# Password strategy



## dpeters11 (May 30, 2007)

After Gawker got hacked, I started to rethink my password strategy, even though from all my checking, my password was not compromised, and it wasn't one I used for anything sensitive.

I think I found the right solution, and thought I'd share it with anyone that is interested. I do want to put it out there, that I have no financial interest in the company.

The software is called LastPass, and they have plugins for IE, Firefox, Chrome and Safari and works on Windows, Mac, Linux and all the common mobile devices, though there are a few caveats on the mobile side.

They do store your passwords, but in my research, they do it in a way that is impossible for them or anyone else to decrypt (unless someone can guess your master password), but then they take it about three steps further.

Hope this is of help to someone. I'm not a crypto expert but can go into more detail of the security as I know it if anyones interested.

I can go into detail for anyone interested, but it's as bulletproof as I think possible, and the end result is you can have each site you log into with a different random password that there are too many possibilities for a brute force hack, and if one site doesn't store passwords encrypted, it won't work anywhere else.

Most of their features are free, except the mobile apps. That requires a Premium account, of $12 a year.


----------



## RasputinAXP (Jan 23, 2008)

The Android mobile solution is awful. It's an entirely separate browser.


----------



## dpeters11 (May 30, 2007)

RasputinAXP said:


> The Android mobile solution is awful. It's an entirely separate browser.


I haven't looked at the Android browser, but I'm wondering if it's similar to iPhone. The problem may be that the Android browser doesn't support plugins, so they have to include their own browser to give you full functionality. There are times when they are limited by the device browser.


----------



## The Merg (Jun 24, 2007)

Interesting... I might need to look into it...

- Merg


----------



## dpeters11 (May 30, 2007)

I'm still finding features...they have it covered if you're using a public terminal, and you're concerned a keylogger is installed. If you set it up ahead of time, you can generate one time passwords that only work once, or use an on screen keyboard. They also support two factor through a Yubikey, or their own program, called Sesame on a USB key. I know Yubikey support is on the premium side. They do have a free multifactor function called the grid. It generates random letters and numbers in 26 columns and it will ask you the corresponding characters for 4 coordinates on the grid. Of course you can invalidate a grid and create a new one at any time. After entering the right characters, you can set a particular system to not need the grid, so you don't need it at home. Would assume it would be very inconvenient if you forget it at home when travelling (unless you had your database on a mobile device).

Very good form filler as well, can import from Roboform, the browser etc.


----------



## flexoffset (Jul 16, 2007)

I use 1Password and sync it to my Dropbox. Works on all my computers and iPhone. No matter where I am I have all my information. It also catalogs all your software.

You can also run a filter on certain passwords and conditions to see if you have duplicates, etc. It also generates passwords up to 50 characters and you can select the ratio of numbers and symbols, too.

Works in Chrome, Safari, Firefox, etc.

http://agilewebsolutions.com/onepassword


----------



## RasputinAXP (Jan 23, 2008)

dpeters11 said:


> I haven't looked at the Android browser, but I'm wondering if it's similar to iPhone. The problem may be that the Android browser doesn't support plugins, so they have to include their own browser to give you full functionality. There are times when they are limited by the device browser.


That's the gist of it, yeah. Dolphin Browser supports plugins so they make a 1Password plugin for it, but otherwise it's their own browser. Understandable, but awful in my personal opinion.


----------



## pfp (Apr 28, 2009)

Yup, something like this is definitely the way to go. Personally, I use Roboform.


----------



## dpeters11 (May 30, 2007)

pfp said:


> Yup, something like this is definitely the way to go. Personally, I use Roboform.


Does Roboform save a copy on the Internet? Having the same data on any PC I use was a major factor for me.


----------



## pfp (Apr 28, 2009)

dpeters11 said:


> Does Roboform save a copy on the Internet? Having the same data on any PC I use was a major factor for me.


It can - it used to be called Roboform online and was free with the Pro product. Checking now it appears to be $20/yr and no longer included with Pro. It's all a bit confusing.

I'm actually looking into LastPass as there are some things it does I might like better than Roboform.


----------



## Mark Holtz (Mar 23, 2002)

The solution I use is KeePass. I keep my passwords stored on my USB stick, and then back 'em up to a hard drive using FreeFileSync. There is also a Android App called KeePassDroid which uses the KeePass file, which I can then keep synced with the Android version of Dropbox.

But, that's the solution that works for me.


----------

