Password Managers 2019

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
I have 2FA even on my old throw away yahoo account. Someone finally tried to access it and I got an alert and denied it. Never seen it in action before other than authenticating a session I initiated, pretty useful.
Was it caught and shared in some hack, that you know of?

 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
Was it caught and shared in some hack, that you know of?

Yes it’s been part of multiple hacks. It’s actually a straight authenticated account. They just put in my email and attempted to login. The Authenticator asked if it was me. I had changed the password multiple times since the hacks. Then they switched their Authenticator to being password free, which I forgot about. I regularly run my emails and my wife’s emails through haveibeenpwned. Thankfully we’ve had few to deal with.
 

Threadripper

Level 9
Verified
Well-known
Feb 24, 2019
408
If you're hacked you're done, they take all the passwords from your local machine when you decrypt them with your master password - not from the remote server. To mitigate this

1) never store your 2FA codes for your accounts on the same password manager you use for your passwords (I'd go as far as don't use the same machine, to maximally decouple the 2nd factor from your passwords)
2) take measures to secure the machine to avoid compromise
3) don't sweat over it, if they only have the passwords without the 2FA codes for your logins nothing can happen and if you use a good security product this should not happen in the first place.
You said if they are hacked which is why I was talking about password managers, you're talking about using your password manager on a compromised device - obviously that's going to be a problem.
 

notabot

Level 15
Verified
Oct 31, 2018
703
You said if they are hacked which is why I was talking about password managers, you're talking about using your password manager on a compromised device - obviously that's going to be a problem.

If you keep 2nd factors on a separate device, ie use PC for passwords, mobile for 2FA -- even then I don't think it's a total disaster.
 

Divine_Barakah

Level 29
Verified
Top Poster
Well-known
May 10, 2019
1,854
Free version doesn't support cross device syncing.
Got the lifetime version for $14.99

I do not mind paying I actually prefer paying for something that crucial so that I know that the developers make money out of it so they doing their best. That's how business work. I already pay 60€ a year for 1Password family plan. I am just looking for a good alternative (paid) because I do not like how 1Password works with autofilling

Last pass is year ahead for auto filling but I am worried about their security....
You might give Dashlane a try.

For those who are not sure about the security of their passwords, you can use Sticky Password Portable and you can use the WIFI sync functionality. Unfrotunately, the development of Sticky Password is very slow; it does not receive updates regularly.
 
  • Like
Reactions: ForgottenSeer 78429
F

ForgottenSeer 85179

I wonder how you guys use your online password manager without internet?

Eg I store in KeePass my VeraCrypt passwords for external USB drives. So if I would disconnect from network, reset windows and then want access to my external USB backup drive I cannot because of missing password from cloud. With KeePass that isn't a problem.

Also I would say that a local database is more secure then a cloud one. Of course a compromised PC is bad. It's always bad.
But don't think that store such important data on cloud would help in that case
 
  • Like
Reactions: harlan4096
F

ForgottenSeer 823865

My password is in my brain, I have an easy to use and very safe formula, so I use a password manager more because I'm lazy to type 20+ characters than forget them.
 
Last edited by a moderator:
  • Like
Reactions: Dave Russo

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
I wonder how you guys use your online password manager without internet?

Eg I store in KeePass my VeraCrypt passwords for external USB drives. So if I would disconnect from network, reset windows and then want access to my external USB backup drive I cannot because of missing password from cloud. With KeePass that isn't a problem.

Also I would say that a local database is more secure then a cloud one. Of course a compromised PC is bad. It's always bad.
But don't think that store such important data on cloud would help in that case
Without the internet I don’t need most of my passwords, the few I do I remember.
 
  • Like
Reactions: Handsome Recluse

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top