Password Managers: Do You Use One?

I’ve literally had it be “what is my password?”

Somewhat tangential to the whole security question thing, but relevant enough to mention in this thread… Am I the only one who thinks that people are idiots if they respond to dumb quizzes on Facebook like “what’s your unicorn name” and get you to pick from a list of names, indexed by the digits of your birth date, or similar? I’ve seen people give away their mother’s maiden name, their street name, their exact date of birth etc this way. It seems pretty obvious to me that these things are just scraping your personal info.

Wasn’t there an actress or celebrity whose voicemail got hacked that way? As I remember, she was known for carrying around her pet dog, whose name was widely known, and one of the security questions for accessing the voicemail was “what’s your pet’s name?”

It sounds like you have several layers of obfuscation in your system of passwords, but I think it’s true in general that any systematic process you use for creating passwords does technically make those passwords weaker in some way. If you can work out, using your procedure, what the password is, someone else can potentially work out what your procedure is (they might need some additional information first, of course); that is, the consistency in your obfuscation that makes it usable, is also a potential vulnerability.

You may be thinking of Sarah Palin’s personal Yahoo email. Her security questions were things like mother’s maiden name and high school mascot, all of which were easily able to be found. Some 4chan kid figured it out and published it.

No, I thought it was Paris Hilton or someone like that, who carried around a toy dog she called Snowflake, or something like that.

My security goal is not to keep out a clever person who is out to get me. I’m not famous. I don’t have a lot of enemies. My goal is to avoid being the low hanging fruit who is easy to target.

What’s stopping such apps from basically extorting ever more money from you, over time?

Once they have all your access codes, (and I assume it’s a lot of them!), why wouldn’t they keep upping the price?

Will you go and change them all? Even knowing they’ve got them all currently set at 20 digit strings of numbers and characters? I doubt it, such a pain it would be.

Maybe it’s just me, but it DOES seem like putting all your eggs in one basket!

I mean - YOU can see them. If you don’t want to pay their subscription fee, just export them to another app. I’ve never heard of a single case of a password manager locking you out of your data.

Essentially, the only thing stopping them from doing this is bad PR, and reduced sales, if they do so. It’s a competitive market, with a bunch of different password manager tools out there, and big price increases are just going to drive their customers (and prospective customers) to other manager tools.

Absolutely, it could be figured out. But I’m mostly trying to dodge algorithms/bots rather than people personally trying to hack me. I think security through obscurity should be good enough there.

Sure, any service that has you on the hook will have at least a slight incentive to milk you for cash over time, but this is no different from any other service where switching is a nuisance - such as changing your bank or an email provider. They also have an incentive to keep you as a customer - if they hike the price too high, customers will overcome the effort barrier to switch to a cheaper competitor

Yes. Lastpass, though I’m not happy that the “free” version will only support one type of device soon (eg. desktops, mobile devices, etc). Will be $2.99 a month to do all devices soon.

Eh, I’ll probably pay it rather than migrate to something else, I can afford it I guess. I’ve always wondered how these companies, holding this very valuable data, could possibly make money. Yes, they always had “pro” versions, but I found them useless.

Yeah, I just bit the bullet and paid (there’s a discount for existing LastPass free users, so it wasn’t that bad). I’m kind of surprised it’s been free for as long as it has.

I’ve been using and paying for LastPass for a couple of years now. I think there were some limitations in the free version that made the paid one attractive to me. (Was it that it wasn’t available both in desktop and mobile form in the free version?) Also, from what I see when I login, they offer an enterprise version, which might be attractive to a company that has to manage many passwords. I know we have some sort of system for this.

No, that’s what’s happening (about to happen) now.

Emergency access, security dashboard and dark web monitoring were some features that you get in premium, but not in free

OK, I can’t remember what it was but something in their sales pitch convinced me to pay up for this thing.

One difference in free vs premium lastpass before the recent change was that with free you only had one login and one set of PWs, whereas with the premium version you could set up yours, spouses, each kid, etc., as separate logins.

This page lists all the features of the different tiers. It looks like you are describing the Families plan.

I’m actually quite keen on the emergency access feature in LastPass - it means I can ensure someone I trust can take charge of my accounts etc in the event I die or am incapacitated, without any compromise of security before that point. It’s pretty clever the way that works.