|
I also use LastPass and agree with bull but would also add that I like their other features. If there's a breach anywhere you have an account, they prompt you to change your password. They have a tool so you can see the age and complexity of all of your passwords at a glance. A lot of sites support a one-press button for changing the password and updating the data in LastPass. That said it's not completely secure. There have been proof-of-concept attacks on the browser extension where it can force a logout of LastPass and can forge the login so the LastPass password is taken. I use 2FA so I'm not worried about it but anytime you're dealing with browser extensions I'd consider it to have a point of attack. I'd say that using non-unique, simple passwords is a far greater risk than trusting a password locker. The main reason I stick with LastPass though is that the price is reasonable and the clients for the three OSs I have to deal with, Android, macOS, and WIndows, are all pretty good. Every other solution I've looked at generally had one bad client among those three.
|
#
?
Oct 22, 2016 18:01
|
|
|
|
| # ? Apr 19, 2024 22:30 |
|
|
Note that LastPass has been breached more than once, will remain vulnerable, and your only real safeguard (which most of you probably use and if you don't you really should) is two factor.
|
|
#
?
Oct 22, 2016 18:04
|
|
|
FWIW, OSI Bean Dip has come down pretty hard on LastPass in the OS security thread, and they seem to know what they're talking about.
|
|
#
?
Oct 22, 2016 18:24
|
|
|
CLAM DOWN posted:Note that LastPass has been breached more than once While it's true that they've been breached, none of breaches that have happened (to my knowledge) managed to get away with any password vaults. So, what has happened is that they were able to get their hands on salted and one-way hashed master passwords. It's compromising, but they could effectively do nothing with that information unless they were able to brute force all the passwords and then log in individually to the website and download the vaults through the front door. That means there was a single password that needed resetting, the master password. There have also been MTTM attacks demonstrated, but not found in the wild, that could potentially compromise on an individual basis. But once you start going down the road of MTTM and compromised local device, all controls kinda start flying out the window. Any cloud service can, and in all probability, will be breached given a long enough timeline. Keepass is only going to be more secure if you keep your password DB offline on a USB drive that you keep in a safe at home. Keepass has been exploited in the past as well too, so nothing's full proof. The best password defense is using totally random passwords that you rotate frequently, do 2f auth where possible, and keep recovery info up to date (and don't store recovery account passwords with main account passwords.) Whatever allows you do keep up with that is going to be what's best for you. If it's keepass + google drive, great. If it's lastpass, also good, if it's a notebook written in your own crypto language that you keep guarded by an angry badger, go for it. bull3964 fucked around with this message at 19:01 on Oct 22, 2016 |
|
#
?
Oct 22, 2016 18:40
|
|
|
Oh god please don't mention LastPass, that weirdo from shsc will appear and start ranting and raving about it
|
|
#
?
Oct 22, 2016 18:53
|
|
|
That's cool, I'm not telling people what to use or passing judgement, just posting a precaution.
|
|
#
?
Oct 22, 2016 18:55
|
|
|
bull3964 posted:While it's true that they've been breached, none of breaches that have happened (to my knowledge) managed to get away with any password vaults. So, what has happened is that they were able to get their hands on salted and one-way hashed master passwords. It's compromising, but they could effectively do nothing with that information unless they were able to brute force all the passwords and then log in individually to the website and download the vaults through the front door. Actually Tavis' exploit (he works for Google's Project Zero) was a full extraction of the user's database accomplished by just having the victim visit a malicious site. Obviously they patched that given that he's a white hat but you wouldn't have known about it if he weren't. That said I agree with what I think everyone is saying which is any option is better than none at all.
|
|
#
?
Oct 22, 2016 19:20
|
|
|
LastPass is less secure than KeyPass just by the very nature of the system, but it's not unsecure either. As I say every time the subject comes up, security is about tradeoffs, so if LastPass is that much more convenient for you than KeyPass, use LastPass. edit: typed post while playing overwatch. post didnt make sense Thermopyle fucked around with this message at 19:55 on Oct 22, 2016 |
|
#
?
Oct 22, 2016 19:48
|
|
|
LastInLine posted:Actually Tavis' exploit (he works for Google's Project Zero) was a full extraction of the user's database accomplished by just having the victim visit a malicious site. Obviously they patched that given that he's a white hat but you wouldn't have known about it if he weren't. Travis's exploit wasn't a server side breach which is why I mentioned MITM separately. It was bad, good that it was caught by a white hat, but once you start going down the route of MITM and client side exploits, poo poo gets hard to secure really fast. Individual attacks are in a different class of things anyways since those are targets of opportunity rather than concentrated intent to mass steal credentials. I mean, Keepass had an exploit that ripped clear text passwords right out of memory. Any program you install with admin privileges has the potential of installing a bogus cert and setting up a proxy to scrape pretty much anything you browse and send online. But, I guess that's enough of a derail, everyone is pretty much in agreement anyways.
|
|
#
?
Oct 22, 2016 20:24
|
|
|
bull3964 posted:By "lose all my poo poo" are you referring to them just deleting the database and you not having access anymore or are you afraid of a breach? I heard KeePass is kind of crappy on Mac? I'm Windows at home, Mac at work and Android on phone/tablet so I need a good experience on all three. Any opinions on Dashlane? It's expensive but people seem to like it. Not sure what the Android support is like.
|
|
#
?
Oct 22, 2016 20:27
|
|
|
Tunga posted:Any opinions on Dashlane? It's expensive but people seem to like it. Not sure what the Android support is like. I've been using it a couple years and like it a lot.
|
|
#
?
Oct 22, 2016 20:43
|
|
|
I use lastpass and 2fa with my thumbprint. I feel like I don't need much more security than that
|
|
#
?
Oct 22, 2016 21:43
|
|
|
Can anyone recommend a good app for scanning and saving receipts? Preferably one that I can log into a website after scanning so I can see them all.
|
|
#
?
Oct 22, 2016 21:44
|
|
|
I just use google drive for my scanning needs set up a receipt directory and go to town
|
|
#
?
Oct 22, 2016 22:07
|
|
|
Blue Train posted:I just use google drive for my scanning needs Yeah I saw that, was just wondering if there was a "go to" app for that sort of stuff. Like how everyone says PocketCasts for podcasts.
|
|
#
?
Oct 22, 2016 22:10
|
|
|
bull3964 posted:Keepass has been exploited in the past as well too, so nothing's full proof. No it hasn't. At least not the Windows desktop application. As commented on here: (http://keepass.info/help/kb/sec_issues.html) That said, the mobile ports of Keepass weren't written by the original author and haven't been audited AFAIK. You *might* be better off with Lastpass on Android/iOS, but I really don't trust LP's browser extension or web interface, which makes it a non-starter for important passwords. I think LP or KP would be fine on mobile for unimportant passwords.
|
|
#
?
Oct 23, 2016 02:12
|
|
|
Thermopyle posted:LastPass is less secure than KeyPass just by the very nature of the system, but it's not unsecure either. As I say every time the subject comes up, security is about tradeoffs, so if LastPass is that much more convenient for you than KeyPass, use LastPass. What do you mean by the nature of the system, exactly? Because it's stored locally? No 2fa? I use KeePass and have never really understood what the difference between the two was.
|
|
#
?
Oct 23, 2016 02:35
|
|
|
Wrist Watch posted:What do you mean by the nature of the system, exactly? Because it's stored locally? No 2fa? Couple of things, really, but the main one is that KeePass encrypts and stores your data locally and is open source. LastPass is largely a black box and we accept on faith that they have their poo poo together on backend security.
|
|
#
?
Oct 23, 2016 19:51
|
|
|
Thermopyle posted:Couple of things, really, but the main one is that KeePass encrypts and stores your data locally and is open source. LastPass is largely a black box and we accept on faith that they have their poo poo together on backend security. To be fair, when a lot of people recommend KeePass over Lastpass they also say within the same sentence that they throw their password database up on dropbox or Drive so they can sync it anywhere. At that point, what's the difference really?
|
|
#
?
Oct 23, 2016 20:34
|
|
|
chocolateTHUNDER posted:To be fair, when a lot of people recommend KeePass over Lastpass they also say within the same sentence that they throw their password database up on dropbox or Drive so they can sync it anywhere. At that point, what's the difference really? The difference is that KeePass database is encrypted with a key only I have, so literally doesn't matter if someone compromises my cloud storage and steals the file because they won't be able to access it. CLAM DOWN fucked around with this message at 21:18 on Oct 23, 2016 |
|
#
?
Oct 23, 2016 20:40
|
|
|
Thermopyle posted:Couple of things, really, but the main one is that KeePass encrypts and stores your data locally and is open source. LastPass is largely a black box and we accept on faith that they have their poo poo together on backend security. Interesting. When I first started using a password manager years back I went with KeePass since there were two options and one was free, but I'll take a look at LastPass. E: the UI looks leaps and bounds better, at any rate
|
|
#
?
Oct 23, 2016 20:40
|
|
|
chocolateTHUNDER posted:To be fair, when a lot of people recommend KeePass over Lastpass they also say within the same sentence that they throw their password database up on dropbox or Drive so they can sync it anywhere. At that point, what's the difference really? As mentioned, KeePass encrypts it locally with open source code. There's no way for Dropbox or whomever to access the contents of your password database. Wrist Watch posted:Interesting. When I first started using a password manager years back I went with KeePass since there were two options and one was free, but I'll take a look at LastPass. Yes, LastPass looks better and works better in a lot of ways. I don't think I'd switch away from KeePass to LastPass if you're used to using KeePass. However if the option is not using a password manager or using LastPass, I'd definitely use LastPass. Thermopyle fucked around with this message at 21:17 on Oct 23, 2016 |
|
#
?
Oct 23, 2016 21:15
|
|
|
CLAM DOWN posted:The difference is that KeePass database is encrypted with a key only I have, so literally doesn't matter if someone compromises my cloud storage and steals the file because they won't be able to access it. Thermopyle posted:As mentioned, KeePass encrypts it locally with open source code. There's no way for Dropbox or whomever to access the contents of your password database. Ah, totally overlooked this.
|
|
#
?
Oct 23, 2016 21:29
|
|
|
Cross-posting from the Windows thread. I'm looking for a decent note taking app. I used to use Evernote and had no issues with it until they wanted to charge a monthly fee. I moved to Onenote on recommendation from people here but find that both the Android and Windows app kind of suck, they are extremely limited in features at least.
|
|
#
?
Oct 24, 2016 00:00
|
|
|
Red_Fred posted:Cross-posting from the Windows thread. I'm looking for a decent note taking app. I used to use Evernote and had no issues with it until they wanted to charge a monthly fee. I moved to Onenote on recommendation from people here but find that both the Android and Windows app kind of suck, they are extremely limited in features at least. What features are you looking for that OneNote doesn't have?
|
|
#
?
Oct 24, 2016 00:55
|
|
|
Red_Fred posted:Cross-posting from the Windows thread. I'm looking for a decent note taking app. I used to use Evernote and had no issues with it until they wanted to charge a monthly fee. I moved to Onenote on recommendation from people here but find that both the Android and Windows app kind of suck, they are extremely limited in features at least. Google Keep?
|
|
#
?
Oct 24, 2016 00:58
|
|
|
Background sync for the Android app is the big one. Also a paste unformatted option. Keep doesn't have a desktop app so that's out. EDIT: Also the fact that for some unknown reason Onenote on Android has stopped syncing. It doesn't say why anywhere just has a little red cross. I've force closed the app but it still won't work. Red_Fred fucked around with this message at 02:46 on Oct 24, 2016 |
|
#
?
Oct 24, 2016 01:10
|
|
|
Red_Fred posted:Background sync for the Android app is the big one. Also a paste unformatted option. Keep.google.com for the desktop, not an app but?
|
|
#
?
Oct 24, 2016 04:56
|
|
|
There's also a Chrome extension, and ... well, there's no point suggesting a Chrome app because Google's pulling apps off of Chrome for general-purpose computers soon.
|
|
#
?
Oct 24, 2016 05:12
|
|
|
chocolateTHUNDER posted:Can anyone recommend a good app for scanning and saving receipts? Preferably one that I can log into a website after scanning so I can see them all. Office lens.
|
|
#
?
Oct 24, 2016 11:53
|
|
|
I need an app to back up my text messages to my PC, complete with timestamps and the like. And, if possible, restore them to the phone later. What should I use? 
|
|
#
?
Oct 24, 2016 19:03
|
|
|
Mikl posted:I need an app to back up my text messages to my PC, complete with timestamps and the like. And, if possible, restore them to the phone later. What should I use? Does it have to be your PC? Can you use Carbonite (renamed to https://play.google.com/store/apps/details?id=com.riteshsahu.SMSBackupRestore)? It backs up to XML files on your Google Drive, etc.
|
|
#
?
Oct 24, 2016 19:04
|
|
|
That'll do fine, yes. (My phone company is trying to charge me through the nose for using my data while I was abroad even though I'd activated the "use data while abroad" option, and the confirmation SMS they sent me is the only hard proof I have that I actually did, so if my phone dies I have no proof at all.) Thanks!
|
|
#
?
Oct 24, 2016 19:08
|
|
|
I was just watching a video on Facebook and it threw up a notification to cast it, but I'm not connected to my chromecast, and now I can't dismiss the notification. My girlfriend has been having this same issue (same network and proximity to chromecast and stuff) as she watches a lot more FB videos than I do. Long press on the notification reveals that it's Facebook and the only way to get rid of it seems to be restarting the app.. any ideas?
|
|
#
?
Oct 25, 2016 01:09
|
|
|
Mikl posted:I need an app to back up my text messages to my PC, complete with timestamps and the like. And, if possible, restore them to the phone later. What should I use? SMS Backup+ backs up everything into Gmail conversation threads and restores everything except MMS at the moment. https://play.google.com/store/apps/details?id=com.zegoggles.smssync&hl=en
|
|
#
?
Oct 25, 2016 02:08
|
|
|
I'm looking for a todo list app. Basically, I have a lot of random poo poo I should get done, and I want to be able to keep track of it. However, most of it doesn't have a specific timeframe; it's more generic stuff like "clean the garage" or "buy new shoes" that I'd like to get done in say, the next couple weeks or next month, but doesn't have a ton of urgency. Ideally, I'd like an app that lets me simply put the name of the task and a vague timeframe (day, week, couple weeks, month), and it'll bump more urgent stuff that I've been ignoring to the top of the list. Bonus points if it lets me "snooze" tasks. More bonus points if it has a nice way of tracking how many tasks I've completed recently. I feel like this must exist. I've checked out a few apps and they're either too complicated, slightly too simple, or just try to be too specific about when a task needs to be done. Anyone know of an app that hits all these marks?
|
|
#
?
Oct 26, 2016 18:29
|
|
|
Imaduck posted:I'm looking for a todo list app. I've never used it but Any.do used to be sort of this? I think?
|
|
#
?
Oct 26, 2016 18:55
|
|
|
I've been using the gTasks widget forever. Syncs to tasks in Gmail so I can add and remove things from work. There is a timeline system but I never use it. Check out the free version.
|
|
#
?
Oct 26, 2016 20:33
|
|
|
If one uploads photos to Google Photos using the free high quality size (versus the original size), are they high enough quality for printing, say, 4x6 or 5x7 prints? This would be uploading new photos from an S7 and converting already uploaded at original size photos from an S6 and S5. (my sister has run out of space on her Google Drive and doesn't want to pay for more, is worried about printing quality)
|
|
#
?
Oct 26, 2016 20:52
|
|
|
|
| # ? Apr 19, 2024 22:30 |
|
|
Uthor posted:If one uploads photos to Google Photos using the free high quality size (versus the original size), are they high enough quality for printing, say, 4x6 or 5x7 prints? SPERG: If she thinks the quality of the photos taken from a phone are good enough for 4x6 and 5x7 prints as is, then the google compression isn't going to be noticeable to her. Honestly, the 16MP free image upload "compression" is very well regarded and seen as a "you're not going to notice it no matter how much you try" kind of thing. If she is really concerned, tell her to find the $2 a month in the couch cushions to move up to 100 gigs.
|
|
#
?
Oct 26, 2016 20:56
|
|