Zlain Posted June 28, 2012 Share Posted June 28, 2012 I use Chrome, Firefox and IE and have passwords for several websites. Recently, a few websites I use have been getting hacked so I want to use a password manager. I am unsure which ones to use and trust? Also, is it not more dangerous to let one company handle all your data? Link to comment Share on other sites More sharing options...
sc302 Veteran Posted June 28, 2012 Veteran Share Posted June 28, 2012 keepass completely encrypted. you loose your key to unlock, you loose your ability to retrieve your passwords. But what difference will that do about a website getting hacked that you can't control? Nothing, the issue is middleman attacks and the website security that stores your passwords, as well as the websites themselves. You, the user, can't do anything to protect against that. You can secure your communications encrypting ever bit up until the information leaves your site...after that it is up to the service company (bank, amazon, facebook, whatever) to have the proper measures to prevent attack. You have absolutely no control of their side. FiB3R 1 Share Link to comment Share on other sites More sharing options...
farmeunit Posted June 28, 2012 Share Posted June 28, 2012 I used KeePass at home, but started using LastPass and like it better. You can generate passwords with both. You could use it to generate a completely random password for every site. That way if someone gets one of your passwords, they can't use it anywhere else. Link to comment Share on other sites More sharing options...
+InsaneNutter MVC Posted June 28, 2012 MVC Share Posted June 28, 2012 I have recently started using 1password it costs a bit, however looked to be the most professional solution out there in terms of features and been able to access your passwords from multiple devices. Your data is not saved on some random server either, its either local (encrypted) with the option of syncing this encrypted data via Dropbox or Wifi to a mobile device. Very happy with it, the desktop app, web browser plugins and mobile apps just work. Link to comment Share on other sites More sharing options...
Travelar Posted June 28, 2012 Share Posted June 28, 2012 I'm a fan of lastpass, for the same reasons that InsaneNutter likes 1password. Link to comment Share on other sites More sharing options...
Lee G. Veteran Posted June 28, 2012 Veteran Share Posted June 28, 2012 I recommend KeePass. I've found it to be an ideal solution. Having seen these recommendations though, I'm installing LastPass to see if it's any better. FiB3R 1 Share Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 28, 2012 MVC Share Posted June 28, 2012 I use lastpass, works on pretty much every browser - have it on my blackberry, have it on my kindlefire, etc. And the use of different passwords for every site is good practice! Link to comment Share on other sites More sharing options...
FiB3R Posted June 28, 2012 Share Posted June 28, 2012 KeePass + LastPass + DropBox + 7Pass = Win Link to comment Share on other sites More sharing options...
Zlain Posted June 28, 2012 Author Share Posted June 28, 2012 I think I'll use keePass. My concern is, okay recently linkedin got hacked. But if KeyPass got hacked, wouldn't we then lose EVERYTHING? Link to comment Share on other sites More sharing options...
notta Posted June 28, 2012 Share Posted June 28, 2012 I use lastpass, works on pretty much every browser - have it on my blackberry, have it on my kindlefire, etc. And the use of different passwords for every site is good practice! Yea, I'm in full steam now using LastPass. I have been very poor with my password management, but now that I'm using LastPass I have a different password for each site. I even purchased a Yubikey which puts my mind a little more at ease that I'm using a single cloud service to store all my important information. I just wish the Yubikey was supported by more sites. I have used KeePass in that past and I think it's an exceptional piece of software but it's local. With LastPass, if I change or add a new password it's automatically accessible on all my computers. I told a guy about LastPass at work yesterday and he said he used RoboForm. When he changes a password he has to copy the file onto a usb drive and then transfer it around to all his other machines. I imagine you could use DropBox or something, but that's just too much work for me. LastPass is exceeding my expectations. Link to comment Share on other sites More sharing options...
spedanden Posted June 28, 2012 Share Posted June 28, 2012 Dashlane. Saves your passwords, your data so it fills out forms for you, auto logs in, saves your purchase receipts and credit card info. Pretty neat program. Link to comment Share on other sites More sharing options...
Zlain Posted June 28, 2012 Author Share Posted June 28, 2012 Yes, there are a few password managers out there. But I still don't understand how they make your passwords more secure. If all the passwords are saved in one place, surely it makes it more dangerous? Can anyone explain how it makes it more secure? Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 28, 2012 MVC Share Posted June 28, 2012 So what is more secure - you using the same password at all your sites so you can remember them. Or storing them somewhere (securely) and being able to use different non easy to remember passwords for all you sites. Now if one site just happens to store their passwords in an unsecure manner and some breaches that site, they could in theory access every site you have access. So here for example of the passwords I use rxP65cp5!h#VfJ Can you remember such passwords for the even say 20 sites you have. I sure could not, but what I can remember is 1 very secure password to access my passwords. Now sure if someone could access my online password account and had my secure password, then I am out of luck. Which is why you can use 2 factor methods to make sure even if they got your special password they would not be able to access your password store. Your passwords are secured with your key, so even if someone breached the lastpass security and got access to the data - they would have to break every users encryption key. Its not like there is some master key that could unlock all the accounts. But sure the best security would be to use STRONG passwords like rxP65cp5!h#VfJ and only store them in your HEAD ;) Marshall, GrayW, Zlain and 1 other 4 Share Link to comment Share on other sites More sharing options...
Salgoth Posted June 28, 2012 Share Posted June 28, 2012 Keepass user here - but I don't have a bunch of mobile devices so local storage is fine for me! Link to comment Share on other sites More sharing options...
Zlain Posted June 28, 2012 Author Share Posted June 28, 2012 So what is more secure - you using the same password at all your sites so you can remember them. Or storing them somewhere (securely) and being able to use different non easy to remember passwords for all you sites. Now if one site just happens to store their passwords in an unsecure manner and some breaches that site, they could in theory access every site you have access. So here for example of the passwords I use rxP65cp5!h#VfJ Can you remember such passwords for the even say 20 sites you have. I sure could not, but what I can remember is 1 very secure password to access my passwords. Now sure if someone could access my online password account and had my secure password, then I am out of luck. Which is why you can use 2 factor methods to make sure even if they got your special password they would not be able to access your password store. Your passwords are secured with your key, so even if someone breached the lastpass security and got access to the data - they would have to break every users encryption key. Its not like there is some master key that could unlock all the accounts. But sure the best security would be to use STRONG passwords like rxP65cp5!h#VfJ and only store them in your HEAD ;) Thanks for explaining it, makes more sense. Could you elaborate on what two factor security is? Link to comment Share on other sites More sharing options...
notta Posted June 28, 2012 Share Posted June 28, 2012 Two factor authentication is when you have to provide not 1, but 2 pieces of information to authenticate. For example with LastPass I have it setup so when I log into my LastPass account I get prompted for my second piece of authentication which is my YubiKey. If I don't have my YubiKey plugged into my computer I can't access my account even though I know my password. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted June 28, 2012 MVC Share Posted June 28, 2012 two factor - something you know and something you have or are. Like a password and your fingerprint, or your password and digital cert stored on some device like a usb key or fob. lastpass you can use yubikey for example. Or you can set it up with a grid of extra passwords you print out. Or you can use it with the google authenticator, etc. You can setup for example that to login to your account you need your master password and a code that is sent to your mobile phone (something you have). So even if someone knew you password they would also have to have access to your mobile phone to get the code when they try and login. Hope that helps. The also have the ability for OTP, one time passwords. So for example you need to login from an unsecure site that your worried maybe there is a keylogger or something. You can print out a grid that has passwords that can only be used Once and then they are no longer valid. You can setup trusted computers, so say from your desktop you only need your password - but at another location you would have to use some other multifactor method along with password to login. This is a good option to prevent someone on the web from just bruteforce or guessing of your password. But again your master password should be REALLY SECURE!! For example mine is 26 characters long, upper, lower, numbers and specials -- Good luck brute forcing that ;) Link to comment Share on other sites More sharing options...
iascoot Posted June 28, 2012 Share Posted June 28, 2012 Another vote here for Dashlane (dashlane.com) awesome software and great support, I have emailed them a few times, always quick to get back to you There are features that can be 'locked' but you can unlock them by gaining points doing things in the software (referring friends, adding more information) (its free to use, no premium versions at the moment) I read the security whitepaper for them the other day and very happy with their encyption and data storage methods Link to comment Share on other sites More sharing options...
Zlain Posted June 29, 2012 Author Share Posted June 29, 2012 Thanks for your help guys. I'll look into this and begin downloading one also begin memorising a new master password to use. Thanks for your help. Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted June 29, 2012 MVC Share Posted June 29, 2012 I'm a roboform anywhere user. I tried lastpass but, because i've been using roboform it just felt foreign. So I went back to roboform. Link to comment Share on other sites More sharing options...
lol51312 Posted July 1, 2012 Share Posted July 1, 2012 Do not use chrome it is already hacked! Link to comment Share on other sites More sharing options...
Odom Member Posted July 3, 2012 Member Share Posted July 3, 2012 +1 Keepass (Y) Use it at home and for work. Also exists for Android (probably iPhone and others as well) and is easy to keep synched across all platforms. Link to comment Share on other sites More sharing options...
soldier1st Posted July 6, 2012 Share Posted July 6, 2012 I use lastpass. It works on practically any device. Link to comment Share on other sites More sharing options...
Mr.XXIV Posted July 6, 2012 Share Posted July 6, 2012 LASTPASS! :D Link to comment Share on other sites More sharing options...
stumper66 Posted July 6, 2012 Share Posted July 6, 2012 I just switched to KeePass today. I mostly got it because there's a client available for it on my Windows Phone 7. So now I have it sync'd to my SkyDrive account on my home and work computer. If I do any updates on the computers, I can open the app in my phone and tell it to sync. 2 seconds later all updates are on my phone. The PCs sync automatically with no user interaction required. Link to comment Share on other sites More sharing options...
Recommended Posts