Password Managers?

Like most folks who use the internet, I use relatively weak passwords (and I've a tendency to use just a couple for all the sites I go to) for the simple reason that my memory is lousy and it's more convenient to do it this way. Not good; especially from a security standpoint.

What do the rest of you do (use?)? What do you find easiest in order to manage your passwords? How often do you change them?

ps: I use Firefox most of the time and I know there are extensions designed to help here but I find them difficult to understand.

 

Thanks, Steve... Pete. Pete, I'm curious about Roboform. I watched the video on their site and underneath was a button:Get Roboform Pro. Are there variations in the software? Which do you recommend? Is this a license that you renew annually as you would with anti-virus?

 

You can lock down your user id's and passwords in FF with the password manager.

I use Roboform because neither FF or IE will get past MyYahoo!'s resistence to saved data. I have seven MyYahoo! id's for classifying a whole flock of RSS feeds.

>>RSM

 

Been very happy with ROBO form. At this time it will not work with Google Chrome tho but I expect they will correct that soon. I still make a habit of listing all my passwords on 3 X 5 cards. Just an extra backup.
Budo

 

PeteC

Correct.

>>RSM

 

Two key questions come to mind relating to the use of Roboform:

1. What happens if you choose to generate passwords (which obviously you would not memorize) and then your computer crashes and you lose everything? How would you possibly re-enter those websites if Roboform has been compromised with a crash?

2. How do you go about accessing some of your websites from "other" computers (i.e. at work, at a hotel) if you do not have your laptop present?

thanks.

 

Thanks, Pete. This is sounding better and better by the day. So... if you already have a number of sites in which you will need to change the existing passwords... I imagine that you would go into those sites with Roboform... have it generate a new password/confirm and you're good to go. Right?

BTW... What is the most secure method of using it? I see that it can create these passkeys for you for each place which means you simply click on Roboform to automatically log you in. In this case, do you delete these saved passwords from Firefox (and/or IE) and let Roboform do the logging in?

And what about a master password? I suppose I'm still confused about the best way to use this program since there appears to be several options for its use. How do you use it in terms of the password managing?

 

Okay... I'm going to download and try it out. BUT... I'm still confused about something you mentioned above... probably because I noticed on a YouTube demonstration that many did not bother to protect each site with the master password which you evidently do. My confusion is simply this: If you are typing in a master password for each site, then what have you really gained in terms of convenience? Furthermore, if you are typing (as opposed to simply clicking the passkey) wouldn't that be less secure since a keylogger program surreptitiously installed on your computer would be able to read what you are typing?

 

A master password for each site?

A master password is one master password for the whole shebang.

>>RSM

 

Ah... I'm beginning to see. Actually... after playing around with Roboform for the evening... I don't particularly see the usefulness of it (at least for me). I see that Firefox has a very similar extension (Last Pass) which is perfectly free and essentially does everything the Pro Version of Roboform does. I've installed it and am playing around with it. We'll see how things go. But I'm still not convinced that this manager is really what I'm looking for. There are only a half dozen sites that I'm really concerned about. I could easily write those passwords down and store them in our safe and change them every few months while in the meanwhile having FF remember them. I am the only person to use my computer and so I always stay logged into my accounts anyway... so what is the advantage of such a program?

 

But, Pete, you really haven't answered my last question. Internet Explorer (at least versions 7 and 8) also offers to remember the passwords whenever you enter a site requiring one. So, why not let it do the remembering as opposed to a program like Roboform? I'm not sure (outside of filling in a form) that I really see its advantage from the point of view of being a password manager. Can you elaborate? Thanks.

 

Hmmm... Bob from LastPass just answered my question above (which I suppose pertains to Roboform as well):

1) Now, if you computer dies, you will have lost all of your passwords. LastPass stores them encrypted on the server so that is not a concern with LastPass.
2) The built-in password manager is not secure. Did you see how we were able to import all of your passwords? Any rogue program or virus can do the same.
3) If you ever use any other computer (at work, at library, on vacation), you will have access to your data with LastPass (both passwords and secure notes).

 

Per James

That is why I keep a backup on 3 X 5 cards as I have indicated in a previous post. Maybe that would be your best bet James.:rolleyes

 

A half dozen passwords maybe; several dozen I think not. The other issue is the ability to hack the passwords. Having them stored on their servers as opposed to within my browser makes them inherently safer. Let me illustrate. When I installed LastPass they asked if I wanted them to import all of my stored passwords. Huh? They could actually do this? Well... I said... sure and the next thing I knew, all of my passwords were now stored on their servers in encrypted form so even they could not read them. If they can import my passwords so easily, what do you think about a trojan or virus program that becomes installed on your computer unbeknownst to you? It can just as easily import all of your passwords (hey... it happens all the time) and compromise your security.

Furthermore, we should be changing our passwords more frequently and using stronger passwords (which are difficult to remember). I'm not about to change a bunch of passwords manually by hand every couple of months and I doubt many would. It's inconvenient which means, our security is further weakened.

Not sure why you rolled your eyes, Budo. I understood what you said the first time around. It just doesn't sit well with me. But thanks anyway.