Are password managers the answer?

Topic

New Reply

Using the same password for multiple accounts is a bad idea. Using “easy” passwords is a bad idea; passwords should all look like random collections of characters. Passwords should be changed regularly. As a result of all this, we are left with the task of trying to remember a large number of seemingly random strings of characters, in effect an impossible task. The solution, say the experts, is to use a password manager like Roboform or LastPass. But I have trouble working with them. I’m not locked in to a single computer: I often use the computers of friends or colleagues, or an iPod. Do I have to make sure I have Roboform on a thumb drive every time I go out the front door? Some computers don’t allow thumb drives. What if LastPass goes out of business or has a technical hiccup? Wouldn’t I completely lose access to all the sites I’ve signed up for? Maybe I’m missing something here, but I’m deeply puzzled by the question of how to manage the many dozens of passwords I need.

Reply | Quote

Replies

David,

Disclosure: I’m a rabid RoboForm user…

In fact just today I upgraded my 2 licenses to version 7 and bought 2 more. They gave me a price of 15.64 ea. I consider this a bargain for the functionality RF provides. I use sync toy to keep the machines in sync {just remember not to sync the License.rfo file}. Every so often I also print out all my passcards and chuck them in the safe {just in case}. However, the chance that all 4 machines will bite the dust along with all the image backups at the same time is quite rare.

Before doing this I gave Kee Pass a try but didn’t find it easy to use at all. YMMV. In any event I believe that a password manager is one of those essential security tools for any serious computer user who is on-line! IMHO.:cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

RetiredGeek,

I saw your “sync” comment and as I have just purchased RoboForm Desktop for two machines, I wondered if you’d elaborate. I want to move my passwords from my desktop to my laptop. I do not want to have to re-create them all over again.

Looks like just a copy from one to the other and leave the License file alone.

Sound right?

Which sync prg are you using? SyncToy or Microsoft Sync?

Thank you in advance.

HmS
Gettysburg PA
Retired Educator

David,

Disclosure: I’m a rabid RoboForm user…

In fact just today I upgraded my 2 licenses to version 7 and bought 2 more. They gave me a price of 15.64 ea. I consider this a bargain for the functionality RF provides. I use sync toy to keep the machines in sync {just remember not to sync the License.rfo file}. Every so often I also print out all my passcards and chuck them in the safe {just in case}. However, the chance that all 4 machines will bite the dust along with all the image backups at the same time is quite rare.

Before doing this I gave Kee Pass a try but didn’t find it easy to use at all. YMMV. In any event I believe that a password manager is one of those essential security tools for any serious computer user who is on-line! IMHO.:cheers:

Reply | Quote

David,

Disclosure: I’m a rabid RoboForm user…

In fact just today I upgraded my 2 licenses to version 7 and bought 2 more. They gave me a price of 15.64 ea. I consider this a bargain for the functionality RF provides. I use sync toy to keep the machines in sync {just remember not to sync the License.rfo file}. Every so often I also print out all my passcards and chuck them in the safe {just in case}. However, the chance that all 4 machines will bite the dust along with all the image backups at the same time is quite rare.

I have to agree, RoboForm is a great program and I’ve been using it for many years. I would be lost without it, and I use it’s ability to create passwords if I need a password for a new site I’m visiting…

Reply | Quote

I use LastPass and have been very pleased with it. After what appears to be a minor security breach recently, I did change my master password and all critical passwords. One thing you have to remember, strong passwords are important. Since LastPass does NOT store your master password, and has no way of sending it to you if you loose it, it’s important to remember what it is. If the data is stolen, and you had a weak master password, then your data might be cracked. If you had a strong master password with combinations of upper case and lower case letters, numbers and symbols, there is very little chance of having it cracked.

Also do not use the same passwords on all your sites. I tend to use the same passwords on non-critical sites, but use different, strong passwords on critical sites such as financial sites, etc.

Reply | Quote

I use the free version of LastPass as well and l like it very much. It makes my life much easier. With a very strong master password for LastPass you will be fine. Another nice feature is you can access your LastPass account and then use it on a different computer no matter where it is located, all you need to do is go to LastPass’s website and login to your account using this master password. Finally you can save all the information within LastPass (urls, usernames and passwords). I save mine to a text file, then I can store all these on a separate backup hd as well as print out a paper copy. All you do is go to LastPass’s site, use your master password to your LastPass Vault and under your Account Settings is the ability to inport, export etc all your info.

Reply | Quote

I’ve been using KeePass v1.x for several years and I’m very pleased with it. I currently have over 500 entries that, in addition to passwords, store userids, site URLs, login automation sequences, special notes (like the answers to those security questions), etc. My master password in very strong, but easy for ME to remember, and I only have to type it once to open the password database.

It would be impossible for me to remember the login information for each of these sites, much less try to come up with more that a few reasonably strong passwords, without something to help. Being portable, I can load the program and database on a USB thumb drive so I can log into these sites from anywhere I can plug my drive into.

I got into the habit of keeping my “utility” thumb drive with my keys so it always go with me when I leave.

Reply | Quote

KeePass is pretty good. I use Password Safe (http://passwordsafe.sourceforge.net/), also open source and free, also installable on a thumb drive, and understands UNC paths, so it can be stored in a secure location on a server and used elsewhere.

I personally have an aversion to storing anything critical and personal in the “cloud”. The “minor” security breach that LastPass experienced and the mysterious missing data issue that Carbonite had a couple of years ago are just the tip of what could go wrong. Not to mention, do we really know who’s working at these places?

Reply | Quote

KeePass is pretty good. I use Password Safe (http://passwordsafe.sourceforge.net/), also open source and free, also installable on a thumb drive, and understands UNC paths, so it can be stored in a secure location on a server and used elsewhere.

I personally have an aversion to storing anything critical and personal in the “cloud”. The “minor” security breach that LastPass experienced and the mysterious missing data issue that Carbonite had a couple of years ago are just the tip of what could go wrong. Not to mention, do we really know who’s working at these places?

A bit off topic, but I agree with you about the cloud. Even the bigger players have huge issues. A few weeks ago, Amazon had huge problems with people and enterprises locked out of their accounts for days. This week Google’s blogger service hasn’t yet recovered from a maintenace release. Now imagine this happening to you… either with a regular PC, or even the upcoming Chrome laptop.
So I do enjoy the cloud, but nothing serious for me goes on there. Not without a local copy, or better, multiple local copies.

Reply | Quote

A bit off topic, but I agree with you about the cloud. Even the bigger players have huge issues. A few weeks ago, Amazon had huge problems with people and enterprises locked out of their accounts for days. This week Google’s blogger service hasn’t yet recovered from a maintenace release. Now imagine this happening to you… either with a regular PC, or even the upcoming Chrome laptop.
So I do enjoy the cloud, but nothing serious for me goes on there. Not without a local copy, or better, multiple local copies.

I agree with your cloud sentiments…but let me clarify that with respect to LastPass. Your passwords are not stored in the cloud via LastPass. Only hashed and salted versions of them are there. So, it effectively takes a double hack (access to the encrypted hashes, and then decryption) to access your private data from LastPass. Not impossible, but…

Reply | Quote

Nortons Security Suite has a password storage app that seems really good. I use it all the time, but not for my financials.
What do you think of the Nortons password app?

Reply | Quote

I recommend you use a local password manager – KeePass, Password Safe etc – and store it on a USB drive, and keep a copy on-line for the times you can’t load a USB stick or lose it. Then you are the one who controls your data and don’t have to worry about people going out of business / being hacked.

KeePass is able to sync multiple databases, so it’s easy to keep different copies up to date.

cheers, Paul

Reply | Quote

I use Lastpass (free).

I don’t use it for critical passwords like the bank.

Reply | Quote

I use Steganos Password Manager and have for years. Many of us face the same problem with multiple computers. Steganos has a portable version built into the PC version. The portable syncs up with the PC so that when you change the PC password it shows up on the portable. They also have a mobile version but I don’t use it.
The main login is the same for both. Sort of like AMEX, I don’t leave home without it.
I highly recommend it!

Reply | Quote

A personal account — Yes, flaming myself, I was STUPID enough to use common passwords for multiple sites. Then, one account was accessed without my permission, using the STUPIDLY common password – I should have known better but was lazy and hubris said “It won’t happen to me”. Thankfully, no harm done, except to my self esteem. I now use a password manager – doesn’t matter which one – but the one I use has an Android phone, and ipone, and symbian (I think) app. No need to keep a thumb drive, I almost always have my phone with me. Once every 2 – 3 weeks, I synch all databases. Again,the synching is done simply – all passwords are only entered into a master database. Then I email a copy to myself. Or I copy it across to the phone using cable, bluetooth, whatever is running at the time.
The moral of this is that a) DON’T use common passwords – and I know, we all knew that one already.

Cheers all.

Reply | Quote

A personal account — Yes, flaming myself, I was STUPID enough to use common passwords for multiple sites. Then, one account was accessed without my permission, using the STUPIDLY common password

Sorry for your grief, and hopefully nothing was harmed. I use the exact same password for many sites, easy to remember, and I don’t really care. There are FAR too many to remember or code.

However, anything to do with mail or money, I have very complex p/w’s, that I store on a flash drive that is encrypted.

Reply | Quote

A BIG warning on Steganos Password Manager. I use an older version (7.x) on an old WinXP machine. All available updates for the software were applied. The company has since moved to newer versions with yearly enhancements. I stuck with Ver 7 as I didn’t need the newer features.

BIG mistake!!! A recent series of Windows .NET updates from Microsoft blew out Password Manager. It won’t open and gives a typical debug message. And, it apparently scrambled the actual password file. I tried importing into a later version (12) that I use on my Win7 PC. No luck as it won’t recognize the password for the Ver 7 password file. Even the backup file won’t work. I tried a Restore Point recovery on the XP box but that didn’t help either.

So, just because you keep your legacy software updated don’t assume some other company (Microsoft) can’t break it. I’ve just spent the better part of two days going through the various password reset procedures for the sites I can remember. I’m concerned about the stored passwrods for hardware devices, etc. The Steganos sync feature isn’t helpful here because the passwords from the Win7 and XP boxes need to be separate and distinct.

I know, I know, get off the old systems and software you say. Sounds fine in theory, but the practice sometimes won’t allow it.

Ron

Reply | Quote

I’ve used Roboform for years and recommended it to lots of people. Then they persuaded me that I needed to upgrade to V7. I was uneasy, because I didn’t actually want all my log-in and password details sitting on a server somewhere, but I eventually bought the upgrade – at which point the program ceased to recognise my master password. Several desperate emails to tech support later, and having tried their fixes to no avail, they suggested I uninstall V7 and reinstall V6. This worked insofar as my master password now works again to allow me to log into sites; but whenever I want to create a new passcard I am asked to confirm the master password, and under these circumstances the same password does not work. So having paid for an upgrade, I can use what I have but not create anything new. I am no longer a fan of Roboform, and as soon as I can find the time to source a reliable alternative I intend to uninstall it. I’ve already deleted my data from their server…..I hope…..

Reply | Quote

I have used Password Safe for many years and keep the file in dropbox. That way, I have access on all my computers and my phone and my Galaxy Tab.

It is free, makes automatic backups and keeps old versions of passwords if desired. It can be installed on a USB drive and carried around, too.

It has always worked well for me.

Reply | Quote

Thanks for the advice – much appreciated.

Reply | Quote

I also have been using Last Pass for over a year now. I occasionally get a minor hiccup (like having to tell it to fill in my user name and password) but find it to be 99% functional.

I generally create my own passwords but with variations I could never remember. Because I am not a very trusting type I also list all of my sites and their passwords in a folder in MS Outlook and keep it current “just in case”. That folder is also included with my critical daily backups.

Reply | Quote

I also have been using Last Pass for over a year now. I occasionally get a minor hiccup (like having to tell it to fill in my user name and password) but find it to be 99% functional.

I generally create my own passwords but with variations I could never remember. Because I am not a very trusting type I also list all of my sites and their passwords in a folder in MS Outlook and keep it current “just in case”. That folder is also included with my critical daily backups.

And can’t the whole Universe see and read that Outlook Folder? Why use any passwords at all if anyone who hacks into your Outlook Account has all your passwords at their fingertips?

-- rc primak

Reply | Quote

And can’t the whole Universe see and read that Outlook Folder? Why use any passwords at all if anyone who hacks into your Outlook Account has all your passwords at their fingertips?

Please tell us how to protect Outlook, or anything else, from hackers, now that you have raised the subject.

Reply | Quote

Please tell us how to protect Outlook, or anything else, from hackers, now that you have raised the subject.

We had a joke where I used to work that Outlook was a VTP. Virus Transfer Protocol. That said, Outlook is a fine program for calendaring, e-mail and a host of other things, but it is not secure unless you are connecting to an Exchange server. Storing passwords in personal copy of Outlook is dangerous because they are in clear text. As Mr. Primak said, there is no security to this way of storing them, so why use a strong password if your going to store them in unencrypted. One might as well write them on a piece of paper and post them next the PC.

Securing Outlook or anything else is a matter of using common sense, a large part of which is securing your entire PC and your home network.

Reply | Quote

I’ve used Roboform for years and recommended it to lots of people. Then they persuaded me that I needed to upgrade to V7. I was uneasy, because I didn’t actually want all my log-in and password details sitting on a server somewhere, but I eventually bought the upgrade – at which point the program ceased to recognise my master password. Several desperate emails to tech support later, and having tried their fixes to no avail, they suggested I uninstall V7 and reinstall V6. This worked insofar as my master password now works again to allow me to log into sites; but whenever I want to create a new passcard I am asked to confirm the master password, and under these circumstances the same password does not work. So having paid for an upgrade, I can use what I have but not create anything new. I am no longer a fan of Roboform, and as soon as I can find the time to source a reliable alternative I intend to uninstall it. I’ve already deleted my data from their server…..I hope…..

JDO,

I had this same problem with my Wife’s machine. She had been complaining before I upgraded to RF7 but I thought it was just her. Well some how she had some PW protected with one PW and some other’s with another PW. How this happened I’m not sure but it may have been from copying old .rfp files after changing the Master Password {I keep the Master PW the same as her Win-7 logon which I recently strengthened}. However, the fix is to Unprotect all the Passwords. Change the Master PW {this can be back to the one of the same ones} then reprotect all the PWs. Also make sure the Automatically Protect option is set. This procedure cleared up all her problems. :cheers:

BTW: Did you upgrade to the RF Anywhere version? I upgraded to the Desktop version as I like other posters here just don’t trust this kind of information to the Cloud!

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Interesting, RetiredGeek! I did upgrade to RF Anywhere, but if I ever manage to get this sorted out, and recover my faith in the basic software, I may try the desktop-only version. I have only ever had one master password for everything in Roboform, but somehow during the upgrade, this appears to have been changed or corrupted. One of the solutions the RF techies suggested was to “refresh” the master, but following their instructions to the letter had no effect at all. Downgrading back to V6 allowed partial recovery, but not complete. I have just tried your suggestion, but RF will not allow me to unprotect anything without entering the master, and when I do it says this is unrecognised. So I’m still stuck, I fear.

Reply | Quote

What about Linux and Mac? I regularly use both Win 7 and Mac and occasionally a Linux machine. Is there a program I can put on a USB drive that would work with all three? Or a web-based solution that would work with all three?

Reply | Quote

Anyone ever give a look at PasswordCard http://www.passwordcard.org/en ? I keep coming back to it, but haven’t invested a lot of energy in it yet. I suspect it is either a really good and clever idea, or a really stinky one — no middle ground, one or the other. I first came across it in June 2010, but haven’t seen any buzz about it elsewhere. They’ve recently added mobile apps (iPhone/iPod, Android, etc.), which may mean nothing in the long run.

Anyway, just curious if there are any opinions one way or the other.

JustGeorge

Reply | Quote

Anyone ever give a look at PasswordCard http://www.passwordcard.org/en ? I keep coming back to it, but haven’t invested a lot of energy in it yet. I suspect it is either a really good and clever idea, or a really stinky one — no middle ground, one or the other. I first came across it in June 2010, but haven’t seen any buzz about it elsewhere. They’ve recently added mobile apps (iPhone/iPod, Android, etc.), which may mean nothing in the long run.

Anyway, just curious if there are any opinions one way or the other.

JustGeorge

I’d give an experienced hacker twenty minutes to crack this or any other handwritten cryptographic mnemonic card.

-- rc primak

Reply | Quote

I’d give an experienced hacker twenty minutes to crack this or any other handwritten cryptographic mnemonic card.

I think this would actually be pretty secure. There are hundreds if not thousands of possibilities and you could easily add your own spin to it, for example, every capital E in specific columns is really a 3. Anyone who want to hack a password uses a powerful computer to do it, they won’t sit and do so manually. This all assumes they know the person they are trying to hack is using this card.

Where I have trouble with the idea of the “password card” is that memorizing the color codes and symbols is no easier than remembering passwords for dozens if not hundreds of accounts. I have at least 25 different accounts for work alone! And at least 50 for personal use.

Reply | Quote

What about Linux and Mac? I regularly use both Win 7 and Mac and occasionally a Linux machine. Is there a program I can put on a USB drive that would work with all three? Or a web-based solution that would work with all three?

LastPass works for all three OSes.

-- rc primak

Reply | Quote

Regarding the question “what if my password manager vendor goes out of business?” Like others I occasionally print my passwords and store them in a secure location. I also use the paid version of LastPass so that I can use their off-line program, LastPass Pocket. It keeps an encrypted version of your data on your hard drive. I keep date-stamped versions of my offline file in a variety of places so I am hopefully protected from the worst scenarios. I used to use KeePass and really liked it (my wife still uses it) but since I operate on multiple computers the convenience of having a synced version of my passwords won out.

I was concerned about putting such important data in the cloud but was convinced that LastPass did it right by Steve Gibson’s Security Now! episode 256 (http://www.grc.com/securitynow.htm). As others have noted, your data is stored encrypted and LastPass does not have the key.

Reply | Quote

I’ve been using LastPass for over a year. I have yet to get comfortable with it’s user interface. The program seems quirky in other ways. I’m reading this thread to pick another password manager to try. Since LastPass is the only one I’ve ever used, it may be the best, but I’m ready to try something different. They did handle their security breach admirably, but ever since I reset my master password, it seems flakier than ever.

Reply | Quote

Well, I built an Excel spreadsheet with a line for each name, account number and url that is clickable, but the password column has a 2 digit reference code that needs to be looked up on another spreadsheet.

The spreadsheets are locked up using MS Excel encryption and then kept in a TrueCrypt vault on a flash drive.

Is this enough? Too much? It’s actually pretty quick to use.
I tried RoboForm but took it off when the machine seemed to be slowing down and it was taking quite a few cycles

Reply | Quote

Well, I built an Excel spreadsheet with a line for each name, account number and url that is clickable, but the password column has a 2 digit reference code that needs to be looked up on another spreadsheet.

The spreadsheets are locked up using MS Excel encryption and then kept in a TrueCrypt vault on a flash drive.

Is this enough? Too much? It’s actually pretty quick to use.
I tried RoboForm but took it off when the machine seemed to be slowing down and it was taking quite a few cycles

Excel password protection is not secure (possibly Office 2007 or 2010 is more secure) – look at the many sites offering to bypass password protected Office files!

Keeping the files in a TrueCrypt container probably offers the best protection in your situation. I used to use a password-protected Word file for the same purpose, and I kept that in a TrueCrypt container, too.

I migrated to KeePass so I don’t have to add the steps to mount my TrueCrypt container each time I want to access a password-protected site. KeePass is portable (TrueCrypt is “portable”, too, but does leave some things behind after use), so keeping the program and database on a thumb drive or online in my Windows Live account lets me use it anywhere.

Reply | Quote

I have a slightly different approach.

I use iAccounts on my iPhone. Purchasing iAccounts gave me a free copy of iBackup to run on my main workstation.

The process I use is to generate strong passwords held on the iPhone in iAccounts behind a strong master password in the app. If the master password is entered incorrectly 5 times the encrypted database in iAccounts is zapped. I can sync over the air to iBackup on the workstation and copy/paste passwords from there into websites, remote PC’s and servers etc.

The iPhone is also connected to an Exchange server so it has an unlock PIN too. I also have the ability to remote wipe the phone for extra security.

To backup the iBackup database on the workstation, I use a TrueCrypt container which holds an export of the database.

The TrueCrypt container is then backed up onto more than one location every night along with the rest of the workstation.

Complicated? Over-the-top? Not for business purposes I think. At it’s simplest level, my iPhone has a dynamic and portable record of all my passwords and this is synced to my workstation which is securely backed-up.

Reply | Quote

Using the same password for multiple accounts is a bad idea. Using “easy” passwords is a bad idea; passwords should all look like random collections of characters. Passwords should be changed regularly. As a result of all this, we are left with the task of trying to remember a large number of seemingly random strings of characters, in effect an impossible task. The solution, say the experts, is to use a password manager like Roboform or LastPass. But I have trouble working with them. I’m not locked in to a single computer: I often use the computers of friends or colleagues, or an iPod. Do I have to make sure I have Roboform on a thumb drive every time I go out the front door? Some computers don’t allow thumb drives. What if LastPass goes out of business or has a technical hiccup? Wouldn’t I completely lose access to all the sites I’ve signed up for? Maybe I’m missing something here, but I’m deeply puzzled by the question of how to manage the many dozens of passwords I need.

I use LastPass and consider it to be a real “must have” tool as I use different passwords and different computers every day. I have a different LastPass database for each client.

Lastpass has addressed the issue of their servers being inaccessible or even gone forever in two ways. First, on any computer where you have installed the LastPass plugin you have a local copy of your LastPass data. They provide a free tool, Pocket LastPass, which “… (p)rovides backup capability and offline access for your LastPass vault.” They have made it easy to leave LastPass if you need to, so you can feel comfortable using it. Get Pocket LastPass here: https://lastpass.com/misc_download.php — and read up on exporting from LastPass here: Exporting « LastPass User Manual http://helpdesk.lastpass.com/tools/exporting/

Compare this to RoboForm — the current version has NO EXPORT CAPABILITY. Earlier versions allowed you to export your data, but the most recent versions has lost that feature. If you have more than a few passwords you have to open each password entry individually and hand-copy the data, then paste it to something else. I was VERY annoyed when I discovered that RoboForm had removed this capability and I no longer recommend it to clients because of this.

Every so often I also print out all my passcards and chuck them in the safe {just in case}.

I suppose you could “export” all your RoboForm passwords by printing to a PDF, but you would still have to enter them into your new password manager one at a time.

Reply | Quote

I saw a tip from RetiredGeek about moving the Roboform files. Copy all BUT the license.rfo to the other machine. I just did that and it worked.

HmS
Getysburg, PA

Reply | Quote

I’m not locked in to a single computer: I often use the computers of friends or colleagues, or an iPod. Do I have to make sure I have Roboform on a thumb drive every time I go out the front door? Some computers don’t allow thumb drives.

I’m a RoboForm fan. Like a previous poster, the initial v7 upgrade from v6 was a disaster (shame on RoboForm for that), but they quickly released an update, and since then all has been well.

In v7, the RoboForm Everywhere sounds like it might help you somewhat (but not entirely). Creating mnemonic passwords might also help (such as using a run-on sentence that’s easier to remember than an abstract character string).

The bigger issue is that you want to securely access important sites (banking? investing? email?) on computers over which you don’t have any control (which is why you can’t use RoboFormToGo on a flash drive or install a RoboForm Everywhere client). In my mind, the real question is whether this promiscuous computing is really such a good idea. Even unique, strong passwords can be trapped by key-logging or WiFi sniffing, and a strange computer may have more security holes than you can shake a stick at. Yeah, it’s convenient to just grab any old keyboard and go, but all it takes is one major security breach to blow that convenience factor all to hell (one identity theft can follow you around for a decade or two, as my wife can attest).

One last thought (though it doesn’t mitigate everything I just said): I’ve read about flash-drive devices that carry an entire operating environment (with browser and mobile apps), bypassing any malware that runs from the computer’s HDD. As long as a system can boot from USB, you can use such a device, even on a system that blocks USB after boot. This still doesn’t address the possible network vulnerabilities, though.

Reply | Quote

I’m a RoboForm fan. Like a previous poster, the initial v7 upgrade from v6 was a disaster (shame on RoboForm for that), but they quickly released an update, and since then all has been well.

In v7, the RoboForm Everywhere sounds like it might help you somewhat (but not entirely). Creating mnemonic passwords might also help (such as using a run-on sentence that’s easier to remember than an abstract character string).

The bigger issue is that you want to securely access important sites (banking? investing? email?) on computers over which you don’t have any control (which is why you can’t use RoboFormToGo on a flash drive or install a RoboForm Everywhere client). In my mind, the real question is whether this promiscuous computing is really such a good idea. Even unique, strong passwords can be trapped by key-logging or WiFi sniffing, and a strange computer may have more security holes than you can shake a stick at. Yeah, it’s convenient to just grab any old keyboard and go, but all it takes is one major security breach to blow that convenience factor all to hell (one identity theft can follow you around for a decade or two, as my wife can attest).

One last thought (though it doesn’t mitigate everything I just said): I’ve read about flash-drive devices that carry an entire operating environment (with browser and mobile apps), bypassing any malware that runs from the computer’s HDD. As long as a system can boot from USB, you can use such a device, even on a system that blocks USB after boot. This still doesn’t address the possible network vulnerabilities, though.

If you do not control the computer, it is very unlikely that the owner of the computer will allow use of Flash-Drive based Operating Systems. They can be blocked, and are almost always blocked at public computers. This is a security precaution to prevent hacking the computer or its network. This is also why U3 Portable Apps never really caught on.

-- rc primak

Reply | Quote

The bigger issue is that you want to securely access important sites (banking? investing? email?) on computers over which you don’t have any control (which is why you can’t use RoboFormToGo on a flash drive or install a RoboForm Everywhere client). In my mind, the real question is whether this promiscuous computing is really such a good idea. Even unique, strong passwords can be trapped by key-logging or WiFi sniffing, and a strange computer may have more security holes than you can shake a stick at. Yeah, it’s convenient to just grab any old keyboard and go, but all it takes is one major security breach to blow that convenience factor all to hell (one identity theft can follow you around for a decade or two, as my wife can attest).

My answer to this is a couple of questions: Why make yourself a victim by logging into personal finance sites on a public computer? You wouldn’t leave valuables in motel room or your cell phone or camera visible on the front seat of your locked car, would you? At least I don’t. And neither will I use public computers for personal business. I do carry a netbook when traveling that has no personal data on it. Then if I really need to access my bank account, I can do so and my most used passwords are memorized so need for a password manager, but I never use it for that anyway. I also carry a flash drive with a copy of Password Safe, again if I really need it. The netbook is used primarily for checking the weather, dropping photos on while traveling, and playing games when sitting and waiting for something to happen.

Reply | Quote

Back in the days when I had a Palm, I found SplashID very useful. It had a desktop component that synced up with the Palm. I installed the desktop component on several computers (all PCs) which I used daily, and I had easy access to all my passwords. Now I have a Blackberry, and although I had to buy SplashID again for the new smartphone, and it had a different desktop component, I was able to transfer my passwords without any trouble. (Export from the old one, import into the new one.) Recently, I was without my Blackberry for a few days, but was still able to retrieve my passwords using the desktop software. When the replacement arrived, I was also able to restore them to the Blackberry. SplashID may have a cost for its use, but being able to preserve my passwords through all the various platforms that come and go in my life has been worth it to me.

I use Xmarks for syncing bookmarks across the various browsers I have to use, and they were bought by LastPass. XMarks has worked flawlessly for me. Enough so that if I ever find that SplashID no longer works for me, I would seriously consider switching to LastPass.

Reply | Quote

I’ve used a few different password managers a few years ago, but settled on KeePass. I keep the app and the database on a thumb drive and its backed up on an external HD in addition, on my laptop. I’ve had no problems and it works perfectly for me. I have a 20+ character master password.

Reply | Quote

I was a longtime RoboForm user and fan. When I bought a netbook, I put LastPass on it and liked it so much that I eventually put it on my old desktop and now my new desktop as well. Indeed, even though I had bought a license for RoboForm 7 (desktop), intending to put it on my new computer, I’ve found I like LastPass so much that I haven’t bothered to install RoboForm.

Reply | Quote

I have been using Password Depot, http://www.password-depot.com/, for many years.
It works very well, and if you program it, simple, it will fill in user name and password
for a website with a single click. Very good, well programmed, useful password manager.

Reply | Quote

Ron,

You need to be more paranoid! I regularly print all my information from RoboForm to a PDF file, put it on a flash drive and throw it into the safe. I also keep a PW protected copy of the PDF on my Credit Unions vault storage site (so it is protected by 2 passwords) for access anywhere any time. I’m just sayin’ HTH :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

RG:
I’m a new user of RoboForm and I can’t find what you suggest above (printing info to a PDF).
How do you do that?
Thanks,
retired non-geek

Reply | Quote

Dick,

Open up the RoboForm Editor.
Click on the dropdown arrow on the RoboForm Icon at the top left of the Editor window.
34595-RBPrint
Select Print List…
Select the items to print.
Select the desired output format.
Click Print
Now you’re in the standard windows print dialog just select your Print to PDF printer. If you don’t have one you can download either PrimoPDF or Nitro PDF Reader 3 (contains a PDF printer also). I currently have both installed and they both work just fine. However, the PrimoPDF interface is a little more helpful. HTH :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote