Got a credit card? use our Credit Card & Finance Calculators
Thanks to Anonymous,bruncher,niord,gvonge,Shelford, for Donating to support the site
1Password - how safe is it?
-
- Lemon Slice
- Posts: 637
- Joined: November 4th, 2016, 8:51 pm
- Has thanked: 64 times
- Been thanked: 140 times
1Password - how safe is it?
I mean I store all my passwords in it including bank/investment accounts, and for each login/password entry I’ve got an associated 'secure note' containing all the security questions and answers relating to that account. If anyone got hold of the password and hacked their way into my iPhone they’d have a field day.
I’m seriously thinking of going back to pen and paper, at least for the most important accounts.
Am I being paranoid?
I’m seriously thinking of going back to pen and paper, at least for the most important accounts.
Am I being paranoid?
-
- Lemon Quarter
- Posts: 4926
- Joined: November 4th, 2016, 10:15 am
- Has thanked: 636 times
- Been thanked: 2747 times
Re: 1Password - how safe is it?
You really have no way of knowing whether it was really developed by Chinese/Russian/North Korean state hackers and automatically passes on everyone's passwords to their equivalent of MI5. They say it's all protected by fancy encryption and stored on safe servers. But who knows.
It might be paranoid to think that or .....?
ps I use Lastpass and the same probably applies
It might be paranoid to think that or .....?
ps I use Lastpass and the same probably applies
-
- Lemon Quarter
- Posts: 2543
- Joined: January 15th, 2017, 9:20 am
- Has thanked: 717 times
- Been thanked: 1026 times
Re: 1Password - how safe is it?
I'm going through the pain of adding passwords to KeePassXC, but I'd not use it for anything that stored money, like banks and brokers, only accounts that had credit card and bank details, as the anti-fraud measures for the latter make up for the convenience. I know the program is open source, but you never know if a backdoor gets introduced in the supply chain.
You know when people steal your obfuscated piece of paper, and they are most unlikely to apply password crackers to it.
You know when people steal your obfuscated piece of paper, and they are most unlikely to apply password crackers to it.
-
- Lemon Quarter
- Posts: 4565
- Joined: November 4th, 2016, 2:25 pm
- Has thanked: 653 times
- Been thanked: 1291 times
Re: 1Password - how safe is it?
No such thing as 100% secure, but having something is better than nothing. The backdoor issue is difficult to analyse and quantify realistically.
You'll just have to become a keen reader of the security focused tech press and act accordingly if there's a serious issue highlighted in future...
Multifactor authorisation is a good way to increase the security of sensitive accounts or system log ins, hardware options like U2F keys are becoming more widely accepted and working with a wider range of services, including password managers.
https://en.wikipedia.org/wiki/Universal ... 20natively.
Or 2FA authentication apps are available, including big players like Microsoft and Google -- which will also work offline.
You'll just have to become a keen reader of the security focused tech press and act accordingly if there's a serious issue highlighted in future...
Multifactor authorisation is a good way to increase the security of sensitive accounts or system log ins, hardware options like U2F keys are becoming more widely accepted and working with a wider range of services, including password managers.
https://en.wikipedia.org/wiki/Universal ... 20natively.
Or 2FA authentication apps are available, including big players like Microsoft and Google -- which will also work offline.
-
- Lemon Quarter
- Posts: 2127
- Joined: November 4th, 2016, 9:40 am
- Has thanked: 1057 times
- Been thanked: 861 times
Re: 1Password - how safe is it?
Fluke wrote:I mean I store all my passwords in it including bank/investment accounts, and for each login/password entry I’ve got an associated 'secure note' containing all the security questions and answers relating to that account. If anyone got hold of the password and hacked their way into my iPhone they’d have a field day.
I’m seriously thinking of going back to pen and paper, at least for the most important accounts.
Am I being paranoid?
In case you do (go back to paper), have a look at this: https://www.labnol.org/software/write-p ... per/12972/
I’ve others of the kind, with various symbols (hearts/clubs etc) in the rows & columns.
-
- The full Lemon
- Posts: 10554
- Joined: November 4th, 2016, 9:33 am
- Has thanked: 3682 times
- Been thanked: 5339 times
Re: 1Password - how safe is it?
Fluke wrote:I mean I store all my passwords in it including bank/investment accounts, and for each login/password entry I’ve got an associated 'secure note' containing all the security questions and answers relating to that account. If anyone got hold of the password and hacked their way into my iPhone they’d have a field day.
I’m seriously thinking of going back to pen and paper, at least for the most important accounts.
Am I being paranoid?
If you are, then I am too!
I can't help being suspicious of anything which uses a third party tostore info. I know as a result my passwords are not the world's best, but I'll take that risk. Whatever I need is written down in a fairly cryptic reminder form in a little "code book". The chances of being burgled are fairly slim times the chances of a burglar nicking the code times the chances of the said burglar understanding the entries = low chance of being busted.
Arb.
-
- Lemon Quarter
- Posts: 4137
- Joined: November 4th, 2016, 9:24 am
- Has thanked: 3293 times
- Been thanked: 2871 times
Re: 1Password - how safe is it?
Arborbridge wrote:If you are, then I am too!
I can't help being suspicious of anything which uses a third party tostore info. I know as a result my passwords are not the world's best, but I'll take that risk. Whatever I need is written down in a fairly cryptic reminder form in a little "code book". The chances of being burgled are fairly slim times the chances of a burglar nicking the code times the chances of the said burglar understanding the entries = low chance of being busted.
Arb.
Do you have a photocopy as backup in case you lose your book?
If you are not aware, Keepass is open-source so if there is anything naughty in the code it would have been found by now. And the passwords are not stored with a third party, they are stored in an encrypted file on your PC (or phone or tablet).
--kiloran
-
- Lemon Quarter
- Posts: 4565
- Joined: November 4th, 2016, 2:25 pm
- Has thanked: 653 times
- Been thanked: 1291 times
Re: 1Password - how safe is it?
kiloran wrote:Arborbridge wrote:If you are, then I am too!
I can't help being suspicious of anything which uses a third party tostore info. I know as a result my passwords are not the world's best, but I'll take that risk. Whatever I need is written down in a fairly cryptic reminder form in a little "code book". The chances of being burgled are fairly slim times the chances of a burglar nicking the code times the chances of the said burglar understanding the entries = low chance of being busted.
Arb.
Do you have a photocopy as backup in case you lose your book?
If you are not aware, Keepass is open-source so if there is anything naughty in the code it would have been found by now. And the passwords are not stored with a third party, they are stored in an encrypted file on your PC (or phone or tablet).
--kiloran
Fire!
I know it's pedantic but unless you have a PC/Phone that is also open source on its firmware (BIOS and chip microcode) then you're still vulnerable to proprietary exploits, as per the Intel Spectre et al scare a while back. There are some open source boutique PC manufacturers in the Linux space...
-
- Lemon Quarter
- Posts: 4926
- Joined: November 4th, 2016, 10:15 am
- Has thanked: 636 times
- Been thanked: 2747 times
Re: 1Password - how safe is it?
So presumably before installing keypass one should download all the source code to one's PC and review it very carefully line by line for any back doors or malicious code. Then compile the EXE oneself before installing it?
Can't see many users doing that, or being competent to do it?
Can't see many users doing that, or being competent to do it?
-
- Lemon Quarter
- Posts: 4137
- Joined: November 4th, 2016, 9:24 am
- Has thanked: 3293 times
- Been thanked: 2871 times
Re: 1Password - how safe is it?
scrumpyjack wrote:So presumably before installing keypass one should download all the source code to one's PC and review it very carefully line by line for any back doors or malicious code. Then compile the EXE oneself before installing it?
Can't see many users doing that, or being competent to do it?
I think that's going a wee bit too far
But since it is a piece of security software, I think we can safely assume that competent people have had a good look at it.
--kiloran
-
- Lemon Quarter
- Posts: 4926
- Joined: November 4th, 2016, 10:15 am
- Has thanked: 636 times
- Been thanked: 2747 times
Re: 1Password - how safe is it?
Just because I'm paranoid, it doesn't mean they are not out to get me!
-
- The full Lemon
- Posts: 10554
- Joined: November 4th, 2016, 9:33 am
- Has thanked: 3682 times
- Been thanked: 5339 times
Re: 1Password - how safe is it?
kiloran wrote:Arborbridge wrote:If you are, then I am too!
I can't help being suspicious of anything which uses a third party tostore info. I know as a result my passwords are not the world's best, but I'll take that risk. Whatever I need is written down in a fairly cryptic reminder form in a little "code book". The chances of being burgled are fairly slim times the chances of a burglar nicking the code times the chances of the said burglar understanding the entries = low chance of being busted.
Arb.
Do you have a photocopy as backup in case you lose your book?
If you are not aware, Keepass is open-source so if there is anything naughty in the code it would have been found by now. And the passwords are not stored with a third party, they are stored in an encrypted file on your PC (or phone or tablet).
--kiloran
No. Good point, but I think most of the problems caused could be worked round in the same way as when you've forgotten the password.
Arb.
-
- Lemon Slice
- Posts: 637
- Joined: November 4th, 2016, 8:51 pm
- Has thanked: 64 times
- Been thanked: 140 times
Re: 1Password - how safe is it?
GrahamPlatt wrote:
In case you do (go back to paper), have a look at this: https://www.labnol.org/software/write-p ... per/12972/
I’ve others of the kind, with various symbols (hearts/clubs etc) in the rows & columns.
Thanks for the link Graham, what a good solution! I think I'll go down this route for some accounts and see how I get on.
If you are, then I am too!
I can't help being suspicious of anything which uses a third party tostore info. I know as a result my passwords are not the world's best, but I'll take that risk. Whatever I need is written down in a fairly cryptic reminder form in a little "code book". The chances of being burgled are fairly slim times the chances of a burglar nicking the code times the chances of the said burglar understanding the entries = low chance of being busted.
Arb.
Indeed
-
- Lemon Quarter
- Posts: 2127
- Joined: November 4th, 2016, 9:40 am
- Has thanked: 1057 times
- Been thanked: 861 times
-
- Lemon Slice
- Posts: 382
- Joined: November 4th, 2016, 12:49 pm
- Has thanked: 318 times
- Been thanked: 163 times
Re: 1Password - how safe is it?
scrumpyjack wrote:So presumably before installing keypass one should download all the source code to one's PC and review it very carefully line by line for any back doors or malicious code. Then compile the EXE oneself before installing it?
Can't see many users doing that, or being competent to do it?
I feel much the same about all T&C and Privacy statements which we're all meant to trawl through, understand and accept but how many do any of those things? I suspect VERY few. I've used KeepassXC for some time now, along with local Keyfile. So far so good !
-
- Lemon Quarter
- Posts: 1351
- Joined: March 27th, 2017, 11:41 am
- Has thanked: 605 times
- Been thanked: 589 times
Re: 1Password - how safe is it?
Nothing on computers is perfect and unbreakable, lastpass had some embarrassing problems a couple of years back.
That said companies like 1Password would have nothing to gain by breaking into your password, best case they gain access to your bank account but at the cost of losing millions of pounds in business.
So the risk is really from 3rd parties finding a way in.
If a backdoor is found and publicised - that will be patched very quickly.
If a backdoor is found and kept quiet, a so called zero-day, those exploits can be sold on the dark web for a lot of money. The kind of people who would pay 6 or 7 figures to get into your system are state level agencies, FBI, FSB etc. If those people are after you they will almost always find a way, they can tap your phone,SMS and email and probably plant a camera in your house to read that bit of paper.
One easy way to add a bit of extra security is to pick a letter on your keyboard, then fill in a complex password from the password manager and tack the extra letter on the end.
That said companies like 1Password would have nothing to gain by breaking into your password, best case they gain access to your bank account but at the cost of losing millions of pounds in business.
So the risk is really from 3rd parties finding a way in.
If a backdoor is found and publicised - that will be patched very quickly.
If a backdoor is found and kept quiet, a so called zero-day, those exploits can be sold on the dark web for a lot of money. The kind of people who would pay 6 or 7 figures to get into your system are state level agencies, FBI, FSB etc. If those people are after you they will almost always find a way, they can tap your phone,SMS and email and probably plant a camera in your house to read that bit of paper.
One easy way to add a bit of extra security is to pick a letter on your keyboard, then fill in a complex password from the password manager and tack the extra letter on the end.
-
- Lemon Slice
- Posts: 805
- Joined: November 4th, 2016, 6:49 pm
- Has thanked: 874 times
- Been thanked: 441 times
Re: 1Password - how safe is it?
Lanark wrote:One easy way to add a bit of extra security is to pick a letter on your keyboard, then fill in a complex password from the password manager and tack the extra letter on the end.
I've moved recently from Lastpass to Bitwarden as LP have changed their free version so it can only use on one type of device now (laptop OR mobile etc). BW is open source and has decent reviews, and is free.
I also use a similar system to that above. For a very secure password (banking etc of say 12 characters), the password will be inserted in a longer random set of characters and only I know where the correct password starts and ends. It also has a missing character somewhere in the password. It won't auto-fill of course but I'm happy with that. I'm sure there are dozens of more ways to hide/disguise a password in case a password manager system is ever hacked.
Return to “Technology - Computers, TV, Phones etc.”
Who is online
Users browsing this forum: No registered users and 13 guests