KeeperSecurity.com is the WORST website to store your passwords, and here's why...

[Jirne]

My Journey with KeeperSecurity started a few weeks ago when I was searching for a nice place to store my passwords safely. KeeperSecurity seemed like a nice solution so like the idiot I am I didn't do any research on them, made an account on the free trail and (luckily) added some unimportant websites to test this.

Few weeks pass, my trail runs out and I've already found a better solution, so I decide to take my information off of Keeper, just to be safe. I try to log in on Keeper and it basically doesn't let me do ANYTHING, without buying the full version, not even remove my account! THIS to me is already a huge problem, even if the trail runs out you should be able to REMOVE your account, no?

So I made use of the handy life chat thing... fyi, NO LOGIN REQUIRED! Just give them your name and email. Go see for yourself... Then I'm asked to send my question in... Here we go

 

Quote

→I want to delete my account but it keeps signing me out because my trail ran out

Simple question, right?

Quote

Keeper Support : Hello Jirne

→Hello

Keeper Support : Thank you for contacting Keeper Support.

Keeper Support : May I ask why you no longer wish to continue using Keeper to protect your most important information?

I don't think this is ok but... you know... This guy gotta make a living

Quote

Keeper Support : May I ask why you no longer wish to continue using Keeper to protect your most important information?

→because my rial ran out

→*trail

Keeper Support : I see

→Can you help me remove my account?

Keeper Support : We can offer you a 50% discount for for your purchase if you want/

→No. I want to remove my account

Keeper Support : I understand.

Keeper Support : Please give me a sec

At this point I was about to give up and just change my passwords on these other website. Cyka.

And then this happened...

Quote

Keeper Support : We have already removed your account from our system.

→Thank you

Keeper Support : You're welcome.

Keeper Support : Thank you for using Keeper Security

I didn't believe it at first... This bot was joking, no? Like I'm not even logged in I never gave them my passward, just my eamil... 

 

So I try to log in with my actual info... and this happens (see image).

Yup... a live chat guy/bot deleted my account.... ithout needing me to be logged in... I have no words for this...

 

TL;DR: If you know someone's email you can delete their KeeperSecurity account without needing their password.

 

[Arty]

I just store my passwords with google chrome...............

and have 2 step on.

[ThomasD]

The entire concept of storing passwords is inane.

[Jirne]

Just now, ThomasD said:

The entire concept of storing passwords is inane.

I use 24-character randomized passwords... A different one for eah websie, are you saying "just remember them all"?

[Fulgrim]

I personally just use LastPass, but i also write down on a piece of paper my passwords etc, and keep that shit hidden.

[Jirne]

Just now, Fulgrim said:

I personally just use LastPass, but i also write down on a piece of paper my passwords etc, and keep that shit hidden.

"And I've already found a better solution" => LastPass

[ThomasD]

7 minutes ago, Jirne said:

I use 24-character randomized passwords... A different one for eah websie, are you saying "just remember them all"?

No, what I'm saying is that by putting them all in one place you are making yourself very vulnerable and will have nobody to blame but yourself if the site gets compromised.

 

It's the same reaction I have whenever I hear someone say "internet of things."  My first thought is "this will not end well."

 

Rather than relying on someone else to protect your passwords (I think you are smart enough to see the problem there) why don't you change your system of generating passwords?

 

There are all sorts of variations using mnemonics, abbreviations, letter substitutions,  case sensitivity, transposition, etc. etc. etc. that will allow you to create long passwords that you can remember, not by rote memorization, but by following the generation process when necessary.

 

But, if you do not wish to bother, by all means continue to place your security in someone else's hands.

 

[TheMcSame]

Personally, I can't really see why storing all your passwords in one place is any safer than not. I mean, you go from one password per site (ideally) to one password to have access to all passwords that are saved on the account... Not that I'm against the idea, I just see them as a remembering tool rather than a safety precaution.

 

But yeah... This is shitty by any standard. There should always be some sort of verification, even if it's just a damn password.

[Jirne]

2 minutes ago, ThomasD said:

No, what I'm saying is that by putting them all in one place you are making yourself very vulnerable and will have nobody to blame but yourself if the site gets compromised.

 

It's the same reaction I have whenever I hear someone say "internet of things."  My first thought is "this will not end well."

 

Rather than relying on someone else to protect your passwords (I think you are smart enough to see the problem there) why don't you change your system of generating passwords?

 

There are all sorts of variations using mnemonics, abbreviations, letter substitutions,  case sensitivity, transposition, etc. etc. etc. that will allow you to create long passwords that you can remember, not by rote memorization, but by following the generation process when necessary.

 

But, if you do not wish to bother, by all means continue to place your security in someone else's hands.

 

I mostly agree with you. And I have done passwords like (not real) "Y0urMamaI$FuckingUgly.com" and yes this is pretty safe against people guessing your passwords... But if I log in on facebook and twitter with the same password then technically Mark ZuckerWhateverHisNameIs can log in to my twitter. Not gonna happen with these big corporations, I know... but I use smaller less relaible services too. So then what? Have 20 different long passwords? I don't know about you but I always forget which one is for which site... 

 

So wanting an individual password for every website I use (dozens) I kinda have to store them... And I'd rather trust LastPass then a word file on my laptop or worse a post-it under my bed... I know I'm simplifying and I know no solution is perfect. I just think for me this is as close as it gets until I own a private datacenter on 2 different continents

 

 

And I didn't wanna discuss about "The safest way to protect your internet data" I wanted to warn people who need a password storage site how 'great' KeeperSecurity is

[ThomasD]

16 minutes ago, Jirne said:

...So wanting an individual password for every website I use (dozens) I kinda have to store them...

 

 

I have about a dozen passwords for work (no single sign on for us, and since we got acquired last year it has only gotten worse) about half a dozen for personal finances, and about two dozen for personal nonsense.

 

I don't write down any of them.  Each group uses a separate generation system.  Of the three the personal finance ones are the longest, and the only ones I can generate off the top of my head are my bank, my primary credit card, and paypal - because I use them often enough.  To 'remember' the others I have to think about it and use a pen & scrap paper.

 

The work ones are fairly simply (really have to be - we are required to change them every three months and cannot re-use the prior six), but do include characters related to the particular site or function involved.

 

The personal nonsense ones are short - about 8-10 characters, but unique to each site .  Some I have memorized, but most I don't have to memorize because they are that easy to generate. Example (not real) Howdy@LTT544.

 

Although, having thought about that, I guess a password service really wouldn't be so bad, as long as you limited it to relatively harmless sites, and kept the more valuable stuff separate, and on a separate generation system.

[Jirne]

1 minute ago, ThomasD said:

I have about a dozen passwords for work (no single sign on for us, and since we got acquired last year it has only gotten worse) about half a dozen for personal finances, and about two dozen for personal nonsense.

 

I don't write down any of them.  Each group uses a separate generation system.  Of the three the personal finance ones are the longest, and the only ones I can generate off the top of my head are my bank, my primary credit card, and paypal - because I use them often enough.  To 'remember' the others I have to think about it and use a pen & scrap paper.

 

The work ones are fairly simply (really have to be - we are required to change them every three months and cannot re-use the prior six), but do include characters related to the particular site or function involved.

 

The personal nonsense ones are short - about 8-10 characters, but unique to each site .  Some I have memorized, but most I don't have to memorize because they are that easy to generate.

 

Although, having thought about that, I guess a password service really wouldn't be so bad, as long as you limited it to relatively harmless sites, and kept the more valuable stuff separate, and on a separate generation system.

Again you're right but I wouldn't be able to do it. I the kinda person that forgets his birthday  

 

But then again this topic is about the SHITTIEST account security ever

[ThomasD]

1 minute ago, Jirne said:

Again you're right but I wouldn't be able to do it. I the kinda person that forgets his birthday  

 

But then again this topic is about the SHITTIEST account security ever

Just don't forget your spouse's birthday and your life will be ok.

[Jirne]

4 minutes ago, ThomasD said:

Just don't forget your spouse's birthday and your life will be ok.

The advantages of being single

[Guest]

47 minutes ago, Jirne said:

I use 24-character randomized passwords... A different one for eah websie, are you saying "just remember them all"?

I do that  you can use your trusty paper and pen too... i would trust that more than any other website or program

[Jirne]

5 minutes ago, PeloyGeek said:

I do that  you can use your trusty paper and pen too... i would trust that more than any other website or program

*house catches fire* Well I guess that's my house and all of my online accounts gone :'(

[ThomasD]

2 hours ago, Jirne said:

*house catches fire* Well I guess that's my house and all of my online accounts gone :'(

If losing your password list is the worst that happens when your house burns down then you got no worries.

[Jirne]

10 minutes ago, ThomasD said:

If losing your password list is the worst that happens when your house burns down then you got no worries.

Never said it was the worst of your worries... But if my house burns down I don't need any more bad news that day, you know?

[Centurius]

5 hours ago, ThomasD said:

No, what I'm saying is that by putting them all in one place you are making yourself very vulnerable and will have nobody to blame but yourself if the site gets compromised.

 

It's the same reaction I have whenever I hear someone say "internet of things."  My first thought is "this will not end well."

 

Rather than relying on someone else to protect your passwords (I think you are smart enough to see the problem there) why don't you change your system of generating passwords?

 

There are all sorts of variations using mnemonics, abbreviations, letter substitutions,  case sensitivity, transposition, etc. etc. etc. that will allow you to create long passwords that you can remember, not by rote memorization, but by following the generation process when necessary.

 

But, if you do not wish to bother, by all means continue to place your security in someone else's hands.

 

I think you're being very unreasonable here, password security is something to be pragmatic about. No one is going to remember hundreds of passwords(something easily built-up after several years of internet use). I definitely agree important passwords shouldn't be stored anywhere. I myself use memorized passphrases on e-mail, financial governmental and other accounts that if hacked would allow the hacker to get at sensitive information that could actually hurt me in real-life. But if say this account got hacked, it would suck but at the end of the day wouldn't really matter which is why a service like Lastpass is perfectly fine. Add 2FA wherever possible, ideally via hardware keys, and nothing can go seriously wrong. 

[Mr.Meerkat]

Well they are the admins/hosts of the service so I'm not actually too surprised how they can just delete account without your password...this is like how LTT admins/Mods change things like your signature (this had happened to be because I was a tool and didn't read the COC so had it bigger than size 14...) or my school IT technicians can create accounts and delete them at their discretion...  

[vanished]

6 hours ago, Jirne said:

I use 24-character randomized passwords... A different one for eah websie, are you saying "just remember them all"?

yes  

 

 

[Sentryy]

I have a sticky note folded up hidden in my computer with all of my passwords on it. 

[ThomasD]

1 hour ago, Centurius said:

I think you're being very unreasonable here, password security is something to be pragmatic about. No one is going to remember hundreds of passwords(something easily built-up after several years of internet use). I definitely agree important passwords shouldn't be stored anywhere. I myself use memorized passphrases on e-mail, financial governmental and other accounts that if hacked would allow the hacker to get at sensitive information that could actually hurt me in real-life. But if say this account got hacked, it would suck but at the end of the day wouldn't really matter which is why a service like Lastpass is perfectly fine. Add 2FA wherever possible, ideally via hardware keys, and nothing can go seriously wrong. 

Hundreds of passwords?  Really? 

 

I thought I had a lot.

 

But, if you do have that many passwords, and also do store them at one site you probably don't risk much if a few of them are potentially valuable - you've hidden some needles in a big stack of needles.

[MaxBunny]

I have a place in mind where I can keep mine and others' sensitive data safe and I want to start a business around it, but I don't know how much I should set my kickstarter goal. I don't think anyone has set a price on the moon yet.

 

41 minutes ago, Sentryy said:

I have a sticky note folded up hidden in my computer with all of my passwords on it. 

You might need to find a new hiding place now. Huehuehue

[Sentryy]

1 minute ago, MaxBunny said:

I have a place in mind where I can keep mine and others' sensitive data safe and I want to start a business around it, but I don't know how much I should set my kickstarter goal. I don't think anyone has set a price on the moon yet.

 

You might need to find a new hiding place now. Huehuehue

I didn't say where in my computer.

[vanished]

2 minutes ago, Sentryy said:

I didn't say where in my computer.

well if its a real physical sticky note inside the case, it can't be that hard to track down... I mean, it's not like there's that many hiding spots!