|
Heya Goons! Sorry if there's another thread somewhere discussing this, but the forum search doesn't seem to want to find the phrase "password manager"... Anyhow, I'm getting tired of having to remember all of the passwords I have to create for all the different websites I have to log in to. I have read that password manager programs have come a LONG way in terms of both increasing security, and streamlining the password creation/storage process. As such, I have decided to try them out, and wanted to get the community's opinions on which ones are the best! I'm looking for one that offers both random sequence generation as well as custom created passwords, and encrypts the password wallet while not in use. Also, naturally, I would prefer it to be free...but if I must pay, I will.
|
#
?
Aug 11, 2014 08:55
|
|
|
|
| # ? Apr 24, 2024 07:31 |
|
|
Standard answer is Keepass/Lastpass. I like Keypass, I keep the password file on the cloud(with a hefty unique password) so I can access it from any of my computers or my phone.
|
|
#
?
Aug 11, 2014 09:06
|
|
|
($) 1Password - You have to sync the data yourself (they recommend dropbox) ($,F) Lastpass - Web-based, free version doesn't do mobile, enterprise friendly ($,F) Meldium - Some startup that does password management (similar to Lastpass, but it's all for free for now)
|
|
#
?
Aug 11, 2014 10:35
|
|
|
Mrit posted:Standard answer is Keepass/Lastpass. I like Keypass, I keep the password file on the cloud(with a hefty unique password) so I can access it from any of my computers or my phone. Came here to post this. Another bonus is that it can be run from a thumbdrive, so you can use it on any PC.
|
|
#
?
Aug 11, 2014 10:35
|
|
|
Another vote for Keepass + <cloud>. I use dropbox, but anything should be fine.
|
|
#
?
Aug 11, 2014 11:01
|
|
|
Password Safe (https://pwsafe.org) is what I have used for a number of years. Simple, open source, and originally came with Bruce Schneier cred, though I don't believe that he has had anything to do with the project for many years.
|
|
#
?
Aug 11, 2014 12:24
|
|
|
Good advice I once heard is to write down you passwords on a piece of paper and store it somewhere safe. Maybe make an abridged copy for the most common passwords you use that you can't be arsed to remember to carry around with you. This method is free and trusty so yeah.
|
|
#
?
Aug 11, 2014 12:59
|
|
|
Lichy posted:Good advice I once heard is to write down you passwords on a piece of paper and store it somewhere safe. Maybe make an abridged copy for the most common passwords you use that you can't be arsed to remember to carry around with you. Great if your password is 'joshua' Not so good if your forums password is 'fuu3hiqn0phhy0x95nhyn36f7wapq14e'
|
|
#
?
Aug 11, 2014 13:05
|
|
|
spog posted:Great if your password is 'joshua' Eh if it's below 15 symbols or so it's fine even with completely random passwords. Anyhow maybe I just like micromanaging stupid stuff don't listen to me.
|
|
#
?
Aug 11, 2014 13:10
|
|
|
spog posted:Great if your password is 'joshua' Exactly this, and since my primary security concerns are either a bruteforce attack, or a server-wide password leak...having unique and maximally complex passwords is the only means of mitigation. Thanks for the responses, everyone. I will be testing out the recommended softwares over the next few days.
|
|
#
?
Aug 11, 2014 13:21
|
|
|
KeePass with password plus cert I transfer manually between computers. After all the business about Dropbox being compromised several times, I wanted a bit more protection.
|
|
#
?
Aug 12, 2014 13:24
|
|
|
Use LastPass with Duo Security for two factor authentication. I have LastPass re-request two factor for banking/financial sites. I highly recommend trying out this setup.
|
|
#
?
Aug 12, 2014 13:41
|
|
|
sauroid posted:Password Safe (https://pwsafe.org) is what I have used for a number of years. Simple, open source, and originally came with Bruce Schneier cred, though I don't believe that he has had anything to do with the project for many years. Yeah, this one is nice because i can store the passwordstore file it uses on onedrive/dropbox and have access from all my boxes. But as far as I know its Windows only.
|
|
#
?
Aug 12, 2014 14:29
|
|
|
I've tried KeePass, Lastpass, and Dashlane and I an unbelievably happy with Dashlane. It's got pretty much the same functionality as Lastpass but the interface is so much nicer. It's just really nice to use whereas I got frustrated with Lastpass's interface pretty quickly
|
|
#
?
Aug 12, 2014 14:45
|
|
|
I use lastpass with 2 factor authentication and feel pretty good about it.
|
|
#
?
Aug 12, 2014 16:15
|
|
|
How timely, Lastpass is having rolling blackouts this morning from a datacenter failure. We use Lastpass Enterprise for work. Its mostly ok. I used to use it for my personal accounts as well but then the work account kind of mucked that up even though you can "link" the two accounts together. I use 1Password now and I like its interface a lot more. And the fact that I don't have to worry about an outage like today affecting me. Its database lives offline or in Dropbox, iCloud, if you want to sync somewhere. Its primarily a Mac OS/iOS product but the Windows version just got overhauled and works great.
|
|
#
?
Aug 12, 2014 17:19
|
|
|
1Password is what I use with 2factor sync to Dropbox for keeping current between my Win/OSX/iOS devices. It's expensive compared to the free/open offerings, but in my opinion the GUI/UX is much nicer. It goes on sale from time to time too.
|
|
#
?
Aug 13, 2014 00:30
|
|
|
Strike Hold posted:1Password is what I use with 2factor sync to Dropbox for keeping current between my Win/OSX/iOS devices. It's expensive compared to the free/open offerings, but in my opinion the GUI/UX is much nicer. It goes on sale from time to time too. I also use 1Password because it's just easier for me to sync it between all the devices I have. I got the family bundle when it was on sale last. The iOS version is also on sale now for $10 if you just want to use the mobile version to manage your passwords.
|
|
#
?
Aug 13, 2014 04:51
|
|
|
I use LastPass personally and I'm pretty satisfied, but it doesn't make it easy to add custom DOM fields for password detection that it misses. Otherwise, no major problems on my end.
|
|
#
?
Aug 13, 2014 04:57
|
|
|
One disadvantage of solutions in which you store your own encrypted password file is the growing threat of ransomware. Your password file does you no good if it's in the cloud auto-syncing with your desktop, and your desktop becomes compromised. Suddenly all of your passwords end up behind someone else's encryption. This is one of the reasons I prefer LastPass. That said, I'm sure someone will roll their own private cloud using FreeBSD or something else that ransomware generally doesn't bother targeting.
|
|
#
?
Aug 14, 2014 20:55
|
|
|
Ynglaur posted:One disadvantage of solutions in which you store your own encrypted password file is the growing threat of ransomware. Your password file does you no good if it's in the cloud auto-syncing with your desktop, and your desktop becomes compromised. Suddenly all of your passwords end up behind someone else's encryption. This is one of the reasons I prefer LastPass. That said, I'm sure someone will roll their own private cloud using FreeBSD or something else that ransomware generally doesn't bother targeting. Ideally speaking users should maintain an incremental backup solution if there are concerns about ransomware. Then it doesn't matter if your PC is hit even if it backs up again because you still have older versions of the files that you can restore from. If you don't have a true backup solution some free cloud hosts offer 30 day versioning as well, like Google Drive, so unless your PC gets hit with ransomware and syncs up and then you wait a month you'd probably be alright.
|
|
#
?
Aug 16, 2014 03:29
|
|
|
I print out the database file from keepass and store it in a safe every 30 days.
|
|
#
?
Aug 16, 2014 14:03
|
|
|
This is starting to sound like a "How to protect your Bitcoin wallet" thread.
|
|
#
?
Aug 16, 2014 19:19
|
|
|
Strike Hold posted:1Password is what I use with 2factor sync to Dropbox for keeping current between my Win/OSX/iOS devices. It's expensive compared to the free/open offerings, but in my opinion the GUI/UX is much nicer. It goes on sale from time to time too. Initially when people told me 1password the price seemed really high for a place to keep passwords, but after trying one of the free ones and found it really awkward. When I heard a windows version was imminent I bought 1pass for my Mac, and loved it. When the Windows version came out I bought it immediately, and I've had no qualms about buying all the upgrades and recommending it. They've even introduced shared vaults recently which was their one big failing for Someone who works in IT as part of a team. (I know there are a few better options for those who work in large enterprise) but if you're a small shop or just have a bunch of passwords you use daily 1 password can't be beat. Given the number of times a day I use it I'd say it's a bargain.
|
|
#
?
Aug 17, 2014 04:30
|
|
|
I really like lastpass, it's very user friendly can easily generate and save new username/passwords, can auto fill them in for sites if you like. Has a lightweight desktop app you can use for games, it can even auto fill out some games user/pass info. If not a copy/paste is a couple clicks away. The mobile app seems to work well, I use it rather rarely however. The guys at grc.com gave it a bit of a rundown if you interested in reading it as well. https://www.grc.com/sn/sn-256.htm After reading some of the posts here Dashlane looks interesting and I may check it out as well.
|
|
#
?
Aug 18, 2014 01:33
|
|
|
RhoA posted:I also use 1Password because it's just easier for me to sync it between all the devices I have. I got the family bundle when it was on sale last. The iOS version is also on sale now for $10 if you just want to use the mobile version to manage your passwords. The iOS version is great also. With the upcoming touch ID integration it'll be even better.
|
|
#
?
Aug 27, 2014 08:13
|
|
|
PasteBin.
|
|
#
?
Aug 27, 2014 18:06
|
|
|
Lots of passwords do end up there so I suppose you're not wrong.
|
|
#
?
Aug 27, 2014 18:43
|
|
|
So I've never used a password manager and was wondering about the disadvantages of using one would be. I mean, if you are using somebody else's computer how would you get the password to log in to your email or something? It seems to me that password managers kind of create a little bit of a hassle when you need to use something other than your own devices. I've wanted to try a password manager before but this has always prevented me.
|
|
#
?
Aug 29, 2014 08:35
|
|
|
Isko posted:So I've never used a password manager and was wondering about the disadvantages of using one would be. I mean, if you are using somebody else's computer how would you get the password to log in to your email or something? It seems to me that password managers kind of create a little bit of a hassle when you need to use something other than your own devices. I've wanted to try a password manager before but this has always prevented me. If I were to use simple passwords, then I could call up Keepass on my phone and read it, then type it in. As most of my passwords tend to be things like 'ZJ1OhfYdxKO2h2sXJp49', what I would do is load Keepass on a thumbdrive and run it from there http://keepass.info/download.html - there is a 'Portable' version
|
|
#
?
Aug 29, 2014 09:02
|
|
|
Lastpass has a web-based interface which you can use on other computers if you're not concerned about key loggers. It also has a mobile app, though typing long, complex passwords can be an exercise in patience.
|
|
#
?
Aug 29, 2014 14:02
|
|
|
It's a trade off you have to be willing to make to increase your password security. It's inconvenient for me as a 1Password user to have to sometimes manually find and type out some long rear end complex password to hook up my Netflix account to my AppleTV (or whatever) but better than having an account more easily compromised due to laziness.
|
|
#
?
Aug 29, 2014 16:04
|
|
|
internet jerk posted:It's a trade off you have to be willing to make to increase your password security. It's inconvenient for me as a 1Password user to have to sometimes manually find and type out some long rear end complex password to hook up my Netflix account to my AppleTV (or whatever) but better than having an account more easily compromised due to laziness. One thing I like about Keepass is that you can define the complexity of the password. If it is something that I have to type on an AppleTV (or whatever), I can select a long one that uses only characters - which is a lot easier than trying to find the ` ^ or ' keys
|
|
#
?
Aug 29, 2014 16:16
|
|
|
1Password can do this too, but that never really dawned on me to dial down the password length and whatnot on accounts you could class as less sensitive. It's not really a big deal anyway, it's not often I have to do those kinds of things so I'm more than willing to live with the convenience for security trade off.
|
|
#
?
Aug 29, 2014 16:30
|
|
|
Might be a stupid question, but how do you manage certificates for two factor authentication without it either being a hassle or completely useless?
|
|
#
?
Aug 29, 2014 16:31
|
|
|
OtherworldlyInvader posted:Might be a stupid question, but how do you manage certificates for two factor authentication without it either being a hassle or completely useless? If the two-factor authentication generates a QR code (such as those which are compatible with Google Authenticator), you can always take a screenshot, or a regular photo of it, and store that someplace safe. LastPass' Secure Notes capability allows you to store the two-factor authentication images, or you could put them in some other local or online storage, meaning that you don't have to disable two-factor authentication each time you want to add a new device, you can just retrieve the image and add it. Personally, my devices that have the AUthenticator installed are NFC-using Nexus devices, and I bought about ten NFC tags a year ago. Using the Trigger app, (and if the device is unlocked), I can tap the device on the tag at my computer, and it will open the authenticator app.
|
|
#
?
Aug 30, 2014 02:53
|
|
|
internet jerk posted:The iOS version is great also. With the upcoming touch ID integration it'll be even better. I've been using the previous version and haven't felt the need to upgrade, but I'll get the new version for the touch ID integration whenever I upgrade to the next iPhone. Having to punch in a long master password to access passwords on the iPhone keyboard drives me crazy sometimes.
|
|
#
?
Aug 30, 2014 07:21
|
|
|
I'm adding a +1 for KeePass. I use Windows, iOS, Linux, and Mac clients. The main password file is protected with AES-256 by default. I use Dropbox to sync my file and have over 30 accounts stored on it. You can choose exactly how your password is generated You can also define triggers to do automatic backups, which my main computer backs up to two locations on other drives. On the event that my password file has been saved,%comspec %/c copy "{DB_PATH}" "PATH_TO_BACKUP_LOCATION\{DB_NAME}". I tried Dashlane, but it was annoying for games like Battle.net client and became annoying (I only played with it for an hour or so). I much prefer KeePass. If you end up needing a Mac client, get the beta build. The release doesn't support keepass 2.0 files, but the beta does, and I have had no problems with it.
|
|
#
?
Nov 1, 2014 22:21
|
|
|
So how do these things work on mobile and locked down work computers? For mobile I'm imagining there's an app that you copy and paste into the appropriate password fields on banking apps and such? (I use iOS) And locked down work computers I guess I would just copy and paste from a web interfact?
|
|
#
?
Jan 12, 2015 20:07
|
|
|
|
| # ? Apr 24, 2024 07:31 |
|
|
Careful Drums posted:Yeah, this one is nice because i can store the passwordstore file it uses on onedrive/dropbox and have access from all my boxes. But as far as I know its Windows only. On Linux/Mac you can use Password Gorilla to open the same safes. I use pwsafe on OSX/iPhone which is pretty good, has TouchID on iOS, Password Safe on Windows 1Pass looks good but pretty drat expensive if you've got a phone, mac and windows machine to consider. theperminator fucked around with this message at 21:25 on Jan 12, 2015 |
|
#
?
Jan 12, 2015 21:21
|
|