Lesson Learned - Secure Your Logins

Growltiger

Administrator
Administrator
Joined
Apr 26, 2008
Messages
13,546
Location
Up in the hills, Gloucestershire, UK
I just finished going through that. It led me to The World's Best Password Advice:

https://www.michaelhorowitz.com/BestPasswordAdvice.php

I think that is excellent advice on managing passwords. It convinced me to give up on LastPass. I don't use it anymore anyway since I much prefer KeePassX.

So I want to get rid of LastPass. If I just drop the app in the trash does that remove it completely?
You need to delete the database too. This should help (scroll down for the Mac):
https://support.logmeininc.com/last...-lastpass-data-stored-on-my-computer-lp070008

I use KeePass as well. Good security and simple. Despite trusting it I never transfer or sync the data across the internet.
 

Butlerkid

Cafe Ambassador
Administrator
Joined
Apr 8, 2008
Messages
24,424
Location
Rutledge, Tennessee
Real Name
Karen
I just finished going through that. It led me to The World's Best Password Advice:

https://www.michaelhorowitz.com/BestPasswordAdvice.php

I think that is excellent advice on managing passwords. It convinced me to give up on LastPass. I don't use it anymore anyway since I much prefer KeePassX.

So I want to get rid of LastPass. If I just drop the app in the trash does that remove it completely?
WOW! Thanks so much for that link!!!!
 

Butlerkid

Cafe Ambassador
Administrator
Joined
Apr 8, 2008
Messages
24,424
Location
Rutledge, Tennessee
Real Name
Karen
I just finished going through that. It led me to The World's Best Password Advice:

https://www.michaelhorowitz.com/BestPasswordAdvice.php

I think that is excellent advice on managing passwords. It convinced me to give up on LastPass. I don't use it anymore anyway since I much prefer KeePassX.

So I want to get rid of LastPass. If I just drop the app in the trash does that remove it completely?
WOW! Thanks so much for that link!!!!
After reading this, I will clean up a few of my passwords which are duplicates.

But, my question is.......Which browser should one use? They only talked about Chrome as being "bad". Is there a "good" browser"? Should I never allow the browser to save passwords?
 

Growltiger

Administrator
Administrator
Joined
Apr 26, 2008
Messages
13,546
Location
Up in the hills, Gloucestershire, UK
I have scanned it and I don't see anything about Google Chrome itself being "bad". The weaknesses are all about plugins, permissions etc. This is why you should never allow any browser to save passwords, except passwords you don't care about in the least. That is the rule I follow. There are just too many potential vulnerabilities in browsers.

I strongly agree with him about using KeePass. I have about 600 current passwords stored in it.
 

Butlerkid

Cafe Ambassador
Administrator
Joined
Apr 8, 2008
Messages
24,424
Location
Rutledge, Tennessee
Real Name
Karen
OK
I have scanned it and I don't see anything about Google Chrome itself being "bad". The weaknesses are all about plugins, permissions etc. This is why you should never allow any browser to save passwords, except passwords you don't care about in the least. That is the rule I follow. There are just too many potential vulnerabilities in browsers.
.....I didn't understand. The extensions I have with Chrome.....are:

Ad Blocker Plus
Bookmark Sidebar
Google Docs Offline
Search Bar
Tab Activate
 
Joined
May 5, 2005
Messages
25,324
Location
SW Virginia
You need to delete the database too. This should help (scroll down for the Mac):
https://support.logmeininc.com/last...-lastpass-data-stored-on-my-computer-lp070008

The folder structure seems to be different in MacOS Big Sur from what is shown on that web page.

It's not in ~/Library/Containers/com.lastpass.LastPass/Data/Library/Application Support/LastPass/

It's in ~/Users/(username)/Library/Containers/com.lastpass.LastPass/Data/Library/Application Support/LastPass/

I guess I need to delete that whole folder.
 
Last edited:
Joined
May 5, 2005
Messages
25,324
Location
SW Virginia
This is why you should never allow any browser to save passwords, except passwords you don't care about in the least. That is the rule I follow. There are just too many potential vulnerabilities in browsers.

I strongly agree with him about using KeePass. I have abou 600 current passwords stored in it.

So do you open KeePass every time you need to retrieve a password you don't remember?
 
Joined
Jan 13, 2006
Messages
5,203
Location
Columbia, Maryland
Real Name
Walter Rowe
I just finished going through that. It led me to The World's Best Password Advice:

https://www.michaelhorowitz.com/BestPasswordAdvice.php

I think that is excellent advice on managing passwords. It convinced me to give up on LastPass. I don't use it anymore anyway since I much prefer KeePassX.

So I want to get rid of LastPass. If I just drop the app in the trash does that remove it completely?
I have AppCleaner installed. It reads the BOM (Bill of Materials) used to install the software and removes all the cruft in hidden places. More thorough than just dragging the app to the Trash. The app stores its data somewhere and you want to make sure that is deleted too.

https://freemacsoft.net/appcleaner/
 

Growltiger

Administrator
Administrator
Joined
Apr 26, 2008
Messages
13,546
Location
Up in the hills, Gloucestershire, UK
So do you open KeePass every time you need to retrieve a password you don't remember?
I have it open on my computer, and it locks after a certain time that I set, or I can lock it instantly. That way it only takes a moment to enter the password to open it.

Just in case I need it when I don't have a computer, I also have it on my phone, so I can always look things up. It's called KeePass2 Android. There are versions of KeePass for pretty much every platform, and the databases are all compatible. I have also used KeePassX on my Mac and it was happy to work with the same database.

I hold more than just passwords in it. It has reminders of how to access various systems as well. They are in categories like Computers, Finance, General, Internet.
I have a category called "Other people". That has an entry for each local person I help, so each entry will have info about various accounts they have that they need help with. For example how they can order a repeat prescription online when they can't make it work on their iPad (real example).
 
Joined
May 5, 2005
Messages
25,324
Location
SW Virginia
A few thoughts about password formulas:

1) Many web sites have minimum requirements for passwords: at least one UC and one LC letter, one number, and one non-alphanumeric character;

2) Some web sites or e-mail services require that passwords be changed annually;

3) Are blank spaces allowed in passwords?

#1 is fairly easily satisfied through one's choice of the root word and suffix. To satisfy #2, I plan to incorporate the year number in my scheme so it can be easily changed and remembered annually. As for #3, I know that is allowed by some services, but possibly not by others, so I guess I will avoid it. (I do use spaces in my KeePass master PW. I think spaces make it harder to crack.)
 

Growltiger

Administrator
Administrator
Joined
Apr 26, 2008
Messages
13,546
Location
Up in the hills, Gloucestershire, UK
A few thoughts about password formulas:

1) Many web sites have minimum requirements for passwords: at least one UC and one LC letter, one number, and one non-alphanumeric character;

2) Some web sites or e-mail services require that passwords be changed annually;

3) Are blank spaces allowed in passwords?

#1 is fairly easily satisfied through one's choice of the root word and suffix. To satisfy #2, I plan to incorporate the year number in my scheme so it can be easily changed and remembered annually. As for #3, I know that is allowed by some services, but possibly not by others, so I guess I will avoid it. (I do use spaces in my KeePass master PW. I think spaces make it harder to crack.)
1) All mine have UCs, LCs and numbers, all my important ones (ones that matter) have special characters as well.

3) I think it simplest to avoid spaces, they can lead to trouble in some cases such as when you see them expressed as %20. There is nothing special about them and there are so many fun characters to choose from instead - I won't tell you my favourites but they are somewhere in this lot:
¬ ` " $ % ^ & * ( ) - _ = + [ ] { } ; ' # : @ ~ \ | , . / < > ?
 

Growltiger

Administrator
Administrator
Joined
Apr 26, 2008
Messages
13,546
Location
Up in the hills, Gloucestershire, UK
Any reason not to use special characters like the degree symbol......other than several keys strokes are required to create it?
The characters you can be fairly certain will be accepted are the original ASCII character set:
1630156837312.png
Subscribe to see EXIF info for this image (if available)


You may get away with also using the second half, with the extended characters, and this includes the degree symbol, here is the whole lot:

1630156558190.png
Subscribe to see EXIF info for this image (if available)


All of the above are represented internally by one byte per character.

But where you are far more likely to run into trouble is if you start using other symbols which are from the Unicode character set, where each character is represented by two bytes.

Unicode is a most wonderful thing, a massive database of every symbol ever used by humans, with every language ever used included in it. Plus lots of useful symbols and the entire collection of emojis. It is one of the finest example of international cooperation and standardisation. If you write a doument encoded with Unicode, it will appear the same on every device in the world that supports unicode, with any of the characters being changed. Many of the fonts used in Word. for example, contain large portions of the Unicode character set. So you can use hieroglyphs for example.

The full answer is that it entirely depends on the programming of each individual website or program. I stick to what I know works.
 

Butlerkid

Cafe Ambassador
Administrator
Joined
Apr 8, 2008
Messages
24,424
Location
Rutledge, Tennessee
Real Name
Karen
The characters you can be fairly certain will be accepted are the original ASCII character set:
View attachment 1688342

You may get away with also using the second half, with the extended characters, and this includes the degree symbol, here is the whole lot:

View attachment 1688341

All of the above are represented internally by one byte per character.

But where you are far more likely to run into trouble is if you start using other symbols which are from the Unicode character set, where each character is represented by two bytes.

Unicode is a most wonderful thing, a massive database of every symbol ever used by humans, with every language ever used included in it. Plus lots of useful symbols and the entire collection of emojis. It is one of the finest example of international cooperation and standardisation. If you write a doument encoded with Unicode, it will appear the same on every device in the world that supports unicode, with any of the characters being changed. Many of the fonts used in Word. for example, contain large portions of the Unicode character set. So you can use hieroglyphs for example.

The full answer is that it entirely depends on the programming of each individual website or program. I stick to what I know works.
Thanks, Richard. I have always used the degree and copyright symbols. But I noticed that one of your special characters is from the second set, and didn't know how to create it. So a little research did the trick, but caused me to ask about other symbols in the second half above! LOL!
 
Joined
Jan 13, 2006
Messages
5,203
Location
Columbia, Maryland
Real Name
Walter Rowe
Thanks, Richard. I have always used the degree and copyright symbols. But I noticed that one of your special characters is from the second set, and didn't know how to create it. So a little research did the trick, but caused me to ask about other symbols in the second half above! LOL!
My rule of thumb is if I can type it with or without the SHIFT key, it is likely acceptable. Some password change forms have input validation that will limit it further (like SHIFT+top row numbers and punctuations, but perhaps not curly / square braces, forward and back slash, less / greater than, etc).
 

Growltiger

Administrator
Administrator
Joined
Apr 26, 2008
Messages
13,546
Location
Up in the hills, Gloucestershire, UK
Thanks, Richard. I have always used the degree and copyright symbols. But I noticed that one of your special characters is from the second set, and didn't know how to create it. So a little research did the trick, but caused me to ask about other symbols in the second half above! LOL!
Which one was it?
 

Latest threads

Links on this page may be to our affiliates. Sales through affiliate links may benefit this site.
Nikon Cafe is a fan site and not associated with Nikon Corporation.
Forum post reactions by Twemoji: https://github.com/twitter/twemoji
Forum GIFs powered by GIPHY: https://giphy.com/
Copyright © Amin Forums, LLC
Top Bottom