[Two Bills]

Quote:

Originally Posted by Ecuadog

Not complex enough. I use 1234567.

Is that safer than my mother's maiden name.
That's a lot of numbers, don't think I could remember that many.

[jojo]

Last Pass had a major data breach. I quit Last Pass because it blocked my completing info on some websites such as Groome Transportation and several other sites.

[Altavia]

Quote:

Originally Posted by Cuervo

Let's stop and think about it, I had suggested whatever passwords you have do not go to a third party or to the program that pops up asking if you want to save your password. I suggested keeping a log at home offline and a poster raised a number of scenarios, as fire, theft and hurricane which would demolish the house. I have two or three important contacts,
Bank, Broker, Email account. I personally know my broker so he will deal with any access I need; I know what bank I deal with and with proper ID they will deal with any problem that arises and my email I've had for so long the password is tattoo in my brain and if anyone dose access my email, they'll have to deal with all the spam. The other sites are trivial and if you forget the password as far, as I know these sites will send you an email instructing you how to get a new password. I believe the less information you share with others the safer you are.

What happens for your heirs if you die from a heart attack tonight?

[JMintzer]

I use "Incorrect"...

If I forget it, the website tells me "Your password is incorrect"...

[Maker]

Quote:

Originally Posted by CFrance

A couple of questions, as it sounds like you are knowledgeable. 1. What do you think of RoboForm?
2. Can you give an example of a long passphrase?
3. What is meant by No single place for hackers to extract private information.
Thanks for any info.

Not a fan of RoboForm. It has some innovative features, but appears to have several flaws.
Your data file is in their possession so if they suffer an outage or cyber attack, you are in a world of hurt. KeePass data is in your possession, and you can store it wherever you want.
Limited to one password database. KeePass allows multiple databases. Certain places where family or friends would also want to access can be put in its own file and shared without sharing your private data.
Free version is for one device only. KeePass is not limited. Use it on all your devices.
It reaches out to the web to do "security" things. That exposes itself to detection. Doing things beyond its main purpose is generally frowned upon.
Software has not been peer reviewed for coding errors, hackability, or secret back doors. KeePass is open source. Many experts have not been able to find any security flaws.

A long passphrase is something that can be remembered but also contains pieces that are not actual words. The very long length makes it secure. Like:
Today@1200!sWhen\ottery#Nums@rePicked
TThhiissIIssAALLoonnggPPaasssspphhrrssee

No single place means that every part of the process adds a unique layer of security. There is no one way to hack the process without having several completely different compromises at the same time. Here are a few
Database is stored where you only have access
Database is not hackable. A key logger could get your master password, but would not be able to get your database.
Passwords are sent via a secure process to web browsers.
Every password can be different. If one site gets hacked, exposure is limited.

[Maker]

Also, a word of caution for anyone using Excel or Word to save your passwords. Those apps can have "password protected" documents. You can pick a 1000 character password if you want, and might think that is secure. It is not.
The actual data is easily recovered without knowing the password.
There are many examples of DIY on the web. Those methods do not try to guess the password, they just remove it.

[Cuervo]

Quote:

Originally Posted by Altavia

What happens for your heirs if you die from a heart attack tonight?

I have two annuities that covers my nephews where they are the beneficiaries when I check out and I have supplied them with all the documentation. My daughter and my grandson will get the rest, again she is totally aware of what there is, and a legal trust has been set up. I did my homework and I have set this up that if I die before this posting is finished, they will be fully protected. Again, I believe the less personal information you release to anyone without knowing who might get access to it legally or illegally is a mistake.

[PoolBrews]

This was not a "data breach" per se. It is a huge text file containing over 9 billion passwords. It does not tie passwords to login ID's or anything else. With this file it is possible for a hacker to use one file containing known ID's and then cycle through passwords in a brute force attack. Most sites (upwards of 99%), especially financial, have security measures in place to handle denial of attack.

Even if you change all of your passwords today, the chances that you will pick a new password that is not on this massive list are very slim. It's kind of like a dictionary, and your job is to guess what word out of that dictionary was last used by someone.

Your best protection is to ensure that you have two factor authentication set up on all of your accounts that connect in any way with your money.

[Altavia]

Quote:

Originally Posted by Cuervo

I have two annuities that covers my nephews where they are the beneficiaries when I check out and I have supplied them with all the documentation. My daughter and my grandson will get the rest, again she is totally aware of what there is, and a legal trust has been set up. I did my homework and I have set this up that if I die before this posting is finished, they will be fully protected. Again, I believe the less personal information you release to anyone without knowing who might get access to it legally or illegally is a mistake.

That's the easy stuff.

Do they have access to the online accounts - utilities, insurance, credit card, photos, etc?

Especially Passwords to access your phone, computer, etc?

[Cuervo]

Quote:

Originally Posted by Altavia

That's the easy stuff.

Do they have access to the online accounts - utilities, insurance, credit card, photos, etc?

Especially Passwords to access your phone, computer, etc?

You're just hunting for something to justify the pouring of your information to the world.
I've dealt with the passing of my uncle, my wife son and then my wife without some of this information and have cleared it all.
When my wife son passed, I got into his computer through a back door, his phone I didn't even bother with, I had all his mail sent to me and I handle whatever bills came in. Within months I cleared the slate and sold his house in N.J.
My daughter has more information than she needs and more than I had dealing with my wife son.
If you want to trust your information somewhere on the internet that's your choice, I'm a native New Yorker and we were trained from birth not to trust anyone but yourself and sometimes I don't even trust myself.

[CFrance]

Quote:

Originally Posted by Maker

Not a fan of RoboForm. It has some innovative features, but appears to have several flaws.
Your data file is in their possession so if they suffer an outage or cyber attack, you are in a world of hurt. KeePass data is in your possession, and you can store it wherever you want.
Limited to one password database. KeePass allows multiple databases. Certain places where family or friends would also want to access can be put in its own file and shared without sharing your private data.
Free version is for one device only. KeePass is not limited. Use it on all your devices.
It reaches out to the web to do "security" things. That exposes itself to detection. Doing things beyond its main purpose is generally frowned upon.
Software has not been peer reviewed for coding errors, hackability, or secret back doors. KeePass is open source. Many experts have not been able to find any security flaws.

A long passphrase is something that can be remembered but also contains pieces that are not actual words. The very long length makes it secure. Like:
Today@1200!sWhen\ottery#Nums@rePicked
TThhiissIIssAALLoonnggPPaasssspphhrrssee

No single place means that every part of the process adds a unique layer of security. There is no one way to hack the process without having several completely different compromises at the same time. Here are a few
Database is stored where you only have access
Database is not hackable. A key logger could get your master password, but would not be able to get your database.
Passwords are sent via a secure process to web browsers.
Every password can be different. If one site gets hacked, exposure is limited.

Thanks for the response/explanation, Maker.

[Altavia]

Quote:

Originally Posted by Cuervo

You're just hunting for something to justify the pouring of your information to the world.
I've dealt with the passing of my uncle, my wife son and then my wife without some of this information and have cleared it all.
When my wife son passed, I got into his computer through a back door, his phone I didn't even bother with, I had all his mail sent to me and I handle whatever bills came in. Within months I cleared the slate and sold his house in N.J.
My daughter has more information than she needs and more than I had dealing with my wife son.
If you want to trust your information somewhere on the internet that's your choice, I'm a native New Yorker and we were trained from birth not to trust anyone but yourself and sometimes I don't even trust myself.

Sorry, I was trying to understand since you are smarter than the millions of hackers and security experts in the world...

[Salty Dog]

I use a cloud based password manager because I need to access my accounts from multiple devices. My master password is over 16 characters long. I have over 700 password protected accounts (I thought I had about 300, but just counted them). Granted many sites have no personal/financial info attached to the accounts. I've been changing my site passwords to 12+ characters, but it takes a while. I try to do several dozen every week or so. My password manager automates it somewhat, but site's security often makes using automated setup hard or impossible to use.

My Microsoft account is hit dozens of times a day from all over the world with attempted logins. Here are just 6 in 60 seconds.

7/9/2024 4:25 AM Unsuccessful sign-in Argentina
7/9/2024 4:25 AM Unsuccessful sign-in Brazil
7/9/2024 4:25 AM Unsuccessful sign-in Austria
7/9/2024 4:25 AM Unsuccessful sign-in Bangladesh
7/9/2024 4:25 AM Unsuccessful sign-in Iraq
7/9/2024 4:25 AM Unsuccessful sign-in Morocco

[Maker]

Quote:

Originally Posted by Salty Dog

I use a cloud based password manager because I need to access my accounts from multiple devices. My master password is over 16 characters long. I have over 700 password protected accounts (I thought I had about 300, but just counted them). Granted many sites have no personal/financial info attached to the accounts. I've been changing my site passwords to 12+ characters, but it takes a while. I try to do several dozen every week or so. My password manager automates it somewhat, but site's security often makes using automated setup hard or impossible to use.

My Microsoft account is hit dozens of times a day from all over the world with attempted logins. Here are just 6 in 60 seconds.

7/9/2024 4:25 AM Unsuccessful sign-in Argentina
7/9/2024 4:25 AM Unsuccessful sign-in Brazil
7/9/2024 4:25 AM Unsuccessful sign-in Austria
7/9/2024 4:25 AM Unsuccessful sign-in Bangladesh
7/9/2024 4:25 AM Unsuccessful sign-in Iraq
7/9/2024 4:25 AM Unsuccessful sign-in Morocco

A 16 character password is far too short. Especially for the one that unlocks your entire online life. Add a passphrase. Example: Phrase you remember "I like to get up at 6 in the morning to go for a walk with my dog" ... becomes typed as... "Iltgua6itmtgfawwmd"
A 12 character password is hackable in minutes.
A password manager should be able to generate random 32 character (or longer) passwords for the entries. Who cares if they are impossible to type manually, the password manager should auto-type them for you.

There is a big difference between "cloud based" password managers and storing your data file in the cloud. The first maintains custody of your data file. That alone is insecure because you rely on them to do all your security, and hope they never mysteriously disappear or get compromised. When you have complete control where you store your data file, you can put it anywhere you want. Even in several places. The security built in to the data file encryption is 100% sufficient, and you can access it anywhere you can get to your cloud.

[Spartan86]

Quote:

Originally Posted by Maker

A 16 character password is far too short. Especially for the one that unlocks your entire online life. Add a passphrase. Example: Phrase you remember "I like to get up at 6 in the morning to go for a walk with my dog" ... becomes typed as... "Iltgua6itmtgfawwmd"
A 12 character password is hackable in minutes.
A password manager should be able to generate random 32 character (or longer) passwords for the entries. Who cares if they are impossible to type manually, the password manager should auto-type them for you.

There is a big difference between "cloud based" password managers and storing your data file in the cloud. The first maintains custody of your data file. That alone is insecure because you rely on them to do all your security, and hope they never mysteriously disappear or get compromised. When you have complete control where you store your data file, you can put it anywhere you want. Even in several places. The security built in to the data file encryption is 100% sufficient, and you can access it anywhere you can get to your cloud.

Saying 12 or 16 is too short is only part of the discussion IMO