This article on password managers is interesting. Note that the specific vulnerabilities mentioned in the article have all been fixed, as the author states, but the general conclusions remain worthy of note. https://www.theregister.co.uk/2017/02/28/flaws_in_password_management_apps/ -----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Jackie McBride Sent: Friday, October 20, 2017 2:14 PM To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: Re: [Blind-sysadmins] password managers David, Keepass does local storage, though I do think there may be a plugin for the cloud if desired. I broke my wrist awhile back & KP really proved to be a lifesaver, as I could just get my cursor into the username field of my browser, then go to Keepass & choose the 'autotype' option from the context menu (the keycut is actually ctrl v, which was hard to manage then). It then enters the fields for you, including the press of the enter key. It actually stores your files in a database, which you can backup to flash if desired. On 10/20/17, David Mehler <dave.mehler@gmail.com> wrote:
Hi,
What are the opinions of lastPass?
Thanks. Dave.
On 10/19/17, Chris Nestrud <ccn@chrisnestrud.com> wrote:
KeePass does not support cloud out of the box, though I think there are plugins for adding that.
1Password is not free. There are two versions for Windows, and they are relatively accessible if a little clunky.
Chris
On Thu, Oct 19, 2017 at 05:51:02PM -0400, David Mehler wrote:
Hello Everyone,
Thank you all for replying and for the discussion.
Jackie, Chris, and Anatoliy can you tell me more on keepass? I do believe there is an android client for it. Does it do cloud or local storage of passwords? How do you use it on the net and in daily uses?
Nimer, what are the differences between lastpass and 1password? From my research I know both have an android client so that might be an option, as well as for windows. Which do you prefer, and why? Can you tell me more of how you use the managers? What is a yubikey?
Browser management for passwords does make me nervous, for the same reason Jackie said. How many of these password managers are browser-only?
Jason, and Kelly, which accounts do you have two factor authentication on? That might be another option for the users I'm helping.
Another Possible option, Chris, does the 1password for windows work at all?
The option I'm looking for needs to be both free and easy to use.
Andrew thanks for the info on dashlane, that was one I was considering, that saves me trying to make it work with jfw.
Andrew, can you elaborate more on your setup?
Katherine, do you remember which mobile service you were using when you found the app?
Matt, can you elaborate more on your setup and does PasswordSafe have a mobile application?
Again my thanks. Dave.
On 10/19/17, Nimer Jaber <nimerjaber1@gmail.com> wrote:
this has an answer as to why 2fa is not needed with 1password. https://support.1password.com/authentication-encryption/
There are pros and cons to both. I prefer 2fa as well, and love my yubikey, but 1password does not need this, and it would not really do much to improve its security.
On Thu, Oct 19, 2017 at 10:35 AM Andrew Hodgson <andrew@hodgsonfamily.org> wrote:
Hi,
I didn't see this option in 1Password, and believed the post here to be still correct:
https://blog.agilebits.com/2011/09/23/two-factor-or-not-two-facto r/
Andrew. ________________________________________ From: Blind-sysadmins [blind-sysadmins-bounces@lists.hodgsonfamily.org] on behalf of Katherine M. Moss [kmoss@winterhillsolutions.com] Sent: 19 October 2017 15:15 To: 'Blind sysadmins list' Subject: Re: [Blind-sysadmins] password managers
It does, but in a different way. It allows for key files and/or TLS certificates.
-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Andrew Hodgson Sent: Thursday, October 19, 2017 10:13 AM To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: Re: [Blind-sysadmins] password managers
Hi,
Yes that is correct but it doesn't allow 2fa as a second login step, you just use the master password.
Andrew. ________________________________________ From: Blind-sysadmins [blind-sysadmins-bounces@lists.hodgsonfamily.org] on behalf of Chris Nestrud [ccn@chrisnestrud.com] Sent: 19 October 2017 15:03 To: Blind sysadmins list Subject: Re: [Blind-sysadmins] password managers
1Password is able to generate TOTP two-factor codes. As I recall, you paste the shared secret in a field called "one-time password" or similar when you're editing the account information in 1Password. I've been able to set them up in Windows and view them on iOS.
Chris
Hi,
I spent a lot of last week going through different password managers, I
On Thu, Oct 19, 2017 at 10:31:40AM +0000, Andrew Hodgson wrote: tried out Keypass, Dashlane Password Manager, Sticky Password, LastPass and 1Password.
I ended up going with LastPass as it was sort of ok (ish) with JFW and
Firefox, and provided the multifactor authentication I wanted. It is in the cloud but there is a desktop application which does some of the stuff for desktop apps if you have a premium account.
The easiest to use is Keypass, but I wanted something that was cross
platform and works with iOS etc, and this is a desktop app.
1Password was also pretty good, but it didn't offer multifactor
authentication which was a deal braker for me, but it was pretty easy to use with JFW and had a shortcut key to access it which was good.
Both Sticky Password and Dashlane Password managers were completely
unusable with JFW.
My current setup is LastPass with a couple of Ubikeys for 2fa and a
backup of using Google Authenticator (Authie) via my iPhone.
Andrew. ________________________________________ From: Blind-sysadmins [blind-sysadmins-bounces@lists.hodgsonfamily.org] on behalf of Jason White via Blind-sysadmins [blind-sysadmins@lists.hodgsonfamily.org] Sent: 19 October 2017 00:05 To: 'Blind sysadmins list' Cc: Jason White Subject: Re: [Blind-sysadmins] password managers
That, unfortunately, is the risk with password managers in general. Thus, I don't store important passwords. I also enable two-factor authentication on all accounts that support it.
-----Original Message----- From: Blind-sysadmins [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Jackie McBride Sent: Wednesday, October 18, 2017 6:59 PM To: Blind sysadmins list <blind-sysadmins@lists.hodgsonfamily.org> Subject: Re: [Blind-sysadmins] password managers
Personally, I advise never using a browser to manage pw's. Get malware on your machine, & they're likely all phoned home to the malware c&c
center.
On 10/18/17, Jason White via Blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> wrote: > For most purposes, I use Google Chrome as my browser at the > moment, and hence rely on its internal password manager > (except for the most important passwords, which I memorize > instead). This can work across Mac OS, Windows and Chrome OS. > I own both a Mac and a Windows machine, but not Chrome OS. > Under Linux, though, I need to use Firefox for accessibility > reasons, and likewise Safari under iOS. However, I don't > access password-protected sites/applications frequently on > these platforms. > > -----Original Message----- > From: Blind-sysadmins > [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On > Behalf Of David Mehler > Sent: Wednesday, October 18, 2017 6:28 PM > To: blind-sysadmins <blind-sysadmins@lists.hodgsonfamily.org> > Subject: [Blind-sysadmins] password managers > > Hello, > > How many list members use password managers? I'm trying to > decide on which one to get. I've got a cross platform > situation, windows and android and one iPhone. platform > solution, not sure if I'm going for a cloud solution or a > noncloud solution. > > I'd appreciate any suggestions. > > Thanks. > Dave. > > I'm trying to go for the cross > > _______________________________________________ > Blind-sysadmins mailing list > Blind-sysadmins@lists.hodgsonfamily.org > https://lists.hodgsonfamily.org/listinfo/blind-sysadmins > > > > _______________________________________________ > Blind-sysadmins mailing list > Blind-sysadmins@lists.hodgsonfamily.org > https://lists.hodgsonfamily.org/listinfo/blind-sysadmins >
-- Remember! Friends Help Friends Be Cybersafe Jackie McBride Helping Cybercrime Victims 1 Person at a Time https://brighter-vision.com
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
-- Cordially,
Nimer Jaber
My mission is to bring love and peace to everyone around me with all tools available to me. My core values are integrity, innovation, loyalty, excellence, and 100% personal responsibility.
The message above is intended for the recipient to whom it was addressed. If you believe that you are not the intended recipient, please notify me via reply email and destroy all copies of this correspondence. Action taken as a result of this email or its contents by anyone other than the intended recipient(s) may result in civil or criminal charges. I have checked this email and all corresponding attachments for security threats. However, security of your machine is up to you. Thanks.
Registered Linux User 529141. http://counter.li.org/
To find out about a free and versatile screen reader for windows XP and above, please click here: http://www.nvda-project.org
You can follow @nimerjaber on Twitter for the latest technology news.
To contact me, you can reply to this email or you may call me at (218-606-0475) and I will do my best to respond to you promptly. Thank you, and have a great day! _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
-- Remember! Friends Help Friends Be Cybersafe Jackie McBride Helping Cybercrime Victims 1 Person at a Time https://brighter-vision.com _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins