Google and passwords

[swee'pea99]

I just found myself, unusually, actually reading a pop-up. It was from Google and as best I can recall it said:

Save password?
Your passwords are stored at Google so can be used from any device.

OK

I did end up clicking ok, but it set me thinking. I don't have any security on my phone. I've always been at pains to do banking and the like only on my desktop computer, assuming this meant banking passwords and the like were only on my desktop computer. But does that Google message effectively mean that anyone who finds my phone after I've left it in the pub can use it to go into my savings account and empty out my savings in 20 minutes?

And if so, is there anything I can do about it?

What I'd like is to have the situation I thought I had before: cookies on both my desktop computer and my phone, but 'important' cookies only on my desktop computer. Is that possible?

 

[Deleted member 26715]

My stored passwords do not work on my banks, it is not intelligent enough to only supply the x, y, z letters, they are also encrypted so can't be read, well I'm sure they can but not by 'normal' people

 

[Brains]

I only use Google password save for things that don't matter, like Cycle Chat forums.
As you have found, anyone with access to your PC or phone can get your passwords.

I have access to nearly 300 log ons and the associated passwords.
I keep them all (including the ones that don't matter) in an external app.
The one I use is Last Pass, but there are others.
(Last Pass scored highly on the ease of use/cost/access/security in an IT magazine recently)
I forget the cost, but it was something like $20 a year
(I'd avoid the free ones, as you get what you pay for.)
Last Pass offers 30 days free to try before you buy.

The advantage of an external app is that the only way to get in, is to know the master password.
You can access the app anywhere (phone, your home PC, your work PC etc)

Lastpass (and I assume others) have a fall back, that should you be run over by a bus then a person you have nominated in advance can apply for the master password after a given period of time.
It also runs a report to tell you how secure your passwords are and how many duplicates you have, so you can update those that matter.
It also detects new log ins and updated log ins, so you don't have to remember to save/update your library.
You can also set up sectors, Forums, Finance, Utilities, Travel, News, etc etc. which means I don't have to wade through 300 log ons each time

https://www.lastpass.com/

 

[Brains]

FYI - To See which passwords and log in Google has remembered
In the Chrome browser click on the Letter in the purple circle top right
Passwords
and remove those you don't want it to remember

 

[PaulSB]

I don't know which bank you use but if the security is up to scratch then no device should be able to store and use your passwords.

My bank allows the following on a PC or laptop:

1. User name which either must be typed in or populated by the device.

2. If the user name is automatically populated I have to answer one of five security questions.

3. Provide 3 characters from my password

4. Provide 3 digits from my security code.

In my view any bank requiring less is not proving adequate security.

On my phone the app requires a five digit security code to give access. Get this wrong and one gets sent to the website to do a full log in.

This level of security gives me real comfort our online banking is secure. I have a number of current accounts with other Banks. Their security is even more rigorous when using a laptop or PC.

Tesco for example text an access code at every log in attempt.

 

[swee'pea99]

FYI - To See which passwords and log in Google has remembered
In the Chrome browser click on the Letter in the purple circle top right
Passwords
and remove those you don't want it to remember

Thanks. Done that for now. That's the life savings life saved. Phew.

I don't know which bank you use but if the security is up to scratch then no device should be able to store and use your passwords.

My bank allows the following on a PC or laptop:

1. User name which either must be typed in or populated by the device.

2. If the user name is automatically populated I have to answer one of five security questions.

3. Provide 3 characters from my password

4. Provide 3 digits from my security code.

In my view any bank requiring less is not proving adequate security.

On my phone the app requires a five digit security code to give access. Get this wrong and one gets sent to the website to do a full log in.

This level of security gives me real comfort our online banking is secure. I have a number of current accounts with other Banks. Their security is even more rigorous when using a laptop or PC.

Tesco for example text an access code at every log in attempt.

I've now disabled my savings bank password, as per brains's suggestion. I think my one remaining concern is ebay/paypal, both of which can I believe be accessed directly from my phone, and which would between them, I guess, enable a clued-up finder to sell 'me' a car through ebay for £4,300 and pay for it using PayPal.

Problem being, I use those accounts all the time, and disabling those passwords universally would be a pain. Is there any way I can use google for most passwords, but keep certain 'important' passwords the way Windows always used to keep them - ie, only to order, and on one machine?

 

[lazybloke]

I don't like Chrome offering to save credit card details. Potentially nasty.

 

[Deleted member 26715]

I don't like Chrome offering to save credit card details. Potentially nasty.

Me neither, No to that one every time it offers

 

[Brains]

Thanks. Done that for now. That's the life savings life saved. Phew.


I've now disabled my savings bank password, as per brains's suggestion. I think my one remaining concern is ebay/paypal, both of which can I believe be accessed directly from my phone, and which would between them, I guess, enable a clued-up finder to sell 'me' a car through ebay for £4,300 and pay for it using PayPal.

Problem being, I use those accounts all the time, and disabling those passwords universally would be a pain. Is there any way I can use google for most passwords, but keep certain 'important' passwords the way Windows always used to keep them - ie, only to order, and on one machine?

Keeping passwords on one machine is inherently dangerous as the PC may fail, or get stolen, or be accessed by others either when you are not there or remotely.
Hence best option to retain passwords in an external app, such as Last Pass (other apps are available)

For apps you regularly access via your phone such as banking etc, ensure your phone is either PIN protected &/or fingerprint protected.

Basically, you are always after dual knowledge (or better still, dual device) access to anything that matters.

 

[swee'pea99]

Keeping passwords on one machine is inherently dangerous as the PC may fail, or get stolen, or be accessed by others either when you are not there or remotely.
Hence best option to retain passwords in an external app, such as Last Pass (other apps are available)

For apps you regularly access via your phone such as banking etc, ensure your phone is either PIN protected &/or fingerprint protected.

Basically, you are always after dual knowledge (or better still, dual device) access to anything that matters.

You've persuaded me! Just installed it. But when I open it I just get

Nothing to click. I've tried touching the wee circles at the bottom - nothing.

Any suggestions?

 

[Threevok]

Swipe left ?

 

[midlife]

swipe right ? ah no, left lol

 

[Brains]

Little circles are pages, you are on page one of three

Having said which the app is a lot easier to manage using a PC
Just use the phone app to get log ins and passwords once it's all set up on the PC

 

[tom73]

I'd never trust google or windows with any password or secure information. Lastpass is good and works well i use to use it when it was free and before iCloud came along. So now sync across everything via that. If you ever really worried then two-step verification and setting up log in to remember just usernames is a good idea. Just make sure you keep a note of the master password. It's a right pain get sent if you ever need it.

 

[PaulSB]

Thanks. Done that for now. That's the life savings life saved. Phew.


I've now disabled my savings bank password, as per brains's suggestion. I think my one remaining concern is ebay/paypal, both of which can I believe be accessed directly from my phone, and which would between them, I guess, enable a clued-up finder to sell 'me' a car through ebay for £4,300 and pay for it using PayPal.

Problem being, I use those accounts all the time, and disabling those passwords universally would be a pain. Is there any way I can use google for most passwords, but keep certain 'important' passwords the way Windows always used to keep them - ie, only to order, and on one machine?

I have no knowledge about how to answer your question. My overall view, and has kept me secure to date, is not to trust machines which I know can be hacked by people only a little more able than I. Might I suggest to you the most secure storage device is yourself. For the main account, used daily, I have the security set up so my brain can unlock it. I have usernames, passwords and digital security numbers which I can recall very quickly and simply. This does not mean they are easy, to my mind, to hack. They do though mean something to me and this gives me a power of recall when I lose or forget those details. What I have to do is to recall the information and how I will have used it.

As an example, and I have never yet used this, I could chose to make a password out of a combination of:

my sister's date of birth - 081274
my mother's place of birth - Farnham
two random characters - &*

F&arn081274ham*

The first two pieces of information would be very difficult to search out; my sister estranged herself from the family 30+ years ago, my mother died 34 years ago. Although I don't use these recalling them is for me very easy. My wife wouldn't know!

All the none secure stuff such as a CC password I just leave get Google to store. All the other passwords for financial or important stuff I have stored on two different USB drives, kept in two different places known only to me, my wife and son. This is stuff I might need to access once every six months or so.