Password vaults & 2 Factor Authentication

[EuroMoto]

Just curious if anyone is using a password vault and 2FA? I have a LOT of passwords between work and home (I also manage my mother's finances and such) and storing them in a browser is pretty risky these days. I do have a password vault app on my phone that strictly stores passwords, but doesn't help at log in or anything. To use I open the app, retrieve the password, input it into the site, and then log in. (1st world problems)

I've been researching better options while under a blanket of snow this weekend and have learned some about manager apps and yubikeys. In my ideal world, I'd store the passwords in an app that is bound to my laptop at work, with a copy on my home computer, and use a Yubikey to verify who I am. sadly, every one I see is actually a web based vault and that seems like a way to reduce security....I'm sure there are things in place but one of the big players was breached awhile back so I worry.

If you have experience, I'm all ears.

 

[Shinyribs]

I'm super sloppy with passwords, but I have nothing of value online. If my forum account gets hacked I'll be ok 😁

I let Google auto fill all my logins, which I'm gonna guess is probably a horrible idea.

2FA is something I'm not familiar with. How would that work ?

 

[ZoomerP]

I'm super sloppy with passwords, but I have nothing of value online. If my forum account gets hacked I'll be ok 😁

I let Google auto fill all my logins, which I'm gonna guess is probably a horrible idea.

2FA is something I'm not familiar with. How would that work ?

Multi-factor authentication - Wikipedia

en.wikipedia.org

It's been around for a long time.

You've probably already used it. Has Google or another site told you to check your phone for a code to enter after you've already entered your username & password? Google can also use a fingerprint scan on your phone.

RSA has been at it for a long time. Their SecureID system used to be available for PayPal, but they've moved to authentication through phones. I still like the security offered by a dedicated token.

 

[JimVonBaden]

I just go old school. I use an excel spreadsheet that is password protected. I can copy and paste easily.

 

[keyzard]

Bitwarden with 2FA here. I have approx 500 account/passwords stored. I use the browser extension in chrome on my PC's and the mobile app on my phone.
The free version is sufficient for most, we use the paid version so we can have a family group for the accounts my wife and I both need access to (utilities, etc).

 

[woods]

I have none written down and all memorized. All random too. And there's quite a few accounts.

I'm fucked if I ever go senile.

 

[JimVonBaden]

I have none written down and all memorized. All random too. And there's quite a few accounts.

I'm fucked if I ever go senile.

No way I could memorize my 50 or so passwords, especially when the requirements for each one are often vastly different.

 

[woods]

No way I could memorize my 50 or so passwords, especially when the requirements for each one are often vastly different.

I can tell you the license plate and which vehicle it belonged to of every vehicle I've owned since I've started driving.

Don't get me started on phone numbers. I can ramble off close to 300 right off the top of my head with names and addresses.

 

[JimVonBaden]

I can tell you the license plate and which vehicle it belonged to of every vehicle I've owned since I've started driving.

Don't get me started on phone numbers. I can ramble off close to 300 right off the top of my head with names and addresses.

Conversely, it took me 3 years to remember my own phone number.

 

[woods]

Conversely, it took me 3 years to remember my own phone number.

Took me 15m to find my truck keys yesterday. So there's that.

 

[EuroMoto]

Bitwarden with 2FA here. I have approx 500 account/passwords stored. I use the browser extension in chrome on my PC's and the mobile app on my phone.
The free version is sufficient for most, we use the paid version so we can have a family group for the accounts my wife and I both need access to (utilities, etc).

Bitwarden is the one I've been researching the most (and using a physical Yubikey).

 

[ZoomerP]

Bitwarden is the one I've been researching the most (and using a physical Yubikey).

I'll look into Bitwarden. $10/year for a Premium account with a token is a good deal. Thanks to you and keyzard .

The password manager trusted by millions | Bitwarden

Bitwarden makes it easy for businesses and individuals to securely generate, store, and share passwords from any location, browser, or device. Create your free Bitwarden account today.

bitwarden.com

Bitwarden Review

Bitwarden is simply the best app we've tested for free password management, while the paid version adds extra security and storage options at a low price.

www.pcmag.com

Phones have been compromised often enough that I don't like using them as part of authentication. I don't think I'll be targeted for SIM swapping, but I'd rather not find out I was wrong. Dedicated tokens are reliable and aren't that expensive.

 

[CTG]

Trust cloud services, ie third parties with passwords?

Think about that.

No!

 

[Alan F.]

I use Microsoft Authenticator for everything at work. Anytime I log into anything in the Microsoft Edge browser on my laptop with a saved password, Microsoft Authenticator texts a 2-digit code to my phone that I need to enter into the MSauthenticator app on my phone, followed by a fingerprint scan.

So someone would need my password, my phone, access to my text messages, access to my Microsoft Authenticatior account, and my fingerprint to get around it.
That's not to say this can't be done without my knowledge, but it's good enough for my employer.

 

[Expat47]

I've been using NordPass for a couple of years and it syncs across my devices. A good friend uses the free BitWarden and he's happy, too.

 

[DJ_MI]

I keep it simple and use the same 128 character long password for all my accounts.