Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 2 [3]

Author Topic: Password manager  (Read 6907 times)

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 43472
  • Penguins CAN fly
    • DSLstats
Re: Password manager
« Reply #30 on: June 30, 2021, 06:34:19 PM »

I use keepassxc. It's available for Windows, MacOS and Linux. I think there may be a compatible app for Android, but I'm not certain about that.

As far as I'm concerned, it's just what I need, but I don't use any of its advanced features.
Logged
  Eric

siofjofj

  • Reg Member
  • ***
  • Posts: 126
Re: Password manager
« Reply #31 on: June 30, 2021, 06:46:17 PM »

I also use KeePassXC, having migrated from Lastpass in 2015 after they had a security breach and I decided it perhaps wasn't the best idea to have a database of all my passwords online. I'm pretty happy with it. The only more advanced feature I use is the built-in timed-OTP store, which is pretty handy for a few websites that insist on two factor authentication but, in my opinion, don't really warrant it (the browser extension can fill in username, password and one-time-password in one fell swoop, saving having to mess around with my phone). I believe other password managers are starting to have this feature now too though. I use Keeper at work (which my employer pays for) which also has TOTP support.
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5261
    • Thinkbroadband Quality Monitors
Re: Password manager
« Reply #32 on: July 01, 2021, 10:23:13 AM »

Isn't fully automating OTP weakening its security?
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

siofjofj

  • Reg Member
  • ***
  • Posts: 126
Re: Password manager
« Reply #33 on: July 01, 2021, 06:32:55 PM »

Isn't fully automating OTP weakening its security?
Absolutely! I'm well aware that if my password database is compromised, full access to the sites within will be gained. My personal use case for this is for websites that insist on two-factor authentication, but in my opinion do not warrant it (e.g. online forums). I do not use it for online banking (which uses SMS to my phone for OTPs) or Gmail (which uses push notifications to my phone) for example.

I would add that it is relatively unlikely the database will be compromised, as it is protected by a strong diceware passphrase and is stored locally on my desktop PC which has full disk encryption (using another strong diceware passphase) and is locked in my house. It is perhaps also of note that TOTP isn't technically 'something you have' for two factor authentication, as it is merely a long passphrase that is used along with the current time by an algorithm to generate the codes you see. Anyone that has the passphase, of which unlimited copies could be made (or in principle it memorised by someone) can generate the OTP codes. A better example of 'something you have' would be a private key on a smart card, which in principle cannot be duplicated.
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5261
    • Thinkbroadband Quality Monitors
Re: Password manager
« Reply #34 on: July 02, 2021, 06:26:54 PM »

Indeed its quite amusing as I believe a couple of MMORPG games have better OTP security (as you can order such a device) than far more important services.
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors
Pages: 1 2 [3]
 

anything