questionsdoes anyone here use dashlane or have an opinion…

vote-for18vote-against
vote-for3vote-against

@zuiquan: Yeah, I read that. I assume he's an authority.

vote-for12vote-against

@pooflady: I'm not sure that Pogue is an authority (or not) but here's a nice page from Wikipedia about Password Safe, and it also has links to other similar password minders.

http://en.wikipedia.org/wiki/Password_Safe

I trust Bruce Schneier; I trust him more than nearly anyone I know. I am uncomfortable with an application (Dashlane) that offers to do so very much for you. If it is ever compromised, you lose everything. The more complex something is, the more likely that it can be (or perhaps already has been) broken.

Pogue says several times that Dashlane is free. It's sort of free; there's a subscription service for $20 per year. There's a free version, and that's probably fine for you.

I see a lot of places that like Dashlane (or at least don't say bad things), and I also see that it'll rate your password (which is a bonus).

I actually have 50 passwords (or more) and remember them all. I don't recommend this for others.

[Continue}

vote-for13vote-against

@pooflady: I didn't get back quick enough to say that if you are comfortable with it, I'm sure it's fine. Applications that help you to use good passwords, and not to use the same one everywhere, are good.

Here's some further reading for you (or others who are curious).

It is notable that I couldn't find Dashlane implicated in any recent events/compromises (but I didn't look back more than a year).

https://www.schneier.com/blog/archives/2013/06/a_really_good_a.html (A Really Good Article on How Easy it Is to Crack Passwords)

http://seclists.org/dataloss/2013/q4/223 (Dataloss posting recommending Dashlane, among others)

http://pogue.blogs.nytimes.com/2013/06/06/concerns-about-dashlane-and-answers/#more-6837 (Concerns About Dashlane, and Answers; Pogue answering questions)

https://www.schneier.com/passsafe.html (Bruce Schneiir's page about Password Safe)

vote-for6vote-against

@shrdlu: Thanks. Just got home so I'll read that in the morning.

vote-for5vote-against

Yes, indeed, @shrdlu, thank you for the great info. I need to find a usable, not terribly complicated p/w protector, and your research will save me a lot of time.

vote-for5vote-against

I keep all of my usernames and passwords stored on a password protected Excel file and keep it on an external hard drive. It's simple to use and includes links to the websites.

I prefer not to use any program that I don't have control over and I certainly don't want that information stored on a cloud where it can be compromised. I work in the credit card industry and know how easily information can be used to screw someone over and turn their life upside down.

vote-for5vote-against

@shrdlu: I hope these are as simple to set up as they say. Capguncowboy lost me at password protected Excel file and then completely at external hard drive.

vote-for5vote-against

(@ deliberately omitted on names)
Pooflady, I would never suggest that you try the method suggested by CapGunCowboy (bad guys can get those passwords from the cache files on his windows box; try PGP/GPG on a text file instead). I wouldn't use any of those applications because I can remember the 50+ passwords that I need to, and because I go through the login routines on each and every site that I actually need to, each and every time. I also have my usernames and passwords written down, with the account data, in sealed envelopes, in a safe deposit box. My daughter's name is on that box.

I've seen what happens when a system is locked down, and all the information for bank accounts and personal data is on it, and then a grieving family is left to hope that computer experts can break through to retrieve the data (including a prom password, TYVM).

Back to lighter thoughts. Dashlane and similar products make life easier for most everybody. Use them. You'll be fine.

vote-for4vote-against

@shrdlu: Is there anything I can do about companies that email my password to me? Not a temp password but my full password. I will not reveal the company, I need to continue to do business with them.
The email went about like this (password is changed to protect the innocent)
Thank you for your business Mr Anderson.
Your user name is: Caffeine_Dude
Your password is: password!

vote-for3vote-against

@caffeine_dude: It's hard to believe that this is still going on, in this day and supposedly enlightened age, and yet I know that it does. I note that Mailman (http://en.wikipedia.org/wiki/GNU_Mailman) is set to automatically email the password once a month, and that the password for members is sent in the clear when signing up. HOWEVER, that's for mailing lists. It's a feature I don't much care for, but recognize the necessity of (don't even get me started on stupidity this morning).

If the company you are speaking of manages ANY data that belongs to you that can be considered financial or medical, then yes, there are things you can do. Otherwise, you can only hope that they aren't as stupid and backwards as they appear, and live with it. You could send a gentle, politely worded request that they update their verdamnt system, but you probably shouldn't.

Sadly, I have other fish to fry, or this would be longer.

If the company does handle financial or medical data, PM me.