The handful of cases where phone apps need a password that was originally made for a web page make that really unpleasant (in my experience).
It also requires that you use the same browser on every platform you use (which is nowhere close to true for me).
Ah, yes, I don’t use my phone much, so I’d forgotten about the trend towards “Let’s make an app just for viewing our one webpage”.
Still, whatever password manager you use, you’d still need that on all of your devices. And on a lot of work machines, ordinary peons might not have the ability to install things like that. But your work computer will certainly have at least one and probably more browsers, and the ability to set up and synchronize profiles on them.
“Bring your own device” is also a fairly recent but common trend (i.e., just use your personal phone for work stuff).
I sorta need a password manager for my work password. It’s not complicated, but for better or worse I picked a particular pattern on the keyboard. Which involves special keys that don’t have the same layout on the on-screen phone keyboard. And I can’t remember the password except via the pattern. The alternative is to Google a picture of an ordinary keyboard so I can reverse-engineer the mapping…
Aaand …
On the strength of your recommendation I made the switch. Which was, as you said, quick and simple while the learning curve was trivial.
LastPass sent their annual announcement that I owed them another $36 in a week or so, and that was the nudge I needed to say sayonara. I’ve got both installed but only BitWarden logged in for another few days, then unless I hit a snag the conversion will be complete.
Thanks for the advice.
93 Trillion years for me. Yes, we run a tight ship. It’s annoying to have to change every 2 months. I’ve come up with a system for myself to create it and remember it.
I think of a song I like, and one line in that song. Then I use the first letter of each word in that line in the song. I follow that with numbers and special characters.
The draw back is the earworm it creates. But that goes away in a few days, and helps you remember it.
I used my standard algorithm [Name]&[Name] (e.g., Simon& Garfunkel, which I havyr never used). It gave a billion years to crack.m
For passwords, length is strength. I used the same character 20 times and it gave 50 billion years to crack.
Which metric assumes brute force search.
Any real cracking tool now includes brute force search as the last thing they try after already running through common keyboard patterns, common words in many languages, common dates, common leet variations, etc. And first and foremost, common passwords culled from leaked PW files all over the internet.
And it’s a darn good bet that repeated single letters out to 20 or more reps is one of the standard common patterns. I bet the actual crack time for 20 consecutive "J"s is well under one millisecond for that reason.
All else equal, you’re 100% right that “length adds strength” But that does not mean mere length can compensate for a fundamentally bad choice of PW. Now as between 123 and 124 consecutive Js, that might work. Damn few people have the patience to type that many or the keyboard skills to get the quantity right every time. So that string may well not be part of the standard guess table.
But 20 is only long to a human, not to a computer. Putting each of the 52 upper/lower case English letters in there repeated from length 1 to length 50 is only 2600 entries in their guess table and 67KB plus any table overhead. Not even a nanodrop in the bucket of a modern prefab guess table.
I hope everyone who tests any password at that site then immediately changes and discards that password. Whatever security it originally had, its security is now zero after you type it into a third-party site.
Yep, and glad it worked out.
Funnily enough, my sister now works for a certain competitor. But it’s more of a corporate-oriented one that charges by the seat (and comes with enterprise-level support). She didn’t have anything bad to say about BitWarden aside from that it’s not their product. She had lots bad to say about LastPass and their multiple breaches. And she had a little self-criticism for her company not pursuing the resulting land-grab aggressively enough (she seemed to think that 1Password grabbed more ex-LastPass customers).
I’m still struggling with some BitWarden UI queernesses and especially on Android. But I’ll get there.