|
No one can protect your stuff better than you.
|
|
|
|
|
|
I use Keepass and I could not be more pleased with it. I do not trust Google as far as I could throw a Sherman tank.
Zaphod
|
|
|
|
|
I don't use Chrome. I do use Edge and let MS manage and sync my passwords. Edge also alerts me when a userid/password combination has been discovered on the dark web.
|
|
|
|
|
absolutely NO to me...
diligent hands rule....
|
|
|
|
|
I'm just sooo tired of thinking about elephanting passwords.
CI/CD = Continuous Impediment/Continuous Despair
|
|
|
|
|
I'm never logged in to Google, but use Chrome's pwd manager (on my Windows box) to manage my passwords and credit card information. As I understand, this data is local to my PC.
/ravi
|
|
|
|
|
Ravi Bhavnani wrote: As I understand, this data is local to my PC. Google / Chrome and only local in PC... do you really believe it?
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
Like I said, you can always keep your passwords under your mattress.
|
|
|
|
|
"I'll back that up to the cloud for you." -- Clippy
|
|
|
|
|
Nelek wrote: do you really believe it? Even with not being logged in to Google (and therefore it not knowing the user context)?
/ravi
|
|
|
|
|
Have you ever been logged in to google in that computer? How many people log in to google in that machine? Do you use a gmail account? How often do you use it? Have you used it to register to some of the places that you manage with the password manager? How often do you clear the history, cookies and other stuff?
They might know more than you think. Even without being 100% sure because you are not logged in, they could have a "good estimation".
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
I use Firefox's password manager, but NOT for anything that touches financial. That's all off line.
|
|
|
|
|
I have no worry at all with Google managing my passwords. They have been doing a fine job all these years, with no security breaches that I am aware of with my accounts.
All of my financial sites, and most sites that I pay money on, require 2FA. So, even if my password is compromised, they still can't get in.
You know, you can always keep your passwords under the mattress. Just saying.
|
|
|
|
|
Actually,
The APT17 group via shared international tooling performed Operation Aurora[^] a which penetrated Google along with a myriad of other national assets.
|
|
|
|
|
and yet, my username and passwords have not been compromised. By law, Google would have to notify me if they were. I have yet to receive any such notification.
|
|
|
|
|
Slacker007 wrote: By law, Google would have to notify me if they were. I have yet to receive any such notification. Yas if they always do what law says...
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
|
not really. Big corporations don't care about keeping user data safe - all I have to do is cite the dozens of breaches and the delayed "oops, we got hacked" announcement. I refer you to the Equifax case where they kept it under wraps for quite a long time.
I guess I can see the efficacy of checking the dark web for accounts/passwords, but that means they have my account / password in the clear. Hmmm.
Charlie Gilley
<italic>Stuck in a dysfunctional matrix from which I must escape...
"Where liberty dwells, there is my country." B. Franklin, 1783
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
|
|
|
|
|
How is Google or anyone else supposed to know what was stolen?
|
|
|
|
|
Google isn't quite Facebook when it comes to privacy scandals (and to make things more spicy, Facebook announced homomorphically analyzing encrypted user communication to target ads), but they're not that far behind, including Google insiders stating that location privacy settings on Android are obtuse on purpose to trick people into not disabling location tracking.
My point is, I suggest not to trust Google. At all. Their "don't be evil" motto has been a hollow shadow 10 years ago and there's no reason to assume things would get any better.
|
|
|
|
|
Use the browsers manager for basic websites, say codeproject, and 1Password for everything else, it's never been hacked, and will protect your stuff better than you can. There are so many websites, the totally undisputed best thing you can do, is use a different password on each one.
I can't remember them, so 1Password does.
|
|
|
|
|
I also use 1Password. It defaults at 20 characters but you can set it longer or shorter and tell it to include dashes, hyphens and characters. I've had problems because of the website (doesn't allow underscores or something similar) but not with the 1Password program. I don't trust Google, I'm not sure about FireFox, and at times I've heard bad things about most pay password managers, but a lot of that is that people don't like the re-occurring cost. I don't either, but I don't want to try writing something myself and my only real option other than a manager is to write it down, even though I'm not supposed to. And I still need to come up with a unique password myself that doesn't violate whatever rules that site/program requires.
There are probably other good managers out there, so pick one. That's the path I would advise- find a dedicated password program that isn't owned by a company whose primary business is selling your information.
|
|
|
|
|
I use Keepass, but have been wondering if it is a good idea. It is open-source, so couldn't someone motivated just gt the code to decrypt it and bust any keepass database?
|
|
|
|
|
Maybe I'm thinking old-school and this has been mitigated, but...
Isn't the browser's password manager running in, well, the same process space as the browser itself?
Doesn't that mean that a running plug-in is just a buffer overflow away from being able to access any memory the browser has access to, including that of its password manager...?
|
|
|
|