Passwords

Started by Mark, January 10, 2022, 11:41:34 AM

« previous - next »
Print
Go Down Pages1
User actions

Mark

January 10, 2022, 11:41:34 AM Last Edit: January 10, 2022, 11:49:04 AM by Mark
I see lots of errors with passwords in the forum error log. I know plenty like their little black notebooks but let me tell you what I have done over the years.

First was a little program that you put a password into and it opened up a little database where you could store a range of data on whatever subject you wanted. I still have it and occasionally use it.

Then I found a program/browser extension called LastPass. They got bought out went commercial plus had a data breach. So I looked for and found an alternative OpenSource solution called Bitwarden. You have just the one complex master password which you remember. You could even stash it away in that little black notebook. It will run as an extension with most browsers and once the vault is opened by your magic word (no mine isn't abracadabra) you can have it autocomplete the login for any website that you have given it the details for. It doesn't work well with banks where they ask for characters 2 5 6 and 8 or whatever of your password. Thats why most folks write the thing down making this mechanisn least seure of all  :grin: You can of course store the full passphrase/number, secret responses or anything else against the site in the BitWarden database.

One thing you won't have seen me mention is letting the browser store passwords. That is because it is incredibly insecure. Especially since they all now so helpfully offer to sync all this stuff across all your devices. Lose your phone and all your accounts are potentially at risk. How? Easy if whoever gets your phone can open it. As one of the well known scams is or was calling their own premium rate numbers from a stolen phone I'm assuming it isn't hard. They may even snatch an open phone out of your hand if you are making a call.

So you have an open  phone which has all your account passwords stored by the browser. Even all the stuff you only access back home on your laptop thanks to the helpful sync facility. Even if it didn't all that's needed is the email password anyway. Remember those lost password links?

First point of call is the email account to change the password. "2 factor authentication"? You have the most likely device to authorise anything in your hand - the phone.

Now trawl through the emails for purchases.  Note all the businesses dealt with. Visit each in turn changing the passwords. Use the likely stored credit card to send yourself some gifts.

Easy money.

I'd advise not letting browsers store passwords or sync either. Instead install either Bitwarden or something similar and have it as an extension in your browser. With android phones consider registering a different gmail account from any you may use for email. If you must have access when out use it through a browser not an app as they usually conveniently don't ask for logins once you have done it once.

Once sorted out maybe I'll see less login failures on the forum log...

To check the security open your phone (assume the criminals can), check what you can access without entering any passwords. So handy when out and about isn't it.

Print
Go Up Pages1
User actions