Password Manager - Should I Use Or Keep My Existing Paper Process?

Question: Should I use a password manager (such as LastPass, etc.) or continue with my current process of recording passwords?

OS: Windows 7 Home Premium 64 bit

I have about 170 accounts on password protected sites. This includes misc. sites where there is no personal data of any sort - and I could care less if these sites were hacked - plus sensitive sites such as investment sites which would be a disaster if the passwords for these sites were stolen.

The only device I use to access password protected sites is my laptop. The laptop is in my home. I (almost) never take it out of the house. I record passwords on paper which is kept on top of my desk. The risk for this process is that someone could break into my house and steal the papers.

Using a password manager would eliminate the above risk. But since most password managers would store my passwords on their servers, this would impose a new risk that their site could be hacked and the passwords stolen. Granted the password manager sites store the passwords encrypted. But can I trust their encryption so that even if the passwords were stolen the bad guy could not break the passwords?
An additional risk with password managers is that the 'master password' to log into my password vault could be broken. But this risk could be minimized by using a strong password (mix of characters, numbers & punctuation; long password of at least 14 characters).

Comments????

 

Unless you work for the CIA (or similar organization), nobody is going to brake into your house to steal papers.
That said, it's not a good idea to write done your passwords.

I have my passwords in a spreadsheet. The spreadsheet is archived - I use a password-protected non-compressed zip archive which is backed up.

Have a look at the portable version of KeePass which you can use on a flash drive.
http://keepass.info/download.html

 

After using FreePass for a few years I'm comfortable with it. I use a 15 character password but even if somehow that got cracked there is a second level of protection required if the intruder is using a device that hasn't previously been registered with LastPass, as he/she then has to provide characters from a 9 x 26 grid that only the user has. It's possible to use even heavier protection than that if you feel it necessary. I also keep a record in a spreadsheet that is encrypted on my NAS in case my internet isn't available. Personally I wouldn't remotely consider writing anything on paper let alone leaving it on the desk.

 

What am I thinking? It's LastPass I use. Apologies.

 

I normally use a note pad and keep it on a secondary hard drive that is portable.

I have accounts that has a password that is as long as 20 digits.I memorize all my passwords.

 

nothing wrong with the paper method. i actually use different methods, including paper, text files, and screen shots. for passwords, i rely on the different browsers' password managers, since it is easy to search for and find the usernames and passwords associated with web sites. with the advent of the world et al using security questions, i rely on text files and screen shots to remember my answers, since i just make up the security question answers, and they are not based on reality in any sense. i used to use paper to record everything initially, still do sometimes.

 

I second Eldon's KeePass and use the portable version myself. At least your information is not on the 'cloud' and so no chance of being hacked.

 

I am another vote for lastpass. It also integrates in most browsers including IE and now Edge too.

 

I'm with Plodr ,if I don't write it down, its gone ,but whos gonna steal a grocery list ?

 

I'm thinking we've gone off on a two or three week holiday and an intruder, seeing these computers in our 'office', has time to think beyond just nicking a couple of laptops. If he isn't a thicko a written list would be a gift from heaven, as well as invalidating your insurance. I think I'd rather put my trust in LastPass' heavy encryption.

 

In all honesty it's really not that hard to by pass a computer security system.

It all depends on how it's setup.I can get into a windows 7 system or 8 or vista with out a user password.

I don't even put a pass word on my laptop or desktop be cause i could just go and by another one or build another desktop.And it's a pain if it came down to a nasty virus or malware i would just reinstall windows.

I only do this type of things if a owner that asked me to fix there system but for got to tell me there password or 78 % of the time they have not used there computer in a while they simply for got it.

I would only do this type of thing for a last ditch effort.If they for got there own password to there system.I have run into a few of them issues in my time.

 

I have and will give someone back their pc after they have changed one too many times their password and forgotten what they have done. And if the machine allows and has space for a backup, I give them that option too. But as far as online accounts that's up to them to remember or use the 'forgotten password' link on that site. I'm not doing it. If you succeed and someone latter gets mad at you for some reason forensics may show where you've been and can grow to a felony charge real quick and may even cause a 'no contact with computers or other online electronic devices' which would ruin my day.

As for myself I use a variant of a password for most sites so I'm close to getting it right in only 3 or 4 guesses. And most places I have accounts and online activity at, it is not a major consequence if something happens. For more important activiyies I use a combination of phrases or verses from 2 totally different songs, poems, books, movies or such. Something like "JackandJillwentupahillandallthekingsmencouldntputhumptydumptybacktogetheragain"

 

Dunno what it's like where you are plodr but here, just outside a major city, no one takes any notice at all of burglar alarms, and even if you pay for it to connect to the police it's bottom of their priorities and the burglars know it. All the same I guess it would take some nerve to sit there studying passwords with 130Db going front and back But I'm not risking it and think I'd rather go on using my 15 character LastPass password. My wife is different. She is expert at shorthand and even another shorthand expert would struggle to read her black book. It's a rare and dying skill but not much point in me getting her to record my passwords as only she could read them!

 

From the local reports we clearly have a lot of new criminals in this upmarket area. My neighbour has been broken into twice in two weeks and I'm sitting on a letter from my alarm company setting out recommendations for further measures they recommend I should take. It would cost over £3,000 and a hefty increase in my maintenance costs if I agree. As the police do not seem to regard property crime as a priority I'm sceptical about the benefits though I half expect to find we have a problem every time we have to leave the place unattended for any length of time. Anyway, and back to the original question, I still feel that LastPass is as good an answer as exists at present to the problem of securing dozens of passwords while retaining ease of use.

 

What about Dashlane? The master password isn't stored on your pc or on Dashlane servers.

 

Dashlane is not for me. I would not give out the info it requires.

 

Hello,I think you give Lastpass a try.

 

It's "break" not "brake". Eldon, and can I recommend "Lightshot", it's free, integrates into all the systems and is not as bulky as Lastpass. It will also import all your Lastpass entries

 

Lightshot is a screenshot tool, not a password manager.