Password managers - what's best?

[BankFodder]

Anyone like to express a view on password managers - what is best/easiest/best value etc etc etc.

 

Ta

[Queens_king]

Best ... your brain

worst ... using a manager

 

if a manager is cracked then you Lose all

 

Keep them in a card index file next to the monitor and locked away when not in use.

[Conniff]

Best ... your brain

worst ... using a manager

 

if a manager is cracked then you Lose all

 

Keep them in a card index file next to the monitor and locked away when not in use.

 

I agree 100% with that. It is not safe to store things like that on a pc. A daily clean with Ccleaner should be on the cards and that will remove all passwords if you tick the box.

I bet if you did a scan with Spybot you would be shocked at the amount of spyware or potential spyware or Pups there are on your system.

 

The latest Vodafone break ins was not through a hack but because they had email addresses and passwords.

[BankFodder]

Isn't the system based on the idea that the password manager encrypts everything, and also that it regularly changes passwords on your behalf and applies them automatically.

 

The only key to decrypting all of the passwords is a single word which you carry in your head and without that, all of the passwords are lost.

 

If something went wrong with the password manager for if you forgot your master keyword then you would have to go through the laborious business of setting new passwords for everything using their normal password retrieval/forgotten password procedures.

[Queens_king]

@Bankfodder

 

Been there and never go there again. Lost the password of the manager and had to spend days chasing sites for passwords. Worst one is Facebook, you are required to send proof of identity to them.

 

@Coniff

 

I use something called VeraCrypt to encrypt a small hidden drive partition of about 2Gb and all my mail and documents relating to finance and then hidden from view. If secutirty is a fear then I would seriously look at this one. Many say that it is better than the one that comes with Windows 10 Professional etc. I do not use it for passwords as it is too much hassle to initially load VeraCrypt, but once opened it stays until it is dismounted.

[law_abider]

paper and pen.

[dawningx]

paper and pen.

 

Agree with you. I always write down all my passwords on my personal notebook, and the only person who can find where the book is me.

[san_d]

Best ... your brain

worst ... using a manager

 

if a manager is cracked then you Lose all

 

Keep them in a card index file next to the monitor and locked away when not in use.

 

It's 2016 and people still use their brain? Fossils!

[Lord Lawrence II]

I use LastPass. The amount of passwords i had to remember/ write down was far more unsecure than LP could be esp with 2F authentication. I have this still with my PW's inside LP and form fills such as Gmail and windows volume licencing. Now most of my 150 most used passwords are incredibly complex and in the event of abreech, i can change my master instantly. i find that the die-hard-anti-cloud/ software password peeps forget that most leave their passwords written down for colleagues (most of my users tell each other theirs!) or their families to see and this is nuts! If everyone just had the one they never told anyone, in general, more would be protected..... i even push out LP addon and keepass for my users in a futile attempt to keep passwords off monitors with bluetack!

[Conniff]

A few choices here

[spesh88]

... i even push out LP addon and keepass for my users in a futile attempt to keep passwords off monitors with bluetack!

 

Another vote for Keepass. Useful points/advantages:

 

- One extra long password for accessing it that you do not use elsewhere. Keep it in your head. Do not move purely to this until you have used it around a dozen times and are confident you can remember it. Then destroy any written version. You will remember it quickly as you'll use it every day you use your computer/logon to a website.

- Every other password can use a 10 word diceware created password that is unique and you don't have to bother remembering it.

- Add-ons for Chrome/Firefox mean your username and password are entered automatically whenever you visit a page for which you have saved your details previously. Logging in is quicker and without using keystrokes.

- Add-on for iOS (in conjunction with Dropbox) means you can access your Keepass file (using the password as described above) anywhere 24/7.

- You aren't using the same password for multiple sites, so if a website is hacked or user details stolen, none of your other logins for other sites are compromised.

[Queens_king]

Another vote for Keepass. Useful points/advantages:

 

- One extra long password for accessing it that you do not use elsewhere. Keep it in your head. Do not move purely to this until you have used it around a dozen times and are confident you can remember it. Then destroy any written version. You will remember it quickly as you'll use it every day you use your computer/logon to a website.

- Every other password can use a 10 word diceware created password that is unique and you don't have to bother remembering it.

- Add-ons for Chrome/Firefox mean your username and password are entered automatically whenever you visit a page for which you have saved your details previously. Logging in is quicker and without using keystrokes.

- Add-on for iOS (in conjunction with Dropbox) means you can access your Keepass file (using the password as described above) anywhere 24/7.

- You aren't using the same password for multiple sites, so if a website is hacked or user details stolen, none of your other logins for other sites are compromised.

 

I am one of those people who say that if you have to save it to a computer or in the cloud then any password can be broken, hence i will not use or save any passwords on my PC or in the cloud. It is much safer in a card index system which can be locked away safely in a drawer each and every night.

 

A password is only encrypting the contents and if the FBI can hack the IoS then I ma sure that there are people without that full knowledge that can hack a saved password safe. Have the safe hacked and you lose the lot.