AARP Eye Center
- AARP Online Community
- Games Talk
- Games Tips
- Leave a Game Tip
- Ask for a Game Tip
- AARP Rewards
- AARP Rewards Connect
- Earn Activities
- AARP Rewards Tips
- Ask for a Rewards Tip
- Leave a Rewards Tip
- Grief & Loss
- Caregiving Tips
- Ask for a Caregiving Tip
- Leave a Caregiving Tip
- AARP Help
- Benefits & Discounts
- General Help
- Entertainment Forums
- Rock N' Roll
- Let's Play Bingo!
- Leisure & Lifestyle
- Entertainment Archive
- Health Forums
- Brain Health
- Conditions & Treatments
- Healthy Living
- Medicare & Insurance
- Health Tips
- Ask for a Health Tip
- Leave a Health Tip
- Home & Family Forums
- Friends & Family
- Introduce Yourself
- Late Life Divorce
- Our Front Porch
- Home & Family Archive
- Money Forums
- Budget & Savings
- Scams & Fraud
- Retirement Forum
- Social Security
- Retirement Archive
- Technology Forums
- Computer Questions & Tips
- About Our Community
- Travel Forums
- Work & Jobs
- Work & Jobs
In reviewing PCMag's list I've been using the free utility Bitwarden, so far so good.
In the past I'd used LastPass but stopped and deleted my account shortly after one of their employees apparently had their work laptop stolen and leaked vital details about their security infrastructure.
A friend and high school classmate of mine whom I'd helped with reinstalling Windows 10 recently I suggested to use Microsoft or Google's cloud-based password management, which is a bit simpler in that you just go through your respective account settings with them and not necessarily a separate, dedicated app.
....A Web Browser is probably The Worst possible place to store passwords...might as well print a list, copy it millions of times and post it on every utility pole in the world.
And if you do save passwords in a web browser like Microsoft Edge...DO NOT TELL ANYBODY!!
Am I the only AARP member that is so frustrated because when I click on a link from an AARP email, the sign-in box will not allow me to paste in a program-generated password. They expect me to manually type in a 20+ character password. They say it is set up that way for more security. So, to be secure I am supposed to use a less secure password!! Seems to me they are promoting a less secure system for seniors to use. Also, the person I chatted with said to save it in the browser. Like that's secure!!!!
This topic conjures memories of something that happened at work back in the 1990's. Internal Audits developed a set of Password Requirements as a result of a security audit. They approached the Standards and Controls department about implementing the requirements and were told that the existing security software could make some of their requirements mandatory, but could not make them all mandatory. The Auditors then turned to the IT department. After reviewing the Requirements the IT department responded. It would be possible to install code to make all the requirements mandatory, but it would be pointless. The Requirements were so intricate that in order to meet them all, people would have to come up with passwords so long and nonsensical that they would not be able to remember them and would have to write them down.
While password managers certainly have their niche in the tech universe, this topic seems to beg the question, "Have we come full circle?".
Does the average person really need a password manager, or is it just another vulnerability? Nothing computerized is hack-proof. The strongest encryption can be cracked, and Apps are just human ideas coded so computers do the work. There are vulnerabilities in the code that exist just because the people writing the code just happened to not think of something. So for the average person, who is prudent enough not to transmit sensitive information over insecure public networks, are pen strokes more secure than keystrokes? I.D.'s and passwords written down and locked in a secret stash at home where they are most likely to be used.
Just as an added thought, AARP has a whole section, and ongoing programs on maintaining brain acuity and mental sharpness. Wouldn't owning our own passwords instead of outsourcing them be the kind of mental exercise experts say helps maintain brain health.
I've been using LastPass Premium. It came free with my Webroot subsciption. Like it alot except for the occasional glitch. So much easier than having to look at my list of passwords I kept.
You do have to remember to enter your favorite websites thru LastPass each. Not a big deal once you get used to it.
Carl G - Wilmington DE
All of your passwords can be imported into LastPass. You will probably have to go to your most used sites in LastPass and mark them as your Favorite and Auto Fill. I have had LastPass for years and really like it. I took the time last year to change most of my regular pws into Generated Passwords with at least 12 letters, numbers or symbols. It is a real pain when sites do not allow the pw to be pasted or LastPass isn't allowed to autofill, or the site does not give that option. When I opened my AARP site to view these comments, my pw was autofilled.
LastPass did have problems this year which was troubling. I have followed all of their recommendations to make my account/passwords more secure. As far as I can tell, my account was not compromised. I did make my Master Password more complex which makes it more of a pain to type. The program has another option so the MP doesn't have to be typed, but I don't use it because if I do, I'll forget my MP and I don't want to do that. It is now 15 characters long.
Unfortunately, for anyone reading in 2023, LastPass has been compromised. Take them all with a grain of salt. Consider NOT storing financial passwords in any of them. Only secondary ones like library, utilities, etc--things where you won't lose your money.
No I do not use a password manager. I don't feel the necessity to trust anyone other than myself. I keep a little black book that I found at Barnes and Noble some years ago. I write in pencil so I can erase. I change passwords as necessary and mark the date it was changed. I also don't use my passwords outside my home. If necessary I would take my book with me and keep it locked up like my wallet.
It might be a good idea for younger adults, but at my age it is not. There is certain personal information I don't keep in the book, just in case it was lost or misplaced.
I use F Secure as my password manager. It is nothing fancy, but it's pretty straight forward and does what I need. I have tried some of the more well known ones (Last Pass and Dashline) and although they may have more bells and whistles, I found that they interfered with my browser and were a bit intrusive.
For $36 a year, Premium LastPass can be used on "all of your devices". With the free edition, it can only be used on one device and that may meet your needs. I have it on my laptop, my phone, and my tablet. That way, I have access to all of my websites no matter where I am. Of course, I do NOT use it when I'm on public WiFi.
Enhanced password management and security accessible across all your devices. $3.00 permonth billed annually*
I have used the free version of LastPass for several years on all my pc (windows and linux) and on my android phone with no problem. I don't know about iphones but there should be an app for the LastPass service. There is an extension on the chrome brower that allow you to access all your saved login info from any computer. I am 66 so I don't know if that qualifies me as elderly.
I use LastPass because it is very secure. The simple test: if you lose your password for the password manager, can the company recover it? If so,their security is unacceptably low. LastPass does pass this test; all data is encrypted on your device, and no unencrypted data ever leaves your device(s). LastPass securely syncs among all my devices (Mac, iPhone, iPad, Windows PC...) so my data is always available on every device. AES 256 bit encryption is great, but only if properly implemented. LastPass creates the key from your email, password and more (for the techie, a unique random "salt" and then passes it though an algorithm designed to create 256 bits of seemingly random bits over 100,000 times.All that and more is necessary to make the encryption really strong.
The free version of LastPass does everything you need, and does it well. I also it it to store the unique lies I use for every security question. It does not remember password history, so I always make a copy of the old password in the card for the website in LastPass before having LastPass generate a new unique password (many websites require that you enter both the old and new passwords to use a new password). LastPass lets me use 20 character totally random passwords as easily as a word hackers can guess in a tiny fraction of a second.
Good point, and of course it's free and integrates well with everything Apple.
But the features don't really match the other programs we've discussed so far. For example, I always jot down the answers to the esoteric security questions that many sites like to use so I'm sure to type it exactly (capitalization etc.)
1Password (my favorite) also keeps my password history, generates random passwords with a configurable recipe to match the website requirement and let's me add custom fields to a record when needed. Not to mention that you can add specific types of records like credit cards, driver's licenses, and even store a receipt or other document.
I also use 1Password to keep track of my software licenses. It knows when I purchased the software, how much I paid and most importantly what the license key is in case I have to reinstall later.
Although I do use Keychain, I make sure that 1Password is always holding the correct info and that becomes the de facto place to look.
LastPass has prebuilt forms specifically for a wide variety of needs (credit cards, social security, software licenses, and many more). I use it for all the security questions and answers for each site -- and I use a unique lie for each and every security question on each and every site). It has two different types of entries, one for web sites, and one for "Secure Notes", which can be used for almost everything else. LastPass also lets adds fields and insert images (like copies of my passport). Almost all my passwords are randomly generated by LastPass, with options to include or not include groups of characters (lower case, upper case, numbers, special characters), and to select the length.
I used to use Keychain, but found that LastPass provided everything I need, and does it securely. It also works perfectly on Windows systems, Linux, and even allows secure access via the web.
What LastPass does not do is to record a password history for each web site. When I am changing a password I manually add the previous password to the Notes for that site, so that I have both the old and the new (random, LastPass generated) password.
Still, any password manager is far better than none.
I have used LastPass for several years and love it! User friendly. Although I use the free program, the few times I've needed to contact Customer Service, they have answered promptly. Paying customers receive expedited responses. LastPass also offers the free option of adding someone who can access your account in case something happens and you aren't able to access it yourself, due to illness for example.
No password manager. We keep a document updated on all userid/password/challenge questions. As others have stated, password manager is just as vulnerable to hacking as anything else.
"...Why is everyone a victim? Take personal responsibility for your life..."
AARP Online Community
- AARP Rewards
- AARP Help
- Home & Family
- Work & Jobs
Ready to double your fun? Enjoy Twofer Goofer, a fun rhyming word puzzle game from AARP! Play now.
Sync your smartphone or favorite tracker with AARP Rewards to earn points for hitting steps, swimming and cycling milestones Sync now.
From soft jazz to hard rock - discover music's mental, social and physical benefits. Learn more.