Mileage Plan and Credit Card logins and Passwords

Discussion in 'General Discussion | Credit Cards' started by Cody, Mar 27, 2011.  |  Print Topic

  1. Cody
    Original Member

    Cody Silver Member

    Messages:
    43
    Likes Received:
    35
    Status Points:
    130
    I'm relatively new to this, and have been coming to terms with a new handful of passwords (mileage plans, credit cards etc.) and am curious how other people manage theirs. I use AwardWallet and Mint and recently added KeePass to the mix fore security. What do other people use to keep all these accounts safe and secure? I bet at least one person says, paper and pen...
     
    Cholula and miles and smiles like this.
  2. deant
    Original Member

    deant Milepoint Guide

    Messages:
    3,129
    Likes Received:
    12,385
    Status Points:
    10,620
    OK. I will say it "Paper and Pen".

    However, in reality, I use a password protected Excel spreadsheet with a non-descript title. I know it is not the best, but it works for me.
     
    miles and smiles likes this.
  3. ahow628
    Original Member

    ahow628 Silver Member

    Messages:
    222
    Likes Received:
    319
    Status Points:
    450
    I prefer LastPass for managing logins and passwords over KeePass. LP has a plugin directly for all the major browsers (IE, Firefox, Chrome, Safari, Opera), has all major mobile versions (Android, iOS, BlackBerry, WebOS, Symbian, Windows Phone), and has some great extra security features such as a second-form authentication grid and a USB key verification scheme. The basic version is free and the pro version (required for mobile and some other features) is $12/yr. The best part is when you make a new login it automatically saves the information (website, username, and password) for you and will even generate random passwords. Everything is encrypted end-to-end and before it ever leaves your browser so your information is never exposed.

    I would avoid pen and paper if at all possible.

    BTW, I have 196 passwords stored in my LP vault and they are an average of 19 characters long. Changing your current passwords to make them long and random is extremely easy. Just do the regular password change and LP detects and asks if you want to update the saved information.
     
    miles and smiles and viguera like this.
  4. catgirl
    Original Member

    catgirl Gold Member

    Messages:
    10,066
    Likes Received:
    65,007
    Status Points:
    16,520
    MS One Note. That is how I keep track of everything.
     
    miles and smiles likes this.
  5. viguera
    Original Member

    viguera Gold Member

    Messages:
    4,737
    Likes Received:
    6,913
    Status Points:
    4,745
    For this type of thing I've been using Chrome with the option to save passwords and everything else to the cloud.

    That and Dropbox help me keep track of pretty much everything.
     
    miles and smiles likes this.
  6. toddreg
    Original Member

    toddreg Silver Member

    Messages:
    238
    Likes Received:
    320
    Status Points:
    475
    ewallet is great. Also, try to come up with a standard scheme that you can modify with each new site.
     
    miles and smiles likes this.
  7. Gargoyle
    Original Member

    Gargoyle Milepoint Guide

    Messages:
    22,014
    Likes Received:
    96,541
    Status Points:
    20,020
    I use keepass. It's free, open source, very easy to use, and portable- The encrypted file is only a few k to maybe 100k if you have tons of stuff in it. It can be moved between computers, thumb drives, etc.
    You can set up separate categories to organize everything (like forums, credit cards, airlines and hotels, passport info) and you can enter any other kind of text based data you want.

    www.keepass.info/
     
    miles and smiles likes this.
  8. toddreg
    Original Member

    toddreg Silver Member

    Messages:
    238
    Likes Received:
    320
    Status Points:
    475
    Do you really feel comfortable with this type of highly confidential information being stored out in cyberspace?
     
    miles and smiles likes this.
  9. viguera
    Original Member

    viguera Gold Member

    Messages:
    4,737
    Likes Received:
    6,913
    Status Points:
    4,745
    Your email is stored out in the cloud, unless you download all of them and store them locally, in which case that becomes the security problem. :)

    Personally, as long as you're security conscious -- or at least aware -- and use some sort of common sense, storing stuff "in the cloud" is no less safe than leaving it at home, or risking it being intercepted in transit. If you're that uncomfortable you can always use an encrypted volume with something like TrueCrypt, and store THAT in the cloud.

    The days of pen and paper are long gone, and if you have your laptop stolen -- or someone breaks into your house and steals your desktop -- you're at risk just the same.
     
    miles and smiles and ahow628 like this.
  10. ahow628
    Original Member

    ahow628 Silver Member

    Messages:
    222
    Likes Received:
    319
    Status Points:
    450
    With LastPass, your password vault is encrypted and decrypted locally on your hard drive before being synced with the cloud. Assuming you use a reasonable strong personal vault password (I go with 10+ characters involving capital, lowercase, and numbers with no dictionary words) you will be fine. When your vault is on LP's servers, it is encrypted with their server encryption, transferred over HTTPS, and has my strong password encrypting it as well. All copy/pastes of the password are hashed so that keylogging would be ineffective for attack.

    LastPass FAQs

    Additionally, you can (and I do) keep a local copy on your home computer in case of issues with LastPass in the future.
     
    miles and smiles likes this.
  11. jhflau11
    Original Member

    jhflau11 Silver Member

    Messages:
    156
    Likes Received:
    316
    Status Points:
    435
    I use 1password for my logins. They have a desktop client that will sync with their iPhone app. I use Awardwallet and Tripit Pro for miles and points.
     
    miles and smiles likes this.
  12. ahow628
    Original Member

    ahow628 Silver Member

    Messages:
    222
    Likes Received:
    319
    Status Points:
    450
    I have a buddy that is all in with 1password. However, he is purely a Mac/iOS guy and I hear it is great in that ecosystem.

    I use mostly Windows and Android (and BlackBerry in the past), so it was a no go for me. I wasn't very happy with having to pay for a separate license for each device either. I think it was like $45-60 for iPad, iPhone, and Mac. For that, I can get 5 years and unlimited devices out of LastPass.
     
  13. jhflau11
    Original Member

    jhflau11 Silver Member

    Messages:
    156
    Likes Received:
    316
    Status Points:
    435
    Yep another Mac guy thus the 1password. I like it, but I am in that boat now just a new Macbook Pro and I need another licence now. They have a free iPhone version. I was using that until they had a special and offered the pro version free for a limited time. They do run on Windows and Android if your inclined to try. They did start out on the Mac originally.
     
  14. bakedpatato
    Original Member

    bakedpatato Gold Member

    Messages:
    2,558
    Likes Received:
    13,734
    Status Points:
    10,425
    A postit stuck under my table :p
    Just kidding....a flash drive with an encrypted file in it. It's in a pile of flash drives and looks very ordinary.
    I have considered something like lastpass but I haven't found anything that's free(the logins I care about I have memorized so I wouldn't want to pay for a service like this), does everything I need it to and such and such.
     
  15. ahow628
    Original Member

    ahow628 Silver Member

    Messages:
    222
    Likes Received:
    319
    Status Points:
    450

    I used the Windows version when it was in beta (so quite awhile back) but it was not a good experience. My other thing is I love the automatic syncing across all my browsers and other devices. 1password's set up was a no-go since I don't have Dropbox access at work, so automatic syncing was not possible.
    As I mentioned, the basic version of LastPass is free. The main thing it does NOT include is the mobile apps and the multi-factor authentication. If you use it solely with a browser or via their website, it is free.
     
  16. bakedpatato
    Original Member

    bakedpatato Gold Member

    Messages:
    2,558
    Likes Received:
    13,734
    Status Points:
    10,425
    Perhaps the word I should've used is "compelling"....the free subset of Lastpass isn't overly compelling for me. Still,I can see how nifty it can be :)
     
  17. viguera
    Original Member

    viguera Gold Member

    Messages:
    4,737
    Likes Received:
    6,913
    Status Points:
    4,745
  18. ahow628
    Original Member

    ahow628 Silver Member

    Messages:
    222
    Likes Received:
    319
    Status Points:
    450
    I've read a number of other articles and I think it is being blown way out of proportion. I use LastPass and my opinion of them hasn't changed one bit. They are being extra cautious which I appreciate. I did change my (already) strong master password to a new strong password.

    http://www.pcworld.com/article/227268/exclusive_lastpass_ceo_explains_possible_hack.html
     
  19. ahow628
    Original Member

    ahow628 Silver Member

    Messages:
    222
    Likes Received:
    319
    Status Points:
    450
    I think I may have mentioned it before, but all your passwords and other information stored in your LastPass vault is encrypted and decrypted locally, on your computer. Nothing unencrypted ever goes to the LastPass server or even leaves your computer without being encrypted first. That means that if someone did get access to the data on the server, it will still look like gobbledygook.
     
  20. viguera
    Original Member

    viguera Gold Member

    Messages:
    4,737
    Likes Received:
    6,913
    Status Points:
    4,745
    That's true, but from what Lastpass says "they" took not only the blobs with encrypted data but also the password hashes and the salt. With enough time and enough processing power, it's certainly possible to extract some useful data out of that, even if it's just the people with relatively weak master passwords.
     
    ahow628 likes this.
  21. ahow628
    Original Member

    ahow628 Silver Member

    Messages:
    222
    Likes Received:
    319
    Status Points:
    450
    The rule as always: use a strong password.
     
  22. ahow628
    Original Member

    ahow628 Silver Member

    Messages:
    222
    Likes Received:
    319
    Status Points:
    450
    Actually my biggest concern with this is that LastPass uses your email address as your username. If they can back the salt out and decrypt the list, then there could be a healthy amount a spam headed my way. Gmail does a pretty good job of filtering that, but still not good.
     

Share This Page