Australian Politics Forum - Password managers

Welcome, Guest. Please Login or Register

Forum rules, Recent posts (with text), RSS, Search options, Browse all uploaded images
Home, Articles, Green Tax Shift, Evolution,

Australian Politics Forum › General Discussion › Technically Speaking › Password managers

‹ Previous Topic | Next Topic ›

Pages: 1 2 3

Password managers (Read 2370 times)

Dnarever

Gold Member

Offline

Australian Politics

Posts: 57150
Here
Gender: male

Re: Password managers
Reply #30 - Oct 19^th, 2022 at 11:15pm

Carl D wrote on Oct 18^th, 2022 at 10:22am:

I just keep all of my passwords in a text document which is encrypted with Windows 10 Professional's built in encryption system.

I always use a Standard user account for daily use and that's the account I've encrypted the text document with. I can click on and open it exactly the same as if it wasn't encrypted and copy and paste my passwords when I'm logging in to forums such as this one but I can only open it from the Standard account, I can't even open it from the main Administrator account.

You can see the lock symbol in the attached image.

And, I always have a different password for every place that I log in to online. Some people use the same password for everywhere - bad idea.

(Oh, "Thumbsup Horse" contains a link to a funny animation which I'm planning to use on aquascoot as soon as the opportunity presents itself). Smiley

Do you have an external copy of the encryption key and an external copy of the PW document?

bit locker may store a backup key in your Microsoft account, you can have it in a document on your computer or a USB drive (set up when bit locker is activated). If on a Azure domain it can be in azure AD and accessible by an admin.

Encryption is much better these days but overall encrypted files and documents has probably lost well over ten times more documents than it has saved.

People have come to me with a bunch of critical encrypted files and no key.

With access to the original system you can occasionally recover the key if the disk was not the system failure but other than that it is game over.

« Last Edit: Oct 19^th, 2022 at 11:31pm by Dnarever »

IP Logged

Carl D

Gold Member

Offline

Australian Politics

Posts: 8397
Rivervale, Perth
Gender: male

Re: Password managers
Reply #31 - Oct 19^th, 2022 at 11:28pm

Dnarever wrote on Oct 19^th, 2022 at 11:15pm:

Do you have an external copy of the encryption key and an external copy of the PW document?

I don't have the encryption key but I do have 2 copies of the unencrypted text document saved on external drives.

I also have it printed out and hidden away in case of the unlikely event of losing all 3.

"Masks are sand in the gears of the economy" - some f-wit pollie or big business CEO.

IP Logged

Dnarever

Gold Member

Offline

Australian Politics

Posts: 57150
Here
Gender: male

Re: Password managers
Reply #32 - Oct 19^th, 2022 at 11:45pm

Carl D wrote on Oct 19^th, 2022 at 11:28pm:

Dnarever wrote on Oct 19^th, 2022 at 11:15pm:

Do you have an external copy of the encryption key and an external copy of the PW document?

Sounds like how I would do it, they would in my case be unlikely to be always synced but close enough in an emergency. If Bit locker and you use a Microsoft account there may be a copy of the key there. you can go into bit locker in control panel and backup the key from there.

IP Logged

Bobby.

Gold Member

Offline

Australian Politics

Posts: 95236
Melbourne
Gender: male

Re: Password managers
Reply #33 - Dec 24^th, 2022 at 4:19pm

https://arstechnica.com/information-technology/2022/12/lastpass-says-hackers-hav...

LastPass users: Your info and password vault data are now in hackers’ hands
Password manager says breach it disclosed in August was much worse than thought.

Dan Goodin - 12/23/2022, 9:43 AM

LastPass, one of the leading password managers, said that hackers obtained a wealth of personal information belonging to its customers as well as encrypted and cryptographically hashed passwords and other data stored in customer vaults.

The revelation, posted on Thursday, represents a dramatic update to a breach LastPass disclosed in August. At the time, the company said that a threat actor gained unauthorized access through a single compromised developer account to portions of the password manager's development environment and "took portions of source code and some proprietary LastPass technical information." The company said at the time that customers’ master passwords, encrypted passwords, personal information, and other data stored in customer accounts weren't affected.
Sensitive data, both encrypted and not, copied

In Thursday’s update, the company said hackers accessed personal information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers, and IP addresses customers used to access LastPass services. The hackers also copied a backup of customer vault data that included unencrypted data such as website URLs and encrypted data fields such as website usernames and passwords, secure notes, and form-filled data.

“These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture,” LastPass CEO Karim Toubba wrote, referring to the Advanced Encryption Scheme and a bit rate that’s considered strong. Zero Knowledge refers to storage systems that are impossible for the service provider to decrypt. The CEO continued:

As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass. The encryption and decryption of data is performed only on the local LastPass client. For more information about our Zero Knowledge architecture and encryption algorithms,

IP Logged

Pages: 1 2 3

‹ Previous Topic | Next Topic ›

« Forum

‹ Board

Top of this page