Password manager


Recommended Posts

I use Chrome, Firefox and IE and have passwords for several websites. Recently, a few websites I use have been getting hacked so I want to use a password manager. I am unsure which ones to use and trust? Also, is it not more dangerous to let one company handle all your data?

Link to comment
Share on other sites

keepass

completely encrypted. you loose your key to unlock, you loose your ability to retrieve your passwords.

But what difference will that do about a website getting hacked that you can't control? Nothing, the issue is middleman attacks and the website security that stores your passwords, as well as the websites themselves. You, the user, can't do anything to protect against that. You can secure your communications encrypting ever bit up until the information leaves your site...after that it is up to the service company (bank, amazon, facebook, whatever) to have the proper measures to prevent attack. You have absolutely no control of their side.

Link to comment
Share on other sites

I used KeePass at home, but started using LastPass and like it better.

You can generate passwords with both. You could use it to generate a completely random password for every site. That way if someone gets one of your passwords, they can't use it anywhere else.

Link to comment
Share on other sites

I have recently started using 1password it costs a bit, however looked to be the most professional solution out there in terms of features and been able to access your passwords from multiple devices.

Your data is not saved on some random server either, its either local (encrypted) with the option of syncing this encrypted data via Dropbox or Wifi to a mobile device.

Very happy with it, the desktop app, web browser plugins and mobile apps just work.

Link to comment
Share on other sites

I recommend KeePass. I've found it to be an ideal solution.

Having seen these recommendations though, I'm installing LastPass to see if it's any better.

Link to comment
Share on other sites

I use lastpass, works on pretty much every browser - have it on my blackberry, have it on my kindlefire, etc.

And the use of different passwords for every site is good practice!

Link to comment
Share on other sites

I use lastpass, works on pretty much every browser - have it on my blackberry, have it on my kindlefire, etc.

And the use of different passwords for every site is good practice!

Yea, I'm in full steam now using LastPass. I have been very poor with my password management, but now that I'm using LastPass I have a different password for each site. I even purchased a Yubikey which puts my mind a little more at ease that I'm using a single cloud service to store all my important information. I just wish the Yubikey was supported by more sites.

I have used KeePass in that past and I think it's an exceptional piece of software but it's local. With LastPass, if I change or add a new password it's automatically accessible on all my computers. I told a guy about LastPass at work yesterday and he said he used RoboForm. When he changes a password he has to copy the file onto a usb drive and then transfer it around to all his other machines. I imagine you could use DropBox or something, but that's just too much work for me. LastPass is exceeding my expectations.

Link to comment
Share on other sites

Dashlane. Saves your passwords, your data so it fills out forms for you, auto logs in, saves your purchase receipts and credit card info. Pretty neat program.
Link to comment
Share on other sites

Yes, there are a few password managers out there. But I still don't understand how they make your passwords more secure. If all the passwords are saved in one place, surely it makes it more dangerous? Can anyone explain how it makes it more secure?

Link to comment
Share on other sites

So what is more secure - you using the same password at all your sites so you can remember them. Or storing them somewhere (securely) and being able to use different non easy to remember passwords for all you sites. Now if one site just happens to store their passwords in an unsecure manner and some breaches that site, they could in theory access every site you have access.

So here for example of the passwords I use

rxP65cp5!h#VfJ

Can you remember such passwords for the even say 20 sites you have. I sure could not, but what I can remember is 1 very secure password to access my passwords. Now sure if someone could access my online password account and had my secure password, then I am out of luck. Which is why you can use 2 factor methods to make sure even if they got your special password they would not be able to access your password store.

Your passwords are secured with your key, so even if someone breached the lastpass security and got access to the data - they would have to break every users encryption key. Its not like there is some master key that could unlock all the accounts.

But sure the best security would be to use STRONG passwords like rxP65cp5!h#VfJ and only store them in your HEAD ;)

Link to comment
Share on other sites

So what is more secure - you using the same password at all your sites so you can remember them. Or storing them somewhere (securely) and being able to use different non easy to remember passwords for all you sites. Now if one site just happens to store their passwords in an unsecure manner and some breaches that site, they could in theory access every site you have access.

So here for example of the passwords I use

rxP65cp5!h#VfJ

Can you remember such passwords for the even say 20 sites you have. I sure could not, but what I can remember is 1 very secure password to access my passwords. Now sure if someone could access my online password account and had my secure password, then I am out of luck. Which is why you can use 2 factor methods to make sure even if they got your special password they would not be able to access your password store.

Your passwords are secured with your key, so even if someone breached the lastpass security and got access to the data - they would have to break every users encryption key. Its not like there is some master key that could unlock all the accounts.

But sure the best security would be to use STRONG passwords like rxP65cp5!h#VfJ and only store them in your HEAD ;)

Thanks for explaining it, makes more sense. Could you elaborate on what two factor security is?

Link to comment
Share on other sites

Two factor authentication is when you have to provide not 1, but 2 pieces of information to authenticate. For example with LastPass I have it setup so when I log into my LastPass account I get prompted for my second piece of authentication which is my YubiKey. If I don't have my YubiKey plugged into my computer I can't access my account even though I know my password.

Link to comment
Share on other sites

two factor - something you know and something you have or are. Like a password and your fingerprint, or your password and digital cert stored on some device like a usb key or fob. lastpass you can use yubikey for example.

Or you can set it up with a grid of extra passwords you print out. Or you can use it with the google authenticator, etc.

You can setup for example that to login to your account you need your master password and a code that is sent to your mobile phone (something you have). So even if someone knew you password they would also have to have access to your mobile phone to get the code when they try and login.

Hope that helps.

The also have the ability for OTP, one time passwords. So for example you need to login from an unsecure site that your worried maybe there is a keylogger or something. You can print out a grid that has passwords that can only be used Once and then they are no longer valid.

You can setup trusted computers, so say from your desktop you only need your password - but at another location you would have to use some other multifactor method along with password to login. This is a good option to prevent someone on the web from just bruteforce or guessing of your password. But again your master password should be REALLY SECURE!! For example mine is 26 characters long, upper, lower, numbers and specials -- Good luck brute forcing that ;)

Link to comment
Share on other sites

Another vote here for Dashlane (dashlane.com)

awesome software and great support, I have emailed them a few times, always quick to get back to you

There are features that can be 'locked' but you can unlock them by gaining points doing things in the software (referring friends, adding more information)

(its free to use, no premium versions at the moment)

I read the security whitepaper for them the other day and very happy with their encyption and data storage methods

Link to comment
Share on other sites

I'm a roboform anywhere user. I tried lastpass but, because i've been using roboform it just felt foreign. So I went back to roboform.

Link to comment
Share on other sites

+1 Keepass (Y)

Use it at home and for work. Also exists for Android (probably iPhone and others as well) and is easy to keep synched across all platforms.

Link to comment
Share on other sites

I just switched to KeePass today. I mostly got it because there's a client available for it on my Windows Phone 7. So now I have it sync'd to my SkyDrive account on my home and work computer. If I do any updates on the computers, I can open the app in my phone and tell it to sync. 2 seconds later all updates are on my phone. The PCs sync automatically with no user interaction required.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.