I’m not sure how password managers detect a hacked password, but if they don’t know what the password is, how can they detect that password has been compromised?

Thanks

P.S. Are you still using 1Password? One of your videos indicated that you might be using a different password manager like dashlane.

I also wantEd to mention that i have posted this question on youtube, but it alwaYs disappears. Is this the best way to conTaCt you?

Great thoughts here, Chris. Thanks for sharing!

Hi Josh – many thanks for you’re response. Yes, I think 2 fac tor authentication is the way to go. Regards.

If somebody has direct access to your computer, they still won’t be able to see the password 1Password puts in or the extra digits, but theoretically they could just reset the password via your email account if it was open on the computer. This is one reason why I recommend using 2-factor authentication where available. This is not “reset-able”.

josh, thanks for your reply.

i am using the Firefox lockwise password manager at the current time (i plan on updating soon). i just investigated the issue and found that the lockwise password manager created an entirely new entry with the full password and no userid (not sure why unless maybe the url was a bit different. many of these sites just redirect you to the new site). the new password was never saved in the original password manager entry. I had to copy and paste the new password without the 5 extra digits in the original password manager entry. that should have given me pause as to why it didn’t change but being the first time i tried it i thought that maybe i had just done something wrong or out of order. that’s also why the full password from the new entry was already in when i reentered the site to test the new password.

i deleted the original password manager entry and edited the new entry by entering the userid and removed the 5 extra digits (like i thought would have to do the first time and now when i go to login the site it brings up the correct password and then i have to add the 5 digits as you do in the article.

Bottom line is that the password manager creating a new entry with the full password in lieu of updating the existing one in password manager entry threw me off, otherwise, your method worked exactly as intended.

thanks again for your response and helpful security tips.

mike

Thanks for the heads up, Mike. Are you sure that your internet browser isn’t automatically saving your passwords as well?

i went into the password manager and it never saved the password with the 5 extra digits i added, only the password that was generated ( not sure why) but that is what i wanted anyways.

when i logged back into the site it had saved password including the 5 extra digits (good) but that 20 digit password was already in the password box so i didn’t have to input the unique id. i’m not sure why the 15 digit password stored in the password manager wasn’t automatically put in the password box in lieu of the full password stored by the site. now i have to remember not to add the unique ID to the end of the password on that site.

bottom line is my password manager has a 15 digit password and the site has a 20 digit password, exactly how i wanted it, but i don’t have to add the extra 5 digits because somehow (i’m assuming the site puts them in) they already there.

pay close attention to how your new secure password is saved and what is being saved by the site, by the password manager and if you do or do not have to enter a unique id to enter the site as it may already be entered for you.