If you want a little additional security using a password manager, set it up such that the manager fills in the majority of a unique password, and then manualy add 3-4 characters to the end before hitting the enter key.

More or less an additional passcode.

Apple has face recognition. You steal the phone, you better steal the face of the owner too.
There are apps to break the password, but if you create your password the right way, it can take thousands of years for a computer to hack it.

For example: A 12-character password containing at least one upper case letter, one symbol and one number would take 34,000 years for a computer to crack.

This Chart Shows How Long It Would Take a Computer to Hack Your Exact Password - Articles - Automation Alley.

I use very long passwords with multiple special characters. Also with apple, apple will suggest a long password with multiple special characters and 2 factor authentication.

According to the FBI, personal data breach was the second highest kind of internet crime reported to the FBI in 2022. Seniors suffered the highest economic losses across all age groups in 2022 from all internet crime according to FBI. Here is the FBI report:

https://www.ic3.gov/Media/PDF/Annual..._IC3Report.pdf

This report does not separate password manager crime. But it does prove that internet crime against individuals and particularly seniors is important.

I use them for unimportant or not critical passwords. But never for banking etc.

I believe the people who get hacked don’t go all out to protect their accounts.

Password managers should be invoked with facial or fingerprint recognition only.

All your sites will do the same

The most critical, I.e. banks, should be set to send a 2FA code to your device.

Get a second device or SIM card for extra security, a number that no one knows.

Use complex passwords from the various random password generators.

If you are able, stop using your email address as your logon, use the PW generator and create a unique log on.

Don’t duplicate sign ins, the password manager will alert you.

We’ve used LastPass for years and more recently 1Password. Never had any problems. 1Password is a better option in my opinion - more user friendly and allows easy passwords sharing within a family.

Gee. I never thought of that. Thanks.

Dashlane > 1Password

I’ve used Dashlane for years. I have an exceptionally long and complex master password. Never had any issues.

Don’t believe for a minute that hackers are only going for banks or large institutions. Have you looked at your spam email lately? If you are a windows user and open up the wrong email, you’re hacked.
Using strong passwords is just 1 method to help secure your info. There are many others: 2 factor authentication, email aliases, VPN, facial recognition, fingerprint access, use sites that encrypt your data being sent to the website, don’t use the same password for multiple sites, use LifeLock, use an anti-virus system, and don’t use MS windows. All the latest ransom hacks were done to windows users, the GOP congressman’s hack from the Chinese was against his windows machine. If you are using windows, you need to keep up with all the windows security updates that they send out.

Sorta like giving the fox the key to the henhouse.

Question about these password managers:

Many online accounts require you to change your account password every 90 days. If you are using a password manager to log in on your behalf, how do you then change your password on the individual account when it requires it?

Especially if you don't have to remember your old password and have subsequently forgotten it.

The PM remembers previous passwords and can suggest a random new one for most web sites.

You can also do this manually with a randomly generated password from the program.

Security check

The FAQ lower in this web page answers many of the questions:

Dashlane Password Manager

Having unique usernames helps security also, this is easily managed by a PM. DASHLANE has generator here:

Username Generator | Dashlane

CyberSecurity experts currently recommend that the change every 90 day policy is no longer recommended. Unfortunately, there are still many sites which still enforce this requirement.

I am not sure of a PM which actually notifies you that you are approaching this time limit but at least with 1password and Dashlane, when you go through the new password page, it will fill in your old pw and then generate a new complex pw, submit it on your behalf and save it in your vault. Both maintain a history of your old passwords.

1Password is my go-to for saving passwords. 1Password is easy to use, has never been breached (like LastPass), and is very customer friendly. In addition, using two-factor authentication helps. On a personal note, a good friend who's an executive in a security business just had one of her accounts hacked (and she's an expert in how to set things up to avoid that happening). Unsure if there's a 'perfect' solution, but setting up walls of any kind is a good beginning.

Love 1Password for ease of use and so far it's never been breached compared with LastPass that's been breached several times. So, are you saying that your investment accounts aren't included in your 1Password collection of passwords?

This is absolutely a great analogy and practical advice. The issue for some of us who flip around with different sites daily is that it's impossible to remember every password and time consuming to have to look them up with each use. 1Password has saved my sanity since access to the computer is a hobby that is greatly improved by the system that 1Password has established to access any site quickly. So far 1Password has never been breached. Should that happen, I'll be using your system.

Would you mind sending me your 1Password password so that I might be able to try it out and make an educated decision before I purchase the software.

Thanks in advance

If they can hack the pentagon then anybody can be hacked. Almost a weekly occurrence to hear of millions have been compromised by hackers getting into large companies.

It would take a hacker 30 seconds to find your secret password file. Windows and Apple makes it easy as they keep an ongoing internal list of the most recently used files. That list (which certainly includes your password document) will be the first group of interesting files looked at by the hackers. The hackers know that the most used files are more likely to have value.

DATA SECURITY: I have been using Dashlane since 2017. Around 2020, we extended usage to entire family with a single plan for 6 members. NEVER had any issues. Dashlane follows a zero-trust architecture approach, meaning your data can be accessed by you only with a master password. Your information is stored on Dashlane’s servers only when it’s encrypted. And 256-bit AES encryption and 2FA ensure that no one from the outside has a single chance of decrypting your vault. So, your data is safe.

EFFICIENCY & TIME SAVINGS: The amount of time that Dashlane saves is another huge benefit of this app. Our family uses Dashlane across all our devices: iphone to PC to Mac, automatically synchronizing all data. I have over 500 passwords, and anytime I enter a website, Dashlane automatically fills in my username and password info. I have the option to request entry of the master password before auto-password entry for sensitive sites. I use this for dozens of entries each day, time savings is estimated by Dashlane at 50 hours per year (and this is believable once you use the app).

ADDITIONAL FEATURES
- plug-ins for browsers, so it works seamlessly with web sites.
- face recognition
- you have to authenticate every time it’s used on a browser (unless you override for 14 days)

IMHO: No errors + no forgotten passwords = huge increase in efficiency and time savings.

Norton password manager is fantastic to use it has face recognition and you have to authenticate every time it’s used on a browser.

The one vote for LastPass online password vault (yes, the paid version) includes:

1) two-factor authentication using your phone.
2) ability to add attachments; e.g., your driver's license, passport, etc
3) plug-ins for browsers, so it works seamlessly with web sites.

The master password is changed monthly even if it's changed from "bigboy1" to "bigboy2"....haha

No I don’t trust any passwords stored in computer or cyberspace. All of my passwords include at least 12 numbers and letters. IMO if it’s on computer device or program it can be found.

Make a spreadsheet, copy pw and paste

My mate keeps his master password in his wife's panties.
I asked if it was safe, and his reply was, "As Fort Knox. No one has got inside them in years!"

And do NOT keep it stored in the cloud. Instead, store it on a USB thumb drive or SD card that you can use on all your devices, including desktop, tablet, laptop, cell phone. If you travel and think you'll need it, bring it with you. If not, leave it in your desktop.

Make a duplicate for your desktop for when you bring the other one with you. Keep the drive on your person at all times. If you're going to the pool at a hotel, put it in the hotel safe.

Yes, I always was told this years ago.

This is the number one reason I'm asking about any password managers
and how much you trust them.

Where exactly is that USB port on an iPad or iPhone? And, you trust the hotel safes?

No thank you, I'll go with a purpose-built commercial solution from a reputable vendor that features an encrypted file stored in the cloud.

That recommendation would be appropriate if the topic of this thread was "The worse possible way to store your passwords"

Only if you avoid actual words. 12P@ssword34 takes less than 1 minute to crack.

I would just point out that, if you have a USB or SD card connected to a device that is connected to the Internet, a hacker can access the data on the plugged in card. The only advantage is that you can unplug the card when you don't need it. But, if you leave it plugged in, you may as well just store the data on your internal hard drive.

Using which tool?

It seems there is no good way to even guesstimate the amount of time required. According to various sites returned from google search, that password will take anywhere from 72 seconds to thousands of years to crack.

Let's face it boys and girls, the best way to keep your usernames and passwords is a trusted little book
protected with your life.

Use two-factor authentication, when possible, use a good virus protection, freeze your credit, and your good to go.

Just curious. How do you hack a password if you only get 3 attempts before you are locked out?

"You Should Probably Change your Password..."

This guy probably describes 90% of those in TV...

https://youtu.be/aHaBH4LqGsI

I only leave it plugged in on my desktop. I use the thumb drive as my portable hard drive, it has all my files on it. If I bring it with me when I travel, I only plug it in while I'm using it. I shut the laptop/tablet off when I'm not using it.

USB "thumb drives" fail more often than you would expect. By putting all your eggs in that one basket, there will be a day you will regret that choice.

I use thumb drives to store data, but I always have at least 2 copies.

Personally, I like BitWarden... free and very secure, works across several platforms (Windows, Apple, Android, Linux, etc). Plus I use 2FA...

If someone preferrers USB drives, there are methods and products that incorporate encryption and security features.

Best secure drives of 2023 | TechRadar

How to encrypt a USB flash drive—and why you should – Microsoft 365