Author Topic: Password Managers for Mobile phones  (Read 2407 times)

gunwharfman

  • Veteran Member
  • *****
  • Posts: 10255
Password Managers for Mobile phones
« on: 13:10:11, 01/03/21 »
Do you use one? I do, well at least I did. I used LastPass on my PC and downloaded it to my mobile, and it always worked well. But this month Last Pass wants people to pay for one of these two options and I don't want to pay so I've deleted my Last Pass mobile app.

I then started to look for a new one for my mobile and have discovered there are loads of them! I've just logged into an article where the writer suggests that she's tested 52 of them!

I know I want a free one, but there seem to be two types, ones that store everything in 'the cloud' (so need the internet to access) and others that store everything on my phone so I don't necessarily need the internet. Which one to choose?

The majority of Password Managers seem to work on the basis that the first option is to download to a PC/laptop and then download the app to a mobile. One of them (called MKYI) however seems to work best the other way around, download to a mobile phone first and then download to a PC/laptop. Are you confused, I am!

pleb

  • Veteran Member
  • *****
  • Posts: 5761
Re: Password Managers for Mobile phones
« Reply #1 on: 15:21:42, 01/03/21 »
Only confused why you are so tech and security obsessed, I don't have a password on my phone, never have.
Password manager? Pah.
They are in my head.
Whinging Moaning Old Fart

richardh1905

  • Veteran Member
  • *****
  • Posts: 12710
Re: Password Managers for Mobile phones
« Reply #2 on: 16:53:23, 01/03/21 »
An alternative approach to passwords is to include within your password a code based upon the name of the site/organisation that you are logging in to. Works for me - I never forget a password this way, all I need to remember is the common part of the password and the method for creating the code.
WildAboutWalking - Join me on my walks through the wilder parts of Britain

gunwharfman

  • Veteran Member
  • *****
  • Posts: 10255
Re: Password Managers for Mobile phones
« Reply #3 on: 18:04:13, 01/03/21 »
I'm not sure if my brain would work as well as yours? Before Password Managers, I did work on a system, whereby I had a baseline password and then thought of all sorts of variations to it. It worked for a while and then I lost control of it, just too much to remember. When Password Managers came along my problems were solved.

I only need something on my phone so that when I'm hiking I don't forget my PIN number(s), various telephone numbers, specific email addresses and/or contact names, and a few special codes on top, so if I lose the phone, or if its broken or stolen I can just download my Password Manager onto any other machine and retrieve everything that I need to. Once retrieved I can just delete the whole programme from whatever access point I'd chosen, or had to use at the time.

So by writing what I have just written I now realise I need my 'stuff' to be in 'the cloud,' no good if I lose the information and all of it is only on my phone.

Choosing which one is the problem!

fernman

  • Veteran Member
  • *****
  • Posts: 4526
Re: Password Managers for Mobile phones
« Reply #4 on: 18:53:48, 01/03/21 »
My car model and reg. no. is suffcient for me, I mean, who would guess I use MercedesF3RNS as a password?
Damn! I've given it away now!

When you choose a password manager, Gunwharfman, make sure it mentions 'encryption', read what that says carefully, and search for any hard-hitting reviews with "Is (insert name) password manager really secure?" or "How secure is (insert name) password manager?"

Percy

  • Veteran Member
  • *****
  • Posts: 1652
Re: Password Managers for Mobile phones
« Reply #5 on: 19:21:00, 01/03/21 »
When you choose a password manager, Gunwharfman, make sure it mentions 'encryption', read what that says carefully, and search for any hard-hitting reviews with "Is (insert name) password manager really secure?" or "How secure is (insert name) password manager?"
Indeed. If you use a cloud password safe and the encryption’s poor it’s like buying a fancy burglar alarm and then leaving all your valuables in the garden.

MarkT

  • Full Member
  • ***
  • Posts: 191
Re: Password Managers for Mobile phones
« Reply #6 on: 19:53:02, 01/03/21 »
Whilst I can see the advantages of using an app or software for passwords, technology can always go wrong, weather it's your phone, computer or whatever device you are using.... so then what happens? If you can't remember the password to log onto your phone or computer, how can software work when you can't access it?


Call me old fashioned but pen & paper works best for me, written down on small pieces of card, duplicated in case I lose one. No internet or wi-fi required. It's also one less app on my phone using less memory and battery.

ninthace

  • Veteran Member
  • *****
  • Posts: 11821
Re: Password Managers for Mobile phones
« Reply #7 on: 21:10:25, 01/03/21 »
Deleted  O0
« Last Edit: 21:15:32, 01/03/21 by ninthace »
Solvitur Ambulando

NeilC

  • Veteran Member
  • *****
  • Posts: 787
Re: Password Managers for Mobile phones
« Reply #8 on: 08:50:30, 02/03/21 »
For work (IT consultancy) we use Myki which I believe has a free version without the 1 device limit LastPass are about to impose.


Myki works a little differently to LastPass and others in that it doesn't store your encrypted credentials in the cloud but rather only on the devices themselves, which it then syncs. So we have it on our phones, laptops and server. Should any one of these be lost, we can restore from one of the others. We use it because some of our customers wont have their data stored on a cloud service.


So as long as you're confident you're not going to lose your phone and computer at the same time, this might be a good option. We backup our servers anyway. You could easily set the backup location to OneDrive or whatever and have yourself a cloud backup anyway


Also Bitwarden is worth a look IIRC


Password managers are fantastic and help with maintaining a secure password strategy. LastPass and others have been checked out independently and their implementation of strong encryption is safe. Their website has been hacked in the past but the encryption held up as expected. As long as you use a suitably strong Master Password, you're safe.
« Last Edit: 08:59:28, 02/03/21 by NeilC »

gunwharfman

  • Veteran Member
  • *****
  • Posts: 10255
Re: Password Managers for Mobile phones
« Reply #9 on: 10:23:55, 02/03/21 »
I think what I would really like to achieve is what I do on my PC. My PC has all of the programmes that I use but all of my documents and other important information is stored on a hidden external wireless hard drive, plus on a back up disk as well. Sometimes I fall down if I get lazy and tell myself I'll transfer something 'tomorrow.'

So for me, I'd like to be able to put a Password Manager on an external and small SD card and only plug it in when I need to use it. My SD disk when not in use is so tiny I'm sure I could hide it easily on my person. It's never happened to me (yet?) but I don't fancy losing my phone or having it stolen at all. I would love to have a phone where nothing of importance is sitting on it just waiting to be stolen.

NeilC

  • Veteran Member
  • *****
  • Posts: 787
Re: Password Managers for Mobile phones
« Reply #10 on: 11:44:09, 02/03/21 »
I think what I would really like to achieve is what I do on my PC. My PC has all of the programmes that I use but all of my documents and other important information is stored on a hidden external wireless hard drive, plus on a back up disk as well. Sometimes I fall down if I get lazy and tell myself I'll transfer something 'tomorrow.'

So for me, I'd like to be able to put a Password Manager on an external and small SD card and only plug it in when I need to use it. My SD disk when not in use is so tiny I'm sure I could hide it easily on my person. It's never happened to me (yet?) but I don't fancy losing my phone or having it stolen at all. I would love to have a phone where nothing of importance is sitting on it just waiting to be stolen.


You just don't need to do all that

All you need is a decent passcode on your encrypted phone and a strong password on the Password Manager. That's it.
Nobody is going to find your phone, launch a successful attack on IOS/Android encryption and then break the encryption of a well designed password manager. If you were likely to be arrested and facing serious charges then maybe you'd have a point. But who is going to spend the money and resources trying to get data off an encrypted phone they found on a mountain?

You are worrying about a threat that isn't remotely likely. I work in IT, I do security audits for clients and even have basic penetration testing qualifications. So I like to think I'm security conscious. I have an iphone with an 8 figure PIN and two password managers which are password protected. If I lose my phone I'm not worried.

Maybe if I was a criminal or secret agent and there were state-level actors mounting an attack on me than I might be concerned. But I'm not and nor are you.



« Last Edit: 16:03:46, 02/03/21 by NeilC »

Little Foot

  • Sr. Member
  • ****
  • Posts: 305
Re: Password Managers for Mobile phones
« Reply #11 on: 12:23:42, 02/03/21 »
The first part of my passwords depend on the website I'm using, and then I add the rest on which is the same for each one, plus each password has a capital letter and symbol, so for example


Walking forum would be Walpassword£
Tescos would be Tespassword£
BBC would be Bbcpassword£


That way they are different (most of the time), if there is a security breach I can narrow it down to the company and best of all they are easy to remember.


But, I have samsung tablet and phone, so they are stored on there, plus my Google account stores my password across all my devices too.

NeilC

  • Veteran Member
  • *****
  • Posts: 787
Re: Password Managers for Mobile phones
« Reply #12 on: 13:22:09, 02/03/21 »
The first part of my passwords depend on the website I'm using, and then I add the rest on which is the same for each one, plus each password has a capital letter and symbol, so for example


Walking forum would be Walpassword£
Tescos would be Tespassword£
BBC would be Bbcpassword£


That way they are different (most of the time), if there is a security breach I can narrow it down to the company and best of all they are easy to remember.


But, I have samsung tablet and phone, so they are stored on there, plus my Google account stores my password across all my devices too.


That's probably OK but it's not ideal. If hackers get hold of any of the website passwords and see yours, they may be able to reconstruct all your other passwords and try them at the other websites. It's pretty obvious from Tes at the start on a Tesco website what your system is. Stolen password lists get sold on the darknet and people make it their job to trawl through them, trying to use them elsewhere and looking for patterns. Your system is much better than simple re-use but given time, they will search for strings related to the website names because lots of people do what you do. You're probably OK but it's not bulletproof

I don't know the passwords to hardly any websites I use. They are longish random strings of numbers, letters and symbols. They are all created, stored and entered by the password manager. I only need to remember the password for that (and that password is not guessable). I have the same manager on all my computers and relevant devices. If a password is stolen from Tesco, it is of no use anywhere else.

For anyone who is interested in passwords these two videos are brilliant:
Password Cracking - Computerphile
How to Choose a Password - Computerphile


« Last Edit: 13:33:18, 02/03/21 by NeilC »

gunwharfman

  • Veteran Member
  • *****
  • Posts: 10255
Re: Password Managers for Mobile phones
« Reply #13 on: 15:08:41, 02/03/21 »
Thank you NeilC I'll study your comment in detail later today. I might just encrypt my phone, I've often thought about it but never attempted the procedure.

In my case, if I take on work, which I still do from time to time, it's all about trust, reputation, and me judged as being squeaky clean, 'nothing up my sleeves!'. The idea of me losing information about another person could perhaps stop me from earning in my tracks? Mind you I obviously got away with it when I was working full time, the worry of what might happen never actually happened but the possibility of information loss even then always worried me.

And it always worried me in particular when I was hiking alone. I know it may sound simple and silly but, just one example, I'm on top of a mountain in France talking to a civil servant about someones claim for benefits or about their appeal and having to have certain key information to hand, e.g. National Insurance numbers, dates of birth and so on. I definitely didn't want that information to be written down on any piece of paper or jotted down in my little notebook.

I took other precautions like for example, I always wear my phone and cards around my neck in a zipped pouch and only take it off when I shower, making sure I know exactly where it is at all times. I sleep with it around my neck as well. Some might say I'm just being cautious, others might suggest I'm just being neurotic?

Little Foot

  • Sr. Member
  • ****
  • Posts: 305
Re: Password Managers for Mobile phones
« Reply #14 on: 16:29:45, 02/03/21 »

That's probably OK but it's not ideal. If hackers get hold of any of the website passwords and see yours, they may be able to reconstruct all your other passwords and try them at the other websites. It's pretty obvious from Tes at the start on a Tesco website what your system is. Stolen password lists get sold on the darknet and people make it their job to trawl through them, trying to use them elsewhere and looking for patterns. Your system is much better than simple re-use but given time, they will search for strings related to the website names because lots of people do what you do. You're probably OK but it's not bulletproof

I don't know the passwords to hardly any websites I use. They are longish random strings of numbers, letters and symbols. They are all created, stored and entered by the password manager. I only need to remember the password for that (and that password is not guessable). I have the same manager on all my computers and relevant devices. If a password is stolen from Tesco, it is of no use anywhere else.

For anyone who is interested in passwords these two videos are brilliant:
Password Cracking - Computerphile
How to Choose a Password - Computerphile


Forgot to mention, I only use that system for non-payment websites such as forums and media.


I worry that a password manager will stop being updated and not be able to be used on new devices, or become open to hacking itself due to security not being updated.


I can see your point with my method, but we generally get notified of security breaches, and should that happen I think it will be a while before the hackers move onto looking for patterns etc, so hopefully by that time all other passwords have been changed.

 

Terms of Use     Privacy Policy