Daniel B Posted October 2, 2014 Report Posted October 2, 2014 So...I just decided to get with the times and secure my passwords...because I fail and use the same few passwords for like 300 websites. If anyone else is interested in PasswordBox (system to manage all of your passwords), I'd love if you could sign up with my referral link. I don't get any money or anything out of it, I just get a free unlimited account once I get 5 referrals. After I get 5 referrals I'm going to remove my link and someone else can post theres if they want http://j.pbox.io/noYhb3NM Joseph H and Michael 2 Quote
PauloV Posted October 2, 2014 Report Posted October 2, 2014 Advice: dont put all the eggs in the same bagg The big problem is, it only needs one password to get them all Memorise, memorise, encrypt a usb pen or microsd and store them. Is more safe Dont forget of you dont remember a password you always have a chance to recover without any cloud storage. Just remember the recent "Fappening" from the Apple lol Serendesk 1 Quote
Daniel B Posted October 2, 2014 Author Report Posted October 2, 2014 Advice: dont put all the eggs in the same bagg The big problem is, it only needs one password to get them all Memorise, memorise, encrypt a usb pen or microsd and store them. Is more safe Dont forget of you dont remember a password you always have a chance to recover without any cloud storage. Just remember the recent "Fappening" from the Apple lol memorizing 300+ 18 character randomized passwords...or putting them into a usb pen is a lot less secure than using a system like this in my opinion. It's got a master password + 2 factor authenication (soon)...so the security is fine in my eyes. And makes it easy to then have random passwords for EVERYTHING . Some information if you feel like taking the time to read: https://www.passwordbox.com/media/Security-White-Paper-v1.8.pdf Shorter version: https://www.passwordbox.com/security Quote
Joseph H Posted October 2, 2014 Report Posted October 2, 2014 I tried It It looks good and cheap by the way, 1$/month. But like PauloV, I really don't feel safe with a plugin saving all my passwords. I will stick to my old fashioned way saving in notepad on my Laptop. Quote
Daniel B Posted October 2, 2014 Author Report Posted October 2, 2014 Suit yourselves, I feel perfectly safe with it. All passwords are encrypted client-side using AES 256...that's secure enough for me . Not to mention the other levels of encryption on their end of things as well. Once they get 2 Factor Auth completed, it'll be even better. (though I must admit, I thought they had it already). However, I have to say...even if you don't want to use it...feel free to sign up real quick even if you never sign in again . Michael 1 Quote
cloudrck Posted October 2, 2014 Report Posted October 2, 2014 I would use something like KeePassX to strore your credentials securely on a USB drive. I would encrypt the drive as well. You could also use something a bit easier like LastPass with 2Factor-Auth and the other security settings they have in place. PauloV 1 Quote
Daniel B Posted October 2, 2014 Author Report Posted October 2, 2014 I already use LastPass, and am switching from it to PasswordBox as I think it's going to be a pretty nice competitor to LastPass....dev team seems very responsive from what I've seen. Problem with using the USB options completely defeat the entire reason I'm going with this solution. Ease of use, on multiple platforms, including mobile (I don't have a USB slot on my mobile...) Michael 1 Quote
Joseph H Posted October 2, 2014 Report Posted October 2, 2014 Suit yourselves, I feel perfectly safe with it. All passwords are encrypted client-side using AES 256...that's secure enough for me . Not to mention the other levels of encryption on their end of things as well. Once they get 2 Factor Auth completed, it'll be even better. (though I must admit, I thought they had it already). However, I have to say...even if you don't want to use it...feel free to sign up real quick even if you never sign in again . I did sign up.... I may buy a premium for 1 month as well just to see If my trust would grow. Quote
Jonathan Posted October 2, 2014 Report Posted October 2, 2014 I would use something like KeePassX to strore your credentials securely on a USB drive. I would encrypt the drive as well. You could also use something a bit easier like LastPass with 2Factor-Auth and the other security settings they have in place. +1 for LastPass. I already use LastPass, and am switching from it to PasswordBox as I think it's going to be a pretty nice competitor to LastPass....dev team seems very responsive from what I've seen. Problem with using the USB options completely defeat the entire reason I'm going with this solution. Ease of use, on multiple platforms, including mobile (I don't have a USB slot on my mobile... ) I need to go check out PasswordBox now. What is it that you like about them over LastPass? Quote
Daniel B Posted October 2, 2014 Author Report Posted October 2, 2014 +1 for LastPass. I need to go check out PasswordBox now. What is it that you like about them over LastPass? The system just seems more userfriendly to me, looks a bit sleeker. The devs seemed a bit more responsive to requests in the community from what I saw. It doesn't have all of the features that LastPass has (be then it does have a few that LastPass doesn't). They are still working on adding 2 Factor auth which is a bit of a downfall at the momemt...but hopefully that will be soon. I already use LastPass, and just saw PasswordBox today so figured I'd check it out. One reason was it seems to interface with mobile easier than lastpass (and once I get 5 referrals it's unlimited passwords for free and free mobile app is nice). Though...even with out that they are both only $12 a year for all that...so not really a price factor to speak of. Quote
cloudrck Posted October 3, 2014 Report Posted October 3, 2014 The system just seems more userfriendly to me, looks a bit sleeker. The devs seemed a bit more responsive to requests in the community from what I saw. It doesn't have all of the features that LastPass has (be then it does have a few that LastPass doesn't). They are still working on adding 2 Factor auth which is a bit of a downfall at the momemt...but hopefully that will be soon. User friendly isn't always a good thing, LastPass is miles ahead of what I see from PasswordBox in terms of security. Have you found any research papers dealing with PasswordBox? If not I wouldn't touch it no matter how pretty it was. PauloV and marcel 2 Quote
Daniel B Posted October 3, 2014 Author Report Posted October 3, 2014 Yeah, after only using it for a day I'm probably not going to keep using it for much more than a few more days to continue testing. Syncing seems to be a bit iffy...and the mobile support is a bit annoying, requiring use of it's built in browser rather than other ones on the phone. More of a useability issue for me than a security issue...because from everything I've read, and I've read all the indepth nitty gritty details myself...the security isn't "miles behind" any of the other ones (other than lack of 2 factor auth...which is actually a pretty big issue though). Quote
Paul Posted October 3, 2014 Report Posted October 3, 2014 I'm not a fan of cloud storage of passwords. If the data is compromised, it could potentially be brute forced. It's also possible that a vulnerability in the encryption algorithm might be discovered in the future. I use a password manager, but the data is only stored on my devices. I could be robbed, but A. that's too much work for 1 set of passwords, and B. hackers prefer to work in the comfort of their parents basements. wfitg, Michael and PauloV 3 Quote
PauloV Posted October 3, 2014 Report Posted October 3, 2014 For you all We are developping an native APP for Android/iPhone/Windows Mobile to store localy on the device all sencetive data, and we are trying to implement some of the best encryption metods, and also a 2 factor autentication, in the case of the device is stollen The best part, is all local, encrypted and with two factor autentication (we are thinking on Face Recognition + Touch Puzzle or Touch Puzzle + Password, after 10 times rong, the data is destroyed) but in this case we will sell the APP but for a very small fee wfitg 1 Quote
Daniel B Posted October 3, 2014 Author Report Posted October 3, 2014 I'm not a fan of cloud storage of passwords. If the data is compromised, it could potentially be brute forced. It's also possible that a vulnerability in the encryption algorithm might be discovered in the future. I use a password manager, but the data is only stored on my devices. I could be robbed, but A. that's too much work for 1 set of passwords, and B. hackers prefer to work in the comfort of their parents basements. What do you use? I've been thinking about using a local only manager...but how do you manage on your mobile devices? Quote
Paul Posted October 3, 2014 Report Posted October 3, 2014 I've been using SplashID for a long time. They have the mobile app, and a Desktop app. They can sync over wifi. No browser tie-ins, I have to open it, enter my passphrase and find the record I want. More secure that way though. domaingood, Michael and Daniel B 3 Quote
cloudrck Posted October 4, 2014 Report Posted October 4, 2014 I'm not a fan of cloud storage of passwords. If the data is compromised, it could potentially be brute forced. It's also possible that a vulnerability in the encryption algorithm might be discovered in the future. I use a password manager, but the data is only stored on my devices. I could be robbed, but A. that's too much work for 1 set of passwords, and B. hackers prefer to work in the comfort of their parents basements. Though I agree with you, if your passwords can be brute forced before you find out the storage was hacked than you are using insecure passwords. Ideally they should be complex enough so if someone gets the hash it would take years to crack. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.