Save your 2FA keys!

[saor]

Enable 2FA on all accounts and backup keys where necessary.
Any private wallets (myetherwallet etc) - keep your private keys / JSON files saved offline, not on your pc somewhere.

 

[saor]

Reminder:

● Enable 2FA on all accounts that support it (mail, exchanges etc.)
● Back up 2FA codes if it's not done automatically.

 

[Sly21C]

I vote you tot be president of the world. Thanks for the reminder, I do have some keys saved but not all exchanges. I've decided to take a snapshot of all 2FA from all websites.

Done!!!

 

[backstreetboy]

Perhaps [MENTION=463718]Newsfeed[/MENTION] can do an article on it so this thread don't have to get bumped every few months.

 

[Bryn]

I wouldnt trust lastpass after they have been hacked twice leaking information in recent years.

LastPass is as trustworthy as it comes. If you can't trust them then you can't trust anyone.

 

[IOPS]

LastPass is as trustworthy as it comes. If you can't trust them then you can't trust anyone.

LastPass is good, KeePass is better.

 

[backstreetboy]

LastPass is good, KeePass is better.

Keepass doesn't have 2fa generation integration unless you use an addon.

 

[Bryn]

LastPass is good, KeePass is better.

Hell no man. Keepass is janky as hell compared to the slickness and conveniences of LastPass. LastPass has it all - cloud-based convenience, family sharing, integration with all major 2FA solutions incl. its own app, Google Authenticator and YubiKey, apps/extensions on every major platform/browser, exceptional security etc.

LastPass + YubiKey 4 = security enlightenment.

 

[IOPS]

Hell no man. Keepass is janky as hell compared to the slickness and conveniences of LastPass. LastPass has it all - cloud-based convenience, family sharing, integration with all major 2FA solutions incl. its own app, Google Authenticator and YubiKey, apps/extensions on every major platform/browser, exceptional security etc.

LastPass + YubiKey 4 = security enlightenment.

Generally sharing passwords over the Cloud isn't the best idea.
The company I work for uses LastPass and it's a great app with a lot of features. I trust my personal passwords on KeePass.

 

[Bryn]

Generally sharing passwords over the Cloud isn't the best idea.
The company I work for uses LastPass and it's a great app with a lot of features. I trust my personal passwords on KeePass.

Sharing between LastPass users is very secure. It's a new focus of theirs in recent years.

A good security solution should be as effortless and seamless as possible. Keepass is not anywhere close to that. Hence why I recommend not merely relying on LastPass, but LastPass combined with a YubiKey. Both are extremely user friendly and provide an amazing level of security. There's a reason all Google employees are required to use a YubiKey 4.

 

[Adenoid Hynkel]

Wasn't LastPass hacked?

Not sure why people spend money on closed software. Bitwarden offers the same and is open source. Can even be hosted by yourself. Works with 2fa, yubikey and can be synced across devices, for 10$ a year.

 

[Bryn]

Wasn't LastPass hacked?

Not sure why people spend money on closed software. Bitwarden offers the same and is open source. Can even be hosted by yourself. Works with 2fa, yubikey and can be synced across devices, for 10$ a year.

LastPass has never lost sensitive information from what I understand - just unusable crap on one occasion I think. And even if sensitive info was hacked, it would be difficult to impossible for anyone to make use of it.

LastPass isn't a religion to me. If Bitwarden Premium is better then I'm up for switching. Do you use it? And can you compare the user experience to LastPass if you've used the latter too?

 

[Bryn]

[MENTION=66972]3lOH55A[/MENTION] I installed Bitwarden shortly after your post, and I must say there are no obvious deficiencies compared to LastPass. In fact there are some aspects I rather prefer, such as the blue colours (less aggressive than red), the way that you can browse nearly all aspects of the service within the slick popout window in the browser extensions, the reputation of the developer for honesty, hard work and responsiveness, the Premium price tag etc. It was also very easy to export my data from LastPass and import it into Bitwarden, with the lone hassle of needing to replace "&" with "&" in the text file to not destroy dozens of passwords. Seriously stupid bug for LastPass to have. Manually configuring all the equivalent domains was mildly irritating too, but it's a once-off thing.

I'll keep using it for a few days and perhaps end up ditching LastPass. Thanks for mentioning it!

 

[Adenoid Hynkel]

[MENTION=105871]Bryn[/MENTION]

I've never really used LastPass. I did install it way back and had plenty issues. I then used Dashlane for a year but was put off by the costs. Before that I used keepass.

Been using bitwarden now for over a year and am fairly happy with it.

 

[Fulcrum29]

I use both Authy and Google Authenticator, Authy is always backed up. I only wish that Authy and Google Authenticator could do direct import/export into each other. To rest every 2FA, some being a hassle... no, there must be an easier method.

 

[saor]

[MENTION=400131]Jamie McKane[/MENTION] [MENTION=463718]Newsfeed[/MENTION]

Thanks for the 2FA article.

 

[Solarion]

Need some advice guys pls.

I've used http://passwordsgenerator.net/

and then a unique password for each of my clients databases.

I've then saved it into Bitwarden. IS this proper practice?

 

[IOPS]

Need some advice guys pls.

I've used http://passwordsgenerator.net/

and then a unique password for each of my clients databases.

I've then saved it into Bitwarden. IS this proper practice?

Not sure this is the correct thread.
By referring to database do you mean something like a MySQL DB or a password database (vault)

Where possible, try generating passwords locally. For client work I typically use openssl to generate passwords using base64.

 

[backstreetboy]

Need some advice guys pls.

I've used http://passwordsgenerator.net/

and then a unique password for each of my clients databases.

I've then saved it into Bitwarden. IS this proper practice?

Surely Bitwarden can generate passwords for you otherwise it'll be pointless just offering a vault? I'll stick to Lastpass thanks specially after reading this https://medium.com/@davis.a.brandon/bitwarden-doesnt-care-about-security-59e2ef87870a. Lastpass and Lastpass Authenticator is free whereas with Bitwarden you have to pay for TOTP.

 

[Solarion]

Surely Bitwarden can generate passwords for you otherwise it'll be pointless just offering a vault? I'll stick to Lastpass thanks specially after reading this https://medium.com/@davis.a.brandon/bitwarden-doesnt-care-about-security-59e2ef87870a. Lastpass and Lastpass Authenticator is free whereas with Bitwarden you have to pay for TOTP.

Well, mixing browsers up with secure logins is already a problem. On that site I linked, passwordgenerator that have this in big bold writing further down

8. Do not let your Web browsers( FireFox, Chrome, Safari, Opera, IE ) to store your passwords, since all passwords saved in Web browsers can be revealed easily.

In that article:

When you first install BitWarden in your browser

I can hear a tiny alarm bell going off inside my head just reading what that guy did. Yes the functionality should be rock solid but I'll tell you what, I just do not.....trust......browers.