Experience with password managers

[jamester64]

Anyone here have experience with password managers ? Pros and cons. ?

I have over a dozen passwords that I try to remember and if I don't login frequently I usually forget them and have to reset so I'm looking at other alternatives.

 

TIA

[+virtorio MVC]

I used 1passeord for years but got sick of their software and now use (and recommend) LastPass.

[metallithrax]

Another LastPass recommendation here.  Also use Keepass at work.

[+BudMan MVC]

lastpass user for years.. Dozen passwords - how cute hehehe

 

Over 400 here...  Did you just get on the internet last week?...

 

Another one been playing with is bit https://bitwarden.com/

[farmeunit]

Lastpass here, as well.  Thanks for the info @BudMan

 

Have been looking for alternative for mobile.  I find Lastpass not that great on my phone.  Love it for browser.

[+Warwagon MVC]

One Pro of a password manager like Lastpass is phishing protection. If you land on PayPaI <-- That's a capital i at the end, not a lower case L .. LastPass will refuse to automatically fill in the username and password. It will also show No matching passwords for that site, which should be a big hint you are on the wrong site.  You might not be able to tell the difference but LastPass can.

[Tuskd]

Dashlane user here. It is great, but free version is limited and the full version is pricey. I got it on an offer. However, like many others, LastPass is also recommended.

Pros: never have to remember more than 1 password anymore. most managers have tools to create strong password. many managers are cross-platform, so you can log in without hassle from any device. you can also store card details, notes, etc.

 

Cons: You wont remember almost all of your passwords  If your password manager is hacked and all your passwords comprised, you are doomed. (highly unlikely, but still).

[exotoxic]

I use Lastpass too but since the LogMeIn takeover it has gone down hill FAST, it has a couple of major issues (on Firefox at least) and the developers don't respond on the support forum.

[dipsylalapo Supervisor]

I've always wondered about things like LastPass. I would always be worried about the eggs in one basket situation. 

 

Is it not a risk that one password (LastPass password) could potentially give someone access to everything? Or just my naivety?

[+Warwagon MVC]

9 minutes ago, exotoxic said:

I use Lastpass too but since the LogMeIn takeover it has gone down hill FAST, it has a couple of major issues (on Firefox at least) and the developers don't respond on the support forum.

The only issue I had on firefox, was on the portable version and that was it never remembered my google authenticator. Everytime I would relaunch it I would type in my password it would ask for the Google Authenticator code again, so annoying!

[+InsaneNutter MVC]

I use 1Password 4, I like that as you are in total control of your data.

 

Sadly for newer versions you can only use it with their cloud service, you can't store your own data locally. In addition the app on Windows app has been re-wrote from scratch and is not great in comparison to the previous version. I certainly wouldn't pay for a newer version in its current state regardless.

 

Long term i'm not sure what i'm going to do. Apparently supporting local 1Password keychains is a feature that will be implemented again at some point on 1Password 6, so I guess i'll see what happens. 1Password 4 is serving me fine for now and is still updated.

[+BudMan MVC]

34 minutes ago, dipsylalapo said:

Or just my naivety?

This

 

Even if someone got your lastpass password.. They would need your 2nd factor method, and they would need to be coming from a country you allow access from as another..  Or would have to have your password and access to one of your devices already trusted by lastpass, etc.

 

Your lastpass master password should be very SECURE as well.. Mine is currently 20 characters.. While its just made up of what amounts to gibberish, it is something easy for me to remember and type in, etc.

 

And yes if your really paranoid with even your devices physical security you can require 2nd factor everytime you login to your account even from trusted devices.  I have mine set to logout after 15 minutes.. So even if I leave my home machine unlocked and walk away.. Shoot my wife only other person in the house can not just walk up and access my vault without knowing the master password since it logs out on its own if not being used, etc.  If I forget to logout when I leave, etc.

[dipsylalapo Supervisor]

4 minutes ago, BudMan said:

This

 

Even if someone got your lastpass password.. They would need your 2nd factor method, and they would need to be coming from a country you allow access from as another..  Or would have to have your password and access to one of your devices already trusted by lastpass, etc.

 

Your lastpass master password should be very SECURE as well.. Mine is currently 20 characters.. While its just made up of what amounts to gibberish, it is something easy for me to remember and type in, etc.

 

And yes if your really paranoid with even your devices physical security you can require 2nd factor everytime you login to your account even from trusted devices.  I have mine set to logout after 15 minutes.. So even if I leave my home machine unlocked and walk away.. Shoot my wife only other person in the house can not just walk up and access my vault without knowing the master password since it logs out on its own if not being used, etc.  If I forget to logout when I leave, etc.

I figured that that would be the case, but good to know why. As I've said I've always toyed with the idea of using LastPass. I may give it go with a free trial or something and see how it pans out. 

 

Cheers again @BudMan, as always a fountain on knowledge

[+Warwagon MVC]

11 minutes ago, BudMan said:

This

 

Even if someone got your lastpass password.. They would need your 2nd factor method, and they would need to be coming from a country you allow access from as another..  Or would have to have your password and access to one of your devices already trusted by lastpass, etc.

  I have mine set to logout afte 15 minutes.. So even if I leave my home machine unlocked and walk away.. Shoot my wife only other person in the house can not just walk up and access my vault without knowing the master password since it logs out on its own if not being used, etc.  If I forget to logout when I leave, etc.

10

Yep I recommend this as well to people, This way they always have to be entering their master password so they don't forget it. You would be surprised (or probably not) how many people tell me they don't have a yahoo mail password because it always logs straight in.

[GrayW]

Another vote for LastPass here, although I've been considering experimenting with KeePassXC.

[exotoxic]

3 hours ago, warwagon said:

The only issue I had on firefox, was on the portable version and that was it never remembered my google authenticator. Everytime I would relaunch it I would type in my password it would ask for the Google Authenticator code again, so annoying!

So no issues with auto fill not working or new passwords not being saved (https://forums.lastpass.com/viewtopic.php?f=6&t=255755) almost a year and still no fixes or feedback!! 

[+Warwagon MVC]

12 minutes ago, exotoxic said:

So no issues with auto fill not working or new passwords not being saved (https://forums.lastpass.com/viewtopic.php?f=6&t=255755) almost a year and still no fixes or feedback!! 

I don't have any of those issues either. It's just that Lastpass won't keep me authenticated with google authenticator 

[+John. Subscriber¹]

Keepass at work, 

1Password at home. 

 

Not a bad thing to say about either of them

[Circaflex]

I personally use KeePass and at one time did use LastPass. I only switched because I wanted to be in control of my PW database, rather than rely on a third party company.

[Salty Wagyu]

Been using Lastpass for years, but their attempts at autofill is pretty terrible and feels it's been getting worse as of late.

[+BudMan MVC]

My license expires like in july... I might switch over to bitwarden at that time... As I stated I have been playing with it.. It was very easy to export all info from lastpass and import into bitwarden..

 

Especially if your one of those people that like to host stuff yourself or have space in the cloud.

 

While I would recommend lastpass for sure - there are always other options.. From my looking around bitwarden seems like the best alternative to me.

 

To go along with password managers I would suggest a 2FA tool... Been using Authy for long time - to me way better than google authenticator..  https://authy.com/

 

Why I like most about it is the ability have it on my desktop as well as my mobile.  I use it on my work mobile, which since its works phone - could be lost if lost job, etc.  So its nice to have that backup running on my desktop at home.. Works with all the QR codes for google out of the box.. Even got it working with paypal - who's 2fa support is horrible, etc.  Had to reverse engineer to get the code to put in, etc.

[jamester64]

5 hours ago, BudMan said:

lastpass user for years.. Dozen passwords - how cute hehehe

 

Over 400 here...  Did you just get on the internet last week?...

 

Another one been playing with is bit https://bitwarden.com/

Actually is over 80 total but the dozen or so I care about are just the banks and email ?

[+BudMan MVC]

You mean you use a dozen or so all the time I take it.. I would think you should "care" about all your passwords

[maxcoolzero]

Recently at work we were asked to have hard different passwords for every servise. So, thanks for all the recommendations.

[Draconian Guppy]

On 9/4/2018 at 8:16 AM, dipsylalapo said:

I've always wondered about things like LastPass. I would always be worried about the eggs in one basket situation. 

 

Is it not a risk that one password (LastPass password) could potentially give someone access to everything? Or just my naivety?

+1 This is what keeps me from using these sorta of services!

 

But then again, I only use like 5 passwords at much

Edited April 10, 2018 by Draconian Guppy

[+BudMan MVC]

Then you do not understand how the technology works... Sorry even if they were compromised.. They don't have your password, and all they have is your encrypted vault.. You have the keys to decrypt it..

 

https://lastpass.com/support.php?cmd=showfaq&id=6926