[Lex Computer & Tech Group/LCTG] Password Manager

Sat Feb 3 09:25:32 PST 2024

I have a friend who used to keep his entire password list on a piece of
paper he kept in his pocket and took everywhere with him.  Then he forgot
to remove the paper and washed his pants.

Whether this is true or not it should make a point: you need a way to keep
your passwords so that they are (a) available when you need them, (b) easy
to use and update, (c) able to hold more information than just the password
(like social security numbers, recovery secrets*, etc), and (d) backed up.

My solution is completely free and secure.  I use KeePass.  This is a free
application available on Windows, MacOS, iPhone. Android phone, Linux, and
more.
KeePass is the format of a strongly encrypted password database file. It's
accessed by KeePass or other applications like KeePassXC (Mac, Windows),
KeePass Touch (iPhone), etc
I store my encrypted password file on my iCloud (it's protected by 2
passwords, one to access my iCloud account and another to unlock the
password database).
I also use Dropbox and pCloud to store the password file, and I copy it to
local storage on my computers and portable devices, the file remains
encrypted in all of these places.
I can share this password file with my wife and others who would need it if
I go to the big computer room in the sky or if I'm otherwise unavailable.
The program can read your spreadsheet into an encrypted password file
(according to the documentation for KeePassXC).

It's reasonable to store your password in an online service but note that
others have access to the service and could compromise your password data
(ref: LastPass).  You have to be willing to pay for this for as long as you
want their service.

Some comments.

I've discussed password security on my wiki at
https://wiki.toku.us/doku.php?id=security_presentation and I list some
solutions there (although from 2022); it discussed the importance of strong
passwords and other topics.
The Lexington Computer and Technology Group, LCTG, had a meeting on
password managers in March 2019 (recording: https://youtu.be/byCoxe7yZfM).

*Those "recovery passwords", like "what is your pet's name" or "what high
school did you go to" can be dangerous.  If you answer the real answers
(Rover, Central High Oshkosh) then they can be found out by a criminal and
be used to steal your account password.  Best is to use unrelated answers
to the questions and keep them in your password file (e.g., dog's name
="chinese cookbook", high school="funny browser extension") so that they
are effectively unguessable.

I'll be honest and say that I've not used any online service as the KeePass
solution is working well for me and I like to have total control over my
password information and not have to rely on having an Internet connection,
remembering to pay for the service, etc.
Regards,
-steve

On Sat, Feb 3, 2024 at 10:48 AM Denise via LCTG <lctg at lists.toku.us> wrote:

> Smita: in English? (sorry; newbie-ish; not understanding a lot of what you
> said) Are you saying that there are more and more break ins even when there
> IS  2FA? Thanks; denise
>
>
>
>
>
> I beg to differ, Derek.
>
> Far more than you would think if you subscribe to CISA vulnerabilities
> emails….. We only hear about the large companies, but not much about the
> secondary ones ….latest one was Xfinity, that if I remember correctly had
> to do with MoveIt – a file transfer software made by Progress Software used
> by many large enterprises including financial service companies. …..Same
> for Solar Winds…. Another example is Okta – a company that makes two factor
> authentication. ….
>
>
>
> Smita Desai
>
>
>
> I somewhat agree with Derek…..isn’t it not “if but when”?
>
> Just my two cents.
>
>
>
> And how often do break ins occur even when there IS two factor
> authentication?
>
>
>
> You make a great point. But most web sites also have a two factor
> authentication  so passwords alone do not matter
>
> Smita Desai
>
>
>
> Perhaps I am old fashioned but I am amazed at the trust you all feel for
> the safety of your online password managers. Data breaches are a common
> thing these days, regrettably.  I have considered moving to one of these
> password managers several times over the years but always go back to a
> sheet of paper with my passwords coded by myself.
>
> Just my thoughts,
>
> Derek Gardiner.
>
> ===============================================
> ::The Lexington Computer and Technology Group Mailing List::
> Reply goes to sender only; Reply All to send to list.
> Send to the list: LCTG at lists.toku.us      Message archives:
> http://lists.toku.us/pipermail/lctg-toku.us/
> To subscribe: email lctg-subscribe at toku.us  To unsubscribe: email
> lctg-unsubscribe at toku.us
> Future and Past meeting information: http://LCTG.toku.us
> List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
> This message was sent to s+lctglist at smistuff.com.
> Set your list options:
> http://lists.toku.us/options.cgi/lctg-toku.us/s+lctglist@smistuff.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.toku.us/pipermail/lctg-toku.us/attachments/20240203/c54da5e1/attachment.htm>