Do you use a password manager, and if so which one is your favorite?
I've tried LastPass, Dashlane, Keepass, 1password, and a few others I can't
remember the name of. I wasn't impressed with any of them. They were all
too complicated, didn't autofill more than two fields on most forms, etc.
I liked RoboForm for auto form filling, but the other areas for credit card
numbers and whatnot were awkward and complicated.
I am not interested in an online or cloud based password manager. I'm just
looking at local programs that store the encrypted data on my own hard
None of the password managers I tried were able to handle the multi-page
login's for banking and whatnot (user name on one page, secret phrase on
the second page, password on the third page).
Are there other password managers you have tried and can recommend?
Thanks. I tried that one too, but since it didn't have any autofill
features it didn't provide any benefits over my own software I am using
Home Suite works well for me, but doesn't have any autofill features (it
uses the copy/paste method like pwsafe). I haven't had time to work on Home
Suite, so I was looking to see what other password managers are available.
So far, nothing has impressed me enough to want to switch.
On 6/11/2016 8:15 AM, HerHusband wrote:
No. I rely on memory (I'm pretty good at remembering arbitrary,
long strings of "random" characters) or a text file (as a "backup").
I'm leary of storing anything "sensitive" in a place that would be
easily recognizable as such! ("Ah, I see that this guy has
SuperSecretPasswordManager running on his system! He doesn't
know it, but I've found a 0day exploit that lets me harvest
the secrets he's hiding, there...")
It's also too easy for someone to craft (hijack) a page that
would coerce the information from any automated process that
was designed to fill in forms.
E.g., last week, I went to close an account on a forum that
I'd visited (don't leave open accounts that won't be "active").
I'd always complained that it never properly handled firefox's
password management capability (which I use for disposable
web site accesses).
When I tried to delete my account, the site kept throwing an error.
I had to very carefully examine the "delete account" page to notice
that it had "tickled" firefox to autofill my userID into a field
that wasn't intended for my userID! Another bug in the page's
script prevented anyone from deleting their account if this
other field was non-empty (the page was used for a couple of
different purposes, account deletion being only one of those).
I'm not sure I could notice all such misuses (abuses?) of such an
Agree. I just keep all my passwords in a spreadsheet, and protect that with
It's a bit of a pain when I need to get a password (decrypt xls file, open
it, copy/paste password, close xls file, delete xls file), and if I want to
add to the file I need to re-encrypt it and overwrite the old version.
We just don't keep precious passwords/accounts.
I keep a plain text file with information for the on-line accounts
that I have. Periodically, I print a copy and tuck it away in a drawer
next to my passports (a poor man's BACKUP in case this computer dies
or is inaccessible for some reason).
In some cases, I keep the passwords *with* the protected devices
(e.g., trying to remember the BIOS password, account passwords,
fingerprint system password, etc. for several laptops is just
plain inconvenient. If they can get access to the piece of paper
that is stored in the laptop case listing all of these things
(along with BIOS versions, settings, etc.), then they can just as
easily take the damn laptop and be that much better off!
Some of our accounts rely on knowing where we are calling from
and our being able to provide some information that only we (and
they) *should* know (e.g., "What was your account balance last month?"
"Gee, I dunno, but I sent you a check #1034 dated 5/15/2016 for
$329.43 which is *probably* what the balance was...")
Often, passwords are just an inconvenience. How much do I care
if a car thief (or valet) sees the addresses stored in *my*
GPS address book for the car? Will they know that "rho" is
really Rhonda? Will they show up at her doorstep saying
"Don sent me"? Does knowing the address of my PCP give them
anything of interest (given that there are many practitioners
at that address)? Do they even know *my* name (there's no
registration information IN the car that they can consult)???
Do you remember random web page login's such as "A3j4l9-23uilm#+09"?
Do you remember all of your credit card numbers, verification codes, and
Do you remember your cell phone sim codes and phone numbers?
Do you remember all of your bank account numbers?
Do you remember the serial numbers for your power tools?
If so, you have much better memory than I do. Heck, I can barely remember
how old I am.
I understand your point, but a password manager than can be exploited so
easily is not very useful.
Unfortunately, that's not really an option these days. Also, as listed
above, there are many more numbers and codes to remember in life.
That goes back to a convenience issue. Typing in a user name, secret
answer, and a random 32 character password from a handwritten notebook is
not very convenient and prone to errors.
That's always the tradeoff. One of our banks wants us to start
using biometrics. Yet, haven't indicated the implementation
[I use it, here -- voice and face -- but I *know* that I've considered
how it could be hacked. And, as I know who the "authorized users"
will be, I know how much I can "burden them" without making it
inconvenient. E.g., quizzing them on things that are trivial
to remember but hard to guess -- and, hard to coax a recorded/synthetic
voice to say *immediately*. No time allowed for an adversary to
type the text into a TTS configured with the authorized agents
voice (relatively easy to make a synthesizer sound like someone
specific -- if you have enough voice samples. And, if the person
doesn't suspect that you are COLLECTING them, how can they take
precautions against you?]
On 6/11/2016 1:29 PM, HerHusband wrote:
I keep them in a text file on my desktop, here. I double click,
scroll to find the name of the web site, the name that I used
to "register", the "personal data" that I provided, the security
questions, and the password. Then, highlight, copy and paste.
When I cancel/close an account, I bracket the information with
a line of asterisks and add "Canceled, <date>". Then, cut and
paste it to the bottom of the file. So, I can tell which
accounts are still active -- even if I haven't accessed them
in a while (e.g., I have many email accounts)
I keep my credit cards in my wallet. Though I *do* remember all of
the account numbers, my 14-digit library card number (and its PIN),
social security number, etc. No need to take my wallet out of my
pocket to check out a book at the library, etc.
[I *dont* know the number on my driver's license. But *do* know
the plate numbers on the cars. When I need to check for airbag
recalls, I walk into the garage and jot down the VIN from the
car's dash and type that in. If the car was ever stolen, I'd
recover the VIN from the title -- in the safe deposit box]
I don't have a cell phone. SWMBO's cell phone number is stored
in the cordless phone's "phonebook" if I *ever* need to call
her (I suspect SHE doesn't know her own number -- she only
MAKES calls with it!)
They are on my statements. The account numbers for all of the
"accounts" for which I pay bills (gas, electric, credit cards,
other suppliers) are recorded in my check register -- look back
< 30 days to the last time you paid a bill for that vendor
and the account number will be written, there. So, I can
hop on a plane (illness in the family) and have everything I
need to ensure I *can* pay my bills /in absentia/ with *just*
my check book (been there, done that).
How often do you need to provide a web site with a serial number for
a power tool? Is there a reason you can't just look at the number
ON the tool? If its stolen, fetch the warranty and purchase information
from the file and look up what you recorded, there.
Ah! THAT one I have trouble with! I've had heated arguments with
SWMBO over my own age! Usually because I forget what YEAR it is,
How do you know how easily it can be exploited? There are
always news of new exploits that had previously been considered
safe/secure (e.g., heartbleed, home-grown encryption algorithms,
We've not had any problem avoiding online accounts. There may even *be*
accounts with our names on them (e.g., I order from Digikey, often,
yet have no idea what my "customer ID" is; let *them* look it up).
Most of the passwords that I keep track of for on-line stuff aren't
precious; they might lock me out of a forum or an email account if
I forget them (hence the reason I keep this tickler file with all
the information to "prove" my identity ;> ) But, that's just an
E.g., the account that I canceled the other day (referenced in my upthread)
I will reopen under a different ID in a few weeks -- now that I've seen
how the site works and can decide if I want to be involved.
I open my password manager, "Find" the account by name (i.e. bank), then
click the desired field to copy and paste. It's the same basic process,
just with a few less steps.
As do I, but if I order something online my wallet is usually in another
room. It's a hassle to have to run to the other room and dig through my
wallet to find the card number, verification code, and expiration date
when I want to pay for something online. Not to mention the potential
errors of typing in the numbers manually.
I'm impressed, my memory isn't that good. I remember the last four digits
of each account to easily distinguish them, but I couldn't tell you the
full account number, expirations, or verification codes of each card.
Actually, I remember my driver's license but not my plate numbers. I used
to know the plate numbers, but Washington state now requires us to get
new plates every few years. I don't use the number enough to remember
I don't know any of our cell numbers either without looking them up.
Yeah, I could open my encrypted drive, find the account statement, and
look up the account number. That's not very quick or convenient.
I'm not always near the tool or appliance I need to order a part for. For
example, my tools may be in the garage, or I might need a part for an
appliance at my in-laws. I try to keep these in my password manager so I
can easily look up parts when I need them.
That's one advantage of using a widely known encryption algorithm like
256 bit AES and writing the software yourself so you know there are no
In any case, I learned long ago that ANYTHING is breakable and accessible
to someone who is really determined to get that information. Even if they
can't break the encryption, there are easier ways to get the information
(pretending they are someone else on the phone, the waiter who takes your
card at a restaurant, mail theft, etc.).
I only worry about the casual person who has a bit too much curiosity.
Those people usually aren't going to try decrypting an encrypted
database, even if it's relatively easy to hack. The more determined
hackers will find other ways to obtain the information if they really
want it. Simply put, I'm not that interesting... :)
I'm sure, but many of us DO use online accounts frequently for banking,
retirement, bill paying, online shopping, etc.
I could still pay cash for everything and hide cash in my home somewhere,
but there's always a tradeoff.
I can have my wallet in hand in a matter of seconds (if I am *in*
the house). It "lives" in a predefined place in the bedroom
(as do the house keys, etc). My credit cards are in a fixed order
(mainly because of how I use them) so I can probably pull
the correct CC out of my wallet with my eyes closed -- just by
counting down the stack.
[I tend to be compulsive about these sorts of things -- so I don't have
to *think* about them]
I can't recall the verification codes as I don't use them often.
But, most of my cards I've carried for ~40 years. After a while,
the numbers just kinda fuse into your mind!
I tend to have a bigger problem *forgetting* numbers when they are
past their usefulness. E.g., a phone number will pop into my
head, "clear as day" and I'll spend hours trying to figure out
who/what it belongs to and why it popped into my head!
I can remember all of the phone numbers of my aunts and uncles -- despite
not having used any of them in 20 years (I'm not sure if the area code
is the same, anymore).
It took me decades to forget the combination to my high school locker!
(talk about a useless piece of information!)
Birthdays, anniversaries, etc. Too much cruft in there! :<
My DL is rarely out of my wallet. When it is, I tend to be in a heightened
state of anxiety (fear that I will *forget* that it is currently not in my
wallet!). E.g., moving some money around the other day and I had to present
it for identification... I kept a finger on it the entire time it was out of
my wallet (sitting on the desk) while the guy examined it and copied down
<whatever>. I suspect that if I had to take it out more often I'd be more
aware of it and what's on it (I can guess it carries my name, address, DoB
and some sort of identifier. Probably eye/hair color, too?) I know there
is a 2D barcode on it that presumably encodes all of that information,
as well. No idea what's on the back side! (amusing in that I've never
realized that before now!)
Our statements are paper. Open the lower right drawer of the desk,
find the folder for the account. Remove the topmost sheet (most
Ah, so you're using the "password manager" as more than a "password manager".
More like a notepad?
Exactly. If they want something I have, they can always break into
the house and TAKE it!
A second cousin owned a bunch of expensive furs (no kids, high income
couple, "hoity toity" -- the kind of folks who don't let you *sit*
in their living room ("for show and special guests"). Came home
one day to find tire tracks on the side of the house and a hole in
the wall where the side door had been. The closet containing the furs
was just inside (no idea why she didn't keep them stored at a
A guy I worked with had a fancy gun collection. Always talking
about it and the alarm he had bought/designed to protect it.
Until the day he stopped talking about it -- as it had been
stolen the night before.
I used to think that the case. OTOH, if an attack can be mounted remotely
and widespread, there may be enough uninteresting people to make it
worthwhile for an attacker!
SWMBO uses plastic for most things (much to my annoyance: do you really
need to charge that $3.27 of produce??). I, OTOH, tend to use cash
(unless a big purchase or something that I have to document more
We keep a decent amount of cash on hand "for emergencies" (e.g., natural
disaster where accessing our accounts might not be possible). But, not
in any place that is easily accessible (a thief could tear up the carpets
"toss" all the furnishings and cut open the walls and still not find it!).
Likewise, keep copies of the latest bank/securities accounts on a thumbdrive
(PC may not always be accessible if we have to leave in a hurry -- or if the
house is destroyed!)
Of course, there's still no absolute protection against loss/inconvenience.
But, a lot less "exposure".
On Sun, 12 Jun 2016 07:57:05 -0700, Taxed and Spent
I saw a leather passport case for sale the other day, with each credit
card sticking out a half inch higher than the one below it. When I
travel, I keep my money and credit cards where others don't see them.
HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.