![]() Please be careful with using the “YubiKey” term, although common on this board to use it to imply FIDO U2F (now also called FIDO2/CTAP1) or FIDO2/CTAP2, it can and has cause much confusion. The UI bugs me a little at times, and the auto-fill can be a little wonky/annoying at times, but overall - good. I can also grant my wife access to specific passwords in my set and vice versa, either full access or read-only. Once I learned some nuances, it solves a lot of such security issues for me, and works seamlessly between windows PC and android devices at any rate. I have little experience with other tools and so can't compare them I suspect that all of these can be frustrating and a bit complicated at times, but I've been content overall with this choice. Keeper also has a procedure where you can allow emergency access to, I think, up to 5 people you designate in the case of incapacity or death - think "digital legacy". Scroll down in this to read Keeper's approach: This is a tough balancing act, I think, as of course you don't want someone nefarious to "recover" your account. It also has an account recovery procedure in case of a forgotten master password. It does support security keys including Yubikey. Those numbers are everywhere and different for everyone: phone numbers (remember when we had to remember those?) of childhood friends, old girlfriends, long-deceased relatives, etc university PO Box numbers or ID numbers (I still remember both of mine) house numbers of previous addresses or of the people above intersections of main highways near previous homes and tons of other numbers that are still with me decades after I had any use for them.ĭo any of these services allow the use of a Yubikey? ![]() My master passphrases consist of a wordstring or two that are unforgettable to me but practically meaningless to anyone else with a couple of unforgettable (to me) multi-digit numbers that likewise have no meaning even to my closest friends or relatives. The other passphrase which accesses the database for my more mundane accounts is listed in the letter of instructions I have left for my heirs. I doubt I could forget either one before I completely lose my marbles, but I do have a "hint" hidden for the passphrase of the database that I use much less frequently that contains the passwords to my financial accounts that would be a catastrophe to lose. I have two different encrypted databases so I have two master passphrases to remember. But I use a Mac with touch ID, and I have an apple watch, both of which reduce the number of times that I have to enter the master password.ĭifferent PW manager here, but similar passphrase methods. In several years of use, I have yet to forget my master password, although I will occasionally make a typo and have to re-type it. Should something happen to me, my family knows where to find the master password. I then keep a copy of the password on otherwise blank sheet of paper in a locked, hidden safe in my house. The result is a password that I can remember, but that is very difficult to crack. I then combine this phrase with 2 sets of obscure numbers from my past. ![]() Full disclosure: I'm currently a user of LastPass but am far from committed to it.įor my master password, I use a lengthy phrase from my youth that only has meaning to me. I would appreciate others' comments on this. When I think through the potential complications of the 'write it down' and emergency contact options, my logic comes back to the SMS/email options of LastPass as the most pragmatic (though it has its' own challenges). I took a quick look at three (LastPass, 1Password, and Bitwarden) from this standpoint and have come to the conclusion that except for LastPass, the only practical options are writing the password down and storing it locally (or in a cloud application) or using the emergency contact option to give other(s) access. Though I've seen no data, I'm guessing that more people have forgotten their master password than have had their passwords decrypted by a cyber criminal. I might have been able to in my 20's or 30's, but not now). One of my main considerations for choosing a password manager is account recovery in case of forgotten master password (I have nearly zero confidence of being able to indefinitely remember one or more sufficiently complicated passwords of 20+ random characters/numbers and/or strings of several unrelated words.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |