Thoughts on password manager

[Chapeau]

Can anyone recommend a solid password manager?

I've never really felt the need but gradually becoming time poor I realize that I haven't been updating my passwords as regularly and have got a bit complacent with one-off (Eg. New shopping acount) websites in particular.

I think it's time to centralize and get a password manager.

Does anyone one has a recommendation that they have used? Tips?

 

[Cmustang87]

I use LastPass and have had great luck with it.

 

[SvenBent]

I use keepaas
Mostly because its opensource and its not depending on some 3rd part service.

http://keepass.info/

howeevr it is a more geeky solutions

 

[Extra-Titanian]

Both ^ are good services. Lastpass has an extremely good track record for both security and usability, and also keeping everyone in the loop if a potential problem arises. Keepass is pretty much every bit as good as Lastpass, but everything is stored locally and you've gotta manually move your database file to every device you want to access your passwords on, and make sure you keep all the files synced yourself. Depends on if you want absolute security or a good tradeoff of security and usability.

 

[Chapeau]

I use LastPass and have had great luck with it.

- Did you go with the premium version or free?

Any ideas on how these guys are making money?
- The consumer in me wonders exactly how these work as a business. Are they ad supported? What's the catch?

 

[Cmustang87]

It is a freemium service, and owned by LogMeIn, Inc. I use the free version, but that's because I don't really need it on my mobile device. If you want LastPass synced across your mobile and desktop/laptops you will need Premium.

There are other free/paid softwares that are probably more secure in some regards, but they require a bit more work. KeePass is one such example, but it requires you to have a local keystore file that itself is encrypted.

 

[Cmustang87]

Basically it comes down to the two most well known options:

If you like a ton of nerd knobs and controlling it yourself: KeePass
If you want a more user-friendly seamless solution, go with LastPass.

 

[SvenBent]

Both ^ are good services. Lastpass has an extremely good track record for both security and usability,.

full disclosure i haven used last pass.
but iswear that alone this years [H] hard two nes about last pass server beeing hacked.
Thats why i preffer something that is not depending on others ( but then again its a bit more of a hassle)

 

[Chapeau]

full disclosure i haven used last pass.
but iswear that alone this years [H] hard two nes about last pass server beeing hacked.
Thats why i preffer something that is not depending on others ( but then again its a bit more of a hassle)

Interesting point - and thanks for the link.

I've done some light reading into android usage in particular. seems like I'm stuck with a third party app to bring Keepass to the party. Not a huge issue for me aside from finding something that is convenient to stick with.
Do you use Keepass on mobile? How do you go about it?

 

[SvenBent]

Interesting point - and thanks for the link.

I've done some light reading into android usage in particular. seems like I'm stuck with a third party app to bring Keepass to the party. Not a huge issue for me aside from finding something that is convenient to stick with.
Do you use Keepass on mobile? How do you go about it?

i used ermme.. gdi let me get my phone


keepaas2android.. the only issues i have is that it does not autodetect what password to use. and than i have to copy the data base to my phone manually. ( there are other options but havent set it up yet)
But that is again the reason why keepass is a bit more of a hassle since there is no 3rd party involved it all depends on you to set it up.

But keep in mind i love that i have to do it manually i feel better that its me that has control.
That might not be a thing for you though. So consider the up/down of the "self control/responsability"

 

[Dead Parrot]

Mine is old school and will make most security experts wince but I keep my account/password list on two sheets of paper. Can't be remotely accessed and doesn't require an Internet connection to access. And it won't go out of business in six months.

 

[Chapeau]

Mine is old school and will make most security experts wince but I keep my account/password list on two sheets of paper. Can't be remotely accessed and doesn't require an Internet connection to access. And it won't go out of business in six months.

I do this for some things also - physical security for online things isn't such a bad idea.

But practically speaking my list is getting out of control....

 

[Bandalo]

full disclosure i haven used last pass.
but iswear that alone this years [H] hard two nes about last pass server beeing hacked.
Thats why i preffer something that is not depending on others ( but then again its a bit more of a hassle)

You need to look into the details of those hacks...no customer data was compromised. One was a recent flaw in the browser plug in that was never seen in the wild. The last one was mid-2015 I think, and they didn't get any user password vaults, just some e-mail lists from the company.

 

[leezard]

Lastpass user here also, I did have the premium version for a while but I really didnt need to access it on mobile. integrates well with all browsers that support plug ins. I change my master password about twice a year just because.

 

[Raekwon]

Android syncing is now free with LastPass. I use a free personal account on a desktop and an Android phone. I also use an Enterprise account at work. Love it.

 

[wolfofone]

I use Keepass on Windows and KeepassDroid on Android. I like that you can encrypt the database using a passphrase and a key file. Use a cloud service (Dropbox, One Drive, ect) or BitTorrent (Resillio now) Sync to sync the encrypted database and transfer the key file out of band or keep on USB/micro USB flash drive.

Reading up on it recently apparently it is not actually two factor auth but its close IMO.

Edit iirc even though it is something you know + something you have because both pieces feed into the same decryption key, its more like a more complicated single factor auth heh.

Wow sorry for the typos, damn touchscreens!

 

[Sayth]

I switched from Keeper to LastPass and haven't looked back. I'm super paranoid about my passwords, but the number of passwords I was writing down or making too simple so I could remember was getting out of hand. As for breaches, so far LastPass has been exemplary in terms of fast response and mitigating to loss of data. As far as I know, no useable user names/password combinations have been exfiltrated as of yet. Tavis Ormandy ehite hat hacker of Google project zero has been keeping tabs on LastPass and keeping them honest!

Also... It's now ENTIRELY FREE! On any device. I got this list of "added features" you get on the premium account from their site. Kind of also the reason I switched...

• Family password sharing (up to 5 users, with the Shared Family Folder)
• 1GB encrypted file storage
• Priority customer support
• Extra security with Premium two-factor authentication (YubiKey and Sesame)
• Desktop application logins (with LastPass for Applications)
• Desktop fingerprint identification
• An ad-free vault

Happy hunting!

 

[Extra-Titanian]

I've gotta try setting up my YubiKey with it again.