At Amazon we take your security and privacy very seriously. As part of our routine monitoring, we discovered a list of email addresses and passwords posted online. While the list was not Amazon-related, we know that many customers reuse their passwords on multiple websites. Since we believe your email addresses and passwords were on the list, we have assigned a temporary password to your Amazon.com account out of an abundance of caution.
I’m assuming that it’s false, even though it does give what looks like a link to amazon.com on the email. I logged in to Amazon this morning just fine to do a little bike lock shopping, which is impossible and I’m open to suggestions there.
Correction, they did lock me out. Crap, time to look into a password manager. I’m already using XKCD’s password suggestions.
I’m sure this’ll start a minor religious war, but IMO LastPass is one of the better choices. It supports a good range of 2FA options too, though you can’t use GeoIP to restrict access any more.
You don’t tend to get much in the way of religious warfare here - one of the things I like about the community here. LastPass looks like a pretty good option too, but I’ve got around 160 passwords stored in KeePass so I probably won’t be switching unless the other option is significantly better - and I think they are probably fairly evenly matched.
I have one question though. I don’t have many passwords that are not web based, but there are some that need to be entered into programs rather than web pages (Steam being the prime example, but there are others as well). KeePass handles this by letting you copy information to the clipboard - which it automatically clears after 10 seconds or so.
From what I read, it looks like LastPass is purely web based - which I suspect may be in incorrect impression. Can you confirm that it works outside the browser as well?
KeePass here, too… and recently started using the FFox plugin.
I store the KPX database in Dropbox, so I can open the same password file from any computer… or, as I recently did on a driving trip to Boston, on a smart phone to find the password to my account on the EZPass site.
OK, so I create a keepass or lastpass database as step one. Then I enter accounts and save the data however.
Now, how do I get access to an account from my phone/home PC/kindle/whatever?
It looks like that functionality is a pay option for Lastpass, and for KeePass I could just have multiple copies of the database? Or have it on a Google drive?
Somehow password managers are a blind spot for me. I can’t wrap my head around how it works when I’m on several different devices all the time.
I seriously don’t get how the Windows and Android worlds keep on going without a systemwide password manager. Granted the Apple Keychain isn’t without its issues and the odd security attack, but it’s been a core part of MacOS since the launch of OS X, an optional feature since MacOS 8.6; and a core part of iOS since the first inception because everything has to “just work” (and yes I am fully aware that that is a lie and it has outages just the same as every other synchronisation tool).
This isn’t me being smug or superior, just legitimately confused by the apparent lack of interest by the two largest consumer operating systems in the world…
I think the only person working Windows security is huddled in a ball in their padded office in the basement staring at their PC running Microsoft Bob and whimpering.
Seriously, I wouldn’t trust a security product from MS with a ten foot cattle prod.
In the sense that you can copy and paste, yes, though there’s no auto-clear. There’s no command line client though (LastPass Pocket seems to be the closest).
As you suspected, you pay for “extra” device types. I use it exactly that way, across various browsers (on different OSs) and my Android devices.
I slipped this in my post above ^^^, but what I do is store the KeePass database on DropBox, and have the appropriate KeePass client on each device - Windows, Android, iPad.
Do I have to use the keepass password every time I want to log into something? Typing BrontoslikeSushi everytime I want to look at facebook sounds like a royal pain in the ass.
I think Microsoft has teams dedicated to security. I feel they’re constantly shot down by a group that prioritizes not breaking a badly written third party app that dates to 1987, unfortunately.
On my desktop machines I keep KeePass open all the time. For security I rely on the fact that I lock my machine when I walk away from it (and I do make sure that happens).
I don’t know how that would work on a phone as I haven’t needed it. My GMail is always logged on and I only ever log in to other sites on my desktop.
Open KeePass once, and leave it open… lock your machine when you walk away ( as @MikeP said).
Then switch over to KeePass and Ctrl + C on an entry to grab a password, Ctrl + B for the ID, and paste into your required field.
There are plugins for FFox… probably Chrome, too, but the link to the plugins page is inside the KeePass app, or on their website.
To use the plugin, leave KeePass open, and visit the page. The plugin will look for the matching URL, then offer you IDs to use… in case there are more than one.
I really wish OS/2 had been able to make headway. It was burdened by two major problems:
IBM couldn’t market it worth a damn
Its support for Windows apps was too good, when it needed to be just good enough to give people a taste of OS/2, then send them off looking for native OS/2 versions of apps.
