Save your 2FA keys!

saor

Honorary Master
Joined
Feb 3, 2012
Messages
19,352
#21
Enable 2FA on all accounts and backup keys where necessary.
Any private wallets (myetherwallet etc) - keep your private keys / JSON files saved offline, not on your pc somewhere.
 

saor

Honorary Master
Joined
Feb 3, 2012
Messages
19,352
#22
Reminder:

● Enable 2FA on all accounts that support it (mail, exchanges etc.)
● Back up 2FA codes if it's not done automatically.
 

backstreetboy

Honorary Master
Joined
Jun 15, 2011
Messages
12,588
#24
Perhaps [MENTION=463718]Newsfeed[/MENTION] can do an article on it so this thread don't have to get bumped every few months.
 

Bryn

Doubleplusgood
Joined
Oct 29, 2010
Messages
13,870
#28
LastPass is good, KeePass is better.
Hell no man. Keepass is janky as hell compared to the slickness and conveniences of LastPass. LastPass has it all - cloud-based convenience, family sharing, integration with all major 2FA solutions incl. its own app, Google Authenticator and YubiKey, apps/extensions on every major platform/browser, exceptional security etc.

LastPass + YubiKey 4 = security enlightenment.
 

IOPS

Well-Known Member
Joined
Oct 2, 2016
Messages
426
#29
Hell no man. Keepass is janky as hell compared to the slickness and conveniences of LastPass. LastPass has it all - cloud-based convenience, family sharing, integration with all major 2FA solutions incl. its own app, Google Authenticator and YubiKey, apps/extensions on every major platform/browser, exceptional security etc.

LastPass + YubiKey 4 = security enlightenment.
Generally sharing passwords over the Cloud isn't the best idea.
The company I work for uses LastPass and it's a great app with a lot of features. I trust my personal passwords on KeePass.
 

Bryn

Doubleplusgood
Joined
Oct 29, 2010
Messages
13,870
#30
Generally sharing passwords over the Cloud isn't the best idea.
The company I work for uses LastPass and it's a great app with a lot of features. I trust my personal passwords on KeePass.
Sharing between LastPass users is very secure. It's a new focus of theirs in recent years.

A good security solution should be as effortless and seamless as possible. Keepass is not anywhere close to that. Hence why I recommend not merely relying on LastPass, but LastPass combined with a YubiKey. Both are extremely user friendly and provide an amazing level of security. There's a reason all Google employees are required to use a YubiKey 4.
 

3lOH55A

Expert Member
Joined
Oct 15, 2008
Messages
3,614
#31
Wasn't LastPass hacked?

Not sure why people spend money on closed software. Bitwarden offers the same and is open source. Can even be hosted by yourself. Works with 2fa, yubikey and can be synced across devices, for 10$ a year.
 
Last edited:

Bryn

Doubleplusgood
Joined
Oct 29, 2010
Messages
13,870
#32
Wasn't LastPass hacked?

Not sure why people spend money on closed software. Bitwarden offers the same and is open source. Can even be hosted by yourself. Works with 2fa, yubikey and can be synced across devices, for 10$ a year.
LastPass has never lost sensitive information from what I understand - just unusable crap on one occasion I think. And even if sensitive info was hacked, it would be difficult to impossible for anyone to make use of it.

LastPass isn't a religion to me. If Bitwarden Premium is better then I'm up for switching. Do you use it? And can you compare the user experience to LastPass if you've used the latter too?
 

Bryn

Doubleplusgood
Joined
Oct 29, 2010
Messages
13,870
#33
[MENTION=66972]3lOH55A[/MENTION] I installed Bitwarden shortly after your post, and I must say there are no obvious deficiencies compared to LastPass. In fact there are some aspects I rather prefer, such as the blue colours (less aggressive than red), the way that you can browse nearly all aspects of the service within the slick popout window in the browser extensions, the reputation of the developer for honesty, hard work and responsiveness, the Premium price tag etc. It was also very easy to export my data from LastPass and import it into Bitwarden, with the lone hassle of needing to replace "&" with "&" in the text file to not destroy dozens of passwords. Seriously stupid bug for LastPass to have. Manually configuring all the equivalent domains was mildly irritating too, but it's a once-off thing.

I'll keep using it for a few days and perhaps end up ditching LastPass. Thanks for mentioning it!
 

3lOH55A

Expert Member
Joined
Oct 15, 2008
Messages
3,614
#34
[MENTION=105871]Bryn[/MENTION]

I've never really used LastPass. I did install it way back and had plenty issues. I then used Dashlane for a year but was put off by the costs. Before that I used keepass.

Been using bitwarden now for over a year and am fairly happy with it.
 

Fulcrum29

Honorary Master
Joined
Jun 25, 2010
Messages
27,978
#35
I use both Authy and Google Authenticator, Authy is always backed up. I only wish that Authy and Google Authenticator could do direct import/export into each other. To rest every 2FA, some being a hassle... no, there must be an easier method.
 

saor

Honorary Master
Joined
Feb 3, 2012
Messages
19,352
#36
[MENTION=400131]Jamie McKane[/MENTION] [MENTION=463718]Newsfeed[/MENTION]

Thanks for the 2FA article.
 

IOPS

Well-Known Member
Joined
Oct 2, 2016
Messages
426
#38
Need some advice guys pls.

I've used http://passwordsgenerator.net/

and then a unique password for each of my clients databases.

I've then saved it into Bitwarden. IS this proper practice?
Not sure this is the correct thread.
By referring to database do you mean something like a MySQL DB or a password database (vault)

Where possible, try generating passwords locally. For client work I typically use openssl to generate passwords using base64.
 

backstreetboy

Honorary Master
Joined
Jun 15, 2011
Messages
12,588
#39
Need some advice guys pls.

I've used http://passwordsgenerator.net/

and then a unique password for each of my clients databases.

I've then saved it into Bitwarden. IS this proper practice?
Surely Bitwarden can generate passwords for you otherwise it'll be pointless just offering a vault? I'll stick to Lastpass thanks specially after reading this https://medium.com/@davis.a.brandon/bitwarden-doesnt-care-about-security-59e2ef87870a. Lastpass and Lastpass Authenticator is free whereas with Bitwarden you have to pay for TOTP.
 

Solarion

Honorary Master
Joined
Nov 14, 2012
Messages
18,249
#40
Surely Bitwarden can generate passwords for you otherwise it'll be pointless just offering a vault? I'll stick to Lastpass thanks specially after reading this https://medium.com/@davis.a.brandon/bitwarden-doesnt-care-about-security-59e2ef87870a. Lastpass and Lastpass Authenticator is free whereas with Bitwarden you have to pay for TOTP.
Well, mixing browsers up with secure logins is already a problem. On that site I linked, passwordgenerator that have this in big bold writing further down

8. Do not let your Web browsers( FireFox, Chrome, Safari, Opera, IE ) to store your passwords, since all passwords saved in Web browsers can be revealed easily.

In that article:
When you first install BitWarden in your browser
I can hear a tiny alarm bell going off inside my head just reading what that guy did. Yes the functionality should be rock solid but I'll tell you what, I just do not.....trust......browers.
 
Top