For help, advice and discussion about stuff not related to aviation. Play nice: no religion, no politics and no axe grinding please.
User avatar
By JonathanB
FLYER Club Member  FLYER Club Member
#1556399
This month it was found that a spambot had harvested a massive number of emails and passwords: http://www.bbc.co.uk/news/technology-41095606

It would be a good idea to check your email on https://haveibeenpwned.com (yes, it is a legitimate site, run by a respected internet security expert.) If your email address comes up you should probably think about changing your password on any site that you have used that email address.

Meanwhile I can thoroughly recommend 1password (no affiliation) as a way to manage different and complex non-memorable passwords for different sites and services although there are other services and apps available.
User avatar
By flybymike
FLYER Club Member  FLYER Club Member
#1556415
With nearly 5 billion harvested email addresses I'm wondering whether there is anyone left who hasn't been compromised.

I just tried a random sample of addresses from my address book and most had been nobbled including mine.

What if the 1password service itself was nobbled?
User avatar
By JonathanB
FLYER Club Member  FLYER Club Member
#1556419
1Password (at least the app and desktop versions) stores your password locally and locally encrypted. If you sync to dropbox or similar then it only syncs that encrypted file.
User avatar
By JonathanB
FLYER Club Member  FLYER Club Member
#1556424
Although I see that their latest version is more of a cloud offering - will have to look into that. Currently I don't pay a subscription at all, just paid once for the app.
#1556476
It's for this reason - oh, and the fact I'm a tight git - that I keep everything in a local (free/open source) Keepass database rather than in the "cloud".

I sync using Dropbox but that never sees unencrypted data. And I also need both a password and key file to open the database.

Of course, other tools are available. The important moral of the story isn't to use a particular tool, the moral is that using a password manager is generally a Really Good Idea.
User avatar
By JonathanB
FLYER Club Member  FLYER Club Member
#1556480
I've been investigating 1Password somewhat further - it only ever encrypts and decrypts on the local machine and their new service only stores heavily encrypted data to which they have no access. It's not much different really to your solution with Dropbox!

Definitely a good idea!
By PaulB
#1556504
I've asked about these password managers before, do they just work seamlessly on all platforms?

Are there any "gotchas" with any of them? There's also DashLane and LastPass (or something like that) Are they all "much of a muchness" ( as my Mother would say)?

Edited to add: is there a way with these bits of software to store the other extraneous bits of security (like favourite places and names) that some websites (especially financial ones) use? It's often that that fools me as I choose different ones for different things.
User avatar
By JonathanB
FLYER Club Member  FLYER Club Member
#1556508
I don't know about the others, but 1Password can store anything you like really - you can even now put attachments such as passport scans etc. There is a Windows version but I don't know how full featured it is - the website will tell you.

There are several tech sites that have reviews of them all...
User avatar
By GolfHotel
#1556510
PaulB wrote:I've asked about these password managers before, do they just work seamlessly on all platforms?

Are there any "gotchas" with any of them? There's also DashLane and LastPass (or something like that) Are they all "much of a muchness" ( as my Mother would say)?

Edited to add: is there a way with these bits of software to store the other extraneous bits of security (like favourite places and names) that some websites (especially financial ones) use? It's often that that fools me as I choose different ones for different things.


Paul. I use dashlane on pcs, iPad, android. It's pretty good. Although I've never used anything else so can't compare. Yes it can store notes so you can keep anything in there. I've never tried to attach anything like a passport scan. But it keeps stuff like passport numbers and bank account details and credit card details and receipts from purchases. Etc etc.

Most importantly it keeps around 120 separate passwords for me. So if one is lost then all is not lost.

GH
#1556512
Thanks for the heads-up. Explains why I have had so much spam in the past week for an old email address that I haven't actually used for several years!
Happily, the one I use now is OK.
User avatar
By leiafee
FLYER Club Member  FLYER Club Member
#1556529
flybymike wrote:What if the 1password service itself was nobbled?


There's a good blog post about that risk perception by the guy who manages haveibeenpwned.

Basically it's a case of the overall likelihood*harm

No password manager = massively high liklihood of compromise and moderately contained harm depending on how well you've avoided password reuse or predictability

Password manager = very low risk of compromise and massively high risk of harm if it is.

Statistically overall it's still safer.

Not using one is kinda like driving to your holiday instead of getting an airliner because you're scared of terrorism or crashes. Yeah you'll almost certainly die if your airliner blows up wheras you may well survive the car accident - but overall you're still more likely to die on the road!
User avatar
By JonathanB
FLYER Club Member  FLYER Club Member
#1556570
TheKentishFledgling wrote:I use 1Password across Mac, Windows and various iOS devices. The only improvement I'd like is the ability to open credentials direct from Safari on iOS. Moving / syncing between systems is totally effortless.


You can sort of do it, in fact I'd forgotten about this until yesterday... https://support.1password.com/1password-extension-ios/