Notes on the Celebrity Data Theft

[theDustRoom]

I use a Yubikey with a generated key.

This is only half of my password; the first part is a password I can remember easily with numbers and letters, the second is the generated key.

This means that even I don't really know my password and if someone found my Yubikey then it's useless to them without the other half that only I know.

(I do have a printout in a safe place of the key and also a backup Yubikey)

I use this password for my computer as well as my 1password vault which is generally filled with randomly generated keys for each website.

Might sound a bit overkill but if you can; why not?

[rasengan0]

Same here on halfsies, I use YubiKey Static + 2FA http://www.yubico.com/products/yubikey-hardware/lastpass-yub... plus a Password card https://www.passwordcard.org/en both for 1Password and LastPass

I like 2FA on LastPass but the UX is better on 1Password

For files like my Tiddlywiki http://tiddlywiki.com/, I like Minilock https://minilock.io/ with BTsync https://github.com/tuxpoldo/btsync-deb

i admit i'm lazy and have less secure login creds in my Tiddlywiki but at least it has some crypto https://crypto.stanford.edu/sjcl/

[amvp]

That sounds secure, but help me understand: Is it the same password everywhere? How do you manage the different passwords for different services? How do you enter your password to login on an ipad, or on your phone?

My biggest problem with the Apple's password policy is that I'm required to enter it periodically on an ipad or iphone - meaning I can't keep it lastpass and that complex alphanumeric passwords are even harder to enter.

[theDustRoom]

My iOS accounts are, unfortunately limited to a password that I can remember but I use one with numbers and letters and a mixture of uppercase and lowercase characters.

Most of my website passwords are generated keys; each different - all stored within 1password, should there be an issue at any point (doubtful) I can always go through the "forgot password" features on any given website to reset it to something temporarily that I can use easily.

[coldpie]

What's the advantage to this over simply using 1password?

[theDustRoom]

It's mainly for my laptop to be honest but as it's just a tap away why not secure my 1password vault more securely at the same time?

I also run software on my MacBook Pro so that when I pull the Yubikey it automatically engages the screensaver which in turn requires the password to disable.