Welcome to the North American Subaru Impreza Owners Club Thursday March 28, 2024
Home Forums Images WikiNASIOC Products Store Modifications Upgrade Garage
NASIOC
Go Back   NASIOC > NASIOC Miscellaneous > Off-Topic

Welcome to NASIOC - The world's largest online community for Subaru enthusiasts!
Welcome to the NASIOC.com Subaru forum.

You are currently viewing our forum as a guest, which gives you limited access to view most discussions and access our other features. By joining our community, free of charge, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is free, fast and simple, so please join our community today!

If you have any problems with the registration process or your account login, please contact us.







* As an Amazon Associate I earn from qualifying purchases. 
* Registered users of the site do not see these ads. 
Reply
 
Thread Tools Display Modes
Old 06-28-2013, 11:21 AM   #51
RacecaR
Scooby Newbie
 
Member#: 228070
Join Date: Oct 2009
Chapter/Region: Tri-State
Location: (ง'-')ง
Vehicle:
.... t('-'t)

Default

Quote:
Originally Posted by dr_wheel View Post
Using a password manager is like putting every key you own in 1 box, locked with a single key.
* Registered users of the site do not see these ads.
RacecaR is offline   Reply With Quote
Sponsored Links
* Registered users of the site do not see these ads.
Old 06-28-2013, 11:28 AM   #52
f4phantomii
Scooby Specialist
 
Member#: 58504
Join Date: Mar 2004
Chapter/Region: South East
Location: Ready to try OpenECU.org!!!
Vehicle:
2004 STi
Aspen White / Silver

Default

I use OI Safe on my phone.

It uses 256bit encryption on the file.

So you have to be able to get into my phone, then know the master password for OI Safe.

As an added measure, any password that needs to be truly secure (banking, 401k, etc.) is just a hint rather than the actual password. Typically those actual passwords are long, nonsensical phrases in which I have substituted special characters or numbers for some of the letters.
f4phantomii is online now   Reply With Quote
Old 06-28-2013, 11:33 AM   #53
Neek
Scooby Specialist
 
Member#: 3400
Join Date: Jan 2001
Chapter/Region: South East
Location: Boca Raton, FL
Vehicle:
2016 Red Pirate Cat
1981 CJ-7

Default

Quote:
Originally Posted by dr_wheel View Post
Using a password manager is like putting every key you own in 1 box, locked with a single key.
Very true, but a super secret, well hidden key.

Quote:
Your Security Is Our Priority

LastPass is an evolved Host Proof hosted solution, which avoids the stated weakness of vulnerability to XSS as long as you're using the add-on. LastPass strongly believes in using local encryption, and locally created one way salted hashes to provide you with the best of both worlds for your sensitive information: Complete security, while still providing online accessibility and syncing capabilities. We've accomplished this by using 256-bit AES implemented in C++ and JavaScript (for the website) and exclusively encrypting and decrypting on your local PC. No one at LastPass can ever access your sensitive data. We've taken every step we can think of to ensure your security and privacy.
Availability

You need to always have access to your data, we've accomplished this in multiple ways, first we have 2 data-centers in production service, second we store your encrypted data on your local PC when you login, so that if LastPass.com can't be reached, you can still login to the add-on and get to your accounts. The website is usable without the add-on installed (the Encryption and Decryption happens in JavaScript which you can see happen on some forms), but we take advantage of faster encryption available in the add-ons if they're available. We also have a mobile site m.lastpass.com if you're on your phone.
Security

On Windows, LastPass helps find insecure passwords stored on your computer so you can store them securely in LastPass and remove the easy access by malicious software. LastPass uses SSL exclusively for data transfer even though the vast majority of data you're sending is already encrypted with 256-bit AES and unusable to both LastPass and any party listening in to the network traffic -- the amount of data is trivial so the extra encryption doesn't hurt. Our policy of never receiving private data that you haven't already locked down with your LastPass master password (which we never receive and will never ask for) radically reduces attack vectors. We use firewalls and best practices to protect the servers and service, but our best line of defense is simply not having access to data even if someone got in. If LastPass can't access it, hackers can't either. A large number of PBKDF2-SHA256 rounds are utilized to create your key, with the ability to increase the number of rounds over time to render brute forcing your master password impossible.
Sharing Accounts With Friends

LastPass uses public key cryptography specifically RSA from Crypto++ and jsbn to allow you to share your accounts with trusted parties, without ever sharing it with LastPass. We should still remind you to first use our Generate Password feature to create a unique password for the account before sharing it: once shared it's possible for the person you share it with to obtain the password.
Automated Testing

LastPass uses Paros to help verify it hasn't made common mistakes that could result in a XSS or SQL Injection attack, and Funkload to verify performance and create functional tests that are run by Nagios. Microsoft's Application Verifier and other tools are used to help identify common problems in the IE add-on. Mozilla also has a number of tools for the Firefox add-on. We also ask when you install if the application can send error reports (without identifying information in them) to LastPass which helps us continually improve.
Code Reviews

All changes to the code base result in an email to the technical staff to review for security, privacy and compliance to company policies.
Package management

apticron is used to ensure we keep our packages up to date.
I don't know what 90% of that crap means, but I have a friend who does and says it makes the key super secret and well hidden.
Neek is offline   Reply With Quote
Old 06-28-2013, 12:00 PM   #54
PARANOID56
Scooby Guru
 
Member#: 22035
Join Date: Jul 2002
Chapter/Region: SCIC
Location: San Diego, CA
Vehicle:
2014 Brocoma DCab
71 FJ40, 13 DRZ400SM

Default

just use a bunch of words

My Voice Is My Passport, Verify Me
PARANOID56 is offline   Reply With Quote
Old 11-11-2016, 08:02 AM   #55
ptirmal
Scooby Specialist
 
Member#: 82243
Join Date: Mar 2005
Chapter/Region: Tri-State
Location: Philly
Vehicle:
13' BMW X3 35i

Default

Lastpass multi-device sync is now free:
https://blog.lastpass.com/2016/11/ge...now-free.html/
ptirmal is offline   Reply With Quote
Old 11-11-2016, 08:03 AM   #56
ptirmal
Scooby Specialist
 
Member#: 82243
Join Date: Mar 2005
Chapter/Region: Tri-State
Location: Philly
Vehicle:
13' BMW X3 35i

Default

Lastpass multi-device sync is now free:
https://blog.lastpass.com/2016/11/ge...now-free.html/
ptirmal is offline   Reply With Quote
Old 11-11-2016, 09:16 AM   #57
Grap
*** Banned ***
 
Member#: 6590
Join Date: May 2001
Location: **** this server...
Default

Thank you!
Grap is offline   Reply With Quote
Old 11-11-2016, 02:37 PM   #58
teamjordan23
Scooby Newbie
 
Member#: 105025
Join Date: Jan 2006
Chapter/Region: Tri-State
Vehicle:
Has quit OT.

Default

Quote:
Originally Posted by ptirmal View Post
Lastpass multi-device sync is now free:
https://blog.lastpass.com/2016/11/ge...now-free.html/
So would it be worthwhile moving over from Keepass (also have Enpass Pro but never used it)?

On a semirelated note, it amazes me there are still people that don't use 2FA. I need to find a good 2FA app, right now I'm using FreeOTP which isn't bad but limited.
teamjordan23 is offline   Reply With Quote
Old 11-11-2016, 03:04 PM   #59
ptirmal
Scooby Specialist
 
Member#: 82243
Join Date: Mar 2005
Chapter/Region: Tri-State
Location: Philly
Vehicle:
13' BMW X3 35i

Default

Quote:
Originally Posted by teamjordan23 View Post
So would it be worthwhile moving over from Keepass (also have Enpass Pro but never used it)?

On a semirelated note, it amazes me there are still people that don't use 2FA. I need to find a good 2FA app, right now I'm using FreeOTP which isn't bad but limited.
Never used keepass so couldn't say. But they don't have browser add-ons do they? I like the syncing between the mobile apps and browser and the sync between them. Lastpass does 2FA too. I like using a mix of my cell and lastpass for 2FA.
ptirmal is offline   Reply With Quote
Old 11-11-2016, 03:05 PM   #60
RoadTrippa
*** Banned ***
 
Member#: 433719
Join Date: Nov 2015
Vehicle:
2005 WRX Wagon
Blue

Default

keepass

Free
Encrytped
You're welcom
RoadTrippa is offline   Reply With Quote
Old 11-11-2016, 03:07 PM   #61
Garandman
Scooby Specialist
 
Member#: 101117
Join Date: Nov 2005
Chapter/Region: NESIC
Location: Dorchester MA / Sunapee NH
Vehicle:
2005 Outback 3.0R
Red

Default

Quote:
Originally Posted by Salvation27 View Post
my password is password
Could be worse, it could be "FieldService."
Garandman is offline   Reply With Quote
Old 11-11-2016, 03:23 PM   #62
NutBucket
Scooby Specialist
 
Member#: 90804
Join Date: Jul 2005
Chapter/Region: SCIC
Location: SFV
Vehicle:
2021 Ascent
2012 Accord

Default

Lastpass for me.
NutBucket is offline   Reply With Quote
Old 11-11-2016, 03:37 PM   #63
teamjordan23
Scooby Newbie
 
Member#: 105025
Join Date: Jan 2006
Chapter/Region: Tri-State
Vehicle:
Has quit OT.

Default

Quote:
Originally Posted by ptirmal View Post
Never used keepass so couldn't say. But they don't have browser add-ons do they? I like the syncing between the mobile apps and browser and the sync between them. Lastpass does 2FA too. I like using a mix of my cell and lastpass for 2FA.
I think it does. The "problem" with Keepass is since it's open source, there are many unofficial plugins. I wouldn't have a clue if they are safe. So browsers I manually enter passwords.
teamjordan23 is offline   Reply With Quote
Old 11-11-2016, 04:00 PM   #64
Malfrag
Scooby Newbie
 
Member#: 14288
Join Date: Jan 2002
Chapter/Region: E. Canada
Location: Poutinesburg, QC
Vehicle:
2024 AWD tugboat
Alpine Green

Default

Quote:
Originally Posted by teamjordan23 View Post
I think it does. The "problem" with Keepass is since it's open source, there are many unofficial plugins. I wouldn't have a clue if they are safe. So browsers I manually enter passwords.
In my opinion, if you use keepass for just storing passwords without relying on browser plugins and external programs, it should be quite safe. The database file is encrypted with strong cyphers. You just have to deal with the issue of carrying the database with you.

If you own a server you could store the database file on the net and put it in an sshfs volume that you could mount on whatever device you need. It's a decent way to reduce your reliance on third-party services or any "cloud" bull****.
Malfrag is offline   Reply With Quote
Old 11-11-2016, 04:19 PM   #65
teamjordan23
Scooby Newbie
 
Member#: 105025
Join Date: Jan 2006
Chapter/Region: Tri-State
Vehicle:
Has quit OT.

Default

Quote:
Originally Posted by Malfrag View Post
In my opinion, if you use keepass for just storing passwords without relying on browser plugins and external programs, it should be quite safe. The database file is encrypted with strong cyphers. You just have to deal with the issue of carrying the database with you.

If you own a server you could store the database file on the net and put it in an sshfs volume that you could mount on whatever device you need. It's a decent way to reduce your reliance on third-party services or any "cloud" bull****.
A server is way over my head.

I'll stick to Keepass for now.
teamjordan23 is offline   Reply With Quote
Old 11-11-2016, 05:05 PM   #66
ptirmal
Scooby Specialist
 
Member#: 82243
Join Date: Mar 2005
Chapter/Region: Tri-State
Location: Philly
Vehicle:
13' BMW X3 35i

Default

Quote:
Originally Posted by teamjordan23 View Post
I think it does. The "problem" with Keepass is since it's open source, there are many unofficial plugins. I wouldn't have a clue if they are safe. So browsers I manually enter passwords.
Kind of defeats the purpose then, not really a manager just a storage container. That's what I was doing before, lastpass is way better.
ptirmal is offline   Reply With Quote
Old 11-11-2016, 05:16 PM   #67
RoundtheBend
Scooby Specialist
 
Member#: 5034
Join Date: Mar 2001
Chapter/Region: NWIC
Location: Auburn, WA
Vehicle:
2004 Money Pit
silverish-mud

Default

I'm using lastpass premium with a yubikey (with nfc so I can use it with my phone) for my 2FA option on most accounts that will accept it.

I just started using Authy because it allows me to use any device I have handy (phone or tablet or laptop) for those sites that don't accept yubikey or only use google authenticator-type 2FA.
RoundtheBend is offline   Reply With Quote
Old 11-11-2016, 06:04 PM   #68
Malfrag
Scooby Newbie
 
Member#: 14288
Join Date: Jan 2002
Chapter/Region: E. Canada
Location: Poutinesburg, QC
Vehicle:
2024 AWD tugboat
Alpine Green

Default

<paranoid>Never trust anybody with your data</paranoid>
Malfrag is offline   Reply With Quote
Old 11-11-2016, 06:18 PM   #69
lag
Scooby Newbie
 
Member#: 34631
Join Date: Mar 2003
Chapter/Region: MAIC
Location: Momma Didn't Love Me
Default

Quote:
Originally Posted by Malfrag View Post
<paranoid>Never trust anybody with your data</paranoid>
Agreed.


Create complex passwords that are easy to remember for you but complex to guess for a computer/software.


lag is offline   Reply With Quote
Old 11-11-2016, 07:05 PM   #70
Malfrag
Scooby Newbie
 
Member#: 14288
Join Date: Jan 2002
Chapter/Region: E. Canada
Location: Poutinesburg, QC
Vehicle:
2024 AWD tugboat
Alpine Green

Default

Quote:
Originally Posted by lag View Post
Agreed.

Create complex passwords that are easy to remember for you but complex to guess for a computer/software.
Mnemonics are quite helpful.

Knowing that people trust online services to store all their passwords makes me cringe. I don't care what it says on the brochure about how secure they say they are.
Malfrag is offline   Reply With Quote
Old 11-11-2016, 07:43 PM   #71
ptirmal
Scooby Specialist
 
Member#: 82243
Join Date: Mar 2005
Chapter/Region: Tri-State
Location: Philly
Vehicle:
13' BMW X3 35i

Default

Quote:
Originally Posted by Malfrag View Post
Mnemonics are quite helpful.

Knowing that people trust online services to store all their passwords makes me cringe. I don't care what it says on the brochure about how secure they say they are.
ptirmal is offline   Reply With Quote
Old 11-13-2016, 10:31 PM   #72
IceWilly
Scooby Specialist
 
Member#: 126081
Join Date: Sep 2006
Chapter/Region: NESIC
Location: Milford, CT
Default

Maybe you guys can give me the quick run down on LastPass.

More specifically these questions:
-In what situations will I have to use my master password?
-Will I need apps or browser extensions on all the computers I intend to log into websites using last pass?
-What options do I have to log into sites without these apps/extensions?
-Assuming someone key logs my master password, that gives them all the keys to the castle or I assume there is still 2FA?

I don't see it being an issue on my home PC and phone, but for work computers, wifes computer, etc etc it would be nice to have alternatives that don't require programs installed. I know there are 1 time passwords, but I don't know how those work.

I've been meaning to do a big refresh to my list of passwords, but if I do that I figure I might as well roll them into a system at the same time.
IceWilly is offline   Reply With Quote
Old 11-15-2016, 11:22 AM   #73
IceWilly
Scooby Specialist
 
Member#: 126081
Join Date: Sep 2006
Chapter/Region: NESIC
Location: Milford, CT
Default

bump for the day crew
IceWilly is offline   Reply With Quote
Old 11-15-2016, 12:15 PM   #74
Grap
*** Banned ***
 
Member#: 6590
Join Date: May 2001
Location: **** this server...
Default

Quote:
Originally Posted by lag View Post
Agreed.


Create complex passwords that are easy to remember for you but complex to guess for a computer/software.


Brilliant!!

Now find a current computer system that allows that type of password...go ahead, I'll wait.
Grap is offline   Reply With Quote
Old 11-15-2016, 12:20 PM   #75
VpointVick
Scooby Specialist
 
Member#: 93193
Join Date: Aug 2005
Chapter/Region: South East
Location: Charlotte
Vehicle:
'03 325iT
Mysticblau

Default

Quote:
Originally Posted by Grap View Post
Brilliant!!

Now find a current computer system that allows that type of password...go ahead, I'll wait.
That's the joke.
VpointVick is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

All times are GMT -4. The time now is 09:09 PM.


Powered by vBulletin® Version 3.7.0
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Powered by Searchlight © 2024 Axivo Inc.
Copyright ©1999 - 2019, North American Subaru Impreza Owners Club, Inc.

As an Amazon Associate I earn from qualifying purchases.

When you click on links to various merchants on this site and make a purchase, this can result in this site earning a commission
Affiliate programs and affiliations include, but are not limited to, the eBay Partner Network.