anyone use a password manager?

 

Because our work uses LastPass, we got an offer to use it at home for free (separate family account).

Well, I just discovered it's expired!

Kind of scary, I don't think I have to pay $4/mo for my passwords, cuz that would not make sense. I can still log in but it says expired.

I'll find out what's going on tomorrow.

It's been very convenient, and I figured since it's a corporate product, it must be secure.

<<Page 2

I worked

baumback wrote:
BarneyBadass wrote:

They let you put an external USB storage device into your work machine?

I was only allowed to insert USB devices that That were issued by the company!

Company I used to work for also required "only company provided" usb storage devices, but additionally required that writable media be encrypted (even CD/DVDs). Any unencrypted usb stick or hard drive inserted into the computer was automatically encrypted!
Mark

For a healthcare and an employee in marketing lost a USB with all members' personal data. What I found interesting was how long the cover-up was until the co could determine the penalties that were going to be assessed.

I'm not positive but flash forward 14 years, I don't think most people can plug into the USB ports on their laptops.

Interestingly in my career I have never not been a local admin on my own computer. I lost my laptop in the airport in Toronto a few years ago and if you can believe it at the time, our drives were not encrypted. Also, it was found within 36 hours and returned to me in a week. When I got it back, it was still powered on and asleep.

I once lost a USB with my tax return and I flipped out doing a credit freeze and considering those services. It was a false alarm and I found the USB at home 2 days later, but the freeze etc had lasting effects. Could not obtain credit, etc.

USB Port

johnnatash4 wrote:
baumback wrote:
BarneyBadass wrote:

They let you put an external USB storage device into your work machine?

I was only allowed to insert USB devices that That were issued by the company!

Company I used to work for also required "only company provided" usb storage devices, but additionally required that writable media be encrypted (even CD/DVDs). Any unencrypted usb stick or hard drive inserted into the computer was automatically encrypted!
Mark

For a healthcare and an employee in marketing lost a USB with all members' personal data. What I found interesting was how long the cover-up was until the co could determine the penalties that were going to be assessed.

I'm not positive but flash forward 14 years, I don't think most people can plug into the USB ports on their laptops.

Interestingly in my career I have never not been a local admin on my own computer. I lost my laptop in the airport in Toronto a few years ago and if you can believe it at the time, our drives were not encrypted. Also, it was found within 36 hours and returned to me in a week. When I got it back, it was still powered on and asleep.

I once lost a USB with my tax return and I flipped out doing a credit freeze and considering those services. It was a false alarm and I found the USB at home 2 days later, but the freeze etc had lasting effects. Could not obtain credit, etc.

Don't understand the comment "I don't think most people can plug into the USB ports on their laptops". I use both of my USB ports on my laptop, one for my mouse and one for my two external drives.

--
johnm405 660 & MSS&T

Google has its own password manager

Google has a built in password manager that can work in a Windows, Mac or Android environment. A discussion of the product can be found at https://www.pcmag.com/how-to/how-to-master-google-password-m....

--
John from PA

Avira

I had posted earlier about looking at LanePass password manager looking good. After some trail and error and checking out other PW managers I came across Avira at https://www.avira.com/en/password-manager . This works well and is very easy to use. Has all the features needed for free including sync across all devices. Has a extension for my Brave Browser as well as others. I thing my hunt is over.

I tried the built in PW manager for Brave and Chrome and didn't feel that safe using them.

--
Charlie. Nuvi 265 WT and Nuvi 2597 LMT. MapFactor - Offline Maps & GPS.

Avira review

A good review of the Avira product can be found at https://www.safetydetectives.com/best-password-managers/avir....

The one thing that I didn't like about about Avira is the same thing I didn't like about many password managers, that being cloud storage as opposed to local storage.

--
John from PA

Aviea

John from PA wrote:

A good review of the Avira product can be found at https://www.safetydetectives.com/best-password-managers/avir....

The one thing that I didn't like about about Avira is the same thing I didn't like about many password managers, that being cloud storage as opposed to local storage.

You have the option to turn it off in the settings. Drawback is you lose the syn across devices. I guess once you get all the passwords set up on all devices you could then turn it off and turn back on as needed. I am really impressed with the features and ease of use.

"When ON, your data is stored in an encrypted format on Avira servers. This allows you to access your data from multiple devices".

"When OFF, your data is stored and accessible only locally. There is no sync between devices and your data is lost in case you lose your device".

--
Charlie. Nuvi 265 WT and Nuvi 2597 LMT. MapFactor - Offline Maps & GPS.

Roboform

Been using it for more than 20 years.

Never had an issue outside of their dropping their "To Go" versions (portable on a USB stick).

work

johnm405 wrote:
johnnatash4 wrote:
baumback wrote:
BarneyBadass wrote:

They let you put an external USB storage device into your work machine?

I was only allowed to insert USB devices that That were issued by the company!

Company I used to work for also required "only company provided" usb storage devices, but additionally required that writable media be encrypted (even CD/DVDs). Any unencrypted usb stick or hard drive inserted into the computer was automatically encrypted!
Mark

For a healthcare and an employee in marketing lost a USB with all members' personal data. What I found interesting was how long the cover-up was until the co could determine the penalties that were going to be assessed.

I'm not positive but flash forward 14 years, I don't think most people can plug into the USB ports on their laptops.

Interestingly in my career I have never not been a local admin on my own computer. I lost my laptop in the airport in Toronto a few years ago and if you can believe it at the time, our drives were not encrypted. Also, it was found within 36 hours and returned to me in a week. When I got it back, it was still powered on and asleep.

I once lost a USB with my tax return and I flipped out doing a credit freeze and considering those services. It was a false alarm and I found the USB at home 2 days later, but the freeze etc had lasting effects. Could not obtain credit, etc.

Don't understand the comment "I don't think most people can plug into the USB ports on their laptops". I use both of my USB ports on my laptop, one for my mouse and one for my two external drives.

Devices are locked down. I know for a fact employees cannot save to the local drives nor install any software, and believe the USB ports do not work either.

If one considers tablets that are locked down using a MDM, the employee cannot do anything on them, other than run the apps on the profile.

A user who cannot save anything locally, it could be argued they have no need to be bringing things up via USB, it's a risk.

I have been using.....

an app called Password Wallet for 10+ years without issue and there are no on-going fees.

See: https://www.selznick.com/products/passwordwallet/

--
RKF (Brookeville, MD) Garmin Nuvi 660, 360 & Street Pilot

A lot of companies are like that

The company that I had worked for had instructions about software and USB's BUT, we needed to install/upgrade software based on equipment we serviced.
I did run across a company where they had our equipment and we serviced it. The time to service it exponentially increased because we couldn't run the programs we required from the USB. All of what we needed had to go on their server. Then an IT person had to stand next to us and Copy down the required software. He also had to be there while we serviced it. The paranoia was unbelievable and created a problem for us and them.

johnnatash4 wrote:
johnm405 wrote:
johnnatash4 wrote:
baumback wrote:
BarneyBadass wrote:

They let you put an external USB storage device into your work machine?

I was only allowed to insert USB devices that That were issued by the company!

Company I used to work for also required "only company provided" usb storage devices, but additionally required that writable media be encrypted (even CD/DVDs). Any unencrypted usb stick or hard drive inserted into the computer was automatically encrypted!
Mark

For a healthcare and an employee in marketing lost a USB with all members' personal data. What I found interesting was how long the cover-up was until the co could determine the penalties that were going to be assessed.

I'm not positive but flash forward 14 years, I don't think most people can plug into the USB ports on their laptops.

Interestingly in my career I have never not been a local admin on my own computer. I lost my laptop in the airport in Toronto a few years ago and if you can believe it at the time, our drives were not encrypted. Also, it was found within 36 hours and returned to me in a week. When I got it back, it was still powered on and asleep.

I once lost a USB with my tax return and I flipped out doing a credit freeze and considering those services. It was a false alarm and I found the USB at home 2 days later, but the freeze etc had lasting effects. Could not obtain credit, etc.

Don't understand the comment "I don't think most people can plug into the USB ports on their laptops". I use both of my USB ports on my laptop, one for my mouse and one for my two external drives.

Devices are locked down. I know for a fact employees cannot save to the local drives nor install any software, and believe the USB ports do not work either.

If one considers tablets that are locked down using a MDM, the employee cannot do anything on them, other than run the apps on the profile.

A user who cannot save anything locally, it could be argued they have no need to be bringing things up via USB, it's a risk.

--
Nuvi 2460LMT.

Sounds like

One of our federal government agencies!

I'm all to well aware if idiotic stunts like that.

I'd need a memory dump when a program failed. Those agencies would "sanitize" the dump either electronically or physically in paper before I'd get it. Sometimes they'd "sanitize" the area I'd need to see.. .

Wunderful

--
Never argue with a pig. It makes you look foolish and it anoys the hell out of the pig!

password manager

I have been using the Google manager. I am thinking of using a proprietary PAW managere but don't want to pay for something I get for free. There are also the issues with what happens when the subscription ends and getting access to your passwords.

Avira PWM

bsp131 wrote:

I have been using the Google manager. I am thinking of using a proprietary PAW managere but don't want to pay for something I get for free. There are also the issues with what happens when the subscription ends and getting access to your passwords.

The free version of Avira browser extension has great features and very user friendly.https://www.avira.com/en/password-manager. Video https://youtu.be/e-5o2bYAcZM

--
Charlie. Nuvi 265 WT and Nuvi 2597 LMT. MapFactor - Offline Maps & GPS.

FYI, there are USB sticks

FYI, there are USB sticks that will literally destroy your computer by zapping the USB port with a high voltage when the stick is inserted. So, if given a stick, unless you are very sure about it, DO NOT insert it into anything.

As A Clarification

BarneyBadass wrote:

They let you put an external USB storage device into your work machine?

I was only allowed to insert USB devices that That were issued by the company!

I was referring to how I handle passwords on my personal computer. I keep a backup flash drive in my desk at work, but that is to prevent loss of all my passwords if the primary flash drive goes belly-up.

Keeping it at work provides storage in a different location that is quite secure.

- Tom -

--
XXL540, GO LIVE 1535, GO 620

Know your source of flash drives, SD cards, etc.

ruggb wrote:

FYI, there are USB sticks that will literally destroy your computer by zapping the USB port with a high voltage when the stick is inserted. So, if given a stick, unless you are very sure about it, DO NOT insert it into anything.

With USB drives and memory cards it is good to know your source. I would suspect that USB sticks, like SD cards are considered as fungible by some retailers, Amazon being one of them. Fungible assets simplify the exchange and trade processes, as fungibility implies equal value between the assets.

It is my understanding by a neighbor, a Best Buy regional manager, that Amazon sells the same product from many vendors, and the ordering system handles the sale. So let's say I give Amazon 100 counterfeit copies of a brand XYZ 128 GB SD flash drive to sell for me. Amazon also buys direct from the importer 100 copies of the genuine brand XYZ 128 GB flash drive for sell under the conditions “filled and shipped by Amazon”. All the flash drives labeled as brand XYZ, including the counterfeit ones, are placed in the same stock bin and the computer simply handles who made the purchase and a robot (most likely) draws the card from the bin. But in this example you have a 50/50 chance of getting a counterfeit card.

Amazon regards the products as fungible, meaning that a flash drive made by brand xyz is the same regardless of who is selling or providing it. Further, if a warehouse in Brooklyn runs out of stock of the brand XYZ 128 GB flash drive, the order may be filled from a warehouse in Harrisburg PA regardless of who has supplied the cards in any given bin.

Best Buy buys flash drives direct from the importer, probably thousands at a time, and then distributes them down the chain to the individual stores. There isn’t any middle person, the delivery process is direct from importer, to corporate level, to retail store. I would suspect you would find a similar scenario in a store like Staples.

Yes, Best Buy might be slightly more expensive; that $20 stick on Amazon might be $25 but it comes with some level of assurance that you are getting a genuine product. In addition, Best Buy has a price match policy that will match Amazon products that are shown to be filled and shipped by Amazon.

--
John from PA

^^Product comingling. I

^^Product comingling. I hate that.

I get that logic, but not

I get that logic, but not everyone shares that point of view.

Wife routinely tells me I'm too lax about home security. She wants me to make sure the doors and windows are locked, especially the balcony.

Why balcony? I've asked. We live on the 4th floor.

"Because someone might come in."

"For what? And where would they come from" I would ask.

"I don't know." She would say.

"I don't know either." I would respond. "I don't think people with skills like Batman, hopping building to building, climbing down balconies (no steps/fire escape here) would want ANYTHING is this home."

Then I'd get another 10 minutes of how I am not concerned about my family's safety.

And this goes on month after month.

On the subject of KeePass

…an update to 2.52 was just announced. The details are to be found at https://www.ghacks.net/2022/09/10/password-manager-keepass-2....

--
John from PA

johnnatash4 wrote:Because

johnnatash4 wrote:

Because our work uses LastPass, we got an offer to use it at home for free (separate family account).

You are fooling yourself if sharing ALL you passwords with a third party is smart idea:

https://www.bleepingcomputer.com/news/security/lastpass-says...

If you have Lastpass all your passwords might be known and/or being sold. No joke. Obviously press release states there was no accessing of any customer data or encrypted password vaults. But would you trust they uncovered all the hackers actions when their own security was compromised.

Over 33 million people and 100,000 businesses just means the business is a gold mine for hacking. It certainly does not even mean the business uses basic security practices.

--
eTrex Touch 35, Nuvi 1350LMT, Nuvi 350, Nuvi 260, Garmin GPS III, Basecamp

Crude Locker

I use Crude Locker on my cell phone. I use dscrypt on my laptop.

same here

baumback wrote:
BarneyBadass wrote:

They let you put an external USB storage device into your work machine?

I was only allowed to insert USB devices that That were issued by the company!

Company I used to work for also required "only company provided" usb storage devices, but additionally required that writable media be encrypted (even CD/DVDs). Any unencrypted usb stick or hard drive inserted into the computer was automatically encrypted!
Mark

I misspoke about no USB as I can plug in a headset...but ditto with you on a USB flash drive.

Those are so dangerous, as mentioned, a person losing member info on one unencrypted when I worked for a HMO, that's unreported in the news and very bad.

Ditto on KeePass

FreddyP wrote:
rigel wrote:

Keepass is open source, free, has great encryption.

This is what we use. Use it on both Windows and our Android phones (KeePassDroid) and tablets. Database is local on each device so I have to manually copy revised db to each device when there are changes. Minor amount of maintenance for a good free product.

Easy to use and has been solid as far I we know smile

Longtime KeePass user, never any issues. Also comes in many flavors and is cross-platform. Many flavors will allow sync via web/cloud services but that's just an option.
https://keepass.info/

--
It's about the Line- If a line can be drawn between the powers granted and the rights retained, it would seem to be the same thing, whether the latter be secured by declaring that they shall not be abridged, or that the former shall not be extended.

thank you

thanks for the information. I will try it.

Windows 95

When I said earlier I use a "very old" password manager I failed to mention that it was made for Windows 95. Still works great and I see no reason to change. I installed it on my wife's laptop as well and, since it's sooooooooooooooo old, I have n(o compunction about using a crack to "register" it to her name as well. The devs went away a very long time ago.)

--
GPSMAP 76CSx - nüvi 760 - nüvi 200 - GPSMAP 78S

I am looking for one.

My criteria is as follows:

1. Must be Portable (No installation is needed)
2. Is not in the cloud, must be local
3. Can be put on a thumb Drive
4. Free
5. No Ads
6. easy to use

Any ideas?

--
Bobkz - Garmin Nuvi 3597LMTHD/2455LMT/C530/C580- "Pain Is Fear Leaving The Body - Semper Fidelis"

Avira

bobkz wrote:

My criteria is as follows:

1. Must be Portable (No installation is needed)
2. Is not in the cloud, must be local
3. Can be put on a thumb Drive
4. Free
5. No Ads
6. easy to use

Any ideas?

The free version of Avira browser extension has great features and very user friendly. https://www.avira.com/en/password-manager. Video https://youtu.be/e-5o2bYAcZM .You have the option to turn off the cloud and save passwords to computer or thumb drive.

--
Charlie. Nuvi 265 WT and Nuvi 2597 LMT. MapFactor - Offline Maps & GPS.

KeePass

bobkz wrote:

My criteria is as follows:

1. Must be Portable (No installation is needed)
2. Is not in the cloud, must be local
3. Can be put on a thumb Drive
4. Free
5. No Ads
6. easy to use

Any ideas?

https://keepass.info/

--
It's about the Line- If a line can be drawn between the powers granted and the rights retained, it would seem to be the same thing, whether the latter be secured by declaring that they shall not be abridged, or that the former shall not be extended.

One person’s thought on migrating to BitWarden

--
John from PA

The may be called 2-stage password protection.

I use PasswordSafe on a USB drive, but as an extra layer of protection, I also use Veracrypt (www.veracrypt.fr). Veracrypt encrypts a file, or disk, that becomes a volume when mounted with the correct password. Inside the volume is my encrypted password file, but any file can be put there.

Both PasswordSafe and VeraCrypt can be installed on a computer or USB drive , (portable mode).

Open VeraCrypt, click HELP and then open Beginner's Tutorial which will aid in building the encrypted container for the USB drive.

On my USB, I start VeraCrypt, selecting the encrypted "file/volume" choosing an available drive letter and the password file becomes available once the correct password is entered. I then start PasswordSafe selecting the password file.

VeraCrypt allows you to save the mounted volume as a favorite, and PasswordSafe can be configure to automatically , log into a website.

pws

It it really that safe?

<<Page 2