More good questions on password management

Topic

New Reply

	LANGALIST PLUS More good questions on password management
	By Fred Langa As PC users rethink how they manage their passwords, interesting questions emerge. For example, what happens if someone hacks the site that’s storing your passwords? And are browser-based password managers safe?

---

The full text of this column is posted at windowssecrets.com/langalist-plus/more-good-questions-on-password-management/ (paid content, opens in a new window/tab).

Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

[/tr][/tbl]

Reply | Quote

Replies

Hello Fred,

I think that I may have raised this issue previously, but I still do not have a good answer to the problem.

I use Lastpass, and have done so for many years. However, most bank sites in the UK require multiple levels of login information.

The first screen usually asks for the standard username/userid and password. Then a second screen asks for random characters from another piece of information. A third screen may even ask for more digits from yet another memorized number, sometimes using an onscreen keyboard with randomised numbers.

Sometimes I have been able to use Lastpass to store several pieces of information for one website (say, one entry per screen with different URLs), but that does not help with random requests.

I do not have an answer, as I said before.

Th bottom line is that I use Lastpass wherever possible and to the extent that it will allow, but I cannot see how Lastpass (or any other password manager) could cope with these enhanced security features on UK banks’ websites.

Reply | Quote

I use KeePass and it handles “random” data requests easily, but this use requires you to manually set up the process in KeePass, which can be a bit of work. Luckily the KeePass forum is very helpful.

cheers, Paul

Reply | Quote

Fred Langa says “So the best password managers bypass the keyboard buffer. ”
Which are they,please?

Reply | Quote

Bypassing the keyboard buffer can be done by using drag n drop or injecting the data directly into your browser. Unfortunately the bad guys know how to extract the data from the browsers so if your computer is compromised all bets are off.
I suggest you try a few managers and see which one works for you, then invest time and maybe money in ensuring your PC is free from malicious software.

cheers, Paul

Reply | Quote