<div dir="ltr"><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394">I have a friend who used to keep his entire password list on a piece of paper he kept in his pocket and took everywhere with him. Then he forgot to remove the paper and washed his pants. <br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394">Whether this is true or not it should make a point: you need a way to keep your passwords so that they are (a) available when you need them, (b) easy to use and update, (c) able to hold more information than just the password (like social security numbers, recovery secrets*, etc), and (d) backed up.</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394">My solution is completely free and secure. I use KeePass. This is a free application available on Windows, MacOS, iPhone. Android phone, Linux, and more.</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394">KeePass is the format of a strongly encrypted password database file. It's accessed by KeePass or other applications like KeePassXC (Mac, Windows), KeePass Touch (iPhone), etc<br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394">I store my encrypted password file on my iCloud (it's protected by 2 passwords, one to access my iCloud account and another to unlock the password database).</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394">I also use Dropbox and pCloud to store the password file, and I copy it to local storage on my computers and portable devices, the file remains encrypted in all of these places.</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394">I can share this password file with my wife and others who would need it if I go to the big computer room in the sky or if I'm otherwise unavailable.</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394">The program can read your spreadsheet into an encrypted password file (according to the documentation for KeePassXC).<br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394">It's reasonable to store your password in an online service but note that others have access to the service and could compromise your password data (ref: LastPass). You have to be willing to pay for this for as long as you want their service.<br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394">Some comments.</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394">I've discussed password security on my wiki at <span style="font-family:monospace;color:rgb(0,0,0)"><a href="https://wiki.toku.us/doku.php?id=security_presentation">https://wiki.toku.us/doku.php?id=security_presentation</a></span> and I list some solutions there (although from 2022); it discussed the importance of strong passwords and other topics.</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394">The Lexington Computer and Technology Group, LCTG, had a meeting on password managers in March 2019 (recording: <a href="https://youtu.be/byCoxe7yZfM">https://youtu.be/byCoxe7yZfM</a>).</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394">*Those "recovery passwords", like "what is your pet's name" or "what high school did you go to" can be dangerous. If you answer the real answers (Rover, Central High Oshkosh) then they can be found out by a criminal and be used to steal your account password. Best is to use unrelated answers to the questions and keep them in your password file (e.g., dog's name ="chinese cookbook", high school="funny browser extension") so that they are effectively unguessable.</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394"><br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394">I'll be honest and say that I've not used any online service as the KeePass solution is working well for me and I like to have total control over my password information and not have to rely on having an Internet connection, remembering to pay for the service, etc.<br></div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394">Regards,</div><div class="gmail_default" style="font-family:trebuchet ms,sans-serif;font-size:small;color:#0b5394">-steve<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Feb 3, 2024 at 10:48 AM Denise via LCTG <<a href="mailto:lctg@lists.toku.us">lctg@lists.toku.us</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-6226276385750780254"><div lang="EN-US" style="overflow-wrap: break-word;"><div class="m_-6226276385750780254WordSection1"><p class="MsoNormal"><span style="font-size:13pt">Smita: in English? (sorry; newbie-ish; not understanding a lot of what you said) Are you saying that there are more and more break ins even when there IS 2FA? Thanks; denise<u></u><u></u></span></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal"><span style="font-size:13pt"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:12pt;font-family:"Arial",sans-serif">I beg to differ, Derek.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:12pt;font-family:"Arial",sans-serif">Far more than you would think if you subscribe to CISA vulnerabilities emails….. We only hear about the large companies, but not much about the secondary ones ….latest one was Xfinity, that if I remember correctly had to do with MoveIt – a file transfer software made by Progress Software used by many large enterprises including financial service companies. …..Same for Solar Winds…. Another example is Okta – a company that makes two factor authentication. ….<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:12pt;font-family:"Arial",sans-serif"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:12pt;font-family:"Arial",sans-serif">Smita Desai<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:12pt;font-family:"Arial",sans-serif"><u></u> <u></u></span></p><div><div style="border-width:1pt medium medium;border-style:solid none none;border-color:rgb(225,225,225) currentcolor currentcolor;padding:3pt 0in 0in"><p class="MsoNormal"><span style="font-size:13pt">I somewhat agree with Derek…..isn’t it not “if but when”?<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:13pt">Just my two cents.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:13pt"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:13pt">And how often do break ins occur even when there IS two factor authentication?</span><u></u><u></u></p></div></div><p class="MsoNormal"><u></u> <u></u></p><div><div><p class="MsoNormal">You make a great point. But most web sites also have a two factor authentication so passwords alone do not matter <u></u><u></u></p></div><div><p class="MsoNormal">Smita Desai <u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p><blockquote style="margin-top:5pt;margin-bottom:5pt"><div><div><p class="MsoNormal">Perhaps I am old fashioned but I am amazed at the trust you all feel for the safety of your online password managers. Data breaches are a common thing these days, regrettably. I have considered moving to one of these password managers several times over the years but always go back to a sheet of paper with my passwords coded by myself.<u></u><u></u></p></div><div><p class="MsoNormal">Just my thoughts,<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-bottom:12pt">Derek Gardiner.<u></u><u></u></p></div></div></blockquote></div></div></div></div>===============================================<br>
::The Lexington Computer and Technology Group Mailing List::<br>
Reply goes to sender only; Reply All to send to list.<br>
Send to the list: <a href="mailto:LCTG@lists.toku.us" target="_blank">LCTG@lists.toku.us</a> Message archives: <a href="http://lists.toku.us/pipermail/lctg-toku.us/" rel="noreferrer" target="_blank">http://lists.toku.us/pipermail/lctg-toku.us/</a><br>
To subscribe: email <a href="mailto:lctg-subscribe@toku.us" target="_blank">lctg-subscribe@toku.us</a> To unsubscribe: email <a href="mailto:lctg-unsubscribe@toku.us" target="_blank">lctg-unsubscribe@toku.us</a><br>
Future and Past meeting information: <a href="http://LCTG.toku.us" rel="noreferrer" target="_blank">http://LCTG.toku.us</a><br>
List information: <a href="http://lists.toku.us/listinfo.cgi/lctg-toku.us" rel="noreferrer" target="_blank">http://lists.toku.us/listinfo.cgi/lctg-toku.us</a><br>
This message was sent to <a href="mailto:s%2Blctglist@smistuff.com" target="_blank">s+lctglist@smistuff.com</a>.<br>
Set your list options: <a href="http://lists.toku.us/options.cgi/lctg-toku.us/s+lctglist@smistuff.com" rel="noreferrer" target="_blank">http://lists.toku.us/options.cgi/lctg-toku.us/s+lctglist@smistuff.com</a><br>
</div></blockquote></div>