I think a lot of people stopped using LastPass after it got hacked back in 2015. They also had some very recent bug or exploit issues that could leak stuff to malicious websites. I don't really know how normal or frequent the bugs are in general for this type of software but LastPass never really filled me with much confidence tbh.
Betfair security
Once you have done it a few times it just becomes part of the log in process you go through each day on auto and it really is no hassle.Derek27 wrote: ↑Mon Jan 20, 2020 1:39 pmThanks for the feedback. I've always been put off 2-step because I log in on 3-4 devices but having said that I am logged in all-day so it shouldn't be too much inconvenience - I'll look into it.
I use LastPass as my password manager. Can't really manage without one now.
If someone got into your account and took your money I would imangine that would cause an untold amount of hassle and annoyance and leave you wishing why on earth didn't you put 2FA on.
I have never used a password manager but I think I will look at them as more people seem to be using them. My worry, probably daftly, is giving up my passwords to a third party.
I have often seen it said that you are probably safest coming up with complicated passwords and just having them on a sheet of paper at home. But I would not fancy the hassle and worry should my house be broken into and that sheet taken.
It is also really important to ensure you use a different password for each site you use which I know sounds like a hassle but it really isn't if you come up with a system.
This article by Martin Lewis from Money Saving Expert is quite old now and I haven't read it for a while but thought I would share it anyway as I am sure it is still of use to people when creating said system:
https://blog.moneysavingexpert.com/2011 ... mber-them/
My solution is to have the same 'base' word with various Caps, symbols etc for all sites. Then I simply include a number 1 somewhere in it for my bank password, 2 for Amazon, 3 for paypal, and so on. (These are just examples!! ) That means I can carry a piece of paper in my wallet with "bank 1, amazon 2, paypal 3, etc. written down, so they're useless to anyone but me, and are easy to change if necessary.
But 2FA is still a must for financially sensitive sites.
But 2FA is still a must for financially sensitive sites.
People usually have an issue with storing their password online (like LastPass etc), hence the need for local storage of passwords and sensitive information (like KeePass etc). It's practically the digital equivalent of a wall safe, its data cannot simply be copied off your computer as if it were a txt file, in order to open KeePass on your computer you need a locally stored key file along with your master password.
In any case, it's good to have different options to suit people's preferences and needs.
I think I will try KeePass if it's that good. I have all my pass in a text file, I know, not a good thing, so maybe it's time for a change. CheersKai wrote: ↑Mon Jan 20, 2020 1:05 pmI use KeePass Password Safe for that purpose, it's a free open-source password manager and a good place to keep all the sensitive stuff. My brother who is a highly paid security expert in this industry recommended it so it must be decent at least, it's not very user friendly at first but I'm very happy with it. I usually let KeePass randomly create my passwords with at least 128-Bit key encryption, except the non-important passwords which I let Chrome memorize instead.
I actually don't really know what my Betfair password is, gun to my head I wouldn't be able to say it out loud, but my muscle memory knows it extremely well because it types it in often enough.
On busy days I can log in as much as 7-8 instances just to set up all the automation and data capture etc and it can become a bit time consuming but I'd rather do that 25 times a day for years if it saves me from just 1 hackPDC wrote: ↑Mon Jan 20, 2020 2:02 pmOnce you have done it a few times it just becomes part of the log in process you go through each day on auto and it really is no hassle.Derek27 wrote: ↑Mon Jan 20, 2020 1:39 pmThanks for the feedback. I've always been put off 2-step because I log in on 3-4 devices but having said that I am logged in all-day so it shouldn't be too much inconvenience - I'll look into it.
I use LastPass as my password manager. Can't really manage without one now.
If someone got into your account and took your money I would imangine that would cause an untold amount of hassle and annoyance and leave you wishing why on earth didn't you put 2FA on.
I used to use that method, same password with two or three additional characters to identify the site. It's not really secure having the same 'base' password and another issue is no base password will satisfy the criteria of all sites, so I'd often have to chuck in a hyphen or change the base password and then forget it!weemac wrote: ↑Mon Jan 20, 2020 2:04 pmMy solution is to have the same 'base' word with various Caps, symbols etc for all sites. Then I simply include a number 1 somewhere in it for my bank password, 2 for Amazon, 3 for paypal, and so on. (These are just examples!! ) That means I can carry a piece of paper in my wallet with "bank 1, amazon 2, paypal 3, etc. written down, so they're useless to anyone but me, and are easy to change if necessary.
But 2FA is still a must for financially sensitive sites.
- ShaunWhite
- Posts: 9731
- Joined: Sat Sep 03, 2016 3:42 am
All my login IDs, passwords and backup codes are in the folder with my Will. Ditto a brief operational guide so people know what apps to stop or which VPS company to keep paying if it's still making a profit. That should be better than 3 grand from 'Without-this-policy-your-kids-will-bury-you-in-a-binbag.com'
I didn't know about this so i've just gone through the process, thanks for pointing it out!PDC wrote: ↑Mon Jan 20, 2020 12:40 pmIt is really important you keep those backup codes somewhere. My Google Authentication app went out of sync for some reason. It is a known issue with the app. No matter what you do you will not be able to get it back in sync and without the back up codes you are locked out.
Thankfully I had the back up codes saved and was able to get back into my account. Turn off 2 step and then set up up all over again.
Betfair probably would have been able to get me back into my account eventually I guess but I wouldn't like to think how many hoops you would have to jump through, quite rightly before they got you back in. Perhaps they wouldn't be able to.
So again, if you haven't got those back up codes saved somewhere do it now as the app could go wrong at anytime and this applies to all sites you use 2FA!
No worries, I was very worried when it happened to me as nothing seemed wrong on the surface. I was using my password and Google 2FA app as I had hundreds of times before. But no matter how carefully I typed it all in it kept saying the password I was entering was wrong.
Eventually my account got locked due to to many failed attempts.
I started to think someone had hacked my account and changed the password as I was 100% sure I was entering the password right and the codes were showing as normal on the app.
I got Betfair to unlock the account but still it wouldn't work and again I was locked out.
It took a long time to get Betfair to unlock it as not surprisingly it was starting to look rather suspicious.
Eventually I just happened to search for 2FA code not working and discovered this bug and that I should use the back up codes which would still be valid. Then to turn off 2FA, uninstall the app and reinstall it and get a new batch of back up codes.
There was nothing to indicate on the surface of it that the 2FA was out of sync and I had only been in my account a few hours before.
Had I not had the codes backed up I don't know how I could have got in as I don't know if Betfair have an override of the 2FA, perhaps they don't?
I've wondered how it all works when you upgrade your phone but never got past wondering. I'm that sort of person that goes by "i'll cross that bridge when I come to it" I really need to break that habbit & this thread just goes to highlight to me once again why.
Also what happens if your phone is stolen is something to think about as you would now not have access to the app.
This is a good video from a very good YouTube channel that gives some background info to 2FA and how it works, worth a 5 minute watch:
https://www.youtube.com/watch?v=D6fRdCF9jyQ