|
Can someone smart tell me why 1Password isn't susceptible to whatever happened to LastPass and/or is more secure than LastPass? I still use and pay for 1Password but out of habit/inertia at this point.
|
# ? Dec 23, 2022 16:31 |
|
|
# ? May 18, 2024 02:31 |
|
And how are these better than using the password manager built into Chrome, which I can use to generate strong passwords and can autofill in my apps. I'd be hosed anyway if my Gmail account got compromised so why not go all-in with Google?
|
# ? Dec 23, 2022 16:43 |
|
More flexible, you can save more than a single user and password field, they can handle OTP, you can have different vaults for different purposes and delete a whole vault if you don't need to access the accounts inside it any more, you can work across browsers etc.
|
# ? Dec 23, 2022 16:45 |
|
NomNomNom posted:And how are these better than using the password manager built into Chrome, which I can use to generate strong passwords and can autofill in my apps. I'd be hosed anyway if my Gmail account got compromised so why not go all-in with Google? Well not everyone uses Chrome, for one. Also for I assume a majority of people there needs to be seamless "it just works" integration with iOS/Android and their PC or Mac, otherwise its a non-starter. For most macOS/iOS users this implicitly means it needs to support Safari.
|
# ? Dec 23, 2022 16:49 |
|
Watermelon Daiquiri posted:I want to like bitwarden because I use linux, but it just cant beat 1pass on android-- yes, I would much rather have the password pop up above the keyboard than have to go into the password app to manually copy and paste
|
# ? Dec 23, 2022 17:02 |
|
Boris Galerkin posted:Well not everyone uses Chrome, for one. Also for I assume a majority of people there needs to be seamless "it just works" integration with iOS/Android and their PC or Mac, otherwise its a non-starter. For most macOS/iOS users this implicitly means it needs to support Safari. The Chrome password thingy works in Safari too on iOS. I use it for my website passwords because the automatic cloud sync is so convinient that I don’t even care about Google stealing all my data anymore
|
# ? Dec 23, 2022 17:39 |
|
Watermelon Daiquiri posted:I want to like bitwarden because I use linux, but it just cant beat 1pass on android-- yes, I would much rather have the password pop up above the keyboard than have to go into the password app to manually copy and paste Bitwarden also does this though? NomNomNom posted:And how are these better than using the password manager built into Chrome, which I can use to generate strong passwords and can autofill in my apps. I'd be hosed anyway if my Gmail account got compromised so why not go all-in with Google? Couple of reasons. - Not locked into one browser. - Will work with stuff outside the browser such as games and apps etc - Can save things like notes, recovery keys etc - Often have built in security checks, ie bitwarden will warn me if a password has turned up in a breach or if a website I have a password for has been compromised. - Chromes (and to be fair all browsers) password generation is also poor compared to dedicated services, you have little control over the length or what things are included. Password require specific characters? well tough, chrome wont do that for you. - Its also not as secure. If someone has access to your browser, they have access to your entire list of passwords. With password managers, unless you intentionally tell it not to auto signout it will, this ads an extra layer of security. Mega Comrade fucked around with this message at 17:56 on Dec 23, 2022 |
# ? Dec 23, 2022 17:39 |
|
Start yelling at every app and website to start supporting passkeys IMO
|
# ? Dec 23, 2022 17:39 |
|
Boris Galerkin posted:Can someone smart tell me why 1Password isn't susceptible to whatever happened to LastPass and/or is more secure than LastPass? I still use and pay for 1Password but out of habit/inertia at this point. They theoretically are susceptible but don't have a long history of glaring issues like lastpass
|
# ? Dec 23, 2022 17:41 |
|
TACD posted:Start yelling at every app and website to start supporting passkeys IMO What is passkeys
|
# ? Dec 23, 2022 18:12 |
|
https://fidoalliance.org/passkeys/
|
# ? Dec 23, 2022 18:13 |
|
You also have physical fobs. The most well known being yubiko. I have one on my keys , they look like this
|
# ? Dec 23, 2022 18:20 |
|
Boris Galerkin posted:What is passkeys A bad solution where securing your not-a-password security is offloaded to devices like your phone. It sounds great to engineers but it's not being widely supported because it's just another authentication app that nobody wants to deal with and will never be dominant enough to become ubiquitous and worthwhile.
|
# ? Dec 23, 2022 18:24 |
|
Motronic posted:A bad solution where securing your not-a-password security is offloaded to devices like your phone. It sounds great to engineers but it's not being widely supported because it's just another authentication app that nobody wants to deal with and will never be dominant enough to become ubiquitous and worthwhile. Sad but probably true. There is a balance between convenience and security to get adoption. Password managers are in a very good place for that. Passkeys I just don't see being adopted outside of professional uses. My yubikey offers me some of the strongest authentication possible, when I got it I enabled it on everything. And after the 8th time I had to go get my keys to log into GitHub I turned it off. I still use it, but only for access to very sensitive client servers where I genuinely am a target for government and industrial espionage.
|
# ? Dec 23, 2022 18:29 |
|
Mega Comrade posted:My yubikey offers me some of the strongest authentication possible, when I got it I enabled it on everything. And after the 8th time I had to go get my keys to log into GitHub I turned it off. Mine is basically only for brokerage accounts. Even work has abandoned them as more trouble than they're worth. I don't see anything other than password managers getting any real lasting penetration. Hopefully more of them will support TOTP and second factor SMS will become a thing of the past. But I doubt it because it's the least common denominator for non technical people.
|
# ? Dec 23, 2022 18:40 |
|
I just keep all my passwords in a text file on my desktop
|
# ? Dec 23, 2022 18:51 |
|
Starting to think my passwords are safest written on a sticky note.
|
# ? Dec 23, 2022 19:38 |
|
you gotta put the real sticky note under your keyboard, and leave the decoy on your monitor. hackproof
|
# ? Dec 23, 2022 20:20 |
|
The safest computer is an air gapped desktop, in the bottom of a salt mine, guarded by SAS, and turned off.
|
# ? Dec 23, 2022 20:30 |
|
bawk posted:you gotta put the real sticky note under your keyboard, and leave the decoy on your monitor. hackproof I just leave the trunk of my laptop open so thieves can see there's nothing valuable. Otherwise they'll just throw sparkplugs at my screen anyway.
|
# ? Dec 23, 2022 21:02 |
|
Mzbundifund posted:I just keep all my passwords in a text file on my desktop This, but also Apple Keychain.
|
# ? Dec 23, 2022 21:10 |
|
If there's one thing I've learned from following cryptocurrency for like a decade now, is that the only truly secure system is to disable wireless networking, epoxy all the ports shut on your computer, and bury the whole thing in a lockbox underneath a birdbath.
|
# ? Dec 23, 2022 21:49 |
|
unless the birdbath is inside your house and inside your room and in your line of sight right now, its already compromised.
|
# ? Dec 23, 2022 21:54 |
|
PhazonLink posted:unless the birdbath is inside your house and inside your room and in your line of sight right now, its already compromised. ...and if it is?
|
# ? Dec 23, 2022 23:12 |
|
Kwyndig posted:The safest computer is an air gapped desktop, in the bottom of a salt mine, guarded by SAS, and turned off. Does it have to be mods from SAS or can we just nominate random users?
|
# ? Dec 23, 2022 23:29 |
|
Agents are GO! posted:Does it have to be mods from SAS or can we just nominate random users? Or maybe members of the Special Air Service? If you want real security though, drop it in the ocean and call Sea Patrol.
|
# ? Dec 23, 2022 23:34 |
|
Captain_Maclaine posted:If there's one thing I've learned from following cryptocurrency for like a decade now, is that the only truly secure system is to disable wireless networking, epoxy all the ports shut on your computer, and bury the whole thing in a lockbox underneath a birdbath. Maclaine, you gotta get the gently caress outta there, birds aren't real, I repeat birds are not real, your position is compromised, run.
|
# ? Dec 23, 2022 23:43 |
|
bawk posted:Maclaine, you gotta get the gently caress outta there, birds aren't real, I repeat birds are not real, your position is compromised, run. /
|
# ? Dec 23, 2022 23:56 |
|
Mzbundifund posted:I just keep all my passwords in a text file on my desktop I have them all written in a little book I keep in a drawer. If someone is physically rooting through my stuff I'm hosed anyway.
|
# ? Dec 24, 2022 00:16 |
|
Anticheese posted:Or maybe members of the Special Air Service? Actually, stay close to Rocky. That pup knows his poo poo.
|
# ? Dec 24, 2022 00:16 |
|
Payndz posted:What, the talking puppies led by a ten-year-old? quote:An emergency radio beacon started somewhere. My skipper dratted the interruption and went towards the signal. We heard and then saw three divers adrift in sport-type kit and no licence-proving sonar transponders. We have other jobs than being the lifeboat service. We were well away from nosy eyes. The skipper saw their lobster hooks and gave an order. Our Sea Patrol issue electromagnetic-powered nailguns disposed silently and efficiently of the shelfish poachers whether they were in difficulties at sea or not. Rebel Blob fucked around with this message at 00:53 on Dec 24, 2022 |
# ? Dec 24, 2022 00:48 |
|
As a UK recessional diver, thank you for showing me what some of my compatriots think of us Edit: I actually checked this on the way back machine and I think it's the work of a BSAC diver trying to do some dystopian sci fi to illustrate how bad creeping officialdom and allowing that kind of authoritarian thinking to drive you can be. It's just not done very well and uses a topic about 1000 people in the world would probably give a poo poo about MrNemo fucked around with this message at 01:10 on Dec 24, 2022 |
# ? Dec 24, 2022 01:01 |
|
Blue Footed Booby posted:I have them all written in a little book I keep in a drawer. If someone is physically rooting through my stuff I'm hosed anyway. well physical access does mean root access.
|
# ? Dec 24, 2022 03:42 |
|
Mega Comrade posted:Bitwarden also does this though? But the Google password manager does all that?
|
# ? Dec 24, 2022 04:02 |
|
as much as 'mostly harmless' isn't my cup of tea, it's absolutely wild that douglas adams called the poo poo show around trying to securely authenticating your identity, and how it will inevitably lead to all your biometrics and passwords eventually being combined into an easy to use single point of failure like 30 years ago was password management remotely a thing in 1992?
|
# ? Dec 24, 2022 04:48 |
|
maybe for the government? back in like 93 or 94 or whenever my family just got access, i think i remember our family's email address having a single password from the isp that you had to reset over the phone at some point? and i'm not sure sites like yahoo even had accounts then. i think hotmail was the first time i remember setting up an account and having to know a password. aol was around, but we couldn't get that, so i can't speak to that.
|
# ? Dec 24, 2022 04:54 |
|
GhostofJohnMuir posted:as much as 'mostly harmless' isn't my cup of tea, it's absolutely wild that douglas adams called the poo poo show around trying to securely authenticating your identity, and how it will inevitably lead to all your biometrics and passwords eventually being combined into an easy to use single point of failure like 30 years ago Very, very slightly. Dialup logons and email passwords were just about it in those days. I had one of the first free email services who's name I now forget. Oh! And your BBS account(s), if you had any. The original three US (AOL, Compuserve, and Prodigy) providers also requires credentials, as I recall.
|
# ? Dec 24, 2022 05:10 |
|
pretty nuts to think that, in 1994, we had hotmail, aol, and i think yahoo email accounts, and that was about it for free options. ten years later gmail comes out and blows everything out of the water, and rightfully so. 10yr down the road from 2004 in 2014 we have, like, what new form of communication? facebook messaging? some iphone thing? nothing ever really broke gmail's stranglehold. and i don't think there's anything close now? abelwingnut fucked around with this message at 05:19 on Dec 24, 2022 |
# ? Dec 24, 2022 05:17 |
|
Yeah well in 2001 or so I had some free webmail with vanity domains and I don't see anyone offering me exxon@dontmesswithtexas.com these days.
|
# ? Dec 24, 2022 05:22 |
|
|
# ? May 18, 2024 02:31 |
|
eXXon posted:The Android version is slow and janky and Opera is way better (especially the tab Ui). Holy poo poo I haven't thought about Opera browser since I had a Sony Ericsson P910i smartphone.
|
# ? Dec 24, 2022 08:00 |