any other method to save the passwords of apps in my Iphone, I have a pin code and my facial recognition
I am a bit paranoid when a company says they can't see our data. Too many database leaks happened and some of them stored a password in plaintext even if they stated they use the latest encryption technology or whatever.
Have you tried a fork of KeePass or other password managers? I'm pretty sure there are forks of KeePass available for iPhone, though I never used one. IIRC KeePasium is one of them. CMIIW.
-
I'm not sure, but I think I read somewhere that passwords from Apple devices are automatically stored in their cloud - although I may have misunderstood something. However, I think that locking with face recognition is not very reliable, and not only that someone else very similar to the owner can unlock the device, but also that in the case of a physical attack, the attacker can unlock the device very easily, but the level of security is similar with a fingerprint.
It is much better to use a PIN code, and to have all important things on the devices encrypted.
Yes, it's called iCloud Keychain, according to Apple, it's encrypted and not even Apple can see your data
To be honest I don't know any other method to save the passwords of apps in my Iphone, I have a pin code and my facial recognition.
There was case sometime back where Metamask user got his assets wiped out because hacker got hold of his Metamask keystore from icloud, albeit mistake here was of user that he gave hacker code to access his icloud and his MM keystore password wasn't secure enough either.
You can read full story here: https://www.theblock.co/post/142304/metamask-advises-users-to-disable-automatic-icloud-backups-of-its-wallet-data-to-prevent-hacks
-
Yes, it's called iCloud Keychain, according to Apple, it's encrypted and not even Apple can see your data
To be honest I don't know any other method to save the passwords of apps in my Iphone, I have a pin code and my facial recognition
I am a bit paranoid when a company says they can't see our data. Too many database leaks happened and some of them stored a password in plaintext even if they stated they use the latest encryption technology or whatever.
-snip-
It is just a technology boast and it is proven that many companies have experienced data leaks and user data in trading.
As in many cases in Indonesia that a few months ago went viral.
I've never even used a password management app, relying only on memories and a special note offline to record passwords
-
I've never even used a password management app, relying only on memories and a special note offline to record passwords
I suggest that you try sometime.
It is much easier to use and very handful. Relying on memories and notes is less convenient and more insecure in most situations.
-
The Password* Manager feature that I use in the iPhone default application is not for storing seed phrases but for storing usernames/emails and passwords for access to certain accounts so that they can be automatically filled in when I want to log in. To open the Password feature, I set it using Face ID. Of course, I use other applications for accounts that use additional 2FA, and so far, I have used Authy.
I believe this uses an Apple account just like MacOS right? I also use them on my Macbook but I don't trust them enough to move all of my passwords over, not to mention I use other devices other than iOS/MacOS too. I also use Authy but I'm in the process of moving my OTP to FreeOTP and Aegis Authenticator. It takes a bit of time since they don't offer an export or backup feature at all.
Yes, the iPhone's Password application is the default application and uses an Apple account, so it is possible to connect to other devices that use the same application and account.
I only saved a few passwords on the application; even then, some still needed to open other 2FA applications.
-snip-
I've never even used a password management app, relying only on memories and a special note offline to record passwords
Or, at least if you are still in doubt, you can try saving a few less important passwords while testing the security of the password manager application you are using.
-
Yes, it's called iCloud Keychain, according to Apple, it's encrypted and not even Apple can see your data
To be honest I don't know any other method to save the passwords of apps in my Iphone, I have a pin code and my facial recognition
I am a bit paranoid when a company says they can't see our data. Too many database leaks happened and some of them stored a password in plaintext even if they stated they use the latest encryption technology or whatever.
-snip-
It is just a technology boast and it is proven that many companies have experienced data leaks and user data in trading.
As in many cases in Indonesia that a few months ago went viral.
I've never even used a password management app, relying only on memories and a special note offline to record passwords
Memory is fragile, and note taking is inconvenient. If you don't trust online password managers, try using offline ones — no data gets to Internet, no worry of data leak.
I use KeePassDX and Password Safe on android.
-
Do you use a password manager for your online accounts, exchanges, 2FA and wallets?
Which one do you use and why? Share your experiences.
What do you think of closed-source password managers like 1Password?
And open-source ones like Keepass?
Here is a comparison of most password managers (https://docs.google.com/spreadsheets/d/1Flrc_iT86qWsodrfi8vq0tSwEHT9JNVOVEuyXgMUm-U/edit?gid=1036735176#gid=1036735176) (I don't know if the list is up to date), which may help you in your choice.
(https://www.talkimg.com/images/2024/10/03/is99d.png) (https://keepass.info/)
I used to save my password here on the device, but the chances of it getting hacked are high, but I now use the last password that I have written down in a notebook at the moment.
Keeping it secure on the device will make your account more likely to be hacked if your device is lost, so the safest thing to do now is to set it to 2FA.
-
Keeping it secure on the device will make your account more likely to be hacked if your device is lost, so the safest thing to do now is to set it to 2FA.
Passwords managers are encrypted, so even if your device is lost no one can open and steal your passwords (unless they know your password for the password manager)
-
Do you use a password manager for your online accounts, exchanges, 2FA and wallets?
-snip-
I used to save my password here on the device, but the chances of it getting hacked are high, but I now use the last password that I have written down in a notebook at the moment.
Keeping it secure on the device will make your account more likely to be hacked if your device is lost, so the safest thing to do now is to set it to 2FA.
Are the passwords you save on the device encrypted? If not, then obviously, storing it on a device (especially one connected to the internet) could be vulnerable to hacking.
Using the 2FA feature can be very helpful, but I don't think all your accounts have this feature, for example, accounts on Altcoinstalks.
The option is that you can use a password manager and save a backup on another device just in case one day you can't access the password manager for some reason.
-
I've never even used a password management app, relying only on memories and a special note offline to record passwords
I suggest that you try sometime.
It is much easier to use and very handful. Relying on memories and notes is less convenient and more insecure in most situations.
I agree into this one on which on the moment that you do able to make use of these managers then it will really be giving out that kind of convenience. I do also have that kind of
belief in the past that memory and tallying up on a paper or notepad is really that enough but it is really that indeed less convenient and having those times that you might be able to delete
or forgot it. I was bit skeptical on using this in the past on which have thought that there are no open-source.
-
I was bit skeptical on using this in the past on which have thought that there are no open-source.
There are many open source
Such as proton pass, my favorite passowrd manager.
https://proton.me/pass
-
Such as proton pass, my favorite passowrd manager.
https://proton.me/pass
What makes this stand out for you? How does it differ from KeePass? I was offered this app when I installed and paid for their VPN plan. I was not interested since I use KeePass and so far have no issues other than routinely making backups, but that's a trade-off I'm willing to accept. It seems like Proton has expanded quickly, from an e-mail business to many things now.
-
Such as proton pass, my favorite passowrd manager.
https://proton.me/pass
What makes this stand out for you? How does it differ from KeePass? I was offered this app when I installed and paid for their VPN plan. I was not interested since I use KeePass and so far have no issues other than routinely making backups, but that's a trade-off I'm willing to accept. It seems like Proton has expanded quickly, from an e-mail business to many things now.
I have tried both, Keepass and Proton pass, I also prefer Keepass over proton pass. I am not fan of online password managers after lastpass breaches, so prefer offline password managers, little inconvenience of making backups is doable to me.
-
Do you use a password manager for your online accounts, exchanges, 2FA and wallets?
Which one do you use and why? Share your experiences.
What do you think of closed-source password managers like 1Password?
I don't store passwords using specialized software. I have a USB drive to store work-related passwords for easy access on my personal computer. To store passwords related to the crypto market, I use an old iPhone and feel quite secure with this choice.
Usually, I access and use many websites with my own Google account, and it's really convenient. I only need to remember my Gmail password.
-
I don't store passwords using specialized software. I have a USB drive to store work-related passwords for easy access on my personal computer. To store passwords related to the crypto market, I use an old iPhone and feel quite secure with this choice.
Usually, I access and use many websites with my own Google account, and it's really convenient. I only need to remember my Gmail password.
Do you use this iPhone totally offline or it's connected?
Do you store wallet seeds too?
I tried once to used old Android to store some passwords, but it was hard to get used to and I gave up
-
I don't store passwords using specialized software. I have a USB drive to store work-related passwords for easy access on my personal computer. To store passwords related to the crypto market, I use an old iPhone and feel quite secure with this choice.
Usually, I access and use many websites with my own Google account, and it's really convenient. I only need to remember my Gmail password.
Do you use this iPhone totally offline or it's connected?
Do you store wallet seeds too?
I tried once to used old Android to store some passwords, but it was hard to get used to and I gave up
I Think it is safe to store passwords of exchanges and casinos in any password manager, as you will also add 2FA for those accounts.
However, I don`t think storing seeds in those password managers is safe. Seeds should be in paper.
-
I don't store passwords using specialized software. I have a USB drive to store work-related passwords for easy access on my personal computer.
Out of curiosity, do you encrypt the file or USB drive itself?
Usually, I access and use many websites with my own Google account, and it's really convenient. I only need to remember my Gmail password.
It's definitely convenient, but it's like putting all eggs in a basket. The damage could be severe if your Gmail is hacked or disabled by Google.
-
I don't store passwords using specialized software. I have a USB drive to store work-related passwords for easy access on my personal computer. To store passwords related to the crypto market, I use an old iPhone and feel quite secure with this choice.
Usually, I access and use many websites with my own Google account, and it's really convenient. I only need to remember my Gmail password.
I have received phishing emails (https://bitcointalk.org/index.php?topic=5090319.msg51141199#msg51141199 (https://bitcointalk.org/index.php?topic=5090319.msg51141199#msg51141199)). At that time, I only saw the sender's name and didn't pay much attention to the details of the sender's email address.
The email contained a bill for a particular application, even though I didn't order anything. I had time to log in with my Apple ID via the order cancellation link in the email. However, after seeing several other odd things, I suspected that it was a phishing link and did not continue to input crucial data (such as card details).
To prevent further bad things, I immediately changed my Apple ID and the password that I had entered on the phishing site.
Imagine if the same email and even the same password were used on many other accounts, too. Most likely, all of these accounts could easily be hacked before we have time to change them one by one.
By the way, I myself use different emails and random passwords for several accounts and I also activate 2FA on these emails and accounts (if the feature is available).
-
Imagine if the same email and even the same password were used on many other accounts, too. Most likely, all of these accounts could easily be hacked before we have time to change them one by one.
By the way, I myself use different emails and random passwords for several accounts and I also activate 2FA on these emails and accounts (if the feature is available).
That is exactly the point. The reason to use a password manager is to have a secure and different password for every server. When one leeks (and always some leeks) you won't compromise all of them
-
Imagine if the same email and even the same password were used on many other accounts, too. Most likely, all of these accounts could easily be hacked before we have time to change them one by one.
By the way, I myself use different emails and random passwords for several accounts and I also activate 2FA on these emails and accounts (if the feature is available).
That is exactly the point. The reason to use a password manager is to have a secure and different password for every server. When one leeks (and always some leeks) you won't compromise all of them
Because it uses different emails and random passwords, it won't be easy to memorize them all at once. Therefore, it is necessary to use a password manager or any method, like encrypted files or manual writing.
At first glance, it isn't very easy compared to just using the same account for every server, but it can be very useful at crucial times, such as the case I experienced above (logging in using an Apple ID on a phishing site link).
-
It's definitely convenient, but it's like putting all eggs in a basket. The damage could be severe if your Gmail is hacked or disabled by Google.
Are there any recommendations for cross-platform password managers, since I am a Windows and iOS user at the same time... I know that Google cannot be the only password manager that is free from bad possibilities, but considering its convenience, most of my social media accounts still use Google to store their passwords...
Is it wise to use different Google accounts or use different password managers so as not to put all passwords in one bucket?
-
It's definitely convenient, but it's like putting all eggs in a basket. The damage could be severe if your Gmail is hacked or disabled by Google.
Are there any recommendations for cross-platform password managers, since I am a Windows and iOS user at the same time... I know that Google cannot be the only password manager that is free from bad possibilities, but considering its convenience, most of my social media accounts still use Google to store their passwords...
I don't use it, but Bitwarden is fairly popular choice.
Is it wise to use different Google accounts or use different password managers so as not to put all passwords in one bucket?
Yes. But using multiple Google accounts may cause confusion or accidentally use wrong ones.
-
Imagine if the same email and even the same password were used on many other accounts, too. Most likely, all of these accounts could easily be hacked before we have time to change them one by one.
By the way, I myself use different emails and random passwords for several accounts and I also activate 2FA on these emails and accounts (if the feature is available).
That is exactly the point. The reason to use a password manager is to have a secure and different password for every server. When one leeks (and always some leeks) you won't compromise all of them
How many times did you face security issues due to your password being compromised? I dont have a habit of creating new email/new password every single time I need to register somewhere. I am feeling ok with having >10 email and it aint hard to make new and remember password for me. Instead of password manager I had paper notebook with data and hints. Since 2012, had no issue with it. I have more trust storing passwords on the paper than in a program.
-
Imagine if the same email and even the same password were used on many other accounts, too. Most likely, all of these accounts could easily be hacked before we have time to change them one by one.
By the way, I myself use different emails and random passwords for several accounts and I also activate 2FA on these emails and accounts (if the feature is available).
That is exactly the point. The reason to use a password manager is to have a secure and different password for every server. When one leeks (and always some leeks) you won't compromise all of them
How many times did you face security issues due to your password being compromised? I dont have a habit of creating new email/new password every single time I need to register somewhere. I am feeling ok with having >10 email and it aint hard to make new and remember password for me. Instead of password manager I had paper notebook with data and hints. Since 2012, had no issue with it. I have more trust storing passwords on the paper than in a program.
You don't have to create a new email every time you make a new account because that is a hassle. Using two or three emails is enough compared to just using the same email for all accounts.
Another still-possible option is using a different password for each account (to manage this, of course, you need a password manager or write it manually).
The combination of two or more emails with different passwords clearly provides opportunities that are more difficult to break into than just using one email and the same password.
The method above is a preventive step before all accounts are hacked due to using the same email and password.
-
The Password* Manager feature that I use in the iPhone default application is not for storing seed phrases but for storing usernames/emails and passwords for access to certain accounts so that they can be automatically filled in when I want to log in. To open the Password feature, I set it using Face ID. Of course, I use other applications for accounts that use additional 2FA, and so far, I have used Authy.
I believe this uses an Apple account just like MacOS right? I also use them on my Macbook but I don't trust them enough to move all of my passwords over, not to mention I use other devices other than iOS/MacOS too. I also use Authy but I'm in the process of moving my OTP to FreeOTP and Aegis Authenticator. It takes a bit of time since they don't offer an export or backup feature at all.
For 2nd factor authentication, I abandoned Google Auth and started using Strongbox (https://strongboxsafe.com/) to store my passwords and 2FA codes. It's easy to set up and has the option to export the code from backups via a link.
Meanwhile, with Google Auth, you're stuck with them only. You can only sync the same codes saved on another device with your account.
If you don't want to change the 2FA code for your accounts, but want to export it to another app, like iOS Passwords, you have to select the account you want one by one or all at once. Auth shares the link via QR code and no text option. You have to find a way to get the code via QR code with another device like a laptop or cell phone to get the code in text... it's a lot of bureaucracy, the worst authenticator I've ever used!
-
How many times did you face security issues due to your password being compromised? I dont have a habit of creating new email/new password every single time I need to register somewhere. I am feeling ok with having >10 email and it aint hard to make new and remember password for me.
This makes absolutely no sense.
It is much easier to create a random new password than to create a new email lol
The combination of two or more emails with different passwords clearly provides opportunities that are more difficult to break into than just using one email and the same password.
The method above is a preventive step before all accounts are hacked due to using the same email and password.
I use about 3-4 emails.
One for work
One for personal
One for bitmover (pseudo anonymous)
One for finance related.
And i also use a password manager. Online life became so complicated...
-
Such as proton pass, my favorite passowrd manager.
https://proton.me/pass
What makes this stand out for you? How does it differ from KeePass? I was offered this app when I installed and paid for their VPN plan. I was not interested since I use KeePass and so far have no issues other than routinely making backups, but that's a trade-off I'm willing to accept. It seems like Proton has expanded quickly, from an e-mail business to many things now.
I have tried both, Keepass and Proton pass, I also prefer Keepass over proton pass. I am not fan of online password managers after lastpass breaches, so prefer offline password managers, little inconvenience of making backups is doable to me.
I never use any kind of third party apps for keeping my online password. I always try to save my password in notepad even in my diary. I think any kind of third party apps is risky. Because I have to maintain different kinds of important apps including my bank account. I believe password is very important for a man so It's security is very important.
-
I never use any kind of third party apps for keeping my online password. I always try to save my password in notepad even in my diary. I think any kind of third party apps is risky. Because I have to maintain different kinds of important apps including my bank account. I believe password is very important for a man so It's security is very important.
That's also a good idea but it carries a risk that you'll lose the passwords if your diary gets destroyed. There is one infamous picture of some burnt diary with part of a private key WIF for example. Maybe there's a sudden fire like in Los Angeles right now and you don't have time to look for your diary and you literally have to run out.
Keep it in a fireproof safe at least.
-
Password manager is kind of important these days since we use different passwords and email for almost everything we do online. But specially for crypto I try to keep the password similar with slight changes and since I don't use too many crypto platforms I keep it my memory too, so even if my password manager corrupted or whatever happens I have to access the funds right?
-
Such as proton pass, my favorite passowrd manager.
https://proton.me/pass
What makes this stand out for you? How does it differ from KeePass? I was offered this app when I installed and paid for their VPN plan. I was not interested since I use KeePass and so far have no issues other than routinely making backups, but that's a trade-off I'm willing to accept. It seems like Proton has expanded quickly, from an e-mail business to many things now.
I have tried both, Keepass and Proton pass, I also prefer Keepass over proton pass. I am not fan of online password managers after lastpass breaches, so prefer offline password managers, little inconvenience of making backups is doable to me.
I never use any kind of third party apps for keeping my online password. I always try to save my password in notepad even in my diary. I think any kind of third party apps is risky. Because I have to maintain different kinds of important apps including my bank account. I believe password is very important for a man so It's security is very important.
I know people who do same, I asked what if your laptop fails they said they'll repair it and get the data back. Diary is even fragile way to save important info.
-
I know people who do same, I asked what if your laptop fails they said they'll repair it and get the data back. Diary is even fragile way to save important info.
But the laptop may be stolen, damaged beyond repair, maybe the HD may just just, etc... so many problems that can happen to a single physical device, it is not wise to rely important stuff like this in a single point of failure.
-
I know people who do same, I asked what if your laptop fails they said they'll repair it and get the data back. Diary is even fragile way to save important info.
You know advantage diary has over password manager program that is installed on the pc or laptop? If someone break into your place, you leave both items somewhere, someone on purpose will try to find your private data, that person will steal pc or laptop 99,99%. In current digital era, everyone pay more attention to gadgets, than to paper carrier. Minority will try to look through your diary in search for passwords, majority will try to find valuable info on the device.
-
I know people who do same, I asked what if your laptop fails they said they'll repair it and get the data back. Diary is even fragile way to save important info.
You know advantage diary has over password manager program that is installed on the pc or laptop? If someone break into your place, you leave both items somewhere, someone on purpose will try to find your private data, that person will steal pc or laptop 99,99%. In current digital era, everyone pay more attention to gadgets, than to paper carrier. Minority will try to look through your diary in search for passwords, majority will try to find valuable info on the device.
You know what you are actually right. MrBeast's house was robbed, robbers took laptop but not his note having his Bitcoin wallet's private key, which as Mrbeast mentions had 2M in it.
Check story here (https://youtube.com/shorts/kOa-NyHvizI).
-
I know people who do same, I asked what if your laptop fails they said they'll repair it and get the data back. Diary is even fragile way to save important info.
You know advantage diary has over password manager program that is installed on the pc or laptop? If someone break into your place, you leave both items somewhere, someone on purpose will try to find your private data, that person will steal pc or laptop 99,99%. In current digital era, everyone pay more attention to gadgets, than to paper carrier. Minority will try to look through your diary in search for passwords, majority will try to find valuable info on the device.
You're right. But on other hands, good password manager would use strong encryption cryptography that can't be brute-forced. In addition, you could use full disk encryption (such as BitLocker for Windows or LUKS for Linux).
-
I know people who do same, I asked what if your laptop fails they said they'll repair it and get the data back. Diary is even fragile way to save important info.
You know advantage diary has over password manager program that is installed on the pc or laptop? If someone break into your place, you leave both items somewhere, someone on purpose will try to find your private data, that person will steal pc or laptop 99,99%. In current digital era, everyone pay more attention to gadgets, than to paper carrier. Minority will try to look through your diary in search for passwords, majority will try to find valuable info on the device.
You're right. But on other hands, good password manager would use strong encryption cryptography that can't be brute-forced. In addition, you could use full disk encryption (such as BitLocker for Windows or LUKS for Linux).
When nobody knows what is on the laptop or that I have crypto, nobody would even try to brute-force anything or try to get that info from me. But I will stick to my plan of using paper to keep passwords. Having a password manager would hint theft to try to search my device up and down. Even if he wont get access to wallets, he could find other valuable information. Nobody knows how it would be used later.
I accept that I am not most experienced PC and software user. That is why I prefer old paper method. But I have google chrome that stores passwords and other stuff that I fill in forms, and sometimes I messed up with not remembering password and not being able to find it there. I can suppose, that one day, I will rely to much on the password manager, but the password wont be there, because I havent clicked or ticked something. With paper and passwords, it looks more organized and disciplined for me.
-
I accept that I am not most experienced PC and software user. That is why I prefer old paper method. But I have google chrome that stores passwords and other stuff that I fill in forms, and sometimes I messed up with not remembering password and not being able to find it there. I can suppose, that one day, I will rely to much on the password manager, but the password wont be there, because I havent clicked or ticked something. With paper and passwords, it looks more organized and disciplined for me.
I can understand your pov, I have had moments where I thought I had made an entry into password manager, but it was not saved, and it was not found there when I needed it, that's why for important things I double check (save, check entries again to make sure it's there).
-
I accept that I am not most experienced PC and software user. That is why I prefer old paper method. But I have google chrome that stores passwords and other stuff that I fill in forms, and sometimes I messed up with not remembering password and not being able to find it there. I can suppose, that one day, I will rely to much on the password manager, but the password wont be there, because I havent clicked or ticked something. With paper and passwords, it looks more organized and disciplined for me.
I can understand your pov, I have had moments where I thought I had made an entry into password manager, but it was not saved, and it was not found there when I needed it, that's why for important things I double check (save, check entries again to make sure it's there).
But if write password on a sheet of paper, there is no need to double check if I have really written it down. Also when you write something down, it helps to remember that thing better (that was told at school often, when students reply "I will remember it", teachers always reply "write it down to remember it better"). Anyway both password manager and paper has its cons and pros, but I see that there are less chances something bad might happen to my sheet with passwords, than with a device where they are stored.
The fact that I can get hacked and someone could watch and access passwords parallel me being busy at PC, without me not even knowing about it crosses all advantages of password manager. If I keep my work place organized, not a single person would dig into my papers in search of a passwords. During years of working in the office, lots of jobs and colleagues have been changed, and not a single one has touched or searched for something on my table. And at home the chances of that to happen are close to nothing.
-
The fact that I can get hacked and someone could watch and access passwords parallel me being busy at PC, without me not even knowing about it crosses all advantages of password manager.
WDYM?
If I keep my work place organized, not a single person would dig into my papers in search of a passwords. During years of working in the office, lots of jobs and colleagues have been changed, and not a single one has touched or searched for something on my table. And at home the chances of that to happen are close to nothing.
I honestly don't have that much confidence in paper backups (I prefer offline password managers over it), but since it works for you, good for you.
-
The fact that I can get hacked and someone could watch and access passwords parallel me being busy at PC, without me not even knowing about it crosses all advantages of password manager.
While the risk is there, you can also prevent that from happening IMO. It's not like your PC will suddenly get malware on it if you never click malicious links, download cracked software, etc. There are horror stories when people rely on written backups too. But well, if you're not confident and stick with paper or written backups hopefully nothing bad happens to you, like the latest wildfire in LA. CMIIW.
During years of working in the office, lots of jobs and colleagues have been changed, and not a single one has touched or searched for something on my table. And at home the chances of that to happen are close to nothing.
That's good to hear. I heard many horror stories where people work in a terrible office environment. Although if we're being paranoid it's still possible that someone check your workplace when you're not there in one way or the other.
-
The fact that I can get hacked and someone could watch and access passwords parallel me being busy at PC, without me not even knowing about it crosses all advantages of password manager.
WDYM?
As I understand there are hackers that not only get access to your pc, steal and leave, but monitor what you do, where you click and etc. They silently observe what I do. If all the time password manager autofill every time, there definitely will be a rare case when I would need to open/unlock/login to password manager manually. During that moment, user is vulnerable to a hacker. I dont believe that people who have password managers never open password list and search for something.
If I keep my work place organized, not a single person would dig into my papers in search of a passwords. During years of working in the office, lots of jobs and colleagues have been changed, and not a single one has touched or searched for something on my table. And at home the chances of that to happen are close to nothing.
I honestly don't have that much confidence in paper backups (I prefer offline password managers over it), but since it works for you, good for you.
So far cant complain. For me it is easier to re-write password to a new list if first is damaged, than to store offline. That "offline device" one day will get connected to the internet, at least to get updates. Who knows what happens during update download and installation.
-
So far cant complain. For me it is easier to re-write password to a new list if first is damaged, than to store offline. That "offline device" one day will get connected to the internet, at least to get updates. Who knows what happens during update download and installation.
I prefer to store my password in a book that only I have access to than using Google Cloud, password manager, or whatever you call it. I have experienced hacking before so I would never want that to repeat itself never. Storing passwords online or offline on a device is never safe because whenever a hacker gets access to your Google account, it is finished for you. After all, there is nothing you can do about it when they unleash their evil act on your information and details. We should learn to make it a priority to store our login details on pieces of paper or a notebook if we can so that we do not get hacked by putting it up there online.
-
You see, you have already experience of being hacked, you have already a negative experience with storing passwords on a device/software. But have you ever experienced of being robbed? Or a situation that someone stole something physical from you? I believe during your life people stole something from you, but I think that were wallet/money, or a gadget. Nobody would ever stole a notebook, book or piece of paper from you. You see where i'm going with this, nobody think of checking most obvious place of storying info and pay attention directly to devices or something digital.
-
You see, you have already experience of being hacked, you have already a negative experience with storing passwords on a device/software. But have you ever experienced of being robbed? Or a situation that someone stole something physical from you? I believe during your life people stole something from you, but I think that were wallet/money, or a gadget. Nobody would ever stole a notebook, book or piece of paper from you. You see where i'm going with this, nobody think of checking most obvious place of storying info and pay attention directly to devices or something digital.
This is food for thought. Truly, nobody thinks of stealing a book or paper from anybody because they are worthless and have no value. Yet, books and papers hold valuable access to treasures that could turn around an individual's perspective, reasoning, and mentality within minutes of reading them. They can store or hold vital sensitive information as it relates to private keys and details of important information we need. It is obvious that people do not see this aspect of safety for their online information as it is not valued for any reason and another being the fact that laziness is just always an excuse.
-
You see, you have already experience of being hacked, you have already a negative experience with storing passwords on a device/software. But have you ever experienced of being robbed? Or a situation that someone stole something physical from you? I believe during your life people stole something from you, but I think that were wallet/money, or a gadget. Nobody would ever stole a notebook, book or piece of paper from you. You see where i'm going with this, nobody think of checking most obvious place of storying info and pay attention directly to devices or something digital.
This is food for thought. Truly, nobody thinks of stealing a book or paper from anybody because they are worthless and have no value. Yet, books and papers hold valuable access to treasures that could turn around an individual's perspective, reasoning, and mentality within minutes of reading them. They can store or hold vital sensitive information as it relates to private keys and details of important information we need. It is obvious that people do not see this aspect of safety for their online information as it is not valued for any reason and another being the fact that laziness is just always an excuse.
Laziness? Not really. I have replied here before, I find paper backups really fragile, simply can't get myself to have enough confidence in these. Sure, it could be one type of backup, but only? Nope.
-
You see, you have already experience of being hacked, you have already a negative experience with storing passwords on a device/software. But have you ever experienced of being robbed? Or a situation that someone stole something physical from you? I believe during your life people stole something from you, but I think that were wallet/money, or a gadget. Nobody would ever stole a notebook, book or piece of paper from you. You see where i'm going with this, nobody think of checking most obvious place of storying info and pay attention directly to devices or something digital.
This is food for thought. Truly, nobody thinks of stealing a book or paper from anybody because they are worthless and have no value. Yet, books and papers hold valuable access to treasures that could turn around an individual's perspective, reasoning, and mentality within minutes of reading them. They can store or hold vital sensitive information as it relates to private keys and details of important information we need. It is obvious that people do not see this aspect of safety for their online information as it is not valued for any reason and another being the fact that laziness is just always an excuse.
Laziness? Not really. I have replied here before, I find paper backups really fragile, simply can't get myself to have enough confidence in these. Sure, it could be one type of backup, but only? Nope.
If you store password digitally, then between you and me, hacker have more chances to get you. A theft must work on a tip to break my locks, go to room and search table for a paper with passwords. I bet if someone breaks in, they would take quickly what is valuable in the hall, or go to living room, grab TV, consoles, laptops and run. In your case, just one mistake and extra click, and someone is already looking through your PC for valuable info, passwords, logins. What can happen to my paper? If I fold it million times it can be destroyed, if one of family members will through it away - but is unlikely to happen, as I keep my work table organized. Papers does not look like rubbish to be thrown away.
-
You see, you have already experience of being hacked, you have already a negative experience with storing passwords on a device/software. But have you ever experienced of being robbed? Or a situation that someone stole something physical from you? I believe during your life people stole something from you, but I think that were wallet/money, or a gadget. Nobody would ever stole a notebook, book or piece of paper from you. You see where i'm going with this, nobody think of checking most obvious place of storying info and pay attention directly to devices or something digital.
This is food for thought. Truly, nobody thinks of stealing a book or paper from anybody because they are worthless and have no value. Yet, books and papers hold valuable access to treasures that could turn around an individual's perspective, reasoning, and mentality within minutes of reading them. They can store or hold vital sensitive information as it relates to private keys and details of important information we need. It is obvious that people do not see this aspect of safety for their online information as it is not valued for any reason and another being the fact that laziness is just always an excuse.
Laziness? Not really. I have replied here before, I find paper backups really fragile, simply can't get myself to have enough confidence in these. Sure, it could be one type of backup, but only? Nope.
If you store password digitally, then between you and me, hacker have more chances to get you. A theft must work on a tip to break my locks, go to room and search table for a paper with passwords. I bet if someone breaks in, they would take quickly what is valuable in the hall, or go to living room, grab TV, consoles, laptops and run. In your case, just one mistake and extra click, and someone is already looking through your PC for valuable info, passwords, logins. What can happen to my paper? If I fold it million times it can be destroyed, if one of family members will through it away - but is unlikely to happen, as I keep my work table organized. Papers does not look like rubbish to be thrown away.
A thief would quickly do what they feel would save their time in the cause of stealing so they could hurriedly run away but I do not think they would think of stealing book or paper not to talk of spending time to break a box just to steal paper or book because they would prefer their safety to run in time but when online, the hacker could spend much time cracking codes and monitoring you without you knowing and thinking about it till it happens then your eyes would clear and that means they have been on you for quite some time waiting for the right time to strike.
-
You see, you have already experience of being hacked, you have already a negative experience with storing passwords on a device/software. But have you ever experienced of being robbed? Or a situation that someone stole something physical from you? I believe during your life people stole something from you, but I think that were wallet/money, or a gadget. Nobody would ever stole a notebook, book or piece of paper from you. You see where i'm going with this, nobody think of checking most obvious place of storying info and pay attention directly to devices or something digital.
This is food for thought. Truly, nobody thinks of stealing a book or paper from anybody because they are worthless and have no value. Yet, books and papers hold valuable access to treasures that could turn around an individual's perspective, reasoning, and mentality within minutes of reading them. They can store or hold vital sensitive information as it relates to private keys and details of important information we need. It is obvious that people do not see this aspect of safety for their online information as it is not valued for any reason and another being the fact that laziness is just always an excuse.
Laziness? Not really. I have replied here before, I find paper backups really fragile, simply can't get myself to have enough confidence in these. Sure, it could be one type of backup, but only? Nope.
If you store password digitally, then between you and me, hacker have more chances to get you. A theft must work on a tip to break my locks, go to room and search table for a paper with passwords. I bet if someone breaks in, they would take quickly what is valuable in the hall, or go to living room, grab TV, consoles, laptops and run. In your case, just one mistake and extra click, and someone is already looking through your PC for valuable info, passwords, logins. What can happen to my paper? If I fold it million times it can be destroyed, if one of family members will through it away - but is unlikely to happen, as I keep my work table organized. Papers does not look like rubbish to be thrown away.
I used to use lastpass which was apparently hacked — no loss to me but out of caution I moved to offline password managers — here you write passwords offline, these apps don't have Internet access, and backups are encrypted with password that I alone know (I haven't stored this password anywhere), even if someone gets access to backups they can't access data without password. I find this very safe.
-
Make a little experiment, leave your paper notebook and a mobile or laptop on the table in public and leave for 15 minutes. With 99% probability I think your gadget will be stolen, 1% that both items will be stolen. When theft get your gadget, no matter if you have used offline or online based app, theft would try to bruteforce it. Even if you did not store password anywhere on your device, theft could search for other valuable things. Passport scans for example, access to emails, anything that might help him to get anything. With paper password what can you lose? No one would even care about it.
-
On This, I don't use password managers. There were some incidents that even password managers have been compromised and that's why I don't use it. There is no problem of using them, I have my own records where I keep them and that's a secure one, it's hard to find it and that's why I am keeping the tradition of where it should be kept. In the future, if I find it convenient then I might also use it if the time permits it to happen.
-
With paper password what can you lose? No one would even care about it.
Noting down your passwords in a piece of paper is insecure because all your passwords will be weak and similar. As we create about 1 new account per week (as discussed already in this thread) it is impossible to keep in a paper all your passwords and also create very different ones.
Your data from one service may leak, and the hacker will just login into other services as he already has your email/password and all your passwords are alike and weak...
-
Make a little experiment, leave your paper notebook and a mobile or laptop on the table in public and leave for 15 minutes. With 99% probability I think your gadget will be stolen, 1% that both items will be stolen. When theft get your gadget, no matter if you have used offline or online based app, theft would try to bruteforce it. Even if you did not store password anywhere on your device, theft could search for other valuable things. Passport scans for example, access to emails, anything that might help him to get anything. With paper password what can you lose? No one would even care about it.
I don't leave my precious gadgets anywhere, and they always protected by password that's not easy bruteforce. Also, you are thinking that no one will pick up on notes but assume one person will and he will have all info naked. How is that safe?
-
With paper password what can you lose? No one would even care about it.
Noting down your passwords in a piece of paper is insecure because all your passwords will be weak and similar. As we create about 1 new account per week (as discussed already in this thread) it is impossible to keep in a paper all your passwords and also create very different ones.
Your data from one service may leak, and the hacker will just login into other services as he already has your email/password and all your passwords are alike and weak...
A person with weak phantasy always comes up with weak and similar passwords. Maybe someone can notice similarities among my passwords, but they dont look the same to me. They arent just words or combination of words. Or a word that ends with "123", "777" or year of my birthday by the end. No doubt that password manager can randomize letter, number and symbol combinations quicker, but I can also generate something like that.
Make a little experiment, leave your paper notebook and a mobile or laptop on the table in public and leave for 15 minutes. With 99% probability I think your gadget will be stolen, 1% that both items will be stolen. When theft get your gadget, no matter if you have used offline or online based app, theft would try to bruteforce it. Even if you did not store password anywhere on your device, theft could search for other valuable things. Passport scans for example, access to emails, anything that might help him to get anything. With paper password what can you lose? No one would even care about it.
I don't leave my precious gadgets anywhere, and they always protected by password that's not easy bruteforce. Also, you are thinking that no one will pick up on notes but assume one person will and he will have all info naked. How is that safe?
You dont leave your gadgets anywhere - do you sleep with them or have device installed in you? How my paper is less safe than your gadget if you also keep everything in one place. And in situation when a person is about to steal something from you or me, he will take electronic device more likely, as it has more value in pawnshop.
(https://i.postimg.cc/fT30m3q0/image.png)
Here is a random picture from the web. Green arrow is where is your password is stored and what will be stolen or searched for password immediately. Red arrows are places where my paper or papers with passwords might be.
-
Make a little experiment, leave your paper notebook and a mobile or laptop on the table in public and leave for 15 minutes. With 99% probability I think your gadget will be stolen, 1% that both items will be stolen. When theft get your gadget, no matter if you have used offline or online based app, theft would try to bruteforce it. Even if you did not store password anywhere on your device, theft could search for other valuable things. Passport scans for example, access to emails, anything that might help him to get anything. With paper password what can you lose? No one would even care about it.
I don't leave my precious gadgets anywhere, and they always protected by password that's not easy bruteforce. Also, you are thinking that no one will pick up on notes but assume one person will and he will have all info naked. How is that safe?
You dont leave your gadgets anywhere - do you sleep with them or have device installed in you? How my paper is less safe than your gadget if you also keep everything in one place. And in situation when a person is about to steal something from you or me, he will take electronic device more likely, as it has more value in pawnshop.
You are stuck on someone stealing my device but you don't understand device itself is protected with password, password manager is protected with password, brute forcing only works weak password and there are OS features which allow you to wipe up your device remotely.
If note keeping works with you, you continue doing it, and I'll do what I feel is right for me.
-
I dont try to say that your password manager app is better or worse than my method of storing passwords. Both have its pros and cons. I simply prefer my method more, because I find it more safe. Even it device is protected by password or it is hard/impossible to bruteforce it, it will still be discomfort for losing gadgets, spending time to recover everything. With keeping everything on a device, in case something goes wrong, you dont lose only access to list of password on it, you lose also all the info you had on your drives. Those who keep password in a manager that is protected by password, I really hope you dont forget that password.
P.S. where do you keep password that protects your password manager? :) In other manager or memorized it?
-
A person with weak phantasy always comes up with weak and similar passwords. Maybe someone can notice similarities among my passwords, but they dont look the same to me. They arent just words or combination of words. Or a word that ends with "123", "777" or year of my birthday by the end. No doubt that password manager can randomize letter, number and symbol combinations quicker, but I can also generate something like that.
Even if you are as good as machine , you just can't randomize that much.
And what will do if you need to login in Airline company page to buy a ticket when you are at work? You can't access your password, they are home.
Your life will be a frequent reset passwords , which will be totally crazy and inconvenient. If you can remember them , they are extremely weak. You have certainly nearly 1000 logins. Just from BTT casinos and other services related there are many dozens of different logins.
Here is a random picture from the web. Green arrow is where is your password is store and what will be stolen or searched for password immediately. Red arrows are places where my paper or papers with passwords might be.
The passwords are not in the computer, but secured with professional encryption and strong passwords, when uou use a password manager...
-
I dont try to say that your password manager app is better or worse than my method of storing passwords. Both have its pros and cons. I simply prefer my method more, because I find it more safe. Even it device is protected by password or it is hard/impossible to bruteforce it, it will still be discomfort for losing gadgets, spending time to recover everything.
It's convenient with password managers to restore data — you install app on new device, import backup file, enter encryption password and you are ready.
With keeping everything on a device, in case something goes wrong, you dont lose only access to list of password on it, you lose also all the info you had on your drives. Those who keep password in a manager that is protected by password, I really hope you dont forget that password.
I switch devices regularly anyway, it's of very little inconvenience to switch and import data.
P.S. where do you keep password that protects your password manager? :) In other manager or memorized it?
It's memorized.
-
A person with weak phantasy always comes up with weak and similar passwords. Maybe someone can notice similarities among my passwords, but they dont look the same to me. They arent just words or combination of words. Or a word that ends with "123", "777" or year of my birthday by the end. No doubt that password manager can randomize letter, number and symbol combinations quicker, but I can also generate something like that.
Even if you are as good as machine , you just can't randomize that much.
And what will do if you need to login in Airline company page to buy a ticket when you are at work? You can't access your password, they are home.
Your life will be a frequent reset passwords , which will be totally crazy and inconvenient. If you can remember them , they are extremely weak. You have certainly nearly 1000 logins. Just from BTT casinos and other services related there are many dozens of different logins.
Here is a random picture from the web. Green arrow is where is your password is store and what will be stolen or searched for password immediately. Red arrows are places where my paper or papers with passwords might be.
The passwords are not in the computer, but secured with professional encryption and strong passwords, when uou use a password manager...
I simply dont right down all, I mean all the login and passwords. Crypto is separated from daily expenses. When I have to buy a plane ticket, I just get out my wallet with a card. If I need to buy movie tickets and to get discount, I login into cinema page but such passwords I dont store on my paper. But, everything related crypto, emails, logins, passwords, seed and etc - such info is on a separate piece of paper. Ledger is with me all the time also. I dont make a mess of 1000+ passwords stores on a paper (it would be a notebook then). I would not either store 1000+ passwords in a manager either. I guess everyone is familiar with "eggs in one basket".
The passwords are not in the computer, but secured with professional encryption and strong passwords, when uou use a password manager...
The idea was not to show that "password is in computer", but to show where someone except you will try to search for it. Ok, its encrypted, but a fact that someone sees password manager and tries to get access into it wont make you happy. Anyway, do you really believe that your master password will never be compromised?
-
I simply dont right down all, I mean all the login and passwords. Crypto is separated from daily expenses. When I have to buy a plane ticket, I just get out my wallet with a card. If I need to buy movie tickets and to get discount, I login into cinema page but such passwords I dont store on my paper.
You also need to login into the airlines page to get miles for example. It just becomes too much waste of time and energy to put everything in paper, because you just can't carry that paper everywhere.
I think most people that are talking about paper are people who never used a password manager...
But, everything related crypto, emails, logins, passwords, seed and etc - such info is on a separate piece of paper. Ledger is with me all the time also. I dont make a mess of 1000+ passwords stores on a paper (it would be a notebook then). I would not either store 1000+ passwords in a manager either. I guess everyone is familiar with "eggs in one basket".
You can just store all those 1000+ insecure passwords for services which doesnt need too much security. There isnt any problem if someone logs into my airline company page and see where I have been in the past. Or logged into the cinema page I see my past buys. Nobody can steal me anyting from those services most of the time...
-
^ I guess that's right way to do it. If you don't trust password managers enough for sensitive info, use them for irrelevant sites, keep notebook backups for sensitive info.
-
I simply dont right down all, I mean all the login and passwords. Crypto is separated from daily expenses. When I have to buy a plane ticket, I just get out my wallet with a card. If I need to buy movie tickets and to get discount, I login into cinema page but such passwords I dont store on my paper.
You also need to login into the airlines page to get miles for example. It just becomes too much waste of time and energy to put everything in paper, because you just can't carry that paper everywhere.
I think most people that are talking about paper are people who never used a password manager...
Completely opposite experience. I have been using password managers for quite a time, but two fails forced my to stop using them.
1) First fail happened when my disk drive died. That time managers did not have feature to upload a backup to cloud service. That time cloud service did not even exist. That time I did not make any backup on usb flash drive or store somewhere else. All my data has gone forever. Trying to recover data in service center was costly as they price per recovered GB, and did not give any guarantee that data will be 100% restored, nor can not name what will be restored.
2) My backpack with laptop and ipad was stolen from hotel lobby in Lisbon when I was checking-in. Guy ran, took my bag and ran away. No help from hotel or police... Anyway, the password manager wasnt making any backups either. Or maybe that feature wasnt turned on. Or I took decision not to recover all that, because there was a chance laptop password might be hacked and a person might get access to cloud. Or maybe I was to angry on that situation and decided to start everything from the start. I dont remember right now.
Nevertheless. Twice I had lost all my saved passwords. Since then. I keep passwords for unevaluable data straight in the browser. I dont care if someone get access to my cinema account and see what movies I have been to and when. Dont care if someone finds out login and password from online pet store, and see which canned cat food I have ordered. But everything that is related money, an app or a page where I have balance, passwords are store on a paper.
-
P.S. where do you keep password that protects your password manager? :) In other manager or memorized it?
Most people (who use password manager) probably memorize it. But you also could store the password or encryption key using device such as YubiKey or any storage drive that you hide securely.
The idea was not to show that "password is in computer", but to show where someone except you will try to search for it. Ok, its encrypted, but a fact that someone sees password manager and tries to get access into it wont make you happy. Anyway, do you really believe that your master password will never be compromised?
Yes (within human lifespan), assuming you use strong password and the password manager software use very strong encryption algorithm.
-
Those who use password managers, maybe you can advice something specific and give an explanation of your choice. Would be great it what would be compared with managers mentioned on first pages of topic. Its hard to switch from paper to password manager or even try using a password manager when all we have is "I love to use" and "<name> is the best". At least name must features for password manager. Automatic backup and its storage in cloud? Encryption? Supports any OS?
-
I simply dont right down all, I mean all the login and passwords. Crypto is separated from daily expenses. When I have to buy a plane ticket, I just get out my wallet with a card. If I need to buy movie tickets and to get discount, I login into cinema page but such passwords I dont store on my paper.
You also need to login into the airlines page to get miles for example. It just becomes too much waste of time and energy to put everything in paper, because you just can't carry that paper everywhere.
I think most people that are talking about paper are people who never used a password manager...
Completely opposite experience. I have been using password managers for quite a time, but two fails forced my to stop using them.
1) First fail happened when my disk drive died. That time managers did not have feature to upload a backup to cloud service. That time cloud service did not even exist. That time I did not make any backup on usb flash drive or store somewhere else. All my data has gone forever. Trying to recover data in service center was costly as they price per recovered GB, and did not give any guarantee that data will be 100% restored, nor can not name what will be restored.
2) My backpack with laptop and ipad was stolen from hotel lobby in Lisbon when I was checking-in. Guy ran, took my bag and ran away. No help from hotel or police... Anyway, the password manager wasnt making any backups either. Or maybe that feature wasnt turned on. Or I took decision not to recover all that, because there was a chance laptop password might be hacked and a person might get access to cloud. Or maybe I was to angry on that situation and decided to start everything from the start. I dont remember right now.
Nevertheless. Twice I had lost all my saved passwords. Since then. I keep passwords for unevaluable data straight in the browser. I dont care if someone get access to my cinema account and see what movies I have been to and when. Dont care if someone finds out login and password from online pet store, and see which canned cat food I have ordered. But everything that is related money, an app or a page where I have balance, passwords are store on a paper.
You had an experience with a bad password manager.
THere are many good password managers which are secure and have cloud support. You wouldnt lose anything in both situations you mentioned.
I can recommend Firefox password manager and Proton Pass. Both very good and have cloud support.
-
Those who use password managers, maybe you can advice something specific and give an explanation of your choice. Would be great it what would be compared with managers mentioned on first pages of topic. Its hard to switch from paper to password manager or even try using a password manager when all we have is "I love to use" and "<name> is the best". At least name must features for password manager. Automatic backup and its storage in cloud? Encryption? Supports any OS?
This statement sounds ignorant. Comments so far have replied more on less on what you are asking. You also have Google to go in-depth on password managers mentioned here.
-
Those who use password managers, maybe you can advice something specific and give an explanation of your choice. Would be great it what would be compared with managers mentioned on first pages of topic. Its hard to switch from paper to password manager or even try using a password manager when all we have is "I love to use" and "<name> is the best". At least name must features for password manager. Automatic backup and its storage in cloud? Encryption? Supports any OS?
This statement sounds ignorant. Comments so far have replied more on less on what you are asking. You also have Google to go in-depth on password managers mentioned here.
Thought that forum is a place where a person can also ask something and get an answer, instead of spending hours googling info and separating truth from false. I have asked for personal experience, you send me to read articles in google. Thank you, your post really helped me. A link in first post with table created in 2022 has every necessary and up-to-date info.
-
You see, you have already experience of being hacked, you have already a negative experience with storing passwords on a device/software. But have you ever experienced of being robbed? Or a situation that someone stole something physical from you? I believe during your life people stole something from you, but I think that were wallet/money, or a gadget. Nobody would ever stole a notebook, book or piece of paper from you. You see where i'm going with this, nobody think of checking most obvious place of storying info and pay attention directly to devices or something digital.
This is food for thought. Truly, nobody thinks of stealing a book or paper from anybody because they are worthless and have no value. Yet, books and papers hold valuable access to treasures that could turn around an individual's perspective, reasoning, and mentality within minutes of reading them. They can store or hold vital sensitive information as it relates to private keys and details of important information we need. It is obvious that people do not see this aspect of safety for their online information as it is not valued for any reason and another being the fact that laziness is just always an excuse.
Laziness? Not really. I have replied here before, I find paper backups really fragile, simply can't get myself to have enough confidence in these. Sure, it could be one type of backup, but only? Nope.
If you store password digitally, then between you and me, hacker have more chances to get you. A theft must work on a tip to break my locks, go to room and search table for a paper with passwords. I bet if someone breaks in, they would take quickly what is valuable in the hall, or go to living room, grab TV, consoles, laptops and run. In your case, just one mistake and extra click, and someone is already looking through your PC for valuable info, passwords, logins. What can happen to my paper? If I fold it million times it can be destroyed, if one of family members will through it away - but is unlikely to happen, as I keep my work table organized. Papers does not look like rubbish to be thrown away.
I used to use lastpass which was apparently hacked — no loss to me but out of caution I moved to offline password managers — here you write passwords offline, these apps don't have Internet access, and backups are encrypted with password that I alone know (I haven't stored this password anywhere), even if someone gets access to backups they can't access data without password. I find this very safe.
If I may ask you, you call them apps right? Are the apps not stored on your phone? is your phone not connected to the internet? did you not give the apps access to your device? As long as it is an app you have used to store your password on your phone, you can be exposed to danger at any given time if your phone is connected to internet services. It is still not safer than paper storage which only you have access to and can be gotten at any time when needed without the need to connect or request internet access.
-
You see, you have already experience of being hacked, you have already a negative experience with storing passwords on a device/software. But have you ever experienced of being robbed? Or a situation that someone stole something physical from you? I believe during your life people stole something from you, but I think that were wallet/money, or a gadget. Nobody would ever stole a notebook, book or piece of paper from you. You see where i'm going with this, nobody think of checking most obvious place of storying info and pay attention directly to devices or something digital.
This is food for thought. Truly, nobody thinks of stealing a book or paper from anybody because they are worthless and have no value. Yet, books and papers hold valuable access to treasures that could turn around an individual's perspective, reasoning, and mentality within minutes of reading them. They can store or hold vital sensitive information as it relates to private keys and details of important information we need. It is obvious that people do not see this aspect of safety for their online information as it is not valued for any reason and another being the fact that laziness is just always an excuse.
Laziness? Not really. I have replied here before, I find paper backups really fragile, simply can't get myself to have enough confidence in these. Sure, it could be one type of backup, but only? Nope.
If you store password digitally, then between you and me, hacker have more chances to get you. A theft must work on a tip to break my locks, go to room and search table for a paper with passwords. I bet if someone breaks in, they would take quickly what is valuable in the hall, or go to living room, grab TV, consoles, laptops and run. In your case, just one mistake and extra click, and someone is already looking through your PC for valuable info, passwords, logins. What can happen to my paper? If I fold it million times it can be destroyed, if one of family members will through it away - but is unlikely to happen, as I keep my work table organized. Papers does not look like rubbish to be thrown away.
I used to use lastpass which was apparently hacked — no loss to me but out of caution I moved to offline password managers — here you write passwords offline, these apps don't have Internet access, and backups are encrypted with password that I alone know (I haven't stored this password anywhere), even if someone gets access to backups they can't access data without password. I find this very safe.
If I may ask you, you call them apps right? Are the apps not stored on your phone? is your phone not connected to the internet? did you not give the apps access to your device? As long as it is an app you have used to store your password on your phone, you can be exposed to danger at any given time if your phone is connected to internet services. It is still not safer than paper storage which only you have access to and can be gotten at any time when needed without the need to connect or request internet access.
Yes they are apps but how android works is unless app has declared Internet permission beforehand, it can't access internet and two apps I use (KeepassDX, Password Safe) — they don't need Internet access to begin with since they are completely offline apps.
Yes, these two have auto-fill features as well which can make things convenient but they can cause security issues (or may be not, it's just me being paranoid) so I don't use those features.
-
You see, you have already experience of being hacked, you have already a negative experience with storing passwords on a device/software. But have you ever experienced of being robbed? Or a situation that someone stole something physical from you? I believe during your life people stole something from you, but I think that were wallet/money, or a gadget. Nobody would ever stole a notebook, book or piece of paper from you. You see where i'm going with this, nobody think of checking most obvious place of storying info and pay attention directly to devices or something digital.
This is food for thought. Truly, nobody thinks of stealing a book or paper from anybody because they are worthless and have no value. Yet, books and papers hold valuable access to treasures that could turn around an individual's perspective, reasoning, and mentality within minutes of reading them. They can store or hold vital sensitive information as it relates to private keys and details of important information we need. It is obvious that people do not see this aspect of safety for their online information as it is not valued for any reason and another being the fact that laziness is just always an excuse.
Laziness? Not really. I have replied here before, I find paper backups really fragile, simply can't get myself to have enough confidence in these. Sure, it could be one type of backup, but only? Nope.
If you store password digitally, then between you and me, hacker have more chances to get you. A theft must work on a tip to break my locks, go to room and search table for a paper with passwords. I bet if someone breaks in, they would take quickly what is valuable in the hall, or go to living room, grab TV, consoles, laptops and run. In your case, just one mistake and extra click, and someone is already looking through your PC for valuable info, passwords, logins. What can happen to my paper? If I fold it million times it can be destroyed, if one of family members will through it away - but is unlikely to happen, as I keep my work table organized. Papers does not look like rubbish to be thrown away.
I used to use lastpass which was apparently hacked — no loss to me but out of caution I moved to offline password managers — here you write passwords offline, these apps don't have Internet access, and backups are encrypted with password that I alone know (I haven't stored this password anywhere), even if someone gets access to backups they can't access data without password. I find this very safe.
If I may ask you, you call them apps right? Are the apps not stored on your phone? is your phone not connected to the internet? did you not give the apps access to your device? As long as it is an app you have used to store your password on your phone, you can be exposed to danger at any given time if your phone is connected to internet services. It is still not safer than paper storage which only you have access to and can be gotten at any time when needed without the need to connect or request internet access.
Yes they are apps but how android works is unless app has declared Internet permission beforehand, it can't access internet and two apps I use (KeepassDX, Password Safe) — they don't need Internet access to begin with since they are completely offline apps.
Yes, these two have auto-fill features as well which can make things convenient but they can cause security issues (or may be not, it's just me being paranoid) so I don't use those features.
I understand your point but my curiosity is this since those apps were downloaded from the Google Play Store with the help of internet access, anything can happen. As long as your phone is an Android phone with an internet connection and which you browse with, there is every possibility or tendency that your passwords and private keys stored on that app are not safe. If I may ask, were the apps not designed by developers? did you not use the internet to download and install it? I believe your answer is yes so tell me what is the probability that the app is safe?
-
You see, you have already experience of being hacked, you have already a negative experience with storing passwords on a device/software. But have you ever experienced of being robbed? Or a situation that someone stole something physical from you? I believe during your life people stole something from you, but I think that were wallet/money, or a gadget. Nobody would ever stole a notebook, book or piece of paper from you. You see where i'm going with this, nobody think of checking most obvious place of storying info and pay attention directly to devices or something digital.
This is food for thought. Truly, nobody thinks of stealing a book or paper from anybody because they are worthless and have no value. Yet, books and papers hold valuable access to treasures that could turn around an individual's perspective, reasoning, and mentality within minutes of reading them. They can store or hold vital sensitive information as it relates to private keys and details of important information we need. It is obvious that people do not see this aspect of safety for their online information as it is not valued for any reason and another being the fact that laziness is just always an excuse.
Laziness? Not really. I have replied here before, I find paper backups really fragile, simply can't get myself to have enough confidence in these. Sure, it could be one type of backup, but only? Nope.
If you store password digitally, then between you and me, hacker have more chances to get you. A theft must work on a tip to break my locks, go to room and search table for a paper with passwords. I bet if someone breaks in, they would take quickly what is valuable in the hall, or go to living room, grab TV, consoles, laptops and run. In your case, just one mistake and extra click, and someone is already looking through your PC for valuable info, passwords, logins. What can happen to my paper? If I fold it million times it can be destroyed, if one of family members will through it away - but is unlikely to happen, as I keep my work table organized. Papers does not look like rubbish to be thrown away.
I used to use lastpass which was apparently hacked — no loss to me but out of caution I moved to offline password managers — here you write passwords offline, these apps don't have Internet access, and backups are encrypted with password that I alone know (I haven't stored this password anywhere), even if someone gets access to backups they can't access data without password. I find this very safe.
If I may ask you, you call them apps right? Are the apps not stored on your phone? is your phone not connected to the internet? did you not give the apps access to your device? As long as it is an app you have used to store your password on your phone, you can be exposed to danger at any given time if your phone is connected to internet services. It is still not safer than paper storage which only you have access to and can be gotten at any time when needed without the need to connect or request internet access.
Yes they are apps but how android works is unless app has declared Internet permission beforehand, it can't access internet and two apps I use (KeepassDX, Password Safe) — they don't need Internet access to begin with since they are completely offline apps.
Yes, these two have auto-fill features as well which can make things convenient but they can cause security issues (or may be not, it's just me being paranoid) so I don't use those features.
I understand your point but my curiosity is this since those apps were downloaded from the Google Play Store with the help of internet access, anything can happen. As long as your phone is an Android phone with an internet connection and which you browse with, there is every possibility or tendency that your passwords and private keys stored on that app are not safe. If I may ask, were the apps not designed by developers? did you not use the internet to download and install it? I believe your answer is yes so tell me what is the probability that the app is safe?
How can anything happen! Explain? The way you talk about, it seems like you are afraid using Internet itself, does you using this forum using Internet, makes your forum account compromised?
-
If I may ask, were the apps not designed by developers? did you not use the internet to download and install it? I believe your answer is yes so tell me what is the probability that the app is safe?
I think this applies to virtually any app. If you're that paranoid then the best thing to do is to learn coding by yourself, verify the code from the developers (there are many open-source password managers nowadays), build it on your own, compare your analysis with other people, and so on. You can also install it on an air-gapped device if you can endure the hassle of manually inputting a password on another device. It's hard to quantify how safe an app is if we don't even know what criteria you use.
-
I can't imagine using computers and mobile devices without good password managers this days, but they need to be open source.
You would be surprised how many people are making huge mistake witl using only ONE password for all accounts and websites.
With password managers like keypass you can remember one master password, and everything else will be encrypted and saved locally on your device.
-
No, I'm too old to learn new tricks.
If it ain't broke, don't fix it.
-
No, I'm too old to learn new tricks.
If you can browse the forum and manage crypto wallets just fine, I don't think learning how to use a password manager is a huge hurdle. That being said, I understand that some people are just afraid they'll make mistakes if they're using something they're not familiar with. My parents are an example of this. They know how to start a computer or whatnot but get confused easily whenever there's a slight change on their desktop. They learn fast if they're dealing with phones though.
-
No, I'm too old to learn new tricks.
If you can browse the forum and manage crypto wallets just fine, I don't think learning how to use a password manager is a huge hurdle. That being said, I understand that some people are just afraid they'll make mistakes if they're using something they're not familiar with. My parents are an example of this. They know how to start a computer or whatnot but get confused easily whenever there's a slight change on their desktop. They learn fast if they're dealing with phones though.
Some people do have difficulty learning new things. But all that depends on his will to learn and try the latest thing first.
Some may only have a few accounts, and of course, there aren't many passwords, so they don't need a password manager, so they choose a conventional method such as writing it on paper.
-
No, I'm too old to learn new tricks.
If you can browse the forum and manage crypto wallets just fine, I don't think learning how to use a password manager is a huge hurdle. That being said, I understand that some people are just afraid they'll make mistakes if they're using something they're not familiar with. My parents are an example of this. They know how to start a computer or whatnot but get confused easily whenever there's a slight change on their desktop. They learn fast if they're dealing with phones though.
Some people do have difficulty learning new things. But all that depends on his will to learn and try the latest thing first.
Yeah, will to learn matters, but I guess as person ages, this will seems to die down, at least that's what I see happening in myself.
-
Keepassxc supports your device’s biometric reader, meaning that if your computer has a fingerprint scanner, you can use your fingerprint to unlock it after entering the master password, as long as the database has been locked again.
It’s a great convenience if you don’t want to type the master password every time you need to open the vault. This feature is enabled automatically when you install the application, but you can disable it if you prefer.
Keepassxc is a fork of KeePass 2, also open-source, and currently available for Windows, Linux, and macOS.
-
Actually i don't, when it comes to random none important website, i use the browser's save password as the manager it self. But for important site, i don't, i just memorize them with almost the same passwords with 6-8 character the same then 9-15 is different which I'm the one only knows. If i forgot then i just use the forgot password feature lol.
-
Keepassxc is a fork of KeePass 2, also open-source, and currently available for Windows, Linux, and macOS.
Keepassxc is great, probably one of the best KeePass forks and it also have support for storing TOTP codes for 2FA authentification.
I am not a fan of using biometrics for everything and I didn't try how it works with Keepassxc but it's good to have option to choose if you want to use it.
Actually i don't, when it comes to random none important website, i use the browser's save password as the manager it self. But for important site, i don't, i just memorize them with almost the same passwords with 6-8 character the same then 9-15 is different which I'm the one only knows. If i forgot then i just use the forgot password feature lol.
This i a terrible idea... using almost the same passwords :P
-
Actually i don't, when it comes to random none important website, i use the browser's save password as the manager it self. But for important site, i don't, i just memorize them with almost the same passwords with 6-8 character the same then 9-15 is different which I'm the one only knows. If i forgot then i just use the forgot password feature lol.
Password managers like keepass are much more practical and secure. Many people might think that password managers are an effort only IT professionals use, but in reality, keepass has made my life much easier while also keeping my accounts more protected.
You have much more trouble when requesting password resets for your accounts than learning how to use password managers. Moreover, it has an easy learning curve. You may prefer to use paid and cloud-synchronized managers, which are still more secure than browser managers that have had multiple vulnerabilities.
Today, you can also use passkeys (available on some services), a more modern authentication method that replaces passwords by linking your logins to the features available on your phone or computer, such as fingerprint or facial recognition. Apple already offers this feature.
-
This i a terrible idea... using almost the same passwords :P
I know lol. That's why i don't recommend it at all. It just that, it makes me comfortable lol Not to mentioned never had any issue on that, been an internet guy since 2013 but never had any hacking issue, malware issue, etc. on my accounts and device. Also, I still use my first email (Gmail) too from 2013, not too frequent though.
-
This i a terrible idea... using almost the same passwords :P
I know lol. That's why i don't recommend it at all. It just that, it makes me comfortable lol Not to mentioned never had any issue on that, been an internet guy since 2013 but never had any hacking issue, malware issue, etc. on my accounts and device. Also, I still use my first email (Gmail) too from 2013, not too frequent though.
A terrible idea but it works for me also. Of recent I started using a password manager but I feel my strategy bits the idea of password manager even if I am wrong. I had 3 different strong passwords with different strengths. Strong, stronger and sophisticated. I use them independently and most times super imposes them and it works perfectly well. So, when I forget the password, I will just have to try 3 times and I'll definitely get the right one. It has worked for me for years but I honestly want to stick with the password manager now.
-
I know lol. That's why i don't recommend it at all. It just that, it makes me comfortable lol Not to mentioned never had any issue on that, been an internet guy since 2013 but never had any hacking issue, malware issue, etc. on my accounts and device. Also, I still use my first email (Gmail) too from 2013, not too frequent though.
Yeah this sounds to me like when a guy is wearing one underwear for his whole life... and he is not showing any sign of sickness yet, so everything must be ''good'' and no need to ever change it.
Remembering one password is only good if you are using password manager and this one password is master password, in all other cases this is borderline crazy.
-
Today, you can also use passkeys (available on some services), a more modern authentication method that replaces passwords by linking your logins to the features available on your phone or computer, such as fingerprint or facial recognition. Apple already offers this feature.
I love this feature. It makes it so easy. I do use password managers as well but nothing beats the ease of use with a passkey. I'm not sure if there are a lot of apps now that supports it but majority of the exchanges that I use, use this feature already. It's quite an improvement IMO.
-
I had 3 different strong passwords with different strengths. Strong, stronger and sophisticated. I use them independently and most times super imposes them and it works perfectly well.
The repeated usage probably brings down the security of the password though. Just imagine if one website got hacked and your password got exposed, which renders one if not all of your passwords useless. I'm a victim of such an attack, luckily I use a throwaway account so no harm is done to my other accounts. I'll stick with remembering one master password for my password manager instead of using the same password on many websites. The only thing I need to do is just back up regularly and save it on a secure device instead of worrying whether my password got leaked or not.
-
I love this feature. It makes it so easy. I do use password managers as well but nothing beats the ease of use with a passkey. I'm not sure if there are a lot of apps now that supports it but majority of the exchanges that I use, use this feature already. It's quite an improvement IMO.
Bybit uses something similar, I no longer need a password or even 2FA to access my account on the desktop, I simply scan the QR code and confirm the action on my phone and I'm already inside the platform, this is really cool and most of the big exchanges are already implementing it.
In addition, a password can be copied/captured by malware if the computer is infected with spyware monitoring the clipboard. Although keepass clears the copied password from the clipboard after x seconds, there is still a chance.
What do you guys think about this?
-
...
In addition, a password can be copied/captured by malware if the computer is infected with spyware monitoring the clipboard. Although keepass clears the copied password from the clipboard after x seconds, there is still a chance.
What do you guys think about this?
To avoid this, I turn off the Internet when copying sensitive data, and once password is pasted, I copy the random word so it remains in clipboard instead of the copied password, I am not sure how much it helps though but I like to think in comparison (that being copied password remaining in clipboard) this is better.
-
Bybit uses something similar, I no longer need a password or even 2FA to access my account on the desktop, I simply scan the QR code and confirm the action on my phone and I'm already inside the platform, this is really cool and most of the big exchanges are already implementing it.
In addition, a password can be copied/captured by malware if the computer is infected with spyware monitoring the clipboard. Although keepass clears the copied password from the clipboard after x seconds, there is still a chance.
What do you guys think about this?
Google has something similar. You don't need even your password anymore to login. You can just authorize from a previously logged in device. This is safe in my opnion.
Not safe enough to save your seeds with your life savings, but safe enough for an exchange or a google account
-
What do you guys think about this?
This is not good if it is made mandatory because they are forcing you to use smartphone with camera and maybe installing their app.
Something like this should never replace normal password method and password managers, and it is not long term solution.
With QR codes I had issues many times that their are not always supported because they used different standards.
-
This is not good if it is made mandatory because they are forcing you to use smartphone with camera and maybe installing their app.
Something like this should never replace normal password method and password managers, and it is not long term solution.
With QR codes I had issues many times that their are not always supported because they used different standards.
You have a point, but accessing the platform by scanning a QR code is optional, this is more common on crypto exchanges like Bybit. I don't know of any service that uses mobile app login for desktops.
Despite the convenience, I will always prefer using passwords and password managers like keepass.
-
I don't know of any service that uses mobile app login for desktops.
I think Steam does this too, but it's also optional. I think Discord also utilizes the same method, probably because most of its users want convenience. I think it's quite okay to use, but definitely shouldn't be mandatory. I remember someone posted that they can't login to their account because an exchange refuses to reset their password or something because his phone is broken. Relying on another device with questionable reliability is never a good idea.
-
What do you guys think about this?
This is not good if it is made mandatory because they are forcing you to use smartphone with camera and maybe installing their app.
About 2 years ago the camera of my smartphone broke.
I tried to live without it, and aftera few months I gave up. It is basically impossible now, as we need to scan lots of QR codes eventually to get discounts, make payments and even read menu at restaurants....
We are all forced to use those devices with camera now
-
You have a point, but accessing the platform by scanning a QR code is optional, this is more common on crypto exchanges like Bybit. I don't know of any service that uses mobile app login for desktops.
Maybe it is optional now, but they can make it mandatory if lot of people start using it.
This is the same as CBDC and any other silly project that start as optional but ends up enslaving people.
I really don't like the trend of everyone using smartphones as one device for everything.
I tried to live without it, and aftera few months I gave up. It is basically impossible now, as we need to scan lots of QR codes eventually to get discounts, make payments and even read menu at restaurants....
It's totally possible, and I know people who live without smartphones, theys are much more happier.
I also saw a bunch of people died while recording themselves with smartphones... not very smart :P
-
Regarding discussion above for logging in using qr, I find logging in with qr really convenient, but each their own.
I really don't like the trend of everyone using smartphones as one device for everything.
It's because smartphone allows one to do pretty much everything so it is used as one. What's wrong?
-
I really don't like the trend of everyone using smartphones as one device for everything.
It's because smartphone allows one to do pretty much everything so it is used as one. What's wrong?
The problem is that when you use the same device to watch porn, download torrents and to move your life savings, you are adding the risk of those websites to your life savings.
Ideally, you shouldn't use the same device for your life savings and porn and piracy.
But I see no problem if you have a wallet with up to 500 usd in that device...
-
Can we now get back to topic of password managers, I don't want to talk more about smartphone devices.
But best password managers should ideally work on all devices.
It's because smartphone allows one to do pretty much everything so it is used as one. What's wrong?
Nothing is wrong, smartphones are perfect devices for brainwashed population, to distract attention, to enslave everyone, and to create addiction from early childhood.
-
Can we now get back to topic of password managers, I don't want to talk more about smartphone devices.
But best password managers should ideally work on all devices.
There are versions of Keepass for almost all devices, usually forks of the first versions of Keepass: https://keepass.info/download.html
It has support for passkeys as well.
For iOS, there is Keepassium and Strongbox, I like Strongbox, it's 100% compatible with the desktop Keepassxc or keepass2 (classic keepass).
-
It's because smartphone allows one to do pretty much everything so it is used as one. What's wrong?
Nothing is wrong, smartphones are perfect devices for brainwashed population, to distract attention, to enslave everyone, and to create addiction from early childhood.
I agree with what bitmover said above but don't understand your points, mind elaborating on each point you mentioned?
Can we now get back to topic of password managers, I don't want to talk more about smartphone devices.
But best password managers should ideally work on all devices.
There are versions of Keepass for almost all devices, usually forks of the first versions of Keepass: https://keepass.info/download.html
It has support for passkeys as well.
For iOS, there is Keepassium and Strongbox, I like Strongbox, it's 100% compatible with the desktop Keepassxc or keepass2 (classic keepass).
There is keepassDX (https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free) for android as well.
-
Nothing is wrong, smartphones are perfect devices for brainwashed population, to distract attention, to enslave everyone, and to create addiction from early childhood.
I agree with what bitmover said above but don't understand your points, mind elaborating on each point you mentioned?
When you use those devices to watch useless stuff you can get infected by a computer virus which could potentially steal your funds...
dkbit98 is talking about bad uses of devices, specially social networks such as tiktok and instagram which makes people wast lots of time in useless videos.
I will also add that I spend a lot of time in the smartphone using this forum and BTT. A different kind of brainwashing lol
-
Nothing is wrong, smartphones are perfect devices for brainwashed population, to distract attention, to enslave everyone, and to create addiction from early childhood.
I agree with what bitmover said above but don't understand your points, mind elaborating on each point you mentioned?
When you use those devices to watch useless stuff you can get infected by a computer virus which could potentially steal your funds...
dkbit98 is talking about bad uses of devices, specially social networks such as tiktok and instagram which makes people wast lots of time in useless videos.
I will also add that I spend a lot of time in the smartphone using this forum and BTT. A different kind of brainwashing lol
Are you saying, that if I use my iPhone to browse tiktok, instagram, youtube and facebook, I am endangered with catching a virus? Or Safari browser usage can cause harm? My mobile has a password manager btw, and info is stored in icloud. And macbook, iPad and iPhone are connected between each other. From security measures point of view that is extremely ineffective.
The only way someone could force me to install virus software on my device would be hypnotizing me through videos or other content. So far I havent heard about such cases.
-
...
dkbit98 is talking about bad uses of devices, specially social networks such as tiktok and instagram which makes people wast lots of time in useless videos.
I mean that's on people? You can't put user's misuse of tool on tool itself.
...
The only way someone could force me to install virus software on my device would be hypnotizing me through videos or other content. So far I havent heard about such cases.
Not hypnotizing but tricking user into installing something malicious and there should be cases of that.
-
Are you saying, that if I use my iPhone to browse tiktok, instagram, youtube and facebook, I am endangered with catching a virus? Or Safari browser usage can cause harm? My mobile has a password manager btw, and info is stored in icloud. And macbook, iPad and iPhone are connected between each other. From security measures point of view that is extremely ineffective.
The only way someone could force me to install virus software on my device would be hypnotizing me through videos or other content. So far I havent heard about such cases.
You wont get a virus by watching instagram or tiktok videos.
However, you can click in a malicius link from an instagram account, click something wrong and then boooom.
It just takes one mistake to lose your funds.
-
Not hypnotizing but tricking user into installing something malicious and there should be cases of that.
I've dealt with a case like this before, and it actually happened to me. However, since I'm already used to the web environment... I didn't fall for the scam.
You know when you visit some websites and you're asked to solve a captcha? I solved it, and in addition to that, it asked me to run a suspicious command in Windows' Run dialog. Obviously, I didn't do it... the command was even imported into my clipboard without me copying anything. Definitely an attempt to install malware… I confirmed it when I asked ChatGPT what the command does.
Nothing bad happened to me because I didn't do anything that was requested. I gave more details in this post (https://www.altcoinstalks.com/index.php?topic=319753.msg1752313#msg1752313).
You wont get a virus by watching instagram or tiktok videos.
However, you can click in a malicius link from an instagram account, click something wrong and then boooom.
It just takes one mistake to lose your funds.
These days, my gram got an adware virus. She couldn't do anything with her phone anymore, not even answer calls. It's the second time she's gotten it… because the first time I managed to solve the problem, but this time we had to take her phone to a repair shop, where they have specialized software and the issue was resolved.
The first time I was able to remove the virus, it was an app disguised as a PDF reader. It was really hard to catch because it would hide itself when switching apps.
-
Are you saying, that if I use my iPhone to browse tiktok, instagram, youtube and facebook, I am endangered with catching a virus? Or Safari browser usage can cause harm? My mobile has a password manager btw, and info is stored in icloud. And macbook, iPad and iPhone are connected between each other. From security measures point of view that is extremely ineffective.
The only way someone could force me to install virus software on my device would be hypnotizing me through videos or other content. So far I havent heard about such cases.
You wont get a virus by watching instagram or tiktok videos.
However, you can click in a malicius link from an instagram account, click something wrong and then boooom.
It just takes one mistake to lose your funds.
With iOS, that "booom" is never going to happen. iOS dont allow to install anything besides App Store, or allow it do to after several confirmations and only if several settings are turned off. User have to put some effort to install something third party on his iOS gadget. That is why I commented on your post. Even if there is a malicious link, you can only get it from DM. User needs to be watchful and dont click on any link from unverified profile. That is it.
-
Are you saying, that if I use my iPhone to browse tiktok, instagram, youtube and facebook, I am endangered with catching a virus? Or Safari browser usage can cause harm? My mobile has a password manager btw, and info is stored in icloud. And macbook, iPad and iPhone are connected between each other. From security measures point of view that is extremely ineffective.
The only way someone could force me to install virus software on my device would be hypnotizing me through videos or other content. So far I havent heard about such cases.
You wont get a virus by watching instagram or tiktok videos.
However, you can click in a malicius link from an instagram account, click something wrong and then boooom.
It just takes one mistake to lose your funds.
With iOS, that "booom" is never going to happen. iOS dont allow to install anything besides App Store, or allow it do to after several confirmations and only if several settings are turned off. User have to put some effort to install something third party on his iOS gadget.
It's same on android, you can't install apps from third party apps unless you enable, "install unknown apps" setting.
From your comment you sound trustful on iOS, which is true to some extent but it's not completely safe either. There have been cases where malicious apps made to app store — fake rabby app was one of them, you can read about it here: https://discussions.apple.com/thread/255482851
-
With iOS, that "booom" is never going to happen. iOS dont allow to install anything besides App Store, or allow it do to after several confirmations and only if several settings are turned off. User have to put some effort to install something third party on his iOS gadget.
It's same on android, you can't install apps from third party apps unless you enable, "install unknown apps" setting.
From your comment you sound trustful on iOS, which is true to some extent but it's not completely safe either. There have been cases where malicious apps made to app store — fake rabby app was one of them, you can read about it here: https://discussions.apple.com/thread/255482851
No OS is safe enough.
There are literally hundreds of threads in BTT and reddit where people opened topics crying about lost coins in every possible situation.
My suggestion is to always use a hardware wallet.
But, your keys, your coins. You are responsible for its security. Good luck.
-
No OS is safe enough.
I am sure there is no OS unsafe like wind0ws OS :P
This crap is intentionally created to have bugs, backdoors and to spy on everyone.
Every new version is worse in every way, yet people are so brainwashed they continue to use it...
It doesn't really matter what password managers you are using if it is installed on win 0S.
-
I am sure there is no OS unsafe like wind0ws OS :P
This crap is intentionally created to have bugs, backdoors and to spy on everyone.
Every new version is worse in every way, yet people are so brainwashed they continue to use it...
It doesn't really matter what password managers you are using if it is installed on win 0S.
I rely on Windows11 for nearly all my daily tasks, even for using my password manager (an encrypted database exclusively for my non-wallet related accounts), but never for storing BTC.
My laptop has a dual boot setup with Linux Ubuntu. For everyday tasks like browsing, Word, spreadsheets, forums, etc. I use Windows. However, whenever I need to access my wallets, I switch to Linux. I maintain separate password databases for my password manager on each operating system.
I've been following this practice rigorously for about 7 years now, and so far, it has worked perfectly for me.
-
The only password manager I used was the one in the browser (Firefox), but only for a short time because I decided to trust myself more than any software in this regard. It's not that I don't understand the need for some people to use such programs, considering that they may have tens or hundreds of passwords, but I'm more in favor of the old-fashioned approach of storing them offline on paper.
In addition to multiple copies of such backups, which is logical, I protect myself additionally by having a part of each password that is saved separately (and is identical for all passwords), say something like a passphrase. In other words, even if someone finds all the passwords, they can't do any harm with them, because in addition to the key being in my head, it's also stored in an extra secure location.
I do make use of offline forms of storing password/key phrase like writing on a papers, splited in multiple places incase there is a missing one, only and strictly for my key phrase and passwords related to financial accounts, otherwise, I store other passwords on browsers, though, I added 2FA to them on a mobile device, while using a laptop to access the sites. Using the paper form of safe keeping passwords still remains the best, as it is totally offline, except one have his/her house being broken up, with information related to having important passwords at home stored on papers, which might be rare to be victimized.
-
The only password manager I used was the one in the browser (Firefox), but only for a short time because I decided to trust myself more than any software in this regard. It's not that I don't understand the need for some people to use such programs, considering that they may have tens or hundreds of passwords, but I'm more in favor of the old-fashioned approach of storing them offline on paper.
In addition to multiple copies of such backups, which is logical, I protect myself additionally by having a part of each password that is saved separately (and is identical for all passwords), say something like a passphrase. In other words, even if someone finds all the passwords, they can't do any harm with them, because in addition to the key being in my head, it's also stored in an extra secure location.
I do make use of offline forms of storing password/key phrase like writing on a papers, splited in multiple places incase there is a missing one, only and strictly for my key phrase and passwords related to financial accounts, otherwise, I store other passwords on browsers, though, I added 2FA to them on a mobile device, while using a laptop to access the sites. Using the paper form of safe keeping passwords still remains the best, as it is totally offline, except one have his/her house being broken up, with information related to having important passwords at home stored on papers, which might be rare to be victimized.
When you store your password online, it's somehow dangerous because if someone else is also using that PC, s/he may click on a malicious link without your concern and from their your PC would be affected with affected. I have a diary where I store my password, because I tried using my brain but it failed me one day and I had to pass through a lot of stress before I could retrieve back my account.
-
My laptop has a dual boot setup with Linux Ubuntu. For everyday tasks like browsing, Word, spreadsheets, forums, etc. I use Windows. However, whenever I need to access my wallets, I switch to Linux. I maintain separate password databases for my password manager on each operating system.
You can do whatever you want but this is a waste of time, space and resources, and you are 100% spied by your every click on win11.
Only reason someone would need to use that OS is for some games and programs that can't work in Linux.
Everything else works much better in Linux and there is no real danger of malware and viruses.
-
I do make use of offline forms of storing password/key phrase like writing on a papers, splited in multiple places incase there is a missing one, only and strictly for my key phrase and passwords related to financial accounts, otherwise, I store other passwords on browsers, though, I added 2FA to them on a mobile device, while using a laptop to access the sites.
I hope that your accounts saved in browsers are not significant accounts related to your financial life.
Using the paper form of safe keeping passwords still remains the best, as it is totally offline, except one have his/her house being broken up, with information related to having important passwords at home stored on papers, which might be rare to be victimized.
Why take the risk? An offline password manager replicates all of these benefits, you can keep it encrypted locally on your computer, make copies and only need to remember a single password (master password).
You can access the encrypted database anywhere. It doesn't necessarily have to be keepass, as long as the software supports the keepass (.kbdx) format, you can use other keepass forks on its official website (https://keepass.info/).
-
You wont get a virus by watching instagram or tiktok videos.
However, you can click in a malicius link from an instagram account, click something wrong and then boooom.
It just takes one mistake to lose your funds.
I had an experience a few months ago, and it was a very funny one, though, and how it occurred is what I am trying to understand till this moment because it looks like a potential threat to my device. I was watching video and it happens that it was when I was about tapping the screen to activate a command that was when an add popped up and it happened like I clicked the ads and it was just loading and loading without stopping and immediately I had too forcefully switch of my phone to forstall any further actions or command prompt it would activate so it doesn't cause harm to my phone and the funny thing is that I did not really see what I clicked and it just happened like that. That was how I escaped what I had no idea about, and I still could not explain what I clicked then till this very moment.
-
You wont get a virus by watching instagram or tiktok videos.
However, you can click in a malicius link from an instagram account, click something wrong and then boooom.
It just takes one mistake to lose your funds.
I had an experience a few months ago, and it was a very funny one, though, and how it occurred is what I am trying to understand till this moment because it looks like a potential threat to my device. I was watching video and it happens that it was when I was about tapping the screen to activate a command that was when an add popped up and it happened like I clicked the ads and it was just loading and loading without stopping and immediately I had too forcefully switch of my phone to forstall any further actions or command prompt it would activate so it doesn't cause harm to my phone and the funny thing is that I did not really see what I clicked and it just happened like that. That was how I escaped what I had no idea about, and I still could not explain what I clicked then till this very moment.
Depending on which sites you visit, they may load scripts (which could be malicious or not) from adware, then display fake antivirus ads with urgent call-to-action messages designed to trigger people's fear responses.
You really have to be careful with this kind of thing. My grams recently had her mobile device compromised this exact way. We took it to a repair shop, but just days later, the phone showed the same problem again... She will have to buy another smartphone.
-
My laptop has a dual boot setup with Linux Ubuntu. For everyday tasks like browsing, Word, spreadsheets, forums, etc. I use Windows. However, whenever I need to access my wallets, I switch to Linux. I maintain separate password databases for my password manager on each operating system.
You can do whatever you want but this is a waste of time, space and resources, and you are 100% spied by your every click on win11.
Only reason someone would need to use that OS is for some games and programs that can't work in Linux.
Everything else works much better in Linux and there is no real danger of malware and viruses.
Which Linux distro would you recommend that has highest security possible and do you suggest dual booting or booting through pen drive? I am looking to purchase gaming laptop, and I'd require windows to play games of course but for crypto stuff, I'd prefer Linux.