[Lex Computer & Tech Group/LCTG] Password Manager

Sat Feb 3 06:51:06 PST 2024

Derek:  Good questions to ask and it’s all a balance.  I have over 1000 passwords across sites I’ve visited over the years so writing them down is really not an option.  Using a password manager means I can have very long complex passwords that are never shared across sites.

Password managers can be risky.  There was a well-publicized breach at LastPass a couple of years ago.  But I think they can be mitigated by looking at the technology used and how the company presents and audits its security policies.  LastPass was quite well-known before the breach to have problems which they ignored. 

I first came across Dashlane in 2012 when I was CIO for a large bank - back then they were pretty new and were focused more on form filling than password management, but we were happy with their security practices and I started using them peronsally (because of that history I have a permanent feee plan, which might bias me :))  But you can look at Dashlane (or any other vendor’s website) to see their policies and approach. 

If you’re into self-hosting, you can also run your own password manager (VaultWarden is the gold standard) ensuring no provider is storing that data. But availability and resiliency is now your responsibility, so choose wisely. 

However you manage passwords, you should also use 2FA wherever possible and/or passkeys which are becoming a bit more prevalent.   I use Authy as a single app for generating 2FA codes, and hardware tokens (like Yubico or Titan) for my most sensitive accounts: Google, Apple etc since email is often the vector to reset passwords.

 George: Dashlane does allow you to import data from an appropriately formatted spreadsheet or some other password managers.

> On Feb 3, 2024, at 09:31, Stan Rose via LCTG <lctg at lists.toku.us> wrote:
> 
> I guess I'm the odd man out here. I've been using a different password manager for about 15 years, Roboform. I use it on my PC, iPad and Galaxy phone and have never had a problem with it. It integrates with Chrome, Edge, Safari  as well as several local apps including Quicken.
> 
> It's also cheaper than some of the others at about $20 per year.
> 
> Stan
> 
> stan_rose at alum.mit.edu <mailto:stan_rose at alum.mit.edu>
> 
> 
> On Sat, Feb 3, 2024 at 6:38 AM Derek Gardiner via LCTG <lctg at lists.toku.us <mailto:lctg at lists.toku.us>> wrote:
>> Perhaps I am old fashioned but I am amazed at the trust you all feel for the safety of your online password managers. Data breaches are a common thing these days, regrettably. 
>> I have considered moving to one of these password managers several times over the years but always go back to a sheet of paper with my passwords coded by myself.
>> Just my thoughts,
>> Derek Gardiner.
>> 
>> Sent from my iPad
>> 
>>> On Feb 2, 2024, at 11:22 PM, George Gamota via LCTG <lctg at lists.toku.us <mailto:lctg at lists.toku.us>> wrote:
>>> 
>>> 
>>> Thank for your input, now comes the hard question.
>>> 
>>> How do you (set up) input your data?
>>> 
>>> I have all my data on an excel sheet. Do I have to add each entry by “hand”, and if the associated password is inadequate, go to the web site, and change it there? Is there  auto synching between websites and Dashline?
>>> 
>>> It might be useful at one of our potpourri sessions spend a few minutes, going through each step in organizing Dashline.
>>> 
>>> Thanks
>>> 
>>> George
>>> 
>>>  
>>> 
>>> From: Smita Desai <smitausa at gmail.com <mailto:smitausa at gmail.com>> 
>>> Sent: Friday, February 2, 2024 10:44 PM
>>> To: George Gamota <ggamota at stma-llc.com <mailto:ggamota at stma-llc.com>>
>>> Cc: Lexington Address Distribution <lctg at lists.toku.us <mailto:lctg at lists.toku.us>>
>>> Subject: Re: [Lex Computer & Tech Group/LCTG] Password Manager
>>> 
>>>  
>>> 
>>> Sorry meant that it uses master password and once you log into the addin it automatically fills in the info. On mobiles, the app uses Touch Id or passcode or of course master password.
>>> 
>>>  
>>> 
>>> Smita Desai 
>>> 
>>>  
>>> 
>>> Sent from my iPad
>>> 
>>> 
>>> 
>>> 
>>> On Feb 2, 2024, at 10:39 PM, Smita Desai <smitausa at gmail.com <mailto:smitausa at gmail.com>> wrote:
>>> 
>>> Hi George,
>>> 
>>>  
>>> 
>>> I have Dashlane.  I like it.  It works as an add on in web browsers and an app on mobile devices. Cost is about $60 subscription annually. That allows you to share across multiple computers and mobile devices. Once you log 8n to the admin, it will automatically fill in the info. Also has a VPN in case you need it when traveling overseas.
>>> 
>>>  
>>> 
>>> Hope that helps,
>>> 
>>> Smita Desai 
>>> 
>>>  
>>> 
>>>  
>>> 
>>> Sent from my iPad
>>> 
>>> 
>>> 
>>> 
>>> On Feb 2, 2024, at 10:06 PM, George Gamota via LCTG <lctg at lists.toku.us <mailto:lctg at lists.toku.us>> wrote:
>>> 
>>> 
>>> 
>>> I am looking to buy a good Password Manager.
>>> 
>>> PC Magazine recommends Dashline.
>>> 
>>> Any recent experience folks want to share?
>>> 
>>> Security
>>> Easy to set up
>>> Ease to operate
>>> Inexpensive
>>> Thanks
>>> 
>>> George
>>> 
>>>         
>>> 
>>> ===============================================
>>> ::The Lexington Computer and Technology Group Mailing List::
>>> Reply goes to sender only; Reply All to send to list.
>>> Send to the list: LCTG at lists.toku.us <mailto:LCTG at lists.toku.us>      Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
>>> To subscribe: email lctg-subscribe at toku.us <mailto:lctg-subscribe at toku.us>  To unsubscribe: email lctg-unsubscribe at toku.us <mailto:lctg-unsubscribe at toku.us>
>>> Future and Past meeting information: http://LCTG.toku.us <http://lctg.toku.us/>
>>> List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
>>> This message was sent to smitausa at gmail.com <mailto:smitausa at gmail.com>.
>>> Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/smitausa@gmail.com
>>> 
>>> ===============================================
>>> ::The Lexington Computer and Technology Group Mailing List::
>>> Reply goes to sender only; Reply All to send to list.
>>> Send to the list: LCTG at lists.toku.us <mailto:LCTG at lists.toku.us>      Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
>>> To subscribe: email lctg-subscribe at toku.us <mailto:lctg-subscribe at toku.us>  To unsubscribe: email lctg-unsubscribe at toku.us <mailto:lctg-unsubscribe at toku.us>
>>> Future and Past meeting information: http://LCTG.toku.us <http://lctg.toku.us/>
>>> List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
>>> This message was sent to derek.gardiner.02420 at gmail.com <mailto:derek.gardiner.02420 at gmail.com>.
>>> Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/derek.gardiner.02420@gmail.com
>> ===============================================
>> ::The Lexington Computer and Technology Group Mailing List::
>> Reply goes to sender only; Reply All to send to list.
>> Send to the list: LCTG at lists.toku.us <mailto:LCTG at lists.toku.us>      Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
>> To subscribe: email lctg-subscribe at toku.us <mailto:lctg-subscribe at toku.us>  To unsubscribe: email lctg-unsubscribe at toku.us <mailto:lctg-unsubscribe at toku.us>
>> Future and Past meeting information: http://LCTG.toku.us <http://lctg.toku.us/>
>> List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
>> This message was sent to rosesta at gmail.com <mailto:rosesta at gmail.com>.
>> Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/rosesta@gmail.com
> ===============================================
> ::The Lexington Computer and Technology Group Mailing List::
> Reply goes to sender only; Reply All to send to list.
> Send to the list: LCTG at lists.toku.us      Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
> To subscribe: email lctg-subscribe at toku.us  To unsubscribe: email lctg-unsubscribe at toku.us
> Future and Past meeting information: http://LCTG.toku.us
> List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
> This message was sent to abroun at gmail.com.
> Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/abroun@gmail.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.toku.us/pipermail/lctg-toku.us/attachments/20240203/feeed8ce/attachment.htm>