Password Managers

I've been a happy user of 1Password since 2007 and it just keeps getting better and better. Currently 1,247 items in it. :D
 
When I started this thread we were a Windows household, but no more. Fortunately iOS & Mac OS have a strong password manager built in it seems! And I still keep about 10 of our most sensitive passwords, each unique and “strong”, completely offline - not in iOS or anywhere else. I may not need a password manager app after all?
 
I did switch from LastPass a few months ago but went to 1Password which seems to be the best overall for us. So far, happy with it. DH and I both use it with a family account.
 
I switched from lastpass to bitwarden and am happy with the switch. Some slight differences at first but mainly a case of what you've been used to.
 
brett said:
Not certain why I would bother or even trust a password manager.
Click to expand...

Me either, but I keep reading this thread with interest. Right now, I just use a spreadsheet. I have it password protected which encrypts it so I feel that it’s pretty safe. I can cut and paste passwords, so it’s pretty easy. It does not integrate seamlessly with my other equipment because it’s loaded on my PC. So if I need a password for something that’s on my phone, I do have to go look it up. So far though, it’s working pretty good for me.
 
Midpack said:
When I started this thread we were a Windows household, but no more. Fortunately iOS & Mac OS have a strong password manager built in it seems! And I still keep about 10 of our most sensitive passwords, each unique and “strong”, completely offline - not in iOS or anywhere else. I may not need a password manager app after all?
Click to expand...


I looked at using iCloud Keychain before choosing 1Password. If you’re only on Apple devices, it’s a good alternative to a full blown password manager. I think they even have plugins available for Chrome if you need access on Windows.

It does lack a number of features though. The biggest for me were password sharing with others and the ability to enter notes for entries on an iOS device. You can add notes using the Mac app, but it’s not nearly as seamless as other password managers (in my case 1Password).

But if you’re in the Apple ecosystem and only need to store passwords, iCloud is a good option.
 
Midpack said:
When I started this thread we were a Windows household, but no more. Fortunately iOS & Mac OS have a strong password manager built in it seems! And I still keep about 10 of our most sensitive passwords, each unique and “strong”, completely offline - not in iOS or anywhere else. I may not need a password manager app after all?
Click to expand...

I do the same. My account-name/passwords for my financial accounts are kept in my head.

For pretty much everything else the Apple password management system works great and I’m happy to use it.
 
I bailed out of LastPass and started KeePassXC/KeePassXC-Browser, which is free and open source. I like that they won't be playing the game of bait and switch. I paired this with SyncThing, to move the encrypted blob around. Still learning...a few bumps in the road, but they seem to have thought of everything. Export from LastPass and import was easy, but LastPass was more relaxed about URL matching. So getting KeePass to offer passwords in some cases required pasting an additional URL into the system.
 
Last edited:
I migrated from LastPass to BitWarden about 3 years ago. The migration went smooth and no surprises. I moved to BitWarden since it supports hardware based two-factor authentication. I use Yubikey as a hardware token generator. At the time, Lastpass did not support hardware 2FA. And BitWarden premium is still cheaper than Lastpass. I like the fact that Bit Warden is open-source so it is scrutinized better for security flaws than any private company software.


PS: I use BitWarden on Windows PC, Mac, iPhone, Android phone, etc. I use NFC Yubikey to login on phones.
 
Last edited:
brett said:
Not certain why I would bother or even trust a password manager.
Click to expand...


To the second part of your comment, I trust the open-source KeePass because I never save the encrypted database to any third-party cloud server. It's all under my control.

sengsational said:
I bailed out of LastPass and started KeePassXC/KeePassXC-Browser, which is free and open source. I like that they won't be playing the game of bait and switch. I paired this with SyncThing, to move the encrypted blob around.
Click to expand...


Syncing the database among multiple devices is probably the biggest headache with non-cloud (local) solutions. I do that for other data anyway, so for me it's no big deal. But I hadn't heard of SyncThing, thanks for the heads up! Looks like a great solution; open source and open protocols.
 
I really like KeePassXC except for one reason. That is, the window doesn't minimize much. Thus, for my Windows machine I use another password manager as I like having just a small window that doesn't take up too much screen real estate.
 
CaptTom said:
Syncing the database among multiple devices is probably the biggest headache with non-cloud (local) solutions. I do that for other data anyway, so for me it's no big deal. But I hadn't heard of SyncThing, thanks for the heads up! Looks like a great solution; open source and open protocols.
Click to expand...
I just found a September 2021 video that walks you through all of the steps to get KeePassXC/Syncthing running on Windows/Android.
 
pjigar said:
I migrated from LastPass to BitWarden about 3 years ago. The migration went smooth and no surprises. I moved to BitWarden since it supports hardware based two-factor authentication. I use Yubikey as a hardware token generator. At the time, Lastpass did not support hardware 2FA. And BitWarden premium is still cheaper than Lastpass. I like the fact that Bit Warden is open-source so it is scrutinized better for security flaws than any private company software.


PS: I use BitWarden on Windows PC, Mac, iPhone, Android phone, etc. I use NFC Yubikey to login on phones.
Click to expand...

+1, except I moved from 1Password to BitWarden. No real surprises, works well, and it is free. I am satisfied with the encryption and sync it across my iPhone and macs. 279 entries in my vault.
 
1Password and 2fa where possible. I really like 1password due to the ability to change generated password rules. Recently started moving to longer pass phrases based on research on time it takes to crack a password. Here is that link:

https://bitwarden.com/password-strength/

Basically, any password 8 chars long takes about a minute to brut force decipher. You need 14 chars and up to achieve ‘centuries’ status.
 
About a year I got involved with an unusual project to gather information for a fairly well-known court case. It's all on the up and up but "operational security" is paramount. One of our team members is an expert on computer security, retired from a National Laboratory, has written several books on the subject, and used to be part of the group that advised the NSA, FBI, and so forth.

He convinced me at the time to use a password manager among other things. I took a major step up in securing my home network, using a VPN, and signing up for Lastpass. I also use a different, random password on each site that matters. I'm honestly not worried if someone hacks my early-retirement.org account and similiar forums though so I tend to reuse on many sites. Most of my financial accounts have random passwords that are dozens of characters long because it is easy with LastPass.

But...my big complaint is that anytime I use a new device there is a big hassle to go through! Usually it wants me to enter my master password which of course exposes me to a keylogger on a public computer (which I rarely use) but also on wifi in airports and so forth. It's also possible to use a camera to watch someone enter their password and get a pretty good idea what it is.

My Lastpass renewal comes up in November. I don't know if I will renew. In some ways it is very convenient but now that I am more mobile, it adds some inconveniences as well. And it is an obvious target of hackers.

My previous solution was an Excel file with a password - not good. I am currently experimenting with a version of that on a USB drive with Veracrypt. But USB drives have their own issues. I'm also considering a biometric device.

There is no perfect solution!
 
+1. No solution is perfect.

IMO, have to weigh how secure vs how inconvenient to use.

Don't want a "solution" that is so easy to guess nor one that is such a pain to use, you'd never use it.
 
I use 8 character with a big character set and it's good enough for most cases. Yes 3 minutes to brute force in an offline attack, but an offline attack is unlikely. Having 8 characters means I can type it, if I get in a situation where pasting isn't possible.
 
SecondAttempt said:
...
But...my big complaint is that anytime I use a new device there is a big hassle to go through! Usually it wants me to enter my master password which of course exposes me to a keylogger on a public computer (which I rarely use) but also on wifi in airports and so forth. It's also possible to use a camera to watch someone enter their password and get a pretty good idea what it is.

My Lastpass renewal comes up in November. I don't know if I will renew. In some ways it is very convenient but now that I am more mobile, it adds some inconveniences as well. And it is an obvious target of hackers.

My previous solution was an Excel file with a password - not good. I am currently experimenting with a version of that on a USB drive with Veracrypt. But USB drives have their own issues. I'm also considering a biometric device.

There is no perfect solution!
Click to expand...
Does lastpass not support storing the data locally, so that it would not need to request information over wifi? Only going to the cloud if you wanted to access an entry for the first time or to manually sync (or the app automatically syncing in the background). I was just reading a little about their password vault which seems to cache enough information to work without a network connection. A no-network-required "feature" is one reason I use Keepass, to access locally only from the smartphone when traveling. Though that does require extra work to sync/copy the encrypted database between devices and to some general cloud storage.
 
SecondAttempt said:
But...my big complaint is that anytime I use a new device there is a big hassle to go through! Usually it wants me to enter my master password which of course exposes me to a keylogger on a public computer (which I rarely use) but also on wifi in airports and so forth. It's also possible to use a camera to watch someone enter their password and get a pretty good idea what it is.

There is no perfect solution!
Click to expand...

Last pass offers the option two use an authenticator app, or simple cell phone 2 factor authentication. This should mostly solve the issue of someone getting your master password on public wifi etc. Or just don't log into LP from public wifi and instead use your cellular connection.
 
mpeirce said:
I’m fine using Apple’s built in keychain password management for all my non-important accounts.
Click to expand...


I have been doing the same for a while now. It seems to work well and I’ve had zero problems. Not sure if it’s the ideal solution but I’m pleased so far…
 
You must log in or register to reply here.

Similar threads

A
PC security and hacking!
Replies
21
Views
1K
walkinwood
walkinwood
S
TurboTax on a Mac puts an unknown password on the file
Replies
10
Views
350
braumeister
braumeister
H
Anyone use Google Password Manager?
Replies
14
Views
738
target2019
target2019
J
Microsoft scans the inside of password-protected zip files on the cloud
Replies
7
Views
744
badatmath
B
S
Google Password Manager Failed
Replies
10
Views
970
rk911
rk911

Latest posts

Back
Top Bottom