Then your browser gets hijacked. I think I'll use Passkeys.
If your system is compromised, what ever you do is in danger.
Then your browser gets hijacked. I think I'll use Passkeys.
Ok, but what is the algorithm to keep corresponding PW and sites/logins together?
Here we have a few encrypted PW lists daily backed up on the home server (NAS) for the family members. All with the same PW which is an easy to remember modified fairytale fantasy name for all of them. So the brains of the members are a nice PW back-up for each other in case of emergency.
They're both open source. Patching in some code for exfiltration and compiling doesn't need the dark web. If someone's got sufficient privs to replace the binary you're already compromised, and it probably doesn't matter which password manager you're using. I'd be interested in what BitWarden is doing differently to KeePass and its derivatives that makes it any more secure. Some of this may be OS specific.It is open source, so more eyeballs are on the code looking for vulnerabilities. And, there is currently no hacked version of it available on the dark web, unlike KeePass.
Who hasn't been hacked?So they have been hacked, twice, and you still stick with them? I'm am not sure I understand that thinking.
NO WAY I wont change all the passwords I have around the net every couple of years .......Divorce is not such a big problem you learn the birthday of your new wife faster.
I don't get it why BitWarden should be better than KeePass in such a case. What does it help to change a program when your system got hacked?I recently engaged a white hat security consultant to pen test our network at work. He hacked into our security manager's laptop, replaced his KeePass executable with a hacked version, and gained access to the admin passwords for nearly everything on our network. He left his report on the desktop of my laptop instead of emailing it to me. Needless to say, we no longer allow KeePass. He recommends BitWarden.
OK. That makes total sense. I knew a guy in the early days of Google and that was his gig--he'd get a person's business to show up on top with certain searches. This was 2003, I think? But it's more sophisticated now.The main use these days is to link to a site which as a result, causes Google to rank them higher in search results. But they also try to sell stuff.
You should of cource keep both KeePass and the key on a USB stick and only use it when needed.I recently engaged a white hat security consultant to pen test our network at work. He hacked into our security manager's laptop, replaced his KeePass executable with a hacked version, and gained access to the admin passwords for nearly everything on our network. He left his report on the desktop of my laptop instead of emailing it to me. Needless to say, we no longer allow KeePass. He recommends BitWarden.
Why would you assume we did nothing else to secure the network? We implemented about a dozen recommendations not germane to this thread.I don't get it why BitWarden should be better than KeePass in such a case. What does it help to change a program when your system got hacked?
If your system gets hacked no program can be trusted anymore and it's easy to eavesdrop on any data.
Switching form KeePass to BitWarden was useless if nothing else was done to secure your network instead.
Cool, but not everyone is inclined to self-host their own password manager.I recommend Bitwarden over most of the other password managers due to it being self host able
Yes, on my phone google will tell me one of my passwords has been found on the dark web during their security updates process. It does not show up on https://haveibeenpwned.com/ or similar sites. I don't reuse it and in fact have changed it. I never saw any evidence of anything wrong. Of course someone else may have used the same password which is not otherwise related to me.Google reminds me to change my passwords all the time. You almost need a separate computer with it's own operating system designed to keep track of passwords.
From what I've read Passkeys isn't going to work with Windows 10 which most people are still using. However, I'm already using it on Windwows 10 with Ebay and Best Buy. Perhaps it won't work cross-platform. I hope Google Passwords will store the Passkeys so I don't have to create new Passkeys for every device I use. It's not supposed to work with IOS 15 either. I hope they'll change these requirements so everyone doesn't need to upgrade equipment to have better password security.Yes, on my phone google will tell me one of my passwords has been found on the dark web during their security updates process. It does not show up on https://haveibeenpwned.com/ or similar sites. I don't reuse it and in fact have changed it. I never saw any evidence of anything wrong. Of course someone else may have used the same password which is not otherwise related to me.
In any case, I do hope passkeys catch on and become the norm. For many people passwords are reaching or have reached the point where it is far too much trouble to keep them safe and they aren't proving fully safe anyway. Passkeys will be overall more convenient and much safer in several ways than passwords.
Should work on Android, IOS, MacOS, and Windows 11. Also they have provisions to use them cross platform. Slightly less convenient, but equally secure. You can use MacOS or IOS on Windows 10, but not in the other direction though it is promised soon.From what I've read Passkeys isn't going to work with Windows 10 which most people are still using. However, I'm already using it on Windwows 10 with Ebay and Best Buy. Perhaps it won't work cross-platform. I hope Google Passwords will store the Passkeys so I don't want to have to create new Passkeys for every device I use. It's not supposed to work with IOS 15 either. I hope they'll change these requirements so everyone doesn't need to upgrade equipment to have better password security.
I can recommend Bitwarden. I do not not have any experience 1password so I cannot comment. Bitwarden is open source and they have been independently audited. It works well on Windows, Android and Linux. There is an iOS version, again I have no experience with it.Cool, but not everyone is inclined to self-host their own password manager.
Bitwarden (cloud-hosted, not self-hosted) or 1password (already cloud-hosted) are an easy recommendation for anyone who's not technically inclined.
If I tell any of my non-technical friends to self-host their own password manager, they'll look at me like I'm from another planet.
Install wordfence (or similar) on your sites, and set it to block an IP after 5 login attempts. Kills brute force attacks. And turn off the account named admin.I love me some Lastpass. Just have a seriously long master password and you'll be fine no matter what. Using a different email address or login for most websites is pretty helpful too. I have a bajillion attempts to hack my business wordpress, and they're all the wrong logins attempted by scripts. I have gotten hacked before, but only because of flaws in wordpress itself, which no password program can stop.
No, NTFS file system encryption doesn't require an additional password beyond your login password.I suppose the problem then is that you have to ALWAYS be able to remember the encryption pass. Back to a piece of paper in a drawer again?