I appreciate that they are transparent about attacks. #2 It is a big target, and Lastpass knows any major breach could shut down the company. Your browser stores an offline encrypted copy of your passwords, so yes it should work offline. So far I've taken the following precautions: My main concern is financial accounts in which I have a large amount of assets. I'm starting to think that the "invent my own password and manually type in" method may not be the most secure. I only log in there once in a blue moon anyway.Īj76er wrote:When it comes to passwords, I've been old-fashioned, in that I have all my passwords written on a piece of paper and hidden in a safe location. Treasury Direct is notoriously a pain if you login incorrectly too many times and have to get some sort of medallion guarantee to reset it, I just prefer to do that particular account the manual method. Occassionally, automatic logins can go awry, especially if the website you're loging into has changed its format. Instead, I store my TreasuryDirect login info in a "secure note" on Lastpass, and log in the manual way. I haven't tested LastPass to automatically login to TreasuryDirect and don't wish to. However, many feel cautious about storing such info in the cloud, and I'm sure several Bogleheads will chime in recommending KeePass, which is on your local machine.ģ. I feel safe with LastPass, as they technically don't save your actual passwords in their database. I keep one in a VeraCrypt encrypted container, so if I ever need to access my passwords without internet, it's right there.Ģ. You can export your LastPass (or any other password manager) data to a CSV. I've been using LastPass for maybe three years now and hopefully can provide some helpful responses to your questions.ġ. Does LastPass work on sites like TreasuryDirect that have custom virtual keyboards when entering the password? Do you feel like there is warranted concern over future compromises? How would you rate the severity of existing data breaches?ģ. A centralized password management cloud service seems like it would have a pretty big target on it. On the wiki entry, there are documented incidents of data breaches. What if LastPass hosting goes down or is taken offline? Would I be unable to log into any of my accounts? Even if temporary, this is disconcerting.Ģ. In addition to above, I've been considering using a password manager, such as LastPass, but I have the following concerns:ġ. Enable two-factor authentication when available When I type in my password, always do it a little differently (using the mouse cursor to reposition)ģ. So far I've taken the following precautions:Ģ. When it comes to passwords, I've been old-fashioned, in that I have all my passwords written on a piece of paper and hidden in a safe location.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |