pekv2 (OP)
|
|
July 14, 2012, 03:47:08 AM Last edit: August 26, 2012, 02:19:14 PM by pekv2 |
|
removed
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1227
Away on an extended break
|
|
July 14, 2012, 03:50:15 AM |
|
If you could duplicate the post here, I can sticky it. Stickying a link is kind of useless sometimes as people rarely will click through one.
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1227
Away on an extended break
|
|
July 14, 2012, 03:56:04 AM |
|
By the way, it would be better if you could give a step by step walkthrough for lastpass and keepass. Include the use of 2 factor authentication as master passwords are easily to filch though keyloggers or leaked (look at Bitcoinica's Friday 13th hack!) Lastpass has the grid 2 factor authentication as well as Google Authenticator for free users. Also, recommend your readers to use some sort of anti-keylogger like Keyscrambler on Windows.
Edit: And edit your signature; it's Technique not Techniqe
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1227
Away on an extended break
|
|
July 14, 2012, 04:07:25 AM |
|
By the way, it would be better if you could give a step by step walkthrough for lastpass and keepass. Include the use of 2 factor authentication as master passwords are easily to filch though keyloggers or leaked (look at Bitcoinica's Friday 13th hack!) Lastpass has the grid 2 factor authentication as well as Google Authenticator for free users. Also, recommend your readers to use some sort of anti-keylogger like Keyscrambler on Windows.
John, 2 factor authentication for the services that provides it? I'm not familiar with it myself, in fact. As for, lastpass and keepass, it's pretty simple, so I'll jump on that. I will pop the anti-keylogger and Kayscrambler in OP, but as yet again, I am not really familiar with the two, to do a how-to on them. 2 Factor authentication for Lastpass. Either use the Grid 2 factor authentication ( http://helpdesk.lastpass.com/security-options/grid-multifactor-authentication/) or Google Authenticator ( http://helpdesk.lastpass.com/security-options/google-authenticator/) . LastPass itself is worthless if you use only the Master Password as that's easily leaked.
|
|
|
|
traderjoe
Jr. Member
Offline
Activity: 34
Merit: 12
|
|
July 14, 2012, 06:42:10 PM |
|
Alternative to KeePass: I recently found some open source software called PassWord Safe here http://passwordsafe.sourceforge.net/Something kind of cool about it is: you can lock it with OTP using Yubikey(s), instructions on the yubikey website. The web page says its two factor authentication but I haven't had a chance to test that it can be configured to actually require both the Yubikey OTP and a static password.
|
|
|
|
traderjoe
Jr. Member
Offline
Activity: 34
Merit: 12
|
|
July 15, 2012, 12:50:03 PM |
|
Tip for LastPass users: In order to provide password reset services without knowing their user's password, LastPass by default saves a disabled One Time Password locally for Account Recovery. To actually use that feature, you would need to be able to log in to your email account to activate the disabled OTP. So, if you want to be able to take advantage of this feature, you must make sure you're able to access the email account without using LastPass. (either choose an email password you can remember or save the email password in another password manager, such as PasswordSafe.) Short of that, users might as well disable that feature on LastPass preferences pages. Here is description of reset process: http://helpdesk.lastpass.com/account-recovery/
|
|
|
|
smaynard
Newbie
Offline
Activity: 28
Merit: 0
|
|
July 15, 2012, 03:10:03 PM |
|
didn't last pass recently get hacked?
|
|
|
|
traderjoe
Jr. Member
Offline
Activity: 34
Merit: 12
|
|
July 15, 2012, 03:57:07 PM |
|
They found an outgoing stream from one of their servers that they couldn't identify, but no evidence evidence that it was anything more than that. To their credit, they disclosed that promptly & recommended folks change their master passwords just in case.
|
|
|
|
pekv2 (OP)
|
|
July 15, 2012, 09:12:22 PM |
|
Would anyone like to take over this work? It's for personal reasons that I cannot maintain it any longer atm.
|
|
|
|
zorgberg
Member
Offline
Activity: 62
Merit: 10
|
|
July 16, 2012, 05:42:47 PM |
|
Is lastpass better than blockchain
|
|
|
|
pekv2 (OP)
|
|
July 17, 2012, 12:15:20 AM |
|
Would anyone like to take over this work? It's for personal reasons that I cannot maintain it any longer atm.
Bump for take over, please if anyone would like, it will help others, all you'll need to do is quote the OP, take what's from it and create a new thread, modify it as best as you can and add, this one will be locked and sunk on notification. John and I spoke, so lets see where it goes from here. Note:New members, this will probably would give you an advantage of your skill set to be shown here at bitcointalk.org.
|
|
|
|
pekv2 (OP)
|
|
July 17, 2012, 12:18:14 AM |
|
Is lastpass better than blockchain
I for myself have no idea, because I have no idea how the blockchain really works, I do know you can store messages inside them I believe. More info, here, I think, ionno. https://bitcointalk.org/index.php?topic=38071.msg1011543#msg1011543======== Would anyone like to take over this work? It's for personal reasons that I cannot maintain it any longer atm.
Bump for take over, please if anyone would like, it will help others, all you'll need to do is quote the OP, take what's from it and create a new thread, modify it as best as you can and add, this one will be locked and sunk on notification. John and I spoke, so lets see where it goes from here. Note:New members, this will probably would give you an advantage of your skill set to be shown here at bitcointalk.org.
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1227
Away on an extended break
|
|
July 17, 2012, 01:26:32 AM |
|
Is lastpass better than blockchain
Both are fundamentally different things. LastPass is a password manager, and the blockchain is Bitcoin's ledger. Unless you mean blockchain.info's wallet services - you can use LastPass to help generate and remember the password you have for your blockchain.info's wallet.
|
|
|
|
VelvetLeaf
Member
Offline
Activity: 98
Merit: 10
|
|
July 17, 2012, 01:19:57 PM |
|
I'm using KeePassX, it's handy if you will use different OS later in the future.
|
BTC : 1GN81dxzxyFPQsyAtdocXr5S9Mcg4wcfFG LTC : LgmYvXsYXc4xdjsMKXJWqtagxVvioK6iaw FC : 6dpSnKMtttUUYzaRu1EB7Lu18PBRVHU3V7
|
|
|
GetFreeCoins
Member
Offline
Activity: 111
Merit: 10
|
|
July 18, 2012, 07:00:44 PM |
|
A very good post indeed, I'm always carefull when I register at different forums and websites. I usally do not use the same password twice since if one forum gets compromissed and you have used your password on more than one site it's most likely the account on the other site is going to be abused.
|
|
|
|
Herodes
|
|
July 19, 2012, 01:14:23 AM |
|
good post, perhaps it should go into a wiki page as well ?
or perhaps be implemented in the official client as 'security advice?'
|
|
|
|
louisBSAS
Member
Offline
Activity: 623
Merit: 11
Proof-of-Stake Blockchain Network
|
|
July 20, 2012, 06:05:19 PM |
|
I can't speak for the others, but I have been using LastPass for a couple years. It offers to generate random passwords (difficult ones) and then remembers them. Sign on from any machine and use a primary password to sign on to any account.
Pretty decent, but for some reason it's only free on your PC (nor sure about mac). I put it on my Android and it's only a trial version (have to pay) - same for iDevices.
|
|
|
|
Mr. Coinman
|
|
July 21, 2012, 11:58:32 PM |
|
Thanks for the post. I've been using 1Password for a long time and haven't had too many problems with it, but it lacks a web interface and is accessible only from my computer or phone. If both were to be lost or stolen, it'd be a nightmare. I'm looking to switch for that reason alone.
Do any of the above mentioned services have an option to import data from other password management software?
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1227
Away on an extended break
|
|
July 22, 2012, 01:50:36 AM |
|
Thanks for the post. I've been using 1Password for a long time and haven't had too many problems with it, but it lacks a web interface and is accessible only from my computer or phone. If both were to be lost or stolen, it'd be a nightmare. I'm looking to switch for that reason alone.
Do any of the above mentioned services have an option to import data from other password management software?
LastPass yes. Not sure about the other service as I've only used LastPass.
|
|
|
|
Mr. Coinman
|
|
July 22, 2012, 02:10:34 AM |
|
Thanks for the post. I've been using 1Password for a long time and haven't had too many problems with it, but it lacks a web interface and is accessible only from my computer or phone. If both were to be lost or stolen, it'd be a nightmare. I'm looking to switch for that reason alone.
Do any of the above mentioned services have an option to import data from other password management software?
LastPass yes. Not sure about the other service as I've only used LastPass. Thank you!
|
|
|
|
|