[JeepsterGlenn]

Quote:

Originally Posted by spinner1001

If one is using Apple’s built-in password manager, KeyChain, on an iPhone, one’s passwords are protected by only the phone’s passcode that opens the phone’s screen. A bad actor looking over the shoulder of an iPhone user in a restaurant, bar, airport, and so on can observe the user entering their phone’s passcode, which opens the phone’s screen and KeyChain passwords. After a bad actor knows the phone’s passcode, they could take the phone by theft or robbery and now they have access to all the iPhone owner’s passwords stored in KeyChain. Google’s Android phones have a similar risk.

Here is a newspaper story about this kind of risk on phones and the technology limits on basic phone security:

A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life - WSJ

Reputable pay password managers offer stronger protection than the free built-in Apple and Google password systems at least on mobile devices. Whether one wants extra protection for their passwords is a personal decision.

The simple solution to IPhone password protection is to use face recognition to open the Lock Screen. No typing and only your face will open the phone. I also use fingerprint security on the IPad. Also, always lock the phone/Ipad screen before setting it down.

[spinner1001]

Quote:

Originally Posted by JeepsterGlenn

The simple solution to IPhone password protection is to use face recognition to open the Lock Screen. No typing and only your face will open the phone. I also use fingerprint security on the IPad. Also, always lock the phone/Ipad screen before setting it down.

I also use Face ID on my phone. But a large proportion of phone users in the USA don’t use it according to survey results I saw.

[thelegges]

Quote:

Originally Posted by JeepsterGlenn

The simple solution to IPhone password protection is to use face recognition to open the Lock Screen. No typing and only your face will open the phone. I also use fingerprint security on the IPad. Also, always lock the phone/Ipad screen before setting it down.

I can’t use fingerprint on anything, after 45 plus years of scrubbing, my finger prints have to be taken with the old fashioned print. Any electronic doesn’t register enough to be useful, which is widely used for initial passport, government IDs and so on. We do use facial recognition, on one important computer, but that has no help when someone hack into your accounts remotely without your knowledge

[OrangeBlossomBaby]

Quote:

Originally Posted by elevatorman

I don't trust the Russians.
Laboratoriya Kasperskogo) is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky, and Alexey De-Monderik; Eugene Kaspersky is currently the CEO.

Unless you're a government agency, a foreign National, an Agent of some official entity (like a bank CEO) or utility corporation server, the Russians really don't care what's on your computer. Kaspersky is safe for individual citizens, because they aren't interested in your porn collection. It's okay.

[Maker]

Do not use password managers that store your data in their company infrastructure (Norton).

Do not pay any fee. What if they close up shop and you no longer have access?

Word and Excel passwords take under 1 second to bypass, no matter how long or complex.

To see how long it takes to determine your master password, go to passwordmonster d0t com. That is an offline too that will show your 14 character password is close to worthless, especially if you use any words that appear in a dictionary, lists, language, acronyms, etc.

Using a zero for the letter "O" does not help. Password cracking tools know that trick.

Thinking a hacker won't look at every file on your PC or in the cloud is how the horror stories begin. Security by obscurity is foolish advice.

Choose a password manager that is open source and peer reviewed.

Use a long master password. In today's world, that is at least 30 characters.

There are smart choices in password selection. Do not use these, but which password would be more secure? Which can you remember? eTC82^9wn$j7 Dun/kinDon/uts?

For the web site passwords you store, the tool must be able to easily generate long passwords for you. Since it will feed that password to the site, who cares how long it is, or what complex character set it uses.

Password manager should be able to store the file wherever you want. Locally, or in the cloud. If you pick the cloud, it has to be safe to access from multiple devices concurrently. So it would have a sync function, not be a file that is held locked because it's "open".

The master database needs to be absolutely secure, so if anyone gets a copy, it's useless because your master password makes it secure.

I use Keepass. It exceeds all of the above.

[OrangeBlossomBaby]

I use a multitude of formulae for passwords. Some make sense for the account, some are random, some look random to other people but have meaning to me, and some are just silly word combinations with numbers to satisfy the requirements. I keep them all on a notepad file on a USB "thumb drive", where I keep all my other files. Google auto-fills all passwords for me on my desktop, but not on my phone or other devices. I don't have it saved to the cloud, I don't "sync" these passwords to google drive.

I also have a list of passwords to apps that I use regularly, hidden on my cell phone. None of them are bank apps. I use pattern and fingerprint and facial recognition to access various apps in addition to passwords. Sure people can get into my phone. But they'll be very disappointed if they do - unless they were hoping for a $5 credit at PetCo because I spent a fortune last month on flea treatment for my cat, and a free burrito at Moe's.

[kkimball]

As someone who works in IT security every day, I'll echo what others have said:

The password managers recommended by others here are safe and effective. Your password is the encryption key, so even if the password manager company is hacked, it is extremely difficult for a hacker to decrypt your data. Most apps allow you to keep an encrypted copy of your passwords, so it doesn't matter if they go out of business.

Just make sure to pick a long password you'll remember, like Don'tSpendAllDayOnTalkOfTheVillagesDotCom.

Do not use password-protected documents. Not only are they less secure, but they are also less convenient.

-Ken

[MrFlorida]

Hackers these days will go after the large investment firms and corporate accounts where they can get large amounts of passwords and your private info.... not individuals so much... I would worry about your investment firms more.

[thelegges]

Quote:

Originally Posted by spinner1001

What do you do with your only record of passwords on paper when you travel away from The Villages for a longer period? I would want to access some password-protected websites when away for a longer time. If you carry it with you when traveling away from TV, there is a risk of loss of your only record of passwords. That risk of loss is too high for me.

Hate to say it but so far my memory for passwords has a formula, don’t need to worry about carrying anything, for 6 important sites. For non important like Kroger they are simple, since who wants to hack into our grocery list.

Our grandson is IT, and what he can do scares you. He can acquire a lost password in minutes for us. Like others posted they have a someone in their life that has same ability. In todays world, there are many who have unique abilities to get into accounts

[bjansson]

I would NEVER trust google or any other company like that to manage my passwords but I've been using 1password.com for the last two years. It's convenient since i manage over 100 websites and need more than just a password protected spreadsheet to keep track of everything.

THAT BEING SAID, i would NEVER put any Bank or Credit Card information in any password manager. And always use two-factor authentication. Change passwords regularly. Use Credit Cards instead of a Debit card especially when travelling. I've only had trouble one time in 25 years.

[Altavia]

If you want a little additional security using a password manager, set it up such that the manager fills in the majority of a unique password, and then manualy add 3-4 characters to the end before hitting the enter key.

More or less an additional passcode.

[rsmurano]

Apple has face recognition. You steal the phone, you better steal the face of the owner too.
There are apps to break the password, but if you create your password the right way, it can take thousands of years for a computer to hack it.

For example: A 12-character password containing at least one upper case letter, one symbol and one number would take 34,000 years for a computer to crack.

This Chart Shows How Long It Would Take a Computer to Hack Your Exact Password - Articles - Automation Alley.

I use very long passwords with multiple special characters. Also with apple, apple will suggest a long password with multiple special characters and 2 factor authentication.

[spinner1001]

Quote:

Originally Posted by MrFlorida

Hackers these days will go after the large investment firms and corporate accounts where they can get large amounts of passwords and your private info.... not individuals so much... I would worry about your investment firms more.

According to the FBI, personal data breach was the second highest kind of internet crime reported to the FBI in 2022. Seniors suffered the highest economic losses across all age groups in 2022 from all internet crime according to FBI. Here is the FBI report:

https://www.ic3.gov/Media/PDF/Annual..._IC3Report.pdf

This report does not separate password manager crime. But it does prove that internet crime against individuals and particularly seniors is important.

[Velvet]

I use them for unimportant or not critical passwords. But never for banking etc.

[Cheapbas]

Quote:

Originally Posted by Michael G.

I been tempted many times to use one of the password managers that are available.

My son works out of his house for a national bank, and keeps reminding me
they can and known to be hacked and recommends against them.

Your Thoughts

I believe the people who get hacked don’t go all out to protect their accounts.

Password managers should be invoked with facial or fingerprint recognition only.

All your sites will do the same

The most critical, I.e. banks, should be set to send a 2FA code to your device.

Get a second device or SIM card for extra security, a number that no one knows.

Use complex passwords from the various random password generators.

If you are able, stop using your email address as your logon, use the PW generator and create a unique log on.

Don’t duplicate sign ins, the password manager will alert you.