Password Manager?

[ThaCrip]

Password Safe ( https://pwsafe.org/ ) ; "Designed by renowned security technologist Bruce Schneier"

 

I have been using that since about 2005-2007 without any problems and it's entirely offline storage (so make sure to backup the password database file!!! (I always make multiple backups)). Windows/Linux versions are maintained by Rony Shapiro and Jeff Harris maintains the Android version. I never used the Android version, just Windows/Linux.

 

my basic use of it... I just right click the entry in Password Safe and select 'copy' and then 'paste' it into the browser.

 

p.s. the Linux version (which I have been using since basically Jan 2019 when I went to Linux Mint entirely) can be installed with 'sudo apt install passwordsafe' (note: NO space between 'password' and 'safe', it's all one word. so type it just like I mentioned) or to get the newest version... https://sourceforge.net/projects/passwordsafe/files/Linux/ ; currently v1.14.0 from from Oct 2021 as it's a .deb file.

 

-------------------------------------------------------------------------

for those who are paranoid and don't trust a password managers password generation... you can use dice to generate random passphrases or passwords.

 

Option 1)Diceware(passphrase). use "eff.org/dice" (basically this file specifically... https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt ) which basically with each roll of five die you convert that 5-digit number into a word on that .txt file (use CTRL+F on your basic text program to make finding each word much faster).  it's recommended to use a minimum of six-words (77.5bits of entropy). note: I suggest pairing it with your own 'padding' for further increase of security. for example... instead of just typing your six words back-to-back you could do something like... "!!!word1,word2,word3,word4,word5,word6" etc.

 

Option 2)Manual random password generation... https://theworld.com/~reinhold/dicewarefaq.html ; under the "How do I use dice to create random character strings?" section. basically you use three die and with each roll of those three die you then convert to a character on that chart. so if you wanted a 20-character password you would need to role each of those three die at once, at least twenty times to get your 20-character password. I say 'at least' twenty times because it's possible to roll a blank at which point you simply roll again. note: I noticed it usually gives at least one upper case letter, a lower case letter, a number, and a symbol when you do 20-characters for example. it's possible that won't occur, since it's random, but it typically does which helps keep security higher since if someone were to try brute forcing they are going to have to try a lot more combinations.

 

basically a 10-word Diceware passphrase is similar in security to a 20-character randomly generated password... 129.2(10-word Diceware) vs 131.1(20-character random) bits of entropy. I excluded 'spacebar' so I think it should be like 94-characters on a standard keyboard.

 

so while everyone might have their own method of password generation, these are guaranteed secure with sufficient passphrase/password length.

 

but with that said I think a password managers password generation is secure enough and will save time especially given I figure as a bare minimum as long as one is above that low-hanging-fruit standard (i.e. not using weak passwords) they are much less likely for someone to guess their password and in this regard anything a password manager generates will be well beyond that standard.

Edited January 13, 2022 by ThaCrip

[SnoopZ]

I use the free version of Bitwarden, it works well across all device types without having to pay for it.

[riceBox]

I use free BitWarden, and export its contents to a KeePass database for backup.

[+BudMan MVC]

On 12/01/2022 at 17:52, mram said:

  In both the Edge extension and on the desktop I can export / import anything.

Not using edge but just in the firefox extension, no issues with exporting (json or csv, or encrypted json)..

 

 

And you can see the import feature right there above export.

[C:Amie]

I jumped off of LastPass when they locked down the free service and over to BitWarden. It's not as polished or automated as LastPass though  - and comparatively having tried less experienced users on it, they've got into a pickle with it. It's fine for me as a tech, but just needs some more work with the automatic form filling and the UI for anyone who isn't. IMHO.

[Marujan]

On 12/01/2022 at 18:40, Mindovermaster said:

You even know what a password manager does?

yes, sharing your passwords for someone who need your passwords

 

 

 

 

 

 

 

[+Warwagon MVC]

On 13/01/2022 at 01:58, SoLoR1 said:

I used LastPass on a familly sub until they started to complicate with free accounts, even if changes didnt affect me, i switched to BitWarden (on family sub again) and im compleatlly happy with it. I stopped paying them because they where greedy. Also another thing is for BitWarden you can host your own server, if you dont trust them, so this is a bonus (not that im using this, but i might one day).

To be fair, before they "Got greedy" there was really no reason to buy the pro version as they kept moving pro features of to the free tier. I don't blame them for wanting to make money. I Love it how people probably used the free version of last pass for YEARS and YEARS .. then once they changed for it and actually wanted some money instead of getting a subscription after years of using it for free people dumped them like a hot potato.

[Joe User]

KeePass for me. I keep the database on Onedrive and my local server and the MFA keyfile is local to the devices I use it on.

 

Granted, it's got all the UI charm of a 1970's nuclear reactor, but it does the job and does it well.

[Sir Topham Hatt]

BitWarden user here.

Switched from LastPass.

 

They both are very similar for my needs but more than happy with how it currently works.

 

I was going to use MS Authenticator but it's not quite what I wanted.

[SoLoR1]

On 15/01/2022 at 03:26, warwagon said:

To be fair, before they "Got greedy" there was really no reason to buy the pro version as they kept moving pro features of to the free tier. I don't blame them for wanting to make money. I Love it how people probably used the free version of last pass for YEARS and YEARS .. then once they changed for it and actually wanted some money instead of getting a subscription after years of using it for free people dumped them like a hot potato.

Well i was subbed because i felt like they deserve it and for occasional family share (same reason im subbed to BW now). Only over the line limit with Lastpass was limit to one device type, because that makes it pretty much useless for free users. Also another (minor) thing was, i really was never keen of that red theme

[Garry]

I also switched from LastPass to Bitwarden.

 

Self-hosted a BitWarden server on my NAS so I get the benefit of the otherwise premium features with the additional perceived security of not having my passwords stored within a cloud service.

 

At the time, exporting from LastPass was easy though I believe it can be a bit more difficult now. 

[DramaInc]

BitWarden is the only PW i like.  The UI is great, $10/year for premium (allows it to store 2FA and send files), open source, self hostable.  Other PW managers are starting to feel clunky and cost 4x as much.