lichess.org
Donate

Account Safety on Lichess (and Beyond)

@GoLdEnFLAME Just use the Authenticator app by Microsoft instead. Also linked in post #31

@GoLdEnFLAME Just use the Authenticator app by Microsoft instead. Also linked in post #31

@Gbit2 #25

There are a lot of kids here, testing their borders.
Some get an email@ and people without different passwords are lost after this.

You're right imo, that beeing hacked on lichess is not really a problem by itself. For some people it may even be good, because they start then being more serious about security and maybe privacy.

@Gbit2 #25 There are a lot of kids here, testing their borders. Some get an email@ and people without different passwords are lost after this. You're right imo, that beeing hacked on lichess is not really a problem by itself. For some people it may even be good, because they start then being more serious about security and maybe privacy.

  1. Your password should be known only to yourself.
    If you share it with someone else they can potentially log in to your account.
    You should never give your password to anyone.

  2. A second thing about your password is that you should never re-use a password.
    Use unique passwords for each account and service that you use.
    If you use your password twice it can happen that one password is leaked and you lose control of all of your accounts at once.

  3. If you can‘t keep track of all your passwords and accounts try using a password-manager like KeePassXC or passwordstore. Using these you can just generate random, strong passwords and use a new one for every account, but you will only need to remember one master password for the manager.

  4. seems to contradict 1) and 2): you give your password to the manager and if your master password is leaked, then you lose control over all of your accounts at once...

1) Your password should be known only to yourself. If you share it with someone else they can potentially log in to your account. You should never give your password to anyone. 2) A second thing about your password is that you should never re-use a password. Use unique passwords for each account and service that you use. If you use your password twice it can happen that one password is leaked and you lose control of all of your accounts at once. 3) If you can‘t keep track of all your passwords and accounts try using a password-manager like KeePassXC or passwordstore. Using these you can just generate random, strong passwords and use a new one for every account, but you will only need to remember one master password for the manager. 3) seems to contradict 1) and 2): you give your password to the manager and if your master password is leaked, then you lose control over all of your accounts at once...

#54 The passwordmanager only does save an encrypted file on your personal computer (not online!). So nobody should have access to that than yourself. The password is not saved on any servers so it will not be leaked. The passwordmanager also is a program not a human, it will not take your passwords and login to your accounts, so it doesn't contradict point 1 at all. It's basically the same like when you write a note to yourself with your passwords putting it into a safe in your house imo. The note won't log into your accounts.

#54 The passwordmanager only does save an encrypted file on your personal computer (not online!). So nobody should have access to that than yourself. The password is not saved on any servers so it will not be leaked. The passwordmanager also is a program not a human, it will not take your passwords and login to your accounts, so it doesn't contradict point 1 at all. It's basically the same like when you write a note to yourself with your passwords putting it into a safe in your house imo. The note won't log into your accounts.

#54 #56 If I leak my master password (how would that even happen?), you still can't do anything because you don't have my encrypted password files. I use passwordstore, so you would need three things: the encrypted password files, my GPG key, and my password to unlock the GPG key. To get any of these, you would need to get full access to my computer and that would be a major problem in itself, beyond passwords.

#54 #56 If I leak my master password (how would that even happen?), you still can't do anything because you don't have my encrypted password files. I use passwordstore, so you would need three things: the encrypted password files, my GPG key, and my password to unlock the GPG key. To get any of these, you would need to get full access to my computer and that would be a major problem in itself, beyond passwords.

However, you can add an extra layer of security by using a hardware password manager instead of a software password manager, for example https://www.themooltipass.com/

However, you can add an extra layer of security by using a hardware password manager instead of a software password manager, for example https://www.themooltipass.com/

1Password and LastPass are very well-regarded password managers. Highly recommend.

Also: If the PW manager gets hacked, their entire business collapses. So they have more incentive than anyone to clamp down on security.

1Password and LastPass are very well-regarded password managers. Highly recommend. Also: If the PW manager gets hacked, their entire business collapses. So they have more incentive than anyone to clamp down on security.

This topic has been archived and can no longer be replied to.