Password managers? Is there a general purpose best choice?

[Box Brownie]

As per the title...........................I have read of RoboForm, LastPass, Dashlane (etc)

But is there one that stands out as most usefull whether using IE or Chrome?

Some (all?) are paid for products and for something possibly so fundamental to online security I suppose paying is no surprise but what do you use and why???

TIA for the insight

PS the reason I ask is that I try to commit all too many passwords to memory but all too often I forget some and have to go through the 'forgotten password recovery & reset' process, a tad annoying

 

[Denyerec]

KeePass.
Free, Open Source, Available on every platform known to man.

 

[Denyerec]

Link for great justice: http://keepass.info/download.html

I use it because I can't afford online services, it does everything I need it to (Key generation, selective export, customisable icons, multiple databases, safe to store on OneDrive etc, And a few more bits besides) has a client that works on Windows phone and, well that's about it.

 

[Keith W]

Google Chrome and other browsers will save login/passwords for you, however should the browser become corrupt or experiences another issues you could find your passwords etc. gone or corrupt themselves - I have had this happen to me on a couple of occasions.

Out of the password manages you have mentioned I would go for LastPass and incorporate a Yubi Key with it for that extra layer of security

 

[ecoleman]

1password is the best I've used, but it's not cheap. You need a separate licence for each OS, so it's not cheap if you have a Mac, PC, iPad and android phone.

 

[Giblets]

Another vote for KeyPass. Data is also stored locally and not in the cloud.

 

[J Veitch]

1password is the best I've used, but it's not cheap. You need a separate licence for each OS, so it's not cheap if you have a Mac, PC, iPad and android phone.

It's our companies authorised password manager

 

[ianp5a]

I don9t kn0w wHy anyoNe needS them71? I can remem3er all my pAssWords in my he4d. And 1t d0esnt affe£t me at all!


Kiddin'. KeepassX for me at mo.

 

[afasoas]

Another vote here for KeePass.

Primarily because on-line password storage facilities are too attractive to hackers. Use a reasonable length pass phrase to secure your Keepass database, along with a key file. You could keep the key file on a USB stick attached to a key ring.
Create a scheduled task to back up your KeePass database and keep a copy of your key file in a safe location.

The only downside is being able to access your KeePass database when you don't have access to your usual computer. I have mine on a network share, which I can access from anywhere via VPN. You could always keep a copy of your KeePass database on OneDrive etc. - so long as the key file is stored separately, is a safe bet.

 

[Paulmag]

I have keepass on a memory stick but this is the most secure

20151009_141223 by Paul Magyar, on Flickr

 

[ianp5a]

I hope you have easy backups.

 

[bulldog5988]

keepass on a usb stick for me works well

 

[gramps]

Kiwi hacker Denis Andzakovic has developed an application that steals password vaults from the popular local storage vault KeePass.
The jeu de mots KeyFarce works when a user has logged into their vault, and will dump the contents to a file that attackers can steal.
It is no death knell for KeePass or other password managers, but is an extra bow in the quiver of attackers capable of compromising a target's machine.

http://www.theregister.co.uk/2015/1..._password_plunderer_to_hose_pwned_sys_admins/

 

[Andy Taylor]

1password is the best I've used, but it's not cheap. You need a separate licence for each OS, so it's not cheap if you have a Mac, PC, iPad and android phone.

I've been using 1Password for a while and it is highly recommended. Their licence terms are quite generous and there is a cross platform bundle deal for Windows/Mac users.
One licence will cover up to 6 people in a single household. The iOS app is magnificent and the basic version is free.

 

[sphexx]

I've used 1Password for years and never had any problem with it. I only use on Macs and iOS but if I used Windows I would use it on that too. It's not free but as said above their licensing and upgrades etc are quite generous.

 

[afasoas]

http://www.theregister.co.uk/2015/1..._password_plunderer_to_hose_pwned_sys_admins/

If you computer/infrastructure is pwned enough for an attacker to use this attack vector, you have bigger issues.
In which case, the on-line alternatives will be just as susceptible.

 

[sirch]

I have keepass on a memory stick but this is the most secure

Really, what if that gets stolen?

http://www.theregister.co.uk/2015/1..._password_plunderer_to_hose_pwned_sys_admins/

If I am reading that correctly the Keepass database has to be unlocked (i.e. you have to have logged into it) and the attacker has to be on your device, or have some malware running on your device, for that attack to be implemented. If an attacker owns you machine to that extent they may as well just install a key-logger and forget about Keepass, you are screwed anyway.

I have my Keepass DB on my Google drive, I can access it from my PC, phone or anywhere I can run Keepass and access googledrive.

 

[Paulmag]

Really, what if that gets stolen?

then I want to know how they got into my home office desk drawer ...............at that stage it wont be a big issue.................my very sensitive ones are committed to memory

 

[sirch]

then I want to know how they got into my home office desk drawer ...............at that stage it wont be a big issue.................my very sensitive ones are committed to memory

But if you had Keepass on a memory stick in that desk drawer you would know it had been stolen and know that they couldn't access the data, so I don't think your paper copy is more secure than your memory stick...

 

[dejongj]

1password is the best I've used, but it's not cheap. You need a separate licence for each OS, so it's not cheap if you have a Mac, PC, iPad and android phone.

+1 It has been proven to be a great multi platform tool for me.

 

[Denyerec]

The main KeePass database is encrypted, to a strength you can specify when you create the database . Low keysize encryption is faster and less secure, larger slower and more secure. This can make a difference if you're opening it frequently on a mobile device. It is decrypted by entering a master password. Should anyone nick your USB key, so long as your master password is secure and lengthy, they'll likely find it much easier to kidnap and threaten your loved ones than they will to break the database encryption. Humans are often the weak link in such systems
If you have passwords and data that is so valuable that this is a reality I suspect you'd not be carrying it around with your keys

Just don't forget your master password. That's something you only do once

 

[gramps]

Out of interest I just downloaded a trial of 1Password and it really doesn't suit me ... it can't autofill some logins, (misses user or password or both), has succeeded in having incorrect URL's for login screens, as well as completely locking me out of one site by getting a password incorrectly recorded.
I'm sure there is some user error in there somewhere but definitely a crock of a piece of software for me other than being a random password generator!

 

[gramps]

double post

 

[afasoas]

Just to clarify...

My suggestion was just keeping the key (file) for the KeePass database on a USB stick, with the database itself on your main PC or in OneDrive/GoogleDrive etc.
Then to access the database you need three things:

The database itself
The USB stick with the key
The pass phrase used with the key to decrypt and unlock the database

That way if you machine is compromised but the key is nowhere near it, there's no chance of entry getting brute forced.

I personally choose not to let anything like that near a smart phone.

 

[sphexx]

Out of interest I just downloaded a trial of 1Password and it really doesn't suit me ... it can't autofill some logins, (misses user or password or both), has succeeded in having incorrect URL's for login screens, as well as completely locking me out of one site by getting a password incorrectly recorded.
I'm sure there is some user error in there somewhere but definitely a crock of a piece of software for me other than being a random password generator!

I've never had problems with autofill when logging in other than user error where I have misidentified the username required -- not always easy with some sires. However, there are sites that block pasting when creating password which is a problem since you don't want to have to type long complex passwords. There is no easy way round this other than getting the site to change their practice -- they will claim they disable pasting for security reasons but this is nonsense since in every case I have come across 1Password can "paste" the password in -- I think the difference is that 1Password is "typing" rather than pasting.
The other gotcha with long passwords is that a site will apparently accept a long password when signing in but actually truncated it without telling you. VirginMedia was the most recent one to do this to me. It was only because I was using 1Password and so was sure the the password was correct that enabled me to work out what was wrong!

 

[Ploddles]

1 Password for me to.

 

[Ploddles]

I have keepass on a memory stick but this is the most secure

20151009_141223 by Paul Magyar, on Flickr

Unless the kids get it, you lose it in the street etc.

 

[gramps]

there are sites that block pasting when creating password which is a problem since you don't want to have to type long complex passwords

This was certainly an issue on a number of occasions, though not a problem for Lastpass

 

[sphexx]

Coincidentally, I have just had an email advertising 35% reduction on 1Password over "12 days of Christmas + 8 nights of Hanukkah + 7 days of Kwanzaa + 8 tiny reindeer for good luck" :
https://agilebits.com/store
... though I have no idea what Canadians consider "tiny" reindeer, they may be rather large by our standards

 

[Abaddon]

I use RoboForm - although this does a bit more than just passwords, and there is a client for my PC's, my iPad and the Android phone. Can't fault it. Not free, but well worth the annual sub of £peanuts.

 

[Glyn Carnell]

I'm using LasPas which I got the info from on this forum back in the new year when I upgraded my PC..... Is that still good??

 

[Box Brownie]

Thanks all for the insight and replies.

With the concerns about just how secure the cloud service of such program suppliers are it does make sense to keep just a 'local' copy but then if you lose that you are also at risk of "losing the lot" hence their cloud offerings.

As for free vs paid for product, paying for something does not necessarily mean better but the supplier then has a vested interest in supporting their customers. You pays your money and takes you choice.

I need to revisit the various sites but off the top of head, because it was the last time/one I looked into, Roboform offered a decent blend of functions.

Cloud and/or local including usb stick
Levels(?) of encryption
Auto filling of website forms
Copying & pasting of passwords when autofill not available
Different master password for local and cloud

All of the above as I understood were important so just case of which program stands out from the crowd now.........Last pass and 1password seem to get approval from a few of you

 

[pridash]

Also recommending KeePassX - perfect and free.