Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Locked thread
spog
Aug 7, 2004

It's your own bloody fault.

cyxx posted:

So how do these things work on mobile and locked down work computers?

For mobile I'm imagining there's an app that you copy and paste into the appropriate password fields on banking apps and such? (I use iOS)

And locked down work computers I guess I would just copy and paste from a web interfact?

Keepass on android is easy to use:
you unlock the database and select the entry you want to use.
You then can use the notification drawer to copy the username or the password to the clipboard with a single click
next is to paste into the appropriate field.
I assume iOS is similar.

The portable version of keepass will run without being installed.

Adbot
ADBOT LOVES YOU

Popoto
Oct 21, 2012

miaow
I've been recommended Password Box by a friend, which supposedly runs an algorithm that "hasn't been cracked since 1960". I find that dubious but v-_-v I just want a good fortress to encrypt all my password in and control from a central point. Anyone knows anything about it? I haven't seen it mentioned here.

biznatchio
Mar 31, 2001


Buglord

StarMinstrel posted:

which supposedly runs an algorithm that "hasn't been cracked since 1960"

I would immediately be highly suspicious of any product that promotes its cryptography in such a meaningless and misleading pandering way. It feels like hucksterism. And someone who understands crypto would inherently know that being old doesn't mean being better.

Che Delilas
Nov 23, 2009
FREE TIBET WEED

StarMinstrel posted:

I've been recommended Password Box by a friend, which supposedly runs an algorithm that "hasn't been cracked since 1960". I find that dubious but v-_-v I just want a good fortress to encrypt all my password in and control from a central point. Anyone knows anything about it? I haven't seen it mentioned here.

"Hasn't been cracked since 1960" could be accurately interpreted as "it was cracked in 1960." Once an algorithm is cracked, it's cracked, no?

:spergin: :spergin: :spergin:

Bhodi
Dec 9, 2007

Oh, it's just a cat.
Pillbug
Password Box is a McAffee product (Click on Help/FAQ at the bottom of the page).

That should tell you all you need to know.

Mantle
May 15, 2004

How is roboform for team password sharing? My company's outside IT guy is pushing it over lastpass but I don't totally trust him as a lot of his solutions seem to be based on how many billable hours they make for him.

Popoto
Oct 21, 2012

miaow

Bhodi posted:

Password Box is a McAffee product (Click on Help/FAQ at the bottom of the page).

That should tell you all you need to know.

Ok so it's poo poo. I'll check out the other recommendations :)

---
Just checked out Keepass. I'm curious : It's OpenSource, meaning that everyone has access to the algorithm, right? What would someone need to do in theory to then have access to all your passwords with Keepass? It seems to me that using it would be opening myself to inviting people to have easier access to all my passwords in one place with an algorithm that's openly available. I have zero knowledge of security coding so forgive me if this is the dumbest poo poo ever I'm asking >.>

Popoto fucked around with this message at 17:12 on Mar 9, 2015

spog
Aug 7, 2004

It's your own bloody fault.

StarMinstrel posted:

Ok so it's poo poo. I'll check out the other recommendations :)

---
Just checked out Keepass. I'm curious : It's OpenSource, meaning that everyone has access to the algorithm, right? What would someone need to do in theory to then have access to all your passwords with Keepass? It seems to me that using it would be opening myself to inviting people to have easier access to all my passwords in one place with an algorithm that's openly available. I have zero knowledge of security coding so forgive me if this is the dumbest poo poo ever I'm asking >.>

No.

They let everyone know what the maths are, but not the numbers you put into the maths to create the encryption.

This is actually more secure than hiding the maths - it means that geeks and crypto-weenies can examine the maths and a) determine how strong it is and b) point out any vulnerabilities due to poor implementation - then post the results in public.

Popoto
Oct 21, 2012

miaow

spog posted:

No.

They let everyone know what the maths are, but not the numbers you put into the maths to create the encryption.

This is actually more secure than hiding the maths - it means that geeks and crypto-weenies can examine the maths and a) determine how strong it is and b) point out any vulnerabilities due to poor implementation - then post the results in public.

Ok so basically, peer review journals. That's good. I suppose the bit about the number s you put into the maths is us choosing the passwords, right? In that case it shoot my confidence up. I suppose the other reason to really use those password manager is not just to put all your stuff in one place, but also to use their password generators to make really complicated ones since you know you won't have to remember them, thus making sure it's not brute-forcable...

Oddhair
Mar 21, 2004

There's also a database settings page wherein you can tell it how many key encryption rounds to use. It defaults (on the old 1.x version I use) to 200,000 rounds, but if you click the button out to the right it will calculate how many rounds it can do on your CPU in one second. My core i7 860 at work does over five million, I can only imagine how many a current-gen processor will do in a second (or log into my home machine remotely, but whatever.) If you raise this value it'll take a little longer to open the DB on your phone, for instance, but this also adds a constant time factor to any brute force attempt.

Jo
Jan 24, 2005

:allears:
Soiled Meat
Another voice in the KeePass echochamber. I've been using it for probably well in excess of five years. Google Drive makes it easy to sync, and I can open it on my Android, my desktop, or my laptop. On the whole I'm very satisfied with them. My biggest irk is when I modify the password file on my laptop and I don't sync the DB file (because I'm offline or close my laptop before it can upload), then get a modification conflict in Google Drive.

GokieKS
Dec 15, 2012

Mostly Harmless.
The problem with KeePass is that the Windows client is the only one that's good, and your options on other platforms range from merely acceptable (iOS, Android) to downright awful (OS X). I switched to Dashlane and have been much much happier.

Jo
Jan 24, 2005

:allears:
Soiled Meat

GokieKS posted:

The problem with KeePass is that the Windows client is the only one that's good, and your options on other platforms range from merely acceptable (iOS, Android) to downright awful (OS X). I switched to Dashlane and have been much much happier.

I've found the OSX client to be perfectly usable. :confused: Are you using KeePassX or some other version?

GokieKS
Dec 15, 2012

Mostly Harmless.
Back when I used it, my options for a KeePass 2.x compatible client on OS X was a wholly incomplete alpha version of KeePassX, KeePass running via Mono which barely work, and then later KyPass Companion, which was by far the best of the trio, though that wasn't saying much and it still had a bunch of issues. Maybe it's improved enough over the last 1.5-2 years, but back then I switched away to Dashlane and was much happier.

Adbot
ADBOT LOVES YOU

Bhodi
Dec 9, 2007

Oh, it's just a cat.
Pillbug
That's a big thing about keepass. DO NOT USE 2.X. Only use the 1.X.

2.x was re-written in microsoft-only for some reason and isn't compatible with poo poo. 1.X is cross-platform as all hell and has all the features you really want (pagent / ssh integration, auto-type)

  • Locked thread