Originally posted by Sysman
View Post
-
Cheers Sysman - that is what I had read as well. Need to patch OpenSSL and then regenerate keys - total PITA. The 1,000 passwords I have stored are just what is in roboform
-
Leave a comment:
-
From what I have gathered so far, if you change passwords on a web site or server which hasn't been patched/locked down already your new password might get snaffled.Originally posted by administrator View PostAs for heartbleed
I have 1,000 password files by the looks of it and feck knows how many servers to update 
New CA certificates have been mentioned, then generating new private/public key pairs, then changing your passwords.
Some reading - have a look at the comments too:
Krebs on Security
Matthew Green - cryptographyengineering.comLeave a comment:
-
Forgot to say - multiple users. Not sure how that would work with Roboform as you only have a master password for all pass files as far as I know...
As for heartbleed I have 1,000 password files by the looks of it and feck knows how many servers to update
Leave a comment:
-
Been using Roboform for years, works on Mac (iPad and Macbook) too but not Linux although does work on my Android. WNLS about the Chrome interface not being as good as FF but it's liveable with.
I have also used LastPass and it is works nicely too, only tried that on Win and Linux though.Leave a comment:
-
Password Safe
I have been using PasswordSafe - passwordsafe.sourceforge.net - Password Safe for some time and, as the post above suggests, I sync my information via DropBox so always have it
PasswordSafe was designed by Bruce Schneier which is always a good endorsement!
It's also useful as it can be installed on machines without administrator rights if that is necessary.Leave a comment:
-
I use Lastpass and it works very well. Free on PC, paid for on mobile.
I can't find any up to date reviews, but all of the "Lastpass vs Roboform" articles favour Lastpass. In some cases this is because they say that Roboform is chargeable, but it appears to be free now (on both Windows and Android).
Alternatively, if you're concerned about handing over all of your passwords to some online company, you could try Keepass. Store the encrypted passwords offline and copy to your phone (there is an Android app), or as some people do upload the encrypted password database to Dropbox or similar, keep your key offline on each device and then you don't have to worry about keeping multiple databases synched.Leave a comment:
Leave a comment: