Solved I'm looking for an alternate method to sign into my devices & websites I belong to

Warren · Apr 11, 2025

Hi Guys

These days it is getting more & more difficult to remember all your passwords.
Password managers used to be a convenient way to store passwords but these days hackers are breaking into more & more passwords managers by the day.
Google seems to be the worst.
I've had my google password manager compromised a few times already.
I don't like facial recognition because if someone stand 10m away from you & point your phone at your face, they have got access to your phone.
Walking past your pc can also be a problem if it signs you in everytime you are near your pc.
Two step verification is only as secure as the security you have on both devices therefore both devices need to be as close to impenetrable as possible.

One option I am looking into is fingerprint readers.
Does anyone use them?
Are they safe?
Are there any other ways that only you can get access to your devices?

spapakons · Apr 11, 2025

I use the fingerprint reader on my smartphone a lot to unlock or grant access. The only annoying thing is that you can only use the registered finger, so if you want to unlock using both hands, you must register a finger from your left hand as well. This cannot be hacked, unless they cut your finger and use it. (I think I watch too many movies...

) Of course I also have a PIN I type in case I cannot use my finger at the moment (because I am on the train and I use the phone with one hand). Other ways involve a smart card that you swipe in a smart card reader to gain access (nowadays it might also be contactless with RFID technology, like your credit card). Also a USB dongle that you plug to unlock the PC.

https://www.amazon.com/smart-card-reader/s?k=smart+card+reader

https://www.amazon.com/s?k=usb+security+dongle&crid=1N1JK8QMAU5T&sprefix=usb+security+dongle%2Caps%2C171&ref=nb_sb_noss_1

glasskuter · Apr 11, 2025

Google is not a password manager. Any browser, Google Chrome, Firefox, Edge, etc all have options in their settings whether or not you want it to save your login information to site and you are correct, sensitive info saved in you browser is not very safe..

A password Manager is a third party application such as Roboform, LastPass, etc. There are a lot of them.

Many sites now offer use of passkeys.

For financial sites they all offer 2fa which is the safest of them all as a code is sent to you phone which only you will have. Though I use a password manager for other sites, I still use 2fa for sensitive sites.

Warren · Apr 11, 2025

glasskuter said:
Google is not a password manager. Any browser, Google Chrome, Firefox, Edge, etc all have options in their settings whether or not you want it to save your login information to site and you are correct, sensitive info saved in you browser is not very safe..

A password Manager is a third party application such as Roboform, LastPass, etc. There are a lot of them.

Many sites now offer use of passkeys.

For financial sites they all offer 2fa which is the safest of them all as a code is sent to you phone which only you will have. Though I use a password manager for other sites, I still use 2fa for sensitive sites.

Google calls it a password manager but yes, I learnt that the hard way
Now days I only save passwords to low risk websites.

Sign in - Google Accounts

This morning I went to my amazon profile & notice I had additional kindle readers attached to my name & my password had been changes.
I'm still trying to work out how they got that right.

Dannydet · Apr 11, 2025

I use a combination of a password and a pin for my Microsoft account on my PC.
For my mobile devices I use the added security of the fingerprint reader.
And for storing passwords I use Microsoft Authenticator, which works across all my devices and works out well.
If you don't have a mobile device with a fingerprint reader, you really should look into getting one.

antspants · Apr 11, 2025

Warren said:
Google calls it a password manager

Google is possibly referring to it’s Authenticator App. Microsoft has Microsoft Authenticator, Google has Google Authenticator or just “Authenticator“

antspants · Apr 11, 2025

There are different Authenticator app’s, here’s a few. I use Microsoft. Great App

There are also Windows Passkeys. I know nothing of them.

kelper · Apr 11, 2025

OP says, "these days hackers are breaking into more & more passwords managers by the day." This is not true.
during the 2022 LastPass breach, encrypted copies of users' password vaults were stolen. The security of the stored passwords depends on the strength of each user's master password. If a user had a weak or reused master password, their encrypted data could potentially be decrypted by attackers. Additionally, some metadata, such as website URLs, was stored unencrypted and was also compromised .

So the hackers only got passwords from users who ignored instructions and used an easily-guessable master-password.

Warren · Apr 11, 2025

antspants said:
Google is possibly referring to it’s Authenticator App. Microsoft has Microsoft Authenticator, Google has Google Authenticator or just “Authenticator“

If you've got a gmail account, sign into your account, then open a new window while you are still signed in & search google password manager.
If you have any passwords attached to your gmail account you'll see them there.

kelper · Apr 11, 2025

That's not quite right. In Gmail you need to click on your avatar, top right, then 'Manage your Google Account', then click on Password Manager.

Dannydet · Apr 11, 2025

Don't bother using the Google Authenticator app, it's literally useless compared to Microsoft Authenticator.

kelper · Apr 11, 2025

How so? Please elucidate.

TairikuOkami · Apr 11, 2025

1. Do not store passwords and 2FA keys in the same app/account!
2. Do not use SMS as 2FA! Better no 2FA than SMS 2FA!
3. Do not use passkeys!

Optionally: Do not store core passwords in a password manager, keep them in an encrypted doc with backups!
Core passwords as for Google, Authenticator, email accounts, basically accounts used for 2FA or password recovery.

Warren said:
I've had my google password manager compromised a few times already.

It is preferable to use a separate app/account as a password manager, like Bitwarden.

Warren said:
One option I am looking into is fingerprint readers.

Hackers these days steal sessions, verified logins, so they bypass security measures like that.

https://securuscomms.co.uk/how-hackers-bypass-two-factor-authentication/

Warren · Apr 11, 2025

kelper said:
OP says, "these days hackers are breaking into more & more passwords managers by the day." This is not true.
during the 2022 LastPass breach, encrypted copies of users' password vaults were stolen. The security of the stored passwords depends on the strength of each user's master password. If a user had a weak or reused master password, their encrypted data could potentially be decrypted by attackers. Additionally, some metadata, such as website URLs, was stored unencrypted and was also compromised .

So the hackers only got passwords from users who ignored instructions and used an easily-guessable master-password.

Towards the end of last your I deleted all my gmail accounts & opened a new one & haven't had any passwords leaked since then.
My Microsoft email address has three leaked password.
One in 2016, one in October 2026 & one is February 2024.
My one email that I deleted had something like 30 hacked passwords all hacked on the same day.

My password with onetwotrade.com would have been useless to hackers & I don't remember having an account with leak-Lookup.com but by then I had already stopped using a password more than once.

pseymour · Apr 11, 2025

As glasskuter mentioned, do not use the password manager in your browser, no matter which browser you use.

Use a password manager that has end-to-end encryption. If they don't specifically mention it, don't use it.

Don't use SMS or email for MFA; neither is safe, but SMS is worse. Use a hardware token or an authenticator app.

If your password manager supports it, use Argon2 instead of PBKDF2 for password hashing. If you have to use PBKDF2, use a high enough number of iterations, 600K or better. The LastPass breach was not just about the length of master passwords but the number of iterations. LastPass had recommended more iterations and defaulted to that for new accounts, but they did not recommend that to existing users or enforce it, so existing users likely never increased their iterations.

Passkeys are safer than passwords, but using passkeys on a particular device is inconvenient. Use passkeys generated by and stored in your password manager, which means the manager has to support that, of course.

If remembering a long, complex master password for your manager is difficult, do the best you can as far as complexity, and then pad the password with special characters. For example, Passw0rd is a horrible password, as it can be cracked in minutes. But, if you pad that to ;Passw0rd;, it takes a couple hundred thousand times as long to crack. ;;;Passw0rd;;; takes millions of times longer than that.

kelper · Apr 11, 2025

Passwords are rather passé. We should be using obfuscated pass phrases such as my:cat:likes :
onions

pseymour · Apr 11, 2025

kelper said:
Passwords are rather passé. We should be using obfuscated pass phrases such as my:cat:likes:onions

If you can remember it and type it, it's no good.

kelper · Apr 11, 2025

It's better than one you can't remember! I'm talking about a master password for a password manager. If you need to record it somewhere, that defeats the whole point.

A simpler passphrase might be conductorelephantmusli. That is going to be very difficult to crack.

https://www.grc.com/haystack.htm

pseymour · Apr 11, 2025

Well you just said "passwords." :)

But that does bring up the "debate" about complexity versus length. Using Gibson's calculator, conductorelephantmusli only has lowercase characters, 22 of them, and would take 44.55 billion centuries offline. ;;;;;Pas$w0rd;;;;; is four characters shorter but uses all four of his character classes, and it takes 1.28 thousand trillion centuries offline.

Warren · Apr 11, 2025

TairikuOkami said:
1. Do not store passwords and 2FA keys in the same app/account!
2. Do not use SMS as 2FA! Better no 2FA than SMS 2FA!
3. Do not use passkeys!

Optionally: Do not store core passwords in a password manager, keep them in an encrypted doc with backups!
Core passwords as for Google, Authenticator, email accounts, basically accounts used for 2FA or password recovery.

It is preferable to use a separate app/account as a password manager, like Bitwarden.

Hackers these days steal sessions, verified logins, so they bypass security measures like that.

https://securuscomms.co.uk/how-hackers-bypass-two-factor-authentication/

A few years ago I had my facebook account hacked.

I received a message under my notifications from a company I didn’t recognize & couldn’t find on google, so I deleted it.

Immediately after I deleted it I received another notifications from a different company so I deleted it as well.

As soon as I deleted the second notification I was locked out of my facebook account.

For months I tried to recover it but couldn’t & facebook admin/security was no help.

I eventually deleted it & let it lay dormant until Facebook deleted it & opened a new Facebook account.

Solved I'm looking for an alternate method to sign into my devices & websites I belong to

Member

My Computer

Well-known member

My Computers

aka Mama Glass

My Computers

Member

My Computer

Well-known member

My Computer

Like a rolling drone.

My Computers

Like a rolling drone.

My Computers

Well-known member

My Computers

Member

My Computer

Well-known member

My Computers

Well-known member

My Computer

Well-known member

My Computers

Microsoft 365 Basic

My Computer

Member

Attachments

My Computer

I would walk 500 feet, and I would walk 500 more.

My Computers

Well-known member

My Computers

I would walk 500 feet, and I would walk 500 more.

My Computers

Well-known member

My Computers

I would walk 500 feet, and I would walk 500 more.

My Computers

Member

My Computer