Main Area and Open Discussion > General Software Discussion
LastPass alternatives with two-factor authentication? (including premium LP)
rjbull:
Isn't the problem that Google won't allow extensions to be added to any Android browser by a third party [...]
-rjbull (August 25, 2015, 04:17 PM)
--- End quote ---
Perhaps I've misunderstood you, but I thought I should mention that I use LastPass on both the PaleMoon browser for Android and the Dolphin browser for Android. Dolphin has a LastPass for Dolphin extension.-cyberdiva (August 26, 2015, 06:20 PM)
--- End quote ---
Sorry - 'twas I that misunderstood. I thought Google's terms banned any third party from adding extensions to any browser. It turns out Google aren't quite so Draconian, only banning extensions for their own Chrome. Sticky Password's team tell me it has an extension giving automated logins to Android Firefox. Similar things are still in the works for Dolphin and UCWeb, so currently Lastpass is ahead.
As an aside, I still wonder which Android browser is "best." With Window Opera now based on Chrome, presumably Android Opera is too; who knows how much data it's sending to Google? UC Browser makes DC look strange (haven't tried it yet with the DC New Look). A year or so back, I saw a very favourable review in a UK magazine for Maxthon, but recent reviews in the App Store complain bitterly about a drastically changed UI that removes tabs. Reviews for Firefox in the App Store complain it's a resource hog. In fact, nearly everything in the App Store seems to garner incredibly mixed reviews.
4wd:
I don't get how you use that for multiple sites? And you just have to remember where the password is? I like the Enigmaze idea better with a diary and UV light and you can trace any path, though that is an interesting idea I'd not seen.-wraith808 (August 27, 2015, 08:04 AM)
--- End quote ---
Not sure whether you were referring to how I use them or not but as an example here's two cards, (like I said, I use eight):
LastPass alternatives with two-factor authentication? (including premium LP) LastPass alternatives with two-factor authentication? (including premium LP)
Say I choose for my reference Yellow + Sun, without getting too fancy, that gives me six 8+ character passwords on the first, five on the second.
Generally, I'll use the same password, (and an unrelated username to 'normal' sites), across low-grade sites, ie. any site that it doesn't matter if someone logs in as me and screws it up because, quite honestly, I couldn't care less, (I use a throw away Gmail address for these anyway).
For more important sites, (that still don't have direct monetary links, eg. DC), I'll use an individual 8+ character password off one of the cards.
For my VPS' and banks, I use a combination of two of the 8+ character passwords off two of the cards, ie. a 16+ character password, plus TFA.
Shopping sites generally get a combination of two passwords.
For my Gmail addresses I mainly use the same password plus TFA except for two that are used for banking, they have a 28 character passphrases plus TFA.
Also, the number of sites I visit is probably depressingly low compared to other net denizens, so after I've used the various passwords a few times, they've generally stuck in my mind.
The normal way you'd use these cards is you'd only have one and for each site you'd choose a symbol/colour combination but I found that harder to memorise since I then have to associate the arbitrary symbol/colour with a website, then remember which direction to read the password.
So, someone has to choose which one, (or two), of the eight cards I'm using, which symbol/colour I might be starting from, which direction I might be going, and how far along that line I might be traveling.
The eight images are encrypted on my phone, stored online (so I can access from elsewhere), and also a printed out version, using PocketMod, that's the same size as a credit card.
ewemoa:
Another reason for things along the lines of Enigmaze?
Security experts constantly tell users not to reuse passwords on multiple accounts, but the message often falls on deaf ears. Now, officials at Mozilla are finding that advanced users don’t always follow that advice either after discovering that an attacker was able to compromise a Bugzilla user’s account by using a password taken from a data breach on a separate site.
--- End quote ---
via https://threatpost.com/attacker-compromised-mozilla-bug-system-stole-private-vulnerability-data/114552/
wraith808:
I don't get how you use that for multiple sites? And you just have to remember where the password is? I like the Enigmaze idea better with a diary and UV light and you can trace any path, though that is an interesting idea I'd not seen.-wraith808 (August 27, 2015, 08:04 AM)
--- End quote ---
Not sure whether you were referring to how I use them or not but as an example here's two cards, (like I said, I use eight):
[ Invalid Attachment ] [ Invalid Attachment ]
Say I choose for my reference Yellow + Sun, without getting too fancy, that gives me six 8+ character passwords on the first, five on the second.
Generally, I'll use the same password, (and an unrelated username to 'normal' sites), across low-grade sites, ie. any site that it doesn't matter if someone logs in as me and screws it up because, quite honestly, I couldn't care less, (I use a throw away Gmail address for these anyway).
For more important sites, (that still don't have direct monetary links, eg. DC), I'll use an individual 8+ character password off one of the cards.
For my VPS' and banks, I use a combination of two of the 8+ character passwords off two of the cards, ie. a 16+ character password, plus TFA.
Shopping sites generally get a combination of two passwords.
For my Gmail addresses I mainly use the same password plus TFA except for two that are used for banking, they have a 28 character passphrases plus TFA.
Also, the number of sites I visit is probably depressingly low compared to other net denizens, so after I've used the various passwords a few times, they've generally stuck in my mind.
The normal way you'd use these cards is you'd only have one and for each site you'd choose a symbol/colour combination but I found that harder to memorise since I then have to associate the arbitrary symbol/colour with a website, then remember which direction to read the password.
So, someone has to choose which one, (or two), of the eight cards I'm using, which symbol/colour I might be starting from, which direction I might be going, and how far along that line I might be traveling.
The eight images are encrypted on my phone, stored online (so I can access from elsewhere), and also a printed out version, using PocketMod, that's the same size as a credit card.
-4wd (August 31, 2015, 04:54 AM)
--- End quote ---
Pretty cool! Thanks for sharing!
4wd:
Pretty cool! Thanks for sharing!
-wraith808 (September 05, 2015, 09:34 PM)
--- End quote ---
You're welcome.
I forgot to mention, any user/password for a site that does not have some form of monetary link, (eg. DC, etc), I have Pale Moon store the details and a master password set, (not taken from PasswordCards).
Details for banks, VPNs, online stores, etc (anything to do with CC details, finances, etc) are not saved anywhere - the password may be derived from the cards eventually but the login username/ID is not stored anywhere electronic or physical.
I keep meaning to transition all the Pale Moon stored logins to KeePass but ... procrastination and all that.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version