Sticky Notes on the monitor. Or just write 'em down in a notebook and keep that handy in the desk draw.
Sticky Notes on the monitor. Or just write 'em down in a notebook and keep that handy in the desk draw.
I've been using Dashlane for a few years now, and I'm fairly well satisfied with its performance and capabilities. It's cross-platform: at last count I have it installed on five different personal devices (iOS, Mac, and PC), and I use a Chrome plugin on my work PC because I lack the user permissions to install software on that computer. It works with FaceID, and now that iOS allows for third party password manager integration, I can seamlessly use Dashlane to autofill login information in Safari on my iOS devices without having to switch apps and copy/paste. (It is supposed to work with TouchID on the Mac, but I have found this to be very hit or miss, though I have yet to take the time to troubleshoot.) It can perform password strength assessments and give you an overall security score, alert you to duplicate passwords, and automatically change passwords for you on some websites. You also receive notifications when websites for which you have saved passwords become compromised. The only real trouble I've every had with Dashlane is when trying to log in to common web retail platforms like Shopify, although there is an option to save passwords only for specific subdomains to solve the issue of having accounts with different sites that use a shared retail platform.
I have been using Encryptr for a couple of years now and like it.
Timely article from https://www.securityevaluators.com/c...nager-hacking/ It appears to me from reading the article that most password managers have some flaws that can expose some things.
The article cites a review of Windows versions (and probably applies to OSX and mobile OSs) of the following password managers: 1Password 7, 1Password 4, Dashlane, KeePass, and Lastpass. There are vulnerabilities, though they're mostly vulnerable against someone who has physical possession of your PC.
It mentions three states that the password manager can be in: (1) not running - rebooted or turned off/quit, (2) running unlocked - master password invoked and some other data has been accessed, and (3) locked - master password entered and logged out. They then ran tests to determine how the computer memory handled the data. They found only minor problems with (1) in "secret sanitization" and so moved on to password managers in the running state, (2) and (3). KeePass was clearly the leader in the not running state in preserving the master password. Each of them had some issues in the running state. Those who are interested in the shortcomings of each should review the article.
What can you do? At least for now, encrypt your hard drive so that anyone who gains access to your computer first has to break that encryption before even reaching your password manager. I "quit" the password manager when I'm not using it, but that might be harder for those that are more integrated into their web life. As I mentioned previously, I use the basic Firefox password manager "master password" for my routine use and absolutely do not use it for finance and health sites. When I do use KeePassXC for finance and health I never copy/paste passwords as "copy" first goes to the "clipboard" before it gets pasted, and EVERY APP CAN ACCESS THE CLIPBOARD. Use an automated transfer, which sometimes uses something besides "copy." (KeePassXC AutoType, for instance.)
So, with these problems, is it still a good idea to use a password manager? Absolutely, yes - it's not a matter of outrunning the bear that's chasing you, it's a matter of being faster than the slowest guy who's running. Let someone else be the bear's low-hanging fruit.
If someone else can't get into their account, just give them your login to get them going.Originally Posted by NH Shooter
Giving me PTSD work flashbacks.
Semper Gumby, Always Flexible
Reply With Quote