Password Managers

[shea99]

Hi was just wondering if anyone could recommend any password managers that the either have experience with or know are well reviewed ?

EDIT: have just noticed that keepass2 is recommended int the free and open source sticky has anyone got any experience with it as ive heard last pass is also recommended 

[paddy-stone]

I use both lastpass and keepass, mostly lastpass for online, websites etc... and keepass for general passwords and documents.

Both have their uses. Just try them out, both are free.

[shea99]

1 minute ago, paddy-stone said:

I use both lastpass and keepass, mostly lastpass for online, websites etc... and keepass for general passwords and documents.

Both have their uses. Just try them out, both are free.

Ok might give both a try then cheers

[minibois]

I am using Keeppass, which is quite nice (maybe it's UI isn't as fancy though) and you can configure it to be quite safe.

[mikat]

I use lastpass and it's great, 2fa on the app & fill with fingerprint on my android device works wonderfully

[Tiberiusisgame]

Not kidding here... buy yourself a small, black book and physically write your passwords down. Digitally storing your passwords is fine in a work environment where your company may share passwords and is willing to accept the liability of compromised accounts, but for your personal information, relying on cloud-based solutions where encryption at-rest and in-transit, as well as physical assurance, is subject to the laziest engineer, isn't a risk I'm willing to take. It's only ever a matter of time before your data ends up in the wrong place. LastPass has been breached before, back in 2015, and I'll bet they did the bare minimum to correct that. If you don't have amazing insurance, store your passwords far from the reach of the keyboard cowboy.

 

if you can't remember your passwords, consider following better practices for password creation that allow you to remember them easier. NIST finally admitted that our current password standards/requirements have only added to the complication of remembering them.

[mikat]

1 minute ago, Tiberiusisgame said:

Not kidding here... buy yourself a small, black book and physically write your passwords down. Digitally storing your passwords is fine in a work environment where your company may share passwords and is willing to accept the liability of compromised accounts, but for your personal information, relying on cloud-based solutions where encryption at-rest and in-transit, as well as physical assurance, is subject to the laziest engineer, isn't a risk I'm willing to take. It's only ever a matter of time before your data ends up in the wrong place. LastPass has been breached before, back in 2015, and I'll bet they did the bare minimum to correct that. If you don't have amazing insurance, store your passwords far from the reach of the keyboard cowboy.

 

if you can't remember your passwords, consider following better practices for password creation that allow you to remember them easier. NIST finally admitted that our current password standards/requirements have only added to the complication of remembering them.

I understand your concern about security but that's just a big hassle, password managers are there to be easy to use and more secure than having a single password on all sites.

[Tiberiusisgame]

Just now, mikat said:

I understand your concern about security but that's just a big hassle, password managers are there to be easy to use and more secure than having a single password on all sites.

Password Managers aren't meant to fix the problem of reusing passwords. That's user-error; software won't fix that. Is it a hassle to take your keys out of your bag to open your door when you get home? Would it make more sense to put all of your keys in a pin-entry lockbox hanging on your front door? That choice is... well, a choice. Risk vs. Reward. I'm advising caution in relying on 3rd parties to solve simple problems like this for us.

 

FYI, if you're just looking to avoid logging into sites you browse on your home computer, your browser can cache all those passwords for you. If the site is sensitive enough to cause financial harm, i.e. email or banking, memorize your password.

[BlueCrazii]

Lol i just have multiple password that arent like each other and i still remember them

 

Aka just remember them "ps my brain is like a glass with holes just so you know"

 

@mikat Nice personal message you got there (:O NETHERLANDS)

[shea99]

5 minutes ago, Tiberiusisgame said:

Password Managers aren't meant to fix the problem of reusing passwords. That's user-error; software won't fix that. Is it a hassle to take your keys out of your bag to open your door when you get home? Would it make more sense to put all of your keys in a pin-entry lockbox hanging on your front door? That choice is... well, a choice. Risk vs. Reward. I'm advising caution in relying on 3rd parties to solve simple problems like this for us.

 

FYI, if you're just looking to avoid logging into sites you browse on your home computer, your browser can cache all those passwords for you. If the site is sensitive enough to cause financial harm, i.e. email or banking, memorize your password.

I understand your concern however it would be predominately for things that i want secure enough through a password manager, personal sensitive information would still be secure through the method you mention but even this has risks  but this will be used more for social accounts etc 

[shea99]

2 minutes ago, BlueCrazii said:

Lol i just have multiple password that arent like each other and i still remember them

 

Aka just remember them "ps my brain is like a glass with holes just so you know"

 

@mikat Nice personal message you got there (:O NETHERLANDS)

i cant physically devote the time to allow myself to remember secure passwords for every account i have and would need a fucking novel to write them all down 

[shea99]

9 minutes ago, Tiberiusisgame said:

Password Managers aren't meant to fix the problem of reusing passwords. That's user-error; software won't fix that. Is it a hassle to take your keys out of your bag to open your door when you get home? Would it make more sense to put all of your keys in a pin-entry lockbox hanging on your front door? That choice is... well, a choice. Risk vs. Reward. I'm advising caution in relying on 3rd parties to solve simple problems like this for us.

 

FYI, if you're just looking to avoid logging into sites you browse on your home computer, your browser can cache all those passwords for you. If the site is sensitive enough to cause financial harm, i.e. email or banking, memorize your password.

Also for your point on browser caching id rather google not have the ability to know the passwords to all my accounts 

[Tiberiusisgame]

4 minutes ago, shea99 said:

I understand your concern however it would be predominately for things that i want secure enough through a password manager, personal sensitive information would still be secure through the method you mention but even this has risks  but this will be used more for social accounts etc 

Oh, well then by-all-means, though this is largely the same as browser-managed passwords minus the cloud-syncing, which is the vulnerable bit. Don't use Google Chrome and Google won't know your passwords ;-) Actually, in all honesty, if you ever communicated your sensitive information through your Google account, they have it already... but that's unavoidable, right? Who doesn't use GMail these days.

 

Bruce Schneier, a very famous man in the security community, wrote a few programs for password management. No cloud-sync, less risk.

https://www.schneier.com/academic/

[mikat]

7 minutes ago, BlueCrazii said:

Lol i just have multiple password that arent like each other and i still remember them

 

Aka just remember them "ps my brain is like a glass with holes just so you know"

 

@mikat Nice personal message you got there (:O NETHERLANDS)

Personal message? You mean the Signature? Or the thing under my post count?

[NotTristan]

Just now, shea99 said:

i cant physically devote the time to allow myself to remember secure passwords for every account i have and would need a fucking novel to write them all down

This is what I recommend. FIrst off I personally wouldn't trust any password manager to my important passwords, just seems wayyyy to risky. but this is what I recommend to people with poor memory. Say you want a password for all your social media accounts. it could start with 'S' then some random characters like 'S2knlpR3' or you can even go full 1337 and do like S0c14l or something like that. but in my opinion don't use a password manager, one good leek and ALL your passwords are there for the public, bank accounts, paypal, facebook, email, etc.

[mikat]

Just now, NotTristan said:

This is what I recommend. FIrst off I personally wouldn't trust any password manager to my important passwords, just seems wayyyy to risky. but this is what I recommend to people with poor memory. Say you want a password for all your social media accounts. it could start with 'S' then some random characters like 'S2knlpR3' or you can even go full 1337 and do like S0c14l or something like that. but in my opinion don't use a password manager, one good leek and ALL your passwords are there for the public, bank accounts, paypal, facebook, email, etc.

Yes but the point is that if they get leaked, they're just 20 character random passwords so you rotate all your passwords and it's all good

[Heffe_The_Boss]

1 minute ago, shea99 said:

i cant physically devote the time to allow myself to remember secure passwords for every account i have and would need a fucking novel to write them all down 

 

 

Make like4 passwords, and remember them... one for each of these categories

 

 Non financial - Non Personal (Forums, and junk sites)

 Non financial - But with personal information (Youtube, Social email, social media)

 Financial Only (Banking )

 Soft Financial (Paypal, amazon  or anywhere else you make purchases linked to primary bank account)

[BlueCrazii]

1 minute ago, mikat said:

Personal message? You mean the Signature? Or the thing under my post count?

I mean the thing under your postcounter

[mikat]

Just now, BlueCrazii said:

I mean the thing under your postcounter

Haha it's what linus is saying in my profile picture

[NotTristan]

2 minutes ago, mikat said:

Yes but the point is that if they get leaked, they're just 20 character random passwords so you rotate all your passwords and it's all good

yes but MY point is that your passwords 'probably' won't be leaked in the first place or be sold to some poor schmuck, and often when companies have leaks like this they don't say that there was a leak until much after the fact. look at yahoo or others, sometimes they waited months to tell you there was a leak. 

[Tiberiusisgame]

Okay, at the risk of sounding like a jerk, there are some very dangerous suggestions here. This is for future searchers.

 

Read NIST's new guidelines here : https://pages.nist.gov/800-63-3/sp800-63-3.html

Or read someone's analysis of the new guidelines, like here:

https://auth0.com/blog/dont-pass-on-the-new-nist-password-guidelines/

[mikat]

Just now, Tiberiusisgame said:

Okay, at the risk of sounding like a jerk, there are some very dangerous suggestions here. This is for future searchers.

 

Read NIST's new guidelines here : https://pages.nist.gov/800-63-3/sp800-63-3.html

Or read someone's analysis of the new guidelines, like here:

https://auth0.com/blog/dont-pass-on-the-new-nist-password-guidelines/

It's a matter of how much effort you're willing to put into account safety, for me that's less than for you

[shea99]

5 minutes ago, NotTristan said:

This is what I recommend. FIrst off I personally wouldn't trust any password manager to my important passwords, just seems wayyyy to risky. but this is what I recommend to people with poor memory. Say you want a password for all your social media accounts. it could start with 'S' then some random characters like 'S2knlpR3' or you can even go full 1337 and do like S0c14l or something like that. but in my opinion don't use a password manager, one good leek and ALL your passwords are there for the public, bank accounts, paypal, facebook, email, etc.

The trouble is my memory obviously if i could i would but my idea was that i wouldnt let these apps have data for my more sensitive password protected stuff and instead would devote these to my memory 

 

[Tiberiusisgame]

Just now, mikat said:

It's a matter of how much effort you're willing to put into account safety, for me that's less than for you

I agree with you completely. Get back to me on that when you've lost your life savings...

[mikat]

Just now, Tiberiusisgame said:

I agree with you completely. Get back to me on that when you've lost your life savings...

Oh I don't store my banking information in lastpass, it's not secured by password but by other means