Active discussions

Meet the Other Phone. Protection built in.

Meet the Other Phone.
Protection built in.

Buy now

Please or to access all these features

Talk
AIBU?

Share your dilemmas and get honest opinions from other Mumsnetters.

Original poster

To ask about how safe password managers are?

13 replies

Liveonyournerves · 24/06/2021 19:39

I use LastPass, a Password Manager. I love it! But my DH came home and we were looking at a bank account thing together, and he saw LastPass for the first time and was really concerned that if anyone 'hacked' my LPass, they'd have access to so many financials.

I thought it was really secure. Am I being naieve?

If you use it, do you not put in any passwords to sensitive accounts?

OP posts:
jgw1 · 24/06/2021 19:41

I am sure that any computer is completely secure if it is not connected to any others.
By the same token, any computer that is connected to another I would assume is insecure.

nomorespaghetti · 24/06/2021 19:45

It’s a good question. I use one too, I really like it. So much easier than trying to remember passwords, and all the passwords it generates seems pretty strong. I have 2 factor authentication on it, which should make things more secure - is there 2 factor on last pass? Re banking, whenever I want to move money I need to use a passcode generator keypad thingy, or confirm the transaction somehow (code texted to me or similar), so hopefully that would make things pretty secure even if someone accessed a password…

User0ne · 24/06/2021 19:50

DH is a cyber security wallah and says last pass is great. Though he would have 2 factor authentication on anything with bank details.

Also it is only as good as the master password (the password for lastpass) which ideally will be 3/4 random words strung together.

TinySaltLick · 24/06/2021 19:54

Use two factor authentication on your password manager. Whilst he is correct - the advantage is you can have strong passwords which are all dissimilar across many sites which you'd never be able to remember manually. Just make sure you have a strong password and 2 factor auth on the password manager and you are fine.

A much better situation than having simpler passwords which you attempt to memorise. Most people use the same or very similar passwords across services - when one of them inevitably gets hacked your username and password can be leaked. Lots of account theft / and fraud happens this way as leaked user/pass combos can be automatically tested against loads of sites very quickly.

Original poster
Liveonyournerves · 24/06/2021 19:54

I don't know if I do have 2 factor author on the password manager or if Last Pass even does that?

OP posts:
Original poster
Liveonyournerves · 24/06/2021 19:59

Sorry, am being really obtuse - what does it mean to have 2 factor auth?

OP posts:
Slippy78 · 24/06/2021 20:03

which ideally will be 3/4 random words strung together
No. Ideally it will be a long random string of letters, numbers and special characters that doesn't contain words in any language.

SallySycamore · 24/06/2021 20:08

There's an XKCD for that...

To ask about how safe password managers are?
TinySaltLick · 24/06/2021 20:19

@Liveonyournerves

Sorry, am being really obtuse - what does it mean to have 2 factor auth?
Yes it does - www.lastpass.com/two-factor-authentication

Two factor authentication, or 2fa, is where you provide two pieces of data to authenticate yourself. The first is the password - the first second could be something like a code texted to your phone. This is the most common and banks for example typically have this on by default. Eg you log in, then it says 'we have texted a 6 number code to your phone - it is valid for the next 10 mins'. This means even if someone cracked your password, they'd need to also steal your mobile phone - which is enough of a deterrent unless you are a spy or a high ranking political figure for instance

Another common one for the second piece of info is an authenticator app on your phone, which will give a new string of numbers or letters say every 60 seconds. So once again you can only log in if someone has your details, your password, and has access to the authenticator app on your device.

Original poster
Liveonyournerves · 24/06/2021 20:28

Thank you @TinySaltLick - so helpful

OP posts:
Slippy78 · 24/06/2021 20:33

I'm familiar with the XKCD. When I said long I meant around 30 random characters, not 11....

LavendulaAngustifolia · 24/06/2021 20:43

Last pass doesn't know what your passwords are. They just encrypt the key to the vault where your passwords are kept at the device. If lasspass gets hacked (only ever happened once) the hackers wouldn't be able to see your passwords.

SallySycamore · 24/06/2021 20:53

@Slippy78

I'm familiar with the XKCD. When I said long I meant around 30 random characters, not 11....
Is that actually usable for the average person though?

I know for numbers in working memory it's usually about 7, and I know there are ways of increasing that (rhythms, mnemonics, chunking etc like you'd use for phone or credit card numbers), but once you add letters and symbols that you can't actually pronounce could most people actually remember that?

Using words you can very quickly increase the number of characters, so I suppose it's a trade-off between "guessability" by a computer or a human.

New posts on this thread. Refresh page