• The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!
  • TUG started 30 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Read about our 30th anniversary: Happy 30th Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    Free memberships for every 50 subscribers!

    Visit TUG on Youtube!
  • TUG has now saved timeshare owners more than $21,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $21 Million dollars
  • Sign up to get the TUG Newsletter for free!

    60,000+ subscribing owners! A weekly recap of the best Timeshare resort reviews and the most popular topics discussed by owners!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    All T-shirt options here!
  • A few of the most common links here on the forums for newbies and guests!

Is Anyone Concerned About Their Password Manager (LifeLock and LastPass compromised)?

Brett

Guest
Joined
Jun 6, 2005
Messages
9,257
Reaction score
4,897
Points
598
Location
Coastal Virginia
I use WinRAR archiver with encrption for storing passwords.
I remember most passwords but as I get older ....:confused:
 

klpca

TUG Review Crew: Veteran
TUG Member
Joined
Sep 11, 2006
Messages
8,273
Reaction score
7,280
Points
749
Location
CA
Resorts Owned
SDO, Quarter House, Seapointe, Coronado Beach, Carlsbad Inn, Worldmark
I don't get the deal about changing passwords periodically.
If no one "found" your password in the last 90 days, I'd
think that means it's still a good password going forward.
.
I have always understood it that the compromised data (passwords, ssn's etc) are available for sale. You just don't know when it will happen. If you have been exposed in a data breach it's already out there. I know that the chrome password manager will tell you if you have a compromised password.

There's also the lag time where a company is unaware that the breach has occurred. I don't want to find out the hard way.
 

joestein

TUG Member
Joined
Jul 13, 2005
Messages
2,373
Reaction score
2,125
Points
574
Location
Marlboro, New Jersey
So, I dont really understand why you need a long password. Is a 25 character password that much safer than a 8 or 9 character password?

Do they really hack anyones indiividual account? They just get the information from lists of passwords that come from files that have been hacked? How would the length make you safer?

I have a basic password I use on many sites - similar to TUG. What is there to hack from TUG or Shoprite or Cruise Critic or similar? I use more unique passwords for important sites.
 

dioxide45

TUG Review Crew: Expert
TUG Member
Joined
May 20, 2006
Messages
47,368
Reaction score
18,931
Points
1,299
Location
NE Florida
Resorts Owned
Marriott Grande Vista
Marriott Harbour Lake
Sheraton Vistana Villages
Club Wyndham CWA
So, I dont really understand why you need a long password. Is a 25 character password that much safer than a 8 or 9 character password?

Do they really hack anyones indiividual account? They just get the information from lists of passwords that come from files that have been hacked? How would the length make you safer?

I have a basic password I use on many sites - similar to TUG. What is there to hack from TUG or Shoprite or Cruise Critic or similar? I use more unique passwords for important sites.
It is rare that plain text passwords are compromised. What is compromised is usually encrypted passwords. The longer the password, the longer it would take them to decrypt it. Thus why you want longer passwords vs shorter but harder to remember ones;


As for basic sites, as long as you don't use the same password for sensitive sites such as banking or sites that may store your payment information then you should be fine. In either case, if you are using some kind of password keeper software (like the ones mentioned in the thread title), then why not create a complex password for all sites you sign up for since you don't need to actually remember them all.

Edited to add;
It seems that easy to remember phrases are good to use, easy to remember and still hard to crack; Something like "mydogwenthikingtobuysomecarswith50$"
 

sponger76

TUG Member
Joined
Jun 30, 2022
Messages
1,624
Reaction score
1,076
Points
223
Location
Texas
So, I dont really understand why you need a long password. Is a 25 character password that much safer than a 8 or 9 character password?

Do they really hack anyones indiividual account? They just get the information from lists of passwords that come from files that have been hacked? How would the length make you safer?

I have a basic password I use on many sites - similar to TUG. What is there to hack from TUG or Shoprite or Cruise Critic or similar? I use more unique passwords for important sites.
Each additional character makes the possible combinations to guess the password exponentially larger, which in turn means it takes exponentially longer to guess by brute force (trying different combinations over and over and over...). With a long enough password and enough possible characters to choose from (which is why adding in numbers and special characters is encouraged) for each space, it could take even a high-powered computer years to crack it. Shorter passwords, especially with only letters, can take considerably less time.
 

youppi

TUG Member
Joined
Apr 21, 2015
Messages
1,685
Reaction score
627
Points
224
Location
Montreal, Canada
It is rare that plain text passwords are compromised. What is compromised is usually encrypted passwords. The longer the password, the longer it would take them to decrypt it. Thus why you want longer passwords vs shorter but harder to remember ones;


As for basic sites, as long as you don't use the same password for sensitive sites such as banking or sites that may store your payment information then you should be fine. In either case, if you are using some kind of password keeper software (like the ones mentioned in the thread title), then why not create a complex password for all sites you sign up for since you don't need to actually remember them all.

Edited to add;
It seems that easy to remember phrases are good to use, easy to remember and still hard to crack; Something like "mydogwenthikingtobuysomecarswith50$"
a passphrase is very good as password and easier to remember it but you must create an unknown one like you did in your example and not use a common or famous citation like betterlatethennever, tobeornottobethatisthequestion because hackers may try those passphrases like they try password, abc123, qwerty, all other well known weak passwords and all compromise passwords from lists available on the dark web.
 

Breezy52

TUG Member
Joined
Apr 10, 2018
Messages
193
Reaction score
125
Points
154
Resorts Owned
Worldmark Platinum Owner
I use Last Pass. I use a very very difficult master password and yes now I've changed it. Since they were hacked, although all is encrypted, I've changed PW on all my financial accounts. I use the longest most complicated ones allowed by a given site. Unfortunately there are still many sites that have smallish password criteria.

The biggest change I've made is to eliminate allowing my main bank to have access to all my outside accounts. I liked that so I can see them in one place. Inconvenient but I don't trust that anymore. Also have been advised to never let your password manager know your email password. And I'm considering using more than one password manager thereby splitting up accounts. Sigh.....
 

joestein

TUG Member
Joined
Jul 13, 2005
Messages
2,373
Reaction score
2,125
Points
574
Location
Marlboro, New Jersey
I use Last Pass. I use a very very difficult master password and yes now I've changed it. Since they were hacked, although all is encrypted, I've changed PW on all my financial accounts. I use the longest most complicated ones allowed by a given site. Unfortunately there are still many sites that have smallish password criteria.

The biggest change I've made is to eliminate allowing my main bank to have access to all my outside accounts. I liked that so I can see them in one place. Inconvenient but I don't trust that anymore. Also have been advised to never let your password manager know your email password. And I'm considering using more than one password manager thereby splitting up accounts. Sigh....

My company offers me a free lastpass account, but I havent used it.
 

MdRef

Guest
Joined
Sep 15, 2021
Messages
1,313
Reaction score
1,272
Points
173
Resorts Owned
Las Vegas, Orlando
Use a password manger or don't use a password manger. We all make a choice. Any site that makes use of my personal information, financial information, SS number, DOB, etc. is stored elsewhere. Never on a computer with access to the web. More time consuming of course. Safer? Absolutely. I also change those passwords once a month, regardless. Irrational paranoia? Perhaps. I think of it as felicitous caution.

Nonetheless, an interesting article.

 

Breezy52

TUG Member
Joined
Apr 10, 2018
Messages
193
Reaction score
125
Points
154
Resorts Owned
Worldmark Platinum Owner
My company offers me a free lastpass account, but I havent used it.
I get it through my son’s family plan, which he gets from his employer. Part of what makes me trust it is that it’s a large international company that is still using it when they tell their employees to get off it I guess I will too.
 

winger

TUG Member
Joined
Oct 7, 2006
Messages
3,810
Reaction score
354
Points
468
Location
Northern California
I have used KeePass for a long time. File (with long password) is kept local inside an encrypted container (folder). Don't trust keeping all of our passwords up on the public cloud waiting for some hacker(s).
 

callwill

TUG Member
Joined
Jan 8, 2017
Messages
706
Reaction score
416
Points
174
Location
Western NYS
Has anyone used 1Password? I read this about it, costs about 3 bucks a month. Android based.
1Password is a password manager that combines a master password with a unique, locally generated 128-bit security key that you have for authentication.
 

Talent312

TUG Review Crew: Veteran
TUG Member
Joined
Jul 4, 2007
Messages
17,462
Reaction score
7,277
Points
948
Resorts Owned
HGVC & GTS
I like to use a 12-digit password that makes no sense,
but if you cut it in thirds, it's kinda easy to remember.
Example (not mine): 8Avc / 4Avf / [anniversary date]
The bonus is that it helps me remember my anniversary.
.
 
Top