Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Should You Use Password Managers?

Posted by BeauHD on from the actions-have-consequences dept.

New submitter informaticsDude writes: What do Slashdot users recommend regarding the use of password managers? The recent election underscored the hackability of many personal accounts. One solution is to use different passwords for every digital experience. But, of course, humans are lousy at remembering large numbers of large random strings. Another solution is to use a password manager. However, password managers have been hacked in the past, in which case you lose everything. How do Slashdot users balance the competing risks? What is a person to do?

3 of 415 comments (clear)

  1. Re:Dont use lastpass by Anonymous Coward · · Score: 3, Interesting

    Why is lastpass a piece of crap, exactly?

  2. Use firefox master password with mozilla sync by Vairon · · Score: 3, Interesting

    Yes. I recommend Firefox's password manager which can encrypt passwords stored in your browser with a master password. Then add to that Mozilla's sync feature to store an encrypted copy of your passwords on Mozilla's server. They are stored encrypted and cannot be recovered without the sync password and e-mail access. If you don't trust Mozilla's server, despite the passwords being encrypted, they provide the open source software so you can run your own server to sync your encrypted passwords to.

    If someone (you or hacker) does not know the sync password and resets the password with access to your e-mail account, it will not give them access to the passwords that were sync'd previously. This is good because it keeps a hacker from being able to just hack your e-mail account then use that to get access to all your passwords.

  3. I do not.. come up with a good story scheme... by gosand · · Score: 3, Interesting

    it's what I've used for years. I have a not so memorable story, take an event from that, and turn it into your password scheme.

    [completely fabricated example]
    In 7th grade a girl I liked (Sarah) gave a presentation on Abraham Lincoln. She was wearing a blue dress.
    Four score and blue dress. FoScBlDr (8 characters, safe)
    Add in a number and a symbol, because some sites require it. FoScBlDr81? [I think it was in 1981]

    So, there is my starting password. Password hint = Sarah Lincoln 81, maybe SL81 for short.
    6 months later, you have to change your password. Hint becomes SL82 (FoScBlDr82?)
    You could cycle through to 89, then back to 81. Over time, you can morph it in other ways. Maybe put a $ in there instead of a ? for financial sites, or come up with a separate story for those.

    The thing is, YOU make up the story and the cycling rules.
    You can even write down your password hints, nobody would ever think "Crush 88" was actually "FoScBlDr88?"

    I have used one scheme/password since 1999, and it has morphed so much even if I told someone my original password, they couldn't guess what it is now... it's just jibberish.

    --

    My beliefs do not require that you agree with them.