Password Manager

[spree]

Should you use one? How do they work? What happens if the company themselfs get hacked and all your passwords get leaked?

 

And which is the best password manager?

[Guest]

A password manager is typically used to store all of your personal passwords of which are all strongly encrypted. For a good password manager, I'd recommend last pass.

[lieder1987]

I recomend 1Password

 

[Techicolors]

Lastpass is pretty good. works very well across all platforms 

[spree]

2 minutes ago, Technicolors said:

Lastpass is pretty good. works very well across all platforms 

Hey I saw some good reviews on lastpass. Should I install it as an addon or from their website as a program?

[Techicolors]

4 minutes ago, spree said:

Hey I saw some good reviews on lastpass. Should I install it as an addon or from their website as a program?

the standalone program kinda sucks. pick the addon, and the app for your phone / tablet. 

[spree]

4 hours ago, Technicolors said:

the standalone program kinda sucks. pick the addon, and the app for your phone / tablet. 

Thanks!

[spree]

On 2018-02-27 at 1:51 AM, Pangea2017 said:

Don't use cloud password manager. If you lose the file AND the pw or you use a weak pw all passwords are broken. Pw manager are better then unsafe passwords or the same for multiple accounts. 

 

KeePass as a open source rogramm. Free open source smartphone apps are also available.

I'm sorry what do you mean with " If you lose the file AND the pw or you use a weak pw all passwords are broken" ?

[spree]

On 2018-02-27 at 1:30 AM, lieder1987 said:

I recomend 1Password

 

Why did you pick 1password over dashlane or lastpass for example? I'm not questioning your decision, I just wanna know.

[geo3]

Why are they're currently 3 threads about this subject on the top of the forum?

[lieder1987]

7 hours ago, spree said:

Why did you pick 1password over dashlane or lastpass for example? I'm not questioning your decision, I just wanna know.

I liked the price, IOS integration, reviews, and the interface.

[spree]

7 hours ago, Pangea2017 said:

the file get stolen - no problem mathematics (encryption) keep it safe

you lose you password - no problem they also need the file (enough time to change all the passwords and kill the value of this file)

you lose your password and the file - all of your passwords are now no longer safe

you lose your file but it have a weak password - it get cracked and again all of your passwords are unsafe

 

1. keep your file safe as possile but it can get stolen without problem

2. use a strong password!

3. change the passwords from time to time

What file are you talking about? Are you talking about if you use a local password manager?

[spree]

On 2018-02-27 at 2:03 AM, Technicolors said:

Lastpass is pretty good. works very well across all platforms 

Do you know if using "SMS Account recovery" is less secure or more secure?

[spree]

On 2018-02-27 at 1:22 AM, TheBeastPC said:

A password manager is typically used to store all of your personal passwords of which are all strongly encrypted. For a good password manager, I'd recommend last pass.

Do you know if "SMS Account recovery" is less secore or more secuary?

[Mira Yurizaki]

I've been having some issues with LastPass lately where I tell it to update a password, but it doesn't.

 

So LastPass is been kind of hit and miss for me lately.

[spree]

On 2018-02-28 at 9:09 PM, Pangea2017 said:

Good password manager can not offer recovery! They don't know the password or the data unless you combine these two things.

 

Also lassPas had some problems in the past.

Well lastpass doesnt know your password. So even tho I appreciate your answer, I would also aprreciate it more if you simple answer with "I dont know how it works" rather than saying that lastpass knows your password.

[spree]

On 2018-03-02 at 9:27 PM, Pangea2017 said:

How can they offer recovery without knowing the password? at some point they need information to decrypt the passwords/file and allow you to set a new.

If they just store a encrypted database and you forget the password it is lost, this is called strong encryption.

https://lastpass.com/support.php?cmd=showfaq&id=4616

They do have this information (don't know what a rOTP is but a salted hash would be no surprise) and the Addon was under attack in the past.

 

It was under attack, alltho nothing was stolen, luckily.

Same attack could've happened on 1password, dashlane as well because they had the same vulnerbility.

 

One question about password managers that does not use the cloud - what happens if your house for example burns down?

 

 

[Guest]

Have you tried RoboForm?

[spree]

On 2018-03-04 at 4:25 PM, panibor said:

Have you tried RoboForm?

Nope, is it a cloud manager or local?

[Guest]

On 3/6/2018 at 5:49 AM, spree said:

Nope, is it a cloud manager or local?

Cloud.

Comes with a yearly fee of 20$.

 

I use it since 2005 or something. Not sure.

A very reliable app.

[RixzZ]

I would recommend Bitwarden.

 

It's completely opensource, free for most of the things and if you want you can even selfhost it. Also, it has a very active development.

 

You also can buy a Premium Membership so you can attach files up to 100MB to entries or use a thing called organizations to share some passwords with whoever you want.

[kirashi]

On 2/26/2018 at 4:11 PM, spree said:

Should you use one? How do they work? What happens if the company themselfs get hacked and all your passwords get leaked?

And which is the best password manager?

On 2/26/2018 at 5:06 PM, spree said:

Hey I saw some good reviews on lastpass. Should I install it as an addon or from their website as a program?

You should use one if you have a lot of passwords to remember, and aren't good at remembering them, or your password scheme.

They work by allowing you to create an encrypted list of logins and passwords for multiple services that syncs across multiple devices.

Assuming the service uses properly salted and hashed encryption, and your master password is strong enough, it won't get hacked or leaked.

The best password manager is the one that works the best for you.

 

Personally, I cannot recommend using any password manager that is closed source. Why? You have no way to know how truthful they are regarding their encryption algorithm or whether they have a backdoor in case a government agency (from various countries, not just the USA) comes knocking. With something like KeePass, at least the user (and entire community) have access to the source code, so they can disseminate any vulnerabilities among the public, allowing the developers to ensure maximum security in future releases of the product.

[J.b091]

On 3/14/2018 at 6:09 AM, kirashi said:

You should use one if you have a lot of passwords to remember, and aren't good at remembering them, or your password scheme.

They work by allowing you to create an encrypted list of logins and passwords for multiple services that syncs across multiple devices.

Assuming the service uses properly salted and hashed encryption, and your master password is strong enough, it won't get hacked or leaked.

The best password manager is the one that works the best for you.

 

Personally, I cannot recommend using any password manager that is closed source. Why? You have no way to know how truthful they are regarding their encryption algorithm or whether they have a backdoor in case a government agency (from various countries, not just the USA) comes knocking. With something like KeePass, at least the user (and entire community) have access to the source code, so they can disseminate any vulnerabilities among the public, allowing the developers to ensure maximum security in future releases of the product.

Can you tell me if Lastpass is open source or closed source?

Right now I'm using it. Should I switch to something open source if it's closed source?

[nothin.here]

I have been using safeincloud for more than three years

 

It is simple and done the job quite well

 

However the cloud sync feature is quite different since it will let you use your own cloud instead (dropbox,gdrive, etc)

 

in order to get to your "safe" file on the cloud, you need two passwords ( your cloud's password and another password to decrypt your "safe" file so I think its quite secure

 

the only HUGE problem with this is if you forget your password to decrypt your "safe" file, there is no way to retrieve your data back ( I lost mine twice)

 

BTW, its free with some limitation

to unlock all feature you need the "pro" one and its not subscription basis

[kirashi]

9 hours ago, J.b091 said:

Can you tell me if Lastpass is open source or closed source?

Right now I'm using it. Should I switch to something open source if it's closed source?

The normal Lastpass clients that most people use are closed source. There is an open-source command line client, as noted in this reddit thread, however, it's not practical for most users to download, analyze, then compile their own client using customized salted hashes prior to actually uploading their passwords to the Lastpass service. (If you're game on this, then have at it, since this would guarantee that Lastpass cannot read your passwords.)

 

I personally don't use a password manager, aside from my brain, but if I had to pick one I'd go with Keepass/KeepassX, storing my encrypted database both on local duplicated storage (a drivepool array of duplicated disks) and in Dropbox so I could access it from my phone on the go.