Looking for Password Manager recommendations?

[Guddu2k17]

Hi, till now I have been keeping all my passwords in notepad and manually copying it where it is needed to sign in. It's kinda difficult and even more difficult in mobile. So, I was looking at Dashlane and LastPass and sometimes ago I heard that LastPass database was hacked so upon googling, I found some articles that it was true.

So I kept on searching and people nowadays recommending open source pass manager like KeePass to be completely safe.

What are you using yourselves and what do you recommend?

Thanks in advance!

 

[mikeymikec]

There's no such thing as "completely safe", and you framed your question to pretty much mean "how can I make my password management less secure?", when you introduced convenience as a relevant factor.

Generally speaking:
More secure = less convenient
More convenient = less secure

I have been keeping all my passwords in notepad and manually copying it where it is needed to sign in

I have a similar system. For truly unimportant stuff (in terms of the security of my personal data) I let the browser save the password. For some highly sensitive bits of information/access, I only have the login details memorised.

 

[lxskllr]

Keepass and/or one of its forks. Crossplatform for just about every feasible system, and libre software. Specifically, I use KeepassX on gnu/linux, and keepassdroid on Android.

 

[ch33zw1z]

I've personally been using Safe in Cloud. End up with two very secure passwords I need to remember. safe in cloud's db password, and the cloud server i use to sync it.

works well so far, started helping others migrate to it.

 

[RLGL]

I used robo form in the past, switched to LastPass about one year ago

 

[sourceninja]

All lastpass hacks have been around tricking it into inputing passwords or tricking users into thinking they are using lastpass to get your master password. The database has not been compromised.

 

[ch33zw1z]

I thinks it's important to note that I don't use browser plugins for safe in cloud either. I feel that adds additional security risks

 

[repoman0]

Keepass and/or one of its forks. Crossplatform for just about every feasible system, and libre software. Specifically, I use KeepassX on gnu/linux, and keepassdroid on Android.

This is my favorite too. Key file goes on all the computers / devices you need, strong password goes in your head, and then you can freely share the actual database file over whatever channel (e-mail, dropbox, cloud etc) without worrying about compromising it.

 

[ky54]

FWIW I've been using Lastpass for about 6 years. Never had a single issue but would I recommend it? None of them are foolproof so I say go with what you feel comfortable with.

 

[SMOGZINN]

This is my favorite too. Key file goes on all the computers / devices you need, strong password goes in your head, and then you can freely share the actual database file over whatever channel (e-mail, dropbox, cloud etc) without worrying about compromising it.

I do something like this as well. I have the portable version of Keepass in my Dropbox along with the database file, then I have the key file on a USB drive on my keychain and with it all I need is my keys, my Dropbox password, and my database password. With that I can get all my account information from any computer with an internet connection.

Keepass will allow you to have some super paranoia level of encryption on your database, and can be set up to require two-factor authentication with both a master password and keyfile to decrypt. You can sacrifice some security for convenience by choosing to use a keyfile or password and not both.

 

[ch33zw1z]

Has anyone used the spideroak manager? I was just looking at their site and noticed it

https://spideroak.com/encryptr/

 

[Guddu2k17]

Yes keepass seems good coz I don't feel safe storing my passwords in a cloud managed by any company. I know they will say that they CANT even look at the passwords of their clients and is encrypted using 256-bit encryption but think about this, they made that password manager software and they did all the coding. Who knows what they do in the background. They are not gonna say it out loud.

 

[Billb2]

Another vote for Lastpass.

You can login to Lastpss from any computer you're on and then logon to anything in Lastpass. Lots of nice features - automatically generate secure passwords and automatically change passwords. Been using it for 4 years, desktop and mobile, and no issues at all.

 

[balloonshark]

Another vote for keepass. I gave up a long time ago trying to remember passwords. That's especially true now that I'm up to 7.5 written pages of usernames and passwords.

P.S. I also agree with not liking a password manager that stores data in the cloud. Plus the about me of last pass used to say they were located just outside D.C. Now I guess they are owned by logmein whoever that is. Let's not forget that these companies can be sold or bought by anyone which is another good reason to use open source software.

Just be sure to use a good master password and keep database backups in multiple locations. It wouldn't be a bad idea to have one at another property or online in case your home catches fire.

 

[PowerEngineer]

Another vote for KeePass and for the virtues of local stoarage.

 

[Pardus]

LastPass gets my vote.

 

[Alpha One Seven]

Hi, till now I have been keeping all my passwords in notepad and manually copying it where it is needed to sign in. It's kinda difficult and even more difficult in mobile. So, I was looking at Dashlane and LastPass and sometimes ago I heard that LastPass database was hacked so upon googling, I found some articles that it was true.

So I kept on searching and people nowadays recommending open source pass manager like KeePass to be completely safe.

What are you using yourselves and what do you recommend?

Thanks in advance!

There is none better than your own human brain.

 

[Guddu2k17]

There is none better than your own human brain.

I know but it's not possible to use the brain to remember different high strong passwords for different sites throughout the day right?

 

[Alpha One Seven]

I know but it's not possible to use the brain to remember different high strong passwords for different sites throughout the day right?

I do it, so it IS possible. You do realize that the guy that made up the rules about a strong password has since said it was a big mistake and has had the effect of making passwords easier to crack by algorithm

https://www.nbcnews.com/tech/securi...now-about-passwords-says-man-who-made-n790711.

 

[lxskllr]

I do it, so it IS possible. You do realize that the guy that made up the rules about a strong password has since said it was a big mistake and has had the effect of making passwords easier to crack by algorithm

https://www.nbcnews.com/tech/securi...now-about-passwords-says-man-who-made-n790711.

He's not talking about random passwords generated by a decent manager. He's talking about trivial substitutions people make by using character substitution. It's been long known they're susceptible to attack. That's why a properly random generated password is good. I use a couple ridiculously long, memorable passwords as masters to get into databases, but after that, I let the password manager generate them for me. Aside from that, some sites use highly restrictive password form, that won't allow for length. The only decent answer is randomization.

 

[Guddu2k17]

I saw a video on youtube and its recommended to keep a strong stupid with no meaning sentence as the master pass.

Also, I am literally hanging towards LastPass because they have a country exclusion login feature. We can exclude logins from other countries that Dashlane can't, just had a chat with Dashlane support. They said they are gonna implement that soon. Also, the support agent told me that Premium users get more fast and quick support than FREE users.

Any other managers that have the feature to exclude logins from other countries? I am about to get premium. I looked at KeePass but I was sold on the UI and smoothness of LastPass and Dashlane.

 

[Puffnstuff]

I use lastpass, norton vault and bitwarden and favor lastpass. Just turn off autofill so it doesn't mess with sites that require manual entry.

 

[WilliamM2]

The main issue with all the password manager applications is that they cannot rule out the human factor. In other words, you must use an email account as your connection to the software. If you forget your password to your password manager or the email account you associate with it gets hacked, you can say goodbye to all your passwords.

I've never had to use an email address at all for Keepass. Not sure what you mean there.

And for those that are really paranoid, store the Keepass data file in a hidden encrypted folder.

 

[bob4432]

Just to verify, is this the correct website for KeePass - https://keepass.info/

 

[lxskllr]

Just to verify, is this the correct website for KeePass - https://keepass.info/

Yup