Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

Security

Domagoj Kirigin
Domagoj Kirigin
16,392 Points

How to we log in on other devices if we use password manager and generated non memorable passwords?

I understand the concept of using Password manager and it is all good when we have our own computer or mobile phone but what if we need to log in from some other device that does not have everything set up, for example friend's laptop or library computer. Aren't we stuck?? Because we do not know our password actually.

This could be a problem in case of emergency. Just wondering is there any solution.

Thank you

3 Answers

Michael Hulet
Michael Hulet
47,912 Points

TL;DR: Caleb's advice is bad, Jennifer's is better, LastPass is bad, but most good password managers will offer a feature that lets you access your passwords from anywhere.

First of all, Caleb's advice above is exceptionally bad, so please don't follow it (no offense intended, Caleb). Writing down your password somewhere is one of the worst things you could possibly do. There are lots of people that enter and exit your home frequently (think maintenance men, like plumbers or electricians, or even friends you have over), and probably even a few others that live there. Writing it down gives them all easy access to your accounts, and they probably even know where to find it. They might share it out or use it on an unsecured computer or network, and then the whole world has your password. Not to mention that you're actually far more likely to have your home broken into than your computer targeted and hacked, no matter where you live. In fact, if you do this in a business setting, you can face criminal penalty in the United States, and could be held personally liable for billions of dollars worth of damages should something bad happen and your work's account is compromised, depending on what you deal with and how much access you have.

Furthermore, contrary to what Caleb said, an attacker will not have access to all your passwords simply by obtaining your master password. That's not to say that you shouldn't protect your master password with your life, but using a password manager adds several fundamental layers of security to your passwords (and by extension, your life) beyond just a master password. For example, with most password managers, to access your complete list of site passwords, you'll also need a cryptographic private key that your password manager abstracts away from you knowing about it, but it makes your master password entirely useless to an attacker without it. Good password managers have 3 or more layers of redundancy of just this protection, and they also employ various other techniques like separating your passwords into different secure stores. Using a password manager is intrinsically more secure than memorizing your own password, even if your master password is compromised.

As far as creating a good password, the advice in Caleb's link is fairly solid. I respect How-To Geek a lot. However, if you follow this article's advice, you're still doing security wrong. If you insist on making your own passwords, this password checker is effectively the bible, but this is another feature that password managers cover for you. Why make your own passwords when it's a ton of hassle and intrinsically less secure than having a computer make one for you?

Jennifer Nordell's advice is far better. It's good to change your passwords frequently. That way, if your account is breached, your password will have already changed by the time any of your information is publicly available. However, her answer still misses the point of a password manager. One of the benefits of them is that you don't personally know your password. If someone asks for your password, you can't be persuaded into giving it to them. Does your kid want your password to buy something on eBay? The puppy dog eyes won't work. Did you get kidnapped and your attacker wants access to your bank account? They're fighting a losing battle. Are you trying to enter the United States and the government wants your Facebook password? ยฏ\(ใƒ„)/ยฏ Password managers are and are intended to be a full-fledged replacement for memorizing your passwords. They're all the security of remembering good, long passwords without any of the hassle.

To address this question directly, depending on the password manager, it likely has a feature where you can access your keys from a web browser without having to install any software, such as on public computers. This is a feature of many popular password managers, including a 1Password subscription. However, be very wary of logging in on a public computer. You don't know how it's configured, who has access to it, what software is installed on it, if there's any malware, or how securely it handles your data. The true solution to the problem this question poses is simple: For the best security, don't.

My last thing to say here is that while the current Security Literacy course recommends using LastPass as a password manager, but I wholeheartedly disagree. Using LastPass is known to the security community as bad advice. It's better than nothing, but they have a long track record of shady practices and general incompetence. They've proven in the past that they just don't know how to handle your passwords properly, and that's very dangerous to you. Not to mention that they've been acquired by LogMeIn, which is famous for enabling scammers to easily take your information and money with a little social engineering. If you ask a security professional, they'll recommend 1Password.

Caleb Kleveter
Caleb Kleveter
Treehouse Moderator 37,862 Points

I understand what you are saying. I find it interesting in how many different ideas are out there on security. I honestly appreciate the rebuttal, because we are all learning and that is what we are here for. If someone knows more about the topic then I do, that is great! (This is why I am not teaching Security courses :) )

Jennifer Nordell
seal-mask
STAFF
.a{fill-rule:evenodd;}techdegree
Jennifer Nordell
Treehouse Teacher

Hi there!

First, and foremost, I would like to point out that password managers are for convenience. They are not there to replace your memory. Your password should definitely be something you know, something you can figure out, or something you can have reset within minutes.

I work as an IT manager. I do use a password manager on one of my personal systems at home (Mac keychain). Even then, I only use it for very few select things. Just with my job alone, I have over 30 separate logins and passwords, all of which have passwords in excess of 10 characters, contain special characters and numbers, and include both small and capital letters. No two passwords are exactly the same. None of these are written down anywhere.

All passwords are changed in some minor or major way every 6 months. I devised my own system for doing this which results in me being able to sort of reverse engineer my own password. I use a combination of a word that is not easily guessable but memorable by myself, a number, something indicative of the system I'm logging into, and 2 special characters. This way, I only really have to memorize the part that is "indicative of the system" and the 2 special characters. Every 6 months, I change out 2 of 4 of those. Generally, I change out the word, number, and/or special characters leaving the "indicative of the system" intact.

I cannot discourage writing down your passwords enough.

Hope this helps! :sparkles:

Domagoj Kirigin
Domagoj Kirigin
16,392 Points

Thank you guys for the answers, I really appreciate it. Now I know much more about it. And how I though, it is not that simple.