undefined | Better HN

0 pointsangrydev13y ago0 comments

The solution is to use a password manager. Keepass and Lastpass are pretty popular solutions and you'll be thankful later when one site is inevitably compromised and you don't feel like you have to change all your passwords.

It is absolutely worth the time to setup and start using.

0 comments

9 comments · 2 top-level

web00713y ago· 7 in thread

Those are great, and I've used 1Password and LastPass to generate / store passwords for a couple years now, but they're not a proper solution.

If I have my super-secure password that I generated in my browser, Chrome will sync it and let me log in on my browser too. Great! Now how do I get that into my phone when the APP requests me to log in?

Answer: Some password system needs to tie into the IME of computers and phones in order to be effective and secure wherever your passwords need to go.

OpenID / OAuth seems like the general answer, but it's not easy to use, and it's not practical unless I can get my bank, Facebook, some mom-and-pop website and HN to all use the same system. IME integration would bypass all of these, and would be so much simpler than getting everyone to learn the OAuth dance.

rogerbinns13y ago

> Now how do I get that into my phone when the APP requests me to log in?

As someone who recently factory reset their tablet and phone, boy was that painful. The password generator passwords are long and use a wide variety of characters, numbers and punctuation. Entering them is really tedious and time consuming. Usually you can't see the entered password so a single error means you have to keep trying again.

fluidcruft13y ago

Hm. Maybe something like a qr-code keyboard that would allow you to scan and enter a code from your monitor into a text field?

stephengillie13y ago

I've been using a password manager to manage my super-secure password system for a few weeks. Since I started, my friends have been calling me paranoid.

What disturbs me about this, why I feel it's relevant, is that these are people with the technical ability to configure their own minecraft servers and run jailbreak/root(?) hacks on consoles. Almost all of them have at least taken 1 or 2 C++ college courses or Codecademy courses. These people aren't technically challenged, nor are they Luddites. They should be aware of how insecure most passwords are, but they feel it's not relevant to their life.

Any suggestions on how to deal with that problem -- people calling you paranoid because you don't use an easy to remember password on all sites?

A1kmm13y ago

> Any suggestions on how to deal with that problem -- people > calling you paranoid because you don't use an easy to > remember password on all sites?

They think you are paranoid because they think that you are worried about Mark Zuckerburg logging in to your Google account or something along those lines. Explain that websites get compromised all the time - you could bring up the LinkedIn (http://lifehacker.com/5916177/65-million-linkedin-accounts-m...) or the Gawker (https://gawker.com/5712615/commenting-accounts-compromised-+...) compromise if they use one of those sites, and that when criminals get things like your Google passwords, they will often delete your data and try to scam your friends out of money - there are many stories, here is one about it: http://bits.blogs.nytimes.com/2007/11/09/e-mail-scammers-ask...

1 more reply

fluidcruft13y ago

When you open an entry in KeePassDroid it adds entries to the notification pull down menu to copy either the username or password. I find this works quite well. Browse to the key in keepassdroid, then go to the app you need to login to. Pull down the notification shade and select copy username to clipboard. Paste. Pull the notification shade and select copy password to clipboard. Paste. Done.

ahlatimer13y ago

1Password has an iPhone app (and probably Android, too). You can sync all of your passwords over the network or dropbox. It's a bit more tedious than just using the 1Password browser plugins, but it works. Just copy the password from the app and paste it into the app/website/etc. 1Password will also open a browser window and enter your account details for you if you're using mobile web.

drivebyacct213y ago

LastPass has a great mobile apps with "copy notifications" if you're fortunate to be on Android. It makes it much faster than it would be typing a password anyway.

SwellJoe13y ago

That's my solution, but I've been unable to convince others to do the same. It's too complicated, they get confused, it doesn't work automagically enough. Whatever the reason, I have never successfully converted someone non-technical to using a password manager.

j / k navigate · click thread line to collapse

0 comments

9 comments · 2 top-level

web00713y ago· 7 in thread

Those are great, and I've used 1Password and LastPass to generate / store passwords for a couple years now, but they're not a proper solution.

Answer: Some password system needs to tie into the IME of computers and phones in order to be effective and secure wherever your passwords need to go.

rogerbinns13y ago

> Now how do I get that into my phone when the APP requests me to log in?

fluidcruft13y ago

Hm. Maybe something like a qr-code keyboard that would allow you to scan and enter a code from your monitor into a text field?

stephengillie13y ago

I've been using a password manager to manage my super-secure password system for a few weeks. Since I started, my friends have been calling me paranoid.

Any suggestions on how to deal with that problem -- people calling you paranoid because you don't use an easy to remember password on all sites?

A1kmm13y ago

> Any suggestions on how to deal with that problem -- people > calling you paranoid because you don't use an easy to > remember password on all sites?

1 more reply

fluidcruft13y ago

ahlatimer13y ago

drivebyacct213y ago

LastPass has a great mobile apps with "copy notifications" if you're fortunate to be on Android. It makes it much faster than it would be typing a password anyway.

SwellJoe13y ago

j / k navigate · click thread line to collapse