They promised us flying cars. We got passwords to do our shopping. But given that secure, random, and frequently updated passwords are now the cornerstone of keeping our financial assets safe, Monevator contributor The Realist makes the case for using a password manager to wrangle them…
Nearly every aspect of our lives in today’s digital world requires a login. As a result the average person juggles dozens of online accounts. (And that’s before they’ve even gotten into stoozing…)
Count how many times a day you’re asked for some kind of account details – from reading the FT to ordering a pizza to checking your ISA. The answer might surprise you.
The challenge: how to remember all the passwords we need just to get through the day and keep on top of our financial affairs.
Common solutions include writing them down or making them all the same.
Neither stacks up in 2025. They weren’t good solutions in 2005, to be honest.
One password to rule them all
If you still rely on Post-it notes stuck to your printer, then you need a password manager. They are the best way to generate robust passwords that guard you against identify theft and financial cyber crime.
Completely random passwords will always be far stronger than those you come up with off the top of your head, or that resurrect the fading memory a childhood pet.
Password-cracking programs try all the common passwords first. They then use repeated passwords found elsewhere across the internet. You need something special to ward them off.
Enter the password manager
As password manager is a piece of software that securely stores – and often also creates – unique random passwords for your online accounts.
The password manager enables access to this encrypted database of all your passwords via a single ‘master password’, or biometrics if available on your device.
Most managers also include a browser extension that enables secure autofill logins online to save you time.
Don’t panic if those two sentences have already brought on the cold sweat of techno-fear! It’s simple once you take the first step. Good software will walk you through the process.
Obey your master
The master password is your gateway key. It’s the only password that you will need to remember. You’ll use it a lot so familiarity will help.
The best tip for an effective master password is to use a passphrase.
Brute force cyber attacks involve a trial-and-error approach until an account is compromised. A longer password – or phrase – gives a higher level of defence.
One method for creating a master password you will remember is:
- Group three words together
- Separate each word with a special character
- Add a number
- Then replace letters with more special characters to increase randomness.
For example, simply using items I can see from where I’m sat writing I can devise:
- Lamp$had3=paint!ng@c0ffee94
[Um, where does the remembering hack come in? – Ed]
What’s in a (pass)word?
Password managers can store more than just passwords. Sophisticated password managers can safely store all kinds of information.
Think passport details, driver’s licence, insurance certificates – anything you might require on or offline, stored safely so you don’t need to have the document with you.
The benefits can be significant.
For instance, imagine being contacted regarding a suspicious transaction on some account you rarely use, whilst you’re away on holiday.
It could be a scam. But at a minimum, a password manager would enable you to log-in and check an account when you can’t even remember what username you used to set it up. Then, if necessary, you could generate, update, and store a new strong password – all from the comfort of your sun lounger.
Another idea: you could save the emergency contact details of financial organisations together with your account numbers in advance for quick access when you’ve no paperwork to hand.
Most password managers have toggles to include (or not) CAPITALS, $pec!al characters, or numb3rs – as well as the ability to choose a password length to fit the requirements of the account in question.
Password managers can also make routine changing or resetting passwords a breeze.
Some password managers will even warn you of a known data breach on a third-party website where you have an account. You can then reset your passwords with a button click. You can also choose to change all your passwords periodically for optimal security.
Advanced apps such as 1Password can do much more than just remember passwords.
Modern bank robbers carry laptops, not balaclavas.
But by centralising and safeguarding your login credentials, you can protect your data, save time, and enjoy more peace of mind.
Using a quality password manager is like the digital security equivalent of a passive index fund investment. Fit and forget, and then it’s doing its thing in the background, 365 days a year.
There’s an app for that
Even my toothbrush now ‘requires’ me to use an associated app. It gets tedious.
But a password manager app really is one to take a look at, download, and use. It will enable the seamless syncing of all your passwords and data across any device, and allow you to login at the touch of a button or a scan of your face.
There are countless options available. I’m in no position to debate the pros and cons of each. Plenty of tech blogs out there review them if you wish to dig in.
Personally, I use 1Password and have done for years. It’s a paid service but for me it’s been flawless.
One consideration is that – similar to switching from iPhone to Android – once you go down a road you’re semi-locked into that system. Yes you can change, but the data porting may come with some pain. (Apparently 1Password enables you to import passwords from other managers, but I’ve not tested this myself).
In researching this article, I’ve noticed I’ve a mind-blowing 219 logins stored within 1Password. The sites covered range from financial services to online stores I visited years ago to old magazine subscriptions I no longer use (but where my personal data is likely still out there.)
Another good option is Keychain, Apple’s own password manager. It’s integrated for free within MacOS and iOS. Keychain is a great option and seamless in use. The drawback is it’s limited to Apple devices.
Google has a similar one for Android though, and Microsoft offers the same for its Edge browser.
Searching for freebies
There are also many free open-source options available. (Let us have your recommendations in the comments!)
Personally, I would rather pay a small fee and have some come-back for such a critical piece of software. But many people do use free versions without issues.
The best one for you is the one that suits you. This will come down to a function of pricing, features, interface, and usability. Some password managers offer a free trial, so check to see if you can try before you buy.
I’ve listed a few popular options below, but this is by no means exhaustive:
Look out for a manager that supports Multi-Factor Authentication (MFA).
As you’ll probably know from using it already – even if the actual acronym has so far escaped you – MFA is an electronic security method where you must provide two or more distinct types of verification to gain access to a resource, such as a website or application.
You should always use MFA where you can. It adds an extra layer of protection to the first-line defence afforded by a password.
QWERTY1234
There is usually a buy-in period with learning any new tool. Password managers are no different.
The initial set-up can take a bit if time, particularly if all your passwords need changing from Hurst66 to ZbP=!pziAJx2v4efc4V7J.
But once you’re done, ongoing maintenance is easy.
Many password managers will prompt you to save passwords when you first log into sites online. This way you can steadily change them as you come to use them.
That’s particularly handy with some of the less frequently used logins, such as pension accounts where you may not have daily, weekly, or even monthly interactions. [Um, speak for yourself – Ed]
Securing your financial future
In an age where cyberattacks are increasingly sophisticated, password management is no longer optional. It is essential to protect your personal and financial data.
If your preferred method is a little black book that’s locked in a safe, then fine. As I said above, the best password manager is the one that works for you.
But you should still change your passwords regularly. Keep them random and don’t use the same one for Tesco that you use for your online broker.
Like it or not, our lives are becoming more digitalised. For starters, you are reading this on a digital platform.
But password management software is designed to work with you, not against you, and today’s tools offer a blend of convenience and security that manual methods simply cannot match.
Further reading:
- Tips from the National Cyber Security Centre
Just to say I’m a very happy Keepass user for at least the past 13 years. I don’t tend to do anything high value on mobile devices, so the lack of cloud native sync isn’t a significant issue, and I value the reduced attack surface.
I concur MFA is desirable, but is still potentially at risk of MITM attacks, so be careful with how you store the links to sites, and I try and go to sites via bookmarks rather than via links from emails as a matter of habit.
I would query the recommendation to change passwords regularly. Certainly GCHQ doesn’t see much value in it, so long as you can trust their advice not to be self serving. The corollary of course is that if you have any hint that a password or site has been compromised you should reset the password as a matter of urgency, you’re potentially racing a GPU cluster trying to break password hashes.
Good post. Personally I use keepass synchronised to my OneDrive so I can access it across all devices. A password manager is an absolutely essential tool in 2025.
My area of expertise.
You only need a separate password manager if you need to log into an account from a bunch of different computers with different browsers. Otherwise the password manager built into your web browser will achieve the same ends without needing to trust another 3rd party application (you need to trust the browser anyway).
Using a password manager that auto-fills passwords for you is important as it will help protect you from attackers that create fake websites which look like real ones. For example if an scammer were to register the website http://www.aibell.co.uk, your browser can tell the difference even if you can’t and won’t auto-fill your http://www.ajbell.co.uk password for you.
Humans are bad at remembering things so you should only try to memorise credentials for accounts that you *need* to access cold: the login for your laptop, accounts that you need to be able to access from someone else’s computer, etc. Everything else should be randomly generated (by a computer) and stored (by a computer) to avoid password fatigue.
Adding capital letters, numbers, and punctuation makes passwords much harder to remember (and type) for very limited security value. The practice started from technical limitations of ancient computer systems and has no place in this century! It’s better to use a simple password system (random words) and make it long enough to achieve adequate entropy. NCSC and NIST both recommend against the practice and competent service providers that follow security best practice do not require multiple ‘food groups’ (but plenty of incompetent ones still do).
Changing passwords regularly causes people to use bad passwords (password fatigue). Where a human absolutely needs to remember a password (see above) they should make a good password once and then not change it unless they have reason to believe it has been compromised. NCSC and NIST both recommend this in their guidance and competent service providers won’t require them to be changed periodically.
It is worth putting some consideration into backup and recovery. Most online accounts allow you to reset your password over email if you forget it which means your email account is a single point of compromise for most of your digital life. Anything which doesn’t allow reset over email deserves consideration for what happens if you forget/lose/break the things you need to access it. What happens if you use an encrypted password manager and forget the master encryption password?
“keep it secret, keep it safe” – Gandalf
I use Bitwarden for passwords and Authy for 2FA. Happy with both of them. I started out with Lastpass but switched when the free option became more restrictive, and I now prefer Bitwarden. The free tier of Bitwarden is enough for my needs, but I pay as it is only $1 a month and I want to support it.
All good advice; I’ve been a 1password user for many years. Also, passkeys are interesting for the geeky.
https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/password-managers is probably decent background reading.
Regular password changes led to users making minor changes leading to predictable passwords. NIST dropped the password change requiremnt years ago.
It might be worth pointing users at Troy Hunt’s Have I Been Pwned website where they can see which services have leaked their credentials. I believe 1Password integrates this service.
I would be interested to know which authenticator apps people use for getting 2FA codes.
From my basic research I have learnt it is very important to have a robust backup procedure in place so that one can transfer 2FA tokens to a new phone in case of phone loss/theft. Otherwise, you will obviously be locked out of your account.
Some security experts suggest printing out the QR codes when setting up 2FA on a site (and obviously keeping them somewhere safe).
@Index
I use the open source FreeOTP developed by Red Hat.
@Index, I’ve used KeepassXC to do this in the past, IIRC for Github.
Sound advice!
I’m reminded of the classic xkcd comic (search “xkcd 936”) where it shows that ‘through 20 years of effort we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess’ 😉
Very happy 1Password user here (though company pay for the account, and I might have gone with BitWarden if funding myself).
I left LastPass on principle after they dealt with a hack and compromised master passwords appallingly (Google ‘Lastpass controversy’)
I’m still using Authy for 2FA but they had a hack and also shut down their Desktop app – I’ve been meaning to move to the open source Ente Auth
Like some others I’ve used a password manager for donkeys years. It was Lastpass until they got hacked and became restrictive so a number of years I’ve used Bitwarden across my android phone, iPad and Win11 devices. It’s open source so is reasonably safe.
I also use Authy for my MFA codes.
I prefer not to use Microsoft, Google, Apple based software for this stuff as they already know enough about me.
I do disagree with Gandalf about using auto-fill on browsers as that has had a few issues of late e.g. where hidden fields are auto-filled without us knowing but gives info to scammers.
I don’t use Passkeys yet as they seem immature in their usage so far, and Bitwarden + Authy does the job for me.
BTW I have over 500 logins in my vault. That’s a lot of sticky notes.
Keepass and Keepassium for iphone I have also used for years. Needs a little bit of effort to set up. I back up the small password database file (it’s encrypted, of course) to one of the free cloud data areas e.g. Dropbox so that it is common between devices. All 0% TER.
Used to use LastPass until they had data breach’s and did not open up about it. Moved every thing to Bitwarden which Ive been happy with. I know in this modern age a password manger is needed but we intrust all of this with a 3rd Party which is open to attack
Thirding the motion that “regular password changing” is outdated and incorrect advice. Personally I’m a fan of Passkeys, unphishable though they’re only just starting to roll out across the web.
Great article!
One note on Apple keychain, they do have extension for Chrome, so you can use it there.
I got 1Password recently as it seemed to be the most recommended when researched. Still slowly adding the ridiculous number of accounts I have to it.
Be good if 1Password could track points expiry dates for hotel and airline loyalty membership. Used to have AwardWallet until they upped prices for an inferior service. Possible to set expiry notices on 1Password but have to stay on top of it.
As already mentioned, 1 of the best features of a password manager is that it will auto-fill passwords for you. Which means that if you’re on a site that looks identical to what you expect but is actually a scam, then the URL will still be different and the password will not be filled in as the password manager will notice the difference. Automation here is not only easier, but safer as well.
As far as 2FA is concerned, though: the idea here is to have something in addition to, but separate, from a login/password. Therefore – anything related to 2FA is best kept away as far as possible from a password manager. When the password manager software is hacked, the 2FA should save you. Keep 2FA on your phone, and don’t run the password manager on your phone. Don’t store anything related to 2FA in your password manager. And for anything really important, enable 2FA.
Like many, I’ve been using a password manager for years. From 2011 it was SplashID on Mac. That was replaced by Bitwarden when I needed something Linux friendly. The open source nature of Bitwarden was a plus, along with the cheapskate option to self-host (keeping the data on “my” machines.)
Using a non-local password manager is a terrible idea. You can limit risk by using MFA, but you’re fully exposed to the password manager operator getting hacked or suddenly increasing prices significantly and effectively holding your data to ransom.
With a local password manager, your threat model is much more limited – unless you send both the password manager and its password to an attacker, you can only loose the whole database by a hardware outage (make backups!), or malware.
I use KeePass XC on my computer and Keepass2Android on the phone, with backups synchronised via Google Drive.
I store logins, passwords and TOTP seeds in it. The Multiple Factors of authentication are:
1) Have the password database
2) Have the password to the database
I’m surprised that nobody has mentioned Proton Pass, which interacts seamlessly with their award winning email app Proton Mail, and they have cloud storage, VPN, etc. All open source and free as well as paid for options. Proton Pass included 2FA generation as well, it’s one of the best.
Would echo the recommendation for Bitwarden. I use the free version and it’s open source so unlikely to ever start charging. Works on Macs, Windows, iPhone with an extension for every browser I’ve used (so it’s integrated with browser) and syncs between all of my devices. It even imported all my passwords when I switched from Dashlane after they started charging. Bitwarden will also store your bank and credit card details for easy online purchasing (though perhaps I should make it harder, to save money!)
For 2FA I use Google Authenticator. Again, free.
One thing to consider is giving your loved ones your master password in case of death or becoming incapacitated. Some paid for password managers can give access to a chosen person in that situation.
I use Proton Pass and FreeOTP.
I would struggle with a local password manager as I use up to half a dozen devices quite regularly. I have always assumed that the incremental risk of a dedicated provider getting compromised is not a material increase in risk compared to the chance of any of my personal devices getting hacked.
@White Sheep , my conclusion was that the dedicated providers are _such_ attractive targets they were higher risks. You can of course put a purely local database in the Dropbox-a-like you prefer.
Thanks for the interesting article.
I initially used LastPass but after their hack moved to Nordpass. Was reluctant to go with one that is build into one of the main browsers like Google password manager. Not sure it makes much difference. Still a little concerned about putting all your eggs in one basket so to speak with a password manager.
Other considerations that might be worth thinking about. Using a pin code for your sim card so it won’t work in another phone without the pin. A lot of phones have a feature to put some apps in a hidden folder.
I’m seriously impressed with the knowledge on display here. So you’ll have to forgive this very basic question from someone who still writes with a quill: what’s to stop a malign actor hacking your password manager and in one fell swoop getting all your passwords? It’d be a total disaster.
…and when the password manager gets hacked? I am reluctant to (read: I don’t) store any of my financial passwords anywhere in the cloud. And please don’t get me started on passkeys, which coexist with passwords, so where is the increased security?
I do not like password generated by password managers. If the manager is hacked or goes down, I’d be hard pressed to even type the martian they create–if I had access to them.
Most of my passwords are for sites where I really don’t care about security. I trust those to the browser, but I create and know them.
@25 – A suitably robust master password (i.e. long to make automated attacks impractically time consuming, which is feasible if you are only remembering one password) and ideally a codebase reviewed by multiple entities to reduce the likelihood of bugs or encryption implementation flaws.
Personally I’m a bit paranoid about login details for life changing amounts of money. There have been numerous publicised breaches of password managers, so my investment logins live in an offline password safe (I use KeypassXC) on an old laptop that I never connect to the internet, and I manually type the passwords into the investing websites (on a different computer, obviously).
For all the other, non-critical, logins I certainly do use an online password manager, its super convenient, and having different passwords for everything really limits damage if one website is hacked. I’m another person who fled lastpass, after a series of egregious security failings a few years ago. I now use Bitwarden.
Changing password manager is easy, I’ve done it a few times. So don’t get delayed by trying to choose the ‘best’ password manager – just pick one and go for it.
+1 for the XKCD CorrectHorseBatteryStaple cartoon. Entertaining and educational.
Several of my financial logins require a pseudorandom selection of letters from the password. Can password managers handle this situation?
@Mousecatcher007 That’s a very good question and I look forward to answers from the experts. My guesses would be a) the difficulty of accessing the database file, b) the quality of the encryption algorithm and c) the quality of the master password.
For (a) I use a local database, which means that any hacker has to access my system, which is certainly possible if they really want to, but why would they pick on me? Whereas an online password manager service may be hard to crack, but has tremendous rewards for success.
@all I’m another who doesn’t see any advantage in regularly changing passwords.
With a bit a careful planning I can create strings that are memorable (to me, given things that I happened to memorise as a schoolboy), but I couldn’t do that if they changed frequently. So I don’t need to use a password manager for everything (but they’re on the password manager anyway, along with the URLs of the sites (really secure bookmarks) and the ‘memorable data’ some sites seem to think improves security, and contact details for the organisations).
I’ve been using Password Safe for very many years. Totally on your device, not someone else’s computer, open source, versions available for all common OSs, free, and secure.
@DavidV Yes.
And if you store anything in the cloud make sure that it’s encrypted, preferably with the keys under your control. I’ve been using Cryptomator (cryptomator dot org) for the last couple of years and it’s been solid across Windows, iOS and Android. You can even create secure vaults on portable media, which is handy for off-site backups.
After the LastPass debacles, I moved to self-hosting Bitwarden. I have a mini PC at home running a small number of docker services, for utilities like this. I use Tailscale (a private mesh network) to access it remotely, so that it’s not on the public internet. Encrypted backups added to a Google Drive folder every 4 hours. Maybe OTT but I wasn’t comfortable with the breaches at LastPass and I see any and all cloud-based password services as giant attack surfaces. Many bad actors will try to breach them. Some have succeeded. Others may follow.
I always liked Edward Snowdon’s advice on entropy, and simply having three or four common words with caps and specials included (to meet the stupid requirements of providers). It’s readable, easy to type, and hard to brute force.
One way to do it is to have the first word start with caps, include a number somewhere, and separate the words by a special character e.g. ACTive$5$passive$invest$realist. Jumble positions of the cap(s) and numbers as you see fit.
No mention of Dashlane, which can provide passwords up to 60 alpha/numeric/spec characters. The first 25 passwords are free. A paid for service includes a very effective “Hotspot Shield” VPN, where you can hide your pc and place it worldwide. You can also make up your own pass phrases, it’s auto log in and auto email and address placement if required. Support can be a 3/5 day wait depending on traffic volume. Very good for someone with limited number of passwords. I particularly keep my log in and pw requirement details to the minimum. Recommend “Have I Been Pawned” to check if your email has been accessed and the extent of your details on the web.
Another longtime 1password user here. As a web developer I have many hundreds of logins, and couldn’t manage without one.
For those who prefer a locally stored solution over a cloud based service, it’s worth considering a few things:
The password file is encrypted wherever it is stored. If a hacker was to retrieve it, they would have to brute force attack it to guess the master password. A sufficiently long (high entropy) password should require so many guesses that it’s basically uncrackable, even for a very powerful computer. However, their job becomes somewhat easier if they actually have the file since they can test it locally, bypassing the brute-force protections that the cloud services have in place. So they can try many more guesses a second, and use a network of machines, and use rainbow tables, all of which increases the odds in their favour. So it is important that they don’t get hold of the password file.
Cloud-based password manager services have a team of highly skilled and motivated security experts to protect their customers’ data. This team is hardening their system by the minute as it is stress-tested by constant attacks. Dropbox does too, but maybe less so. Are you really confident you can secure your home network to the same level? To some extent, hosting locally trusts that “hackers aren’t interested in little old me”. Until they are, in which case you’re in trouble.
@TM…”I’ve a mind-blowing 219 logins”……. A “Hackers Smorgasbord”
For anyone who feels less confident about these online security topics you might want to read the book Cyber Smart by Bart R. McDonough.
Part II of the book gives specific recommendations as to how to improve your security and covers all the topics raised in this thread and many more.
The amount of investment 1Password has taken is terrifying…
https://probably.co.uk/posts/ditching-1password/
@countzero
>Are you really confident you can secure your home network to the same level?
My home network has the substantial advantage compared to a cloud password provider that it isn’t providing any external services for highly skilled and motivated attackers to try and compromise.
Pedant alert:
Have I been pawned? Someone has taken you down to the brokers and exchanged you for money.
Have I been pwned? Someone has stolen your details.
The problem with these sorts of security conversations is they run and run, point followed by counterpoint, with no consensus opinion – so its always difficult to know what to do. But that said, some really useful stuff in both the article and the comments. I’m still mulling whether bitwarden or keepass is the answer..
I’ve been using KeepassXC (free and does what I need) plus Aegis for 2FA. I moved away from Google Authenticator due to its limitations.
With Aegis you can set a password to open it (useful even if someone gets access to your phone) and you can securely backup your 2FA codes (handy if your phone dies, which happened to me a few years ago).
Both free, both open source (so should be reasonably secure) and therefore not beholden to one company.
I urge everyone to enable 2FA for all important accounts/any that allow it. It really raises the bar for any hackers for no cost and almost no effort. Definitely enable it for your email account and use a unique password for your email account. It puts off even some state affiliated hackers:
https://www.wired.com/story/iran-apt35-hacking-video/
We should flip this page upside down. The comments are way more fascinating and potentially valuable than my article! I’m glad it’s got a good conversation going and I’ve learned a lot simply by reading through the inputs.
I have historically been adverse to physically typing in passwords from an offline source due to the risk of giving over details to software that can record keystrokes. This would bypass the need to ‘crack’ a complex password as you literally type it out.
That said, @Rhino hits the nail on the head – there are several different ways to smash a coconut that all end up with milk, and people are often aligned with one particular method or another. However, the point I made in the article still stands above all else: the best method of password management for financial security is the one that works for you – one that offers appropriate ease of use and the ability to sleep at night.
A bit like the Grey Box article, the aim was to inspire some readers to move something everyone knows is important a little higher up the priority list. So thank you to everyone for contributing towards that goal via the comments.
Sometimes (but not always) the opposite of a good idea is another good idea. Passkeys and encryption hardened password managers loaded onto a smart watch (being harder to steal than a smart phone) are a must for relatively low limit daily spend debit and credit cards. But for the life savings in ISA / SIPP / NS&I / bank account, a deep reflexive memorisation of a 50 character long full ASCII alphabet random strong password might be less risky. This isn’t Bitcoin where if you forget the seed phrase for the hardware wallet then it’s no key no coins time (accepting here that no one wants to be in an analogous position to that rather unfortunate man who – some years ago now – accidentally threw out a harddrive with the private key to his BTC wallet with 8,000 coins in it and, not surprisingly given the nearly $1 bn notional value involved, still seems unable to move on from the loss).
A handy tip a friend once gave regarding using password managers is to not store the whole password and add a secret word or phrase to it when you login that only you know.
For example, if the stored password is Afghanistan, when you login, the password manager will auto-fill Afghanistan, you then add your secret word or phrase – AfghanistanBananaStand
So even if your password manager is hacked, the passwords will be useless.
Like some here, I was a long time user of Lastpass and then moved across to Bitwarden. There are occasions though when I need to type in a password and there is a problem of remembering passwords or phrases. I get round this by incorporating the site into a song lyric, such as “turnoffyourmindrelaxandfloatgoogledownstream” (not my actual one of course). With the odd capital letter and character substituted as well. Works for me but I suspect others may see a flaw in it.
Appreciate this is coming at the end of a long (and very interesting) comments section but as well as passwords, what about memorable words, PINS, question answers (mother’s maiden name, etc). How do people store all of this?
XYZ @46
I store such stuff as PINs, memorable information (that I can’t always remember!) in my password manager (KeepassXC). You can add as many entries and notes as you need and they don’t have to be related to a website. It’s all encrypted and far more secure than a notebook etc.
No mention of AV here, which I believe is equally important. I use AVG free which runs a “Deep Scan” at a predetermined time every day, and more if you want. According to Which, it’s as good as many paid for systems.
Mac users who believe they are immune, with no AV, may want to address that.
While we’re talking tech, interesting to see which sites were hit by the AWS outage this morning:
https://news.sky.com/story/whats-affected-by-internet-outage-all-we-know-so-far-13453813
Another long term Keepass user here
My master password is derived from a password card generated on the passwordcard.org website. It’s committed to memory now, but I still have the card with my password hidden in it if memory should fail me
The other invaluable feature of Keepass is autotype where you can effectively program the software to fill multiple fields of a website with one keystroke
This has made the monthly process of making multiple online debit card deposits at YBS to fulfill bank reward schemes an absolute breeze over the years, each deposit being carried out in seconds even though it requires separate field entries for card number, expiration month, expiration year and CVN
Thank you all, especially #28. I’m dismayed I hadn’t thought of “on an old laptop that I never connect to the internet, and I manually type the passwords into the investing websites (on a different computer, obviously)”.
What I will now do is store passwords, themselves encrypted but provided with obscure clues on how to decrypt, on an ancient offline machine. (My encrypted password procedure is a Heath Robinson creation of my own but has worked well for ages now.)
Then I expect to type a required password into a file on an online computer, then copy and paste it into a relevant bank website. Is that paranoid enough?
As for smartphones: no probs. I’ve only just acquired one, have no idea how to use it yet, but certainly will not use it for banking or the like.