Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«2 »
  • Locked thread
shahadien
Jan 4, 2014



Heya Goons! Sorry if there's another thread somewhere discussing this, but the forum search doesn't seem to want to find the phrase "password manager"...

Anyhow, I'm getting tired of having to remember all of the passwords I have to create for all the different websites I have to log in to. I have read that password manager programs have come a LONG way in terms of both increasing security, and streamlining the password creation/storage process. As such, I have decided to try them out, and wanted to get the community's opinions on which ones are the best!

I'm looking for one that offers both random sequence generation as well as custom created passwords, and encrypts the password wallet while not in use. Also, naturally, I would prefer it to be free...but if I must pay, I will.

Adbot
ADBOT LOVES YOU

Mrit
Sep 25, 2007

by exmarx


Grimey Drawer

Standard answer is Keepass/Lastpass. I like Keypass, I keep the password file on the cloud(with a hefty unique password) so I can access it from any of my computers or my phone.

Dr. Jackal
Sep 13, 2009


($) 1Password - You have to sync the data yourself (they recommend dropbox)
($,F) Lastpass - Web-based, free version doesn't do mobile, enterprise friendly
($,F) Meldium - Some startup that does password management (similar to Lastpass, but it's all for free for now)

spog
Aug 7, 2004

It's your own bloody fault.


Mrit posted:

Standard answer is Keepass/Lastpass. I like Keypass, I keep the password file on the cloud(with a hefty unique password) so I can access it from any of my computers or my phone.

Came here to post this.

Another bonus is that it can be run from a thumbdrive, so you can use it on any PC.

BurgerQuest
Mar 17, 2009


Another vote for Keepass + <cloud>. I use dropbox, but anything should be fine.

sauroid
Jul 23, 2007


Password Safe (https://pwsafe.org) is what I have used for a number of years. Simple, open source, and originally came with Bruce Schneier cred, though I don't believe that he has had anything to do with the project for many years.

Bulgogi Hoagie
Jun 1, 2012

We

Good advice I once heard is to write down you passwords on a piece of paper and store it somewhere safe. Maybe make an abridged copy for the most common passwords you use that you can't be arsed to remember to carry around with you.
This method is free and trusty so yeah.

spog
Aug 7, 2004

It's your own bloody fault.


Lichy posted:

Good advice I once heard is to write down you passwords on a piece of paper and store it somewhere safe. Maybe make an abridged copy for the most common passwords you use that you can't be arsed to remember to carry around with you.
This method is free and trusty so yeah.

Great if your password is 'joshua'

Not so good if your forums password is 'fuu3hiqn0phhy0x95nhyn36f7wapq14e'

Bulgogi Hoagie
Jun 1, 2012

We

spog posted:

Great if your password is 'joshua'

Not so good if your forums password is 'fuu3hiqn0phhy0x95nhyn36f7wapq14e'

Eh if it's below 15 symbols or so it's fine even with completely random passwords. Anyhow maybe I just like micromanaging stupid stuff don't listen to me.

shahadien
Jan 4, 2014



spog posted:

Great if your password is 'joshua'

Not so good if your forums password is 'fuu3hiqn0phhy0x95nhyn36f7wapq14e'

Exactly this, and since my primary security concerns are either a bruteforce attack, or a server-wide password leak...having unique and maximally complex passwords is the only means of mitigation.

Thanks for the responses, everyone. I will be testing out the recommended softwares over the next few days.

EVIL Gibson
Mar 23, 2001

THE CLOUD WILL PROTECT US


Switchblade Switcharoo

KeePass with password plus cert I transfer manually between computers.

After all the business about Dropbox being compromised several times, I wanted a bit more protection.

dox
Mar 4, 2006


Use LastPass with Duo Security for two factor authentication. I have LastPass re-request two factor for banking/financial sites. I highly recommend trying out this setup.

Careful Drums
Oct 30, 2007

I bought platinum. The last time I gave SA money I had to convince my mom to spend :tenbux: with her CC

sauroid posted:

Password Safe (https://pwsafe.org) is what I have used for a number of years. Simple, open source, and originally came with Bruce Schneier cred, though I don't believe that he has had anything to do with the project for many years.

Yeah, this one is nice because i can store the passwordstore file it uses on onedrive/dropbox and have access from all my boxes. But as far as I know its Windows only.

TomWaitsForNoMan
May 28, 2003

By Any Means Necessary


I've tried KeePass, Lastpass, and Dashlane and I an unbelievably happy with Dashlane. It's got pretty much the same functionality as Lastpass but the interface is so much nicer. It's just really nice to use whereas I got frustrated with Lastpass's interface pretty quickly

skipdogg
Nov 29, 2004
Resident SRT-4 Expert


I use lastpass with 2 factor authentication and feel pretty good about it.

jmu
Feb 12, 2004

weoo.org

How timely, Lastpass is having rolling blackouts this morning from a datacenter failure.

We use Lastpass Enterprise for work. Its mostly ok. I used to use it for my personal accounts as well but then the work account kind of mucked that up even though you can "link" the two accounts together. I use 1Password now and I like its interface a lot more. And the fact that I don't have to worry about an outage like today affecting me. Its database lives offline or in Dropbox, iCloud, if you want to sync somewhere. Its primarily a Mac OS/iOS product but the Windows version just got overhauled and works great.

quad damage
Sep 24, 2008



1Password is what I use with 2factor sync to Dropbox for keeping current between my Win/OSX/iOS devices. It's expensive compared to the free/open offerings, but in my opinion the GUI/UX is much nicer. It goes on sale from time to time too.

RhoA
Jul 20, 2014



Strike Hold posted:

1Password is what I use with 2factor sync to Dropbox for keeping current between my Win/OSX/iOS devices. It's expensive compared to the free/open offerings, but in my opinion the GUI/UX is much nicer. It goes on sale from time to time too.

I also use 1Password because it's just easier for me to sync it between all the devices I have. I got the family bundle when it was on sale last. The iOS version is also on sale now for $10 if you just want to use the mobile version to manage your passwords.

SymmetryrtemmyS
Jul 13, 2013



I use LastPass personally and I'm pretty satisfied, but it doesn't make it easy to add custom DOM fields for password detection that it misses. Otherwise, no major problems on my end.

Ynglaur
Oct 9, 2013



One disadvantage of solutions in which you store your own encrypted password file is the growing threat of ransomware. Your password file does you no good if it's in the cloud auto-syncing with your desktop, and your desktop becomes compromised. Suddenly all of your passwords end up behind someone else's encryption. This is one of the reasons I prefer LastPass. That said, I'm sure someone will roll their own private cloud using FreeBSD or something else that ransomware generally doesn't bother targeting.

Mo_Steel
Mar 7, 2008

Let's Clock Into The Sunset Together



Fun Shoe

Ynglaur posted:

One disadvantage of solutions in which you store your own encrypted password file is the growing threat of ransomware. Your password file does you no good if it's in the cloud auto-syncing with your desktop, and your desktop becomes compromised. Suddenly all of your passwords end up behind someone else's encryption. This is one of the reasons I prefer LastPass. That said, I'm sure someone will roll their own private cloud using FreeBSD or something else that ransomware generally doesn't bother targeting.

Ideally speaking users should maintain an incremental backup solution if there are concerns about ransomware. Then it doesn't matter if your PC is hit even if it backs up again because you still have older versions of the files that you can restore from. If you don't have a true backup solution some free cloud hosts offer 30 day versioning as well, like Google Drive, so unless your PC gets hit with ransomware and syncs up and then you wait a month you'd probably be alright.

BurgerQuest
Mar 17, 2009


I print out the database file from keepass and store it in a safe every 30 days.

Factory Factory
Mar 19, 2010

Oh dear, oh my,
that shouldn't be said.


This is starting to sound like a "How to protect your Bitcoin wallet" thread.

CISADMIN PRIVILEGE
Aug 15, 2004

optimized multichannel
campaigns to drive
demand and increase
brand engagement
across web, mobile,
and social touchpoints,
bitch!


Strike Hold posted:

1Password is what I use with 2factor sync to Dropbox for keeping current between my Win/OSX/iOS devices. It's expensive compared to the free/open offerings, but in my opinion the GUI/UX is much nicer. It goes on sale from time to time too.

Initially when people told me 1password the price seemed really high for a place to keep passwords, but after trying one of the free ones and found it really awkward. When I heard a windows version was imminent I bought 1pass for my Mac, and loved it. When the Windows version came out I bought it immediately, and I've had no qualms about buying all the upgrades and recommending it. They've even introduced shared vaults recently which was their one big failing for Someone who works in IT as part of a team. (I know there are a few better options for those who work in large enterprise) but if you're a small shop or just have a bunch of passwords you use daily 1 password can't be beat.

Given the number of times a day I use it I'd say it's a bargain.

Rakeris
Jul 20, 2014



I really like lastpass, it's very user friendly can easily generate and save new username/passwords, can auto fill them in for sites if you like. Has a lightweight desktop app you can use for games, it can even auto fill out some games user/pass info. If not a copy/paste is a couple clicks away. The mobile app seems to work well, I use it rather rarely however. The guys at grc.com gave it a bit of a rundown if you interested in reading it as well. https://www.grc.com/sn/sn-256.htm

After reading some of the posts here Dashlane looks interesting and I may check it out as well.

quad damage
Sep 24, 2008



RhoA posted:

I also use 1Password because it's just easier for me to sync it between all the devices I have. I got the family bundle when it was on sale last. The iOS version is also on sale now for $10 if you just want to use the mobile version to manage your passwords.

The iOS version is great also. With the upcoming touch ID integration it'll be even better.

gary oldmans diary
Sep 26, 2005



Hell Gem

PasteBin.

quad damage
Sep 24, 2008



Lots of passwords do end up there so I suppose you're not wrong.

Isko
May 20, 2008


So I've never used a password manager and was wondering about the disadvantages of using one would be. I mean, if you are using somebody else's computer how would you get the password to log in to your email or something? It seems to me that password managers kind of create a little bit of a hassle when you need to use something other than your own devices. I've wanted to try a password manager before but this has always prevented me.

spog
Aug 7, 2004

It's your own bloody fault.


Isko posted:

So I've never used a password manager and was wondering about the disadvantages of using one would be. I mean, if you are using somebody else's computer how would you get the password to log in to your email or something? It seems to me that password managers kind of create a little bit of a hassle when you need to use something other than your own devices. I've wanted to try a password manager before but this has always prevented me.

If I were to use simple passwords, then I could call up Keepass on my phone and read it, then type it in.

As most of my passwords tend to be things like 'ZJ1OhfYdxKO2h2sXJp49', what I would do is load Keepass on a thumbdrive and run it from there

http://keepass.info/download.html - there is a 'Portable' version

Ynglaur
Oct 9, 2013



Lastpass has a web-based interface which you can use on other computers if you're not concerned about key loggers. It also has a mobile app, though typing long, complex passwords can be an exercise in patience.

quad damage
Sep 24, 2008



It's a trade off you have to be willing to make to increase your password security. It's inconvenient for me as a 1Password user to have to sometimes manually find and type out some long rear end complex password to hook up my Netflix account to my AppleTV (or whatever) but better than having an account more easily compromised due to laziness.

spog
Aug 7, 2004

It's your own bloody fault.


internet jerk posted:

It's a trade off you have to be willing to make to increase your password security. It's inconvenient for me as a 1Password user to have to sometimes manually find and type out some long rear end complex password to hook up my Netflix account to my AppleTV (or whatever) but better than having an account more easily compromised due to laziness.

One thing I like about Keepass is that you can define the complexity of the password.

If it is something that I have to type on an AppleTV (or whatever), I can select a long one that uses only characters - which is a lot easier than trying to find the ` ^ or ' keys

quad damage
Sep 24, 2008



1Password can do this too, but that never really dawned on me to dial down the password length and whatnot on accounts you could class as less sensitive. It's not really a big deal anyway, it's not often I have to do those kinds of things so I'm more than willing to live with the convenience for security trade off.

OtherworldlyInvader
Feb 10, 2005

The X-COM project did not deliver the universe's ultimate cup of coffee. You have failed to save the Earth.




Might be a stupid question, but how do you manage certificates for two factor authentication without it either being a hassle or completely useless?

maltesh
May 20, 2004

TG: brought my phone and i also took my awesome katana with me in case things get too hot to handle
TG: and they always do


OtherworldlyInvader posted:

Might be a stupid question, but how do you manage certificates for two factor authentication without it either being a hassle or completely useless?

If the two-factor authentication generates a QR code (such as those which are compatible with Google Authenticator), you can always take a screenshot, or a regular photo of it, and store that someplace safe. LastPass' Secure Notes capability allows you to store the two-factor authentication images, or you could put them in some other local or online storage, meaning that you don't have to disable two-factor authentication each time you want to add a new device, you can just retrieve the image and add it.

Personally, my devices that have the AUthenticator installed are NFC-using Nexus devices, and I bought about ten NFC tags a year ago. Using the Trigger app, (and if the device is unlocked), I can tap the device on the tag at my computer, and it will open the authenticator app.

RhoA
Jul 20, 2014



internet jerk posted:

The iOS version is great also. With the upcoming touch ID integration it'll be even better.

I've been using the previous version and haven't felt the need to upgrade, but I'll get the new version for the touch ID integration whenever I upgrade to the next iPhone. Having to punch in a long master password to access passwords on the iPhone keyboard drives me crazy sometimes.

mrbass21
Feb 1, 2009


I'm adding a +1 for KeePass. I use Windows, iOS, Linux, and Mac clients. The main password file is protected with AES-256 by default. I use Dropbox to sync my file and have over 30 accounts stored on it. You can choose exactly how your password is generated

You can also define triggers to do automatic backups, which my main computer backs up to two locations on other drives.

On the event that my password file has been saved,%comspec %/c copy "{DB_PATH}" "PATH_TO_BACKUP_LOCATION\{DB_NAME}".

I tried Dashlane, but it was annoying for games like Battle.net client and became annoying (I only played with it for an hour or so). I much prefer KeePass.

If you end up needing a Mac client, get the beta build. The release doesn't support keepass 2.0 files, but the beta does, and I have had no problems with it.

cyxx
Sep 30, 2005

Byon!


So how do these things work on mobile and locked down work computers?

For mobile I'm imagining there's an app that you copy and paste into the appropriate password fields on banking apps and such? (I use iOS)

And locked down work computers I guess I would just copy and paste from a web interfact?

Adbot
ADBOT LOVES YOU

theperminator
Sep 16, 2009

by Smythe


Fun Shoe

Careful Drums posted:

Yeah, this one is nice because i can store the passwordstore file it uses on onedrive/dropbox and have access from all my boxes. But as far as I know its Windows only.

On Linux/Mac you can use Password Gorilla to open the same safes.

I use pwsafe on OSX/iPhone which is pretty good, has TouchID on iOS, Password Safe on Windows

1Pass looks good but pretty drat expensive if you've got a phone, mac and windows machine to consider.

theperminator fucked around with this message at Jan 12, 2015 around 20:25

  • Locked thread
«2 »