Main Area and Open Discussion > General Software Discussion
LastPass alternatives with two-factor authentication? (including premium LP)
wraith808:
Thanks wraith, will check that out.
ah yeah, I'm working from desktop here:
there doesnt seem to be a version of Google's (or MS's) authenticator for windows - well not for Win.7 at any rate.
I came across recommendations for WinAuth (Windows Authenticator) - https://github.com/winauth/winauth
might try that out.
https://winauth.com/
-tomos (June 16, 2015, 10:46 AM)
--- End quote ---
You don't have a mobile at all? You should be able to install that on your mobile... and your mobile phone becomes your 'key'.
xtabber:
I personally don't use an online password system, but if I did, LastPass is actually the one I would use. At least they were smart enough to see relatively quickly that their security had been breached and the methods they use to encrypt user data seem as strong as anyone else out there.
Anything connected to the Internet is going to be vulnerable to hacking. Someone capable of hacking into Kasperksy Labs internal network clearly has the knowhow to hack into just about anyone else's network too. Kaspersky believes that only a state actor (think NSA or their equivalents in China, Russia or Israel) could have mounted the attack on them, but once you have a proof of concept, it won't take long to trickle down to clever hackers in private practice.
I keep my passwords locally in an encrypted database (eWallet), along with a lot of other private information I need to look up from time to time. But I also distinguish between types of passwords needed for different sites. I use the same passwords for a lot of sites of similar nature where I have nothing to lose if it is discovered - think subscriptions, forums, etc. They are easy for me to remember but long enough to challenge the weekend hacker. For anything that might involve money, I use separate and more secure passwords. The important thing is to make them long, not to use weird combinations that you can't reproduce or enter by hand.
An online password manager provides a certain amount of convenience, and probably enough security for most casual use. I just don't think I would trust one with anything really critical.
tomos:
Thanks wraith, will check that out.
ah yeah, I'm working from desktop here:
there doesnt seem to be a version of Google's (or MS's) authenticator for windows - well not for Win.7 at any rate.
I came across recommendations for WinAuth (Windows Authenticator) - https://github.com/winauth/winauth
might try that out.
https://winauth.com/
-tomos (June 16, 2015, 10:46 AM)
--- End quote ---
You don't have a mobile at all? You should be able to install that on your mobile... and your mobile phone becomes your 'key'.
-wraith808 (June 16, 2015, 11:15 AM)
--- End quote ---
ah okay, I hadn't understood the concept. (Thanks.)
app103:
You could try KeePass, and require both a password AND a keyfile to access your database. You would store your keyfile on a small capacity USB flash drive, so that it could work similar to a Yubikey.
This could also allow you to more safely store a backup of your database on a cloud storage service, such as dropbox, as long as you don't also store a copy of your keyfile there.
Backing up your keyfile would be best done by using multiple flash drives, storing your backups locked away some place safe. (good use for some of those cheap small capacity flash drives that are not useful for much else, often given away as promotional items)
As long as a copy of the keyfile is not stored on the same system as the application or the database, you should be ok.
KynloStephen66515:
Am I the only person in the world who just remembers all of his passwords, instead of trusting any service (be it online or offline) to store it?
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version