Password Manager Recommendations

WuMyster · 23 Nov 2016 at 00:06

Starting to look into password managers as I've been using basically 2 passwords for everything and have started running into trouble.

Been looking into 1password and Lastpass. Any recommendations on which to use?

Don't see myself moving from iOS in the near future but am using Windows on my desktop with Chrome and my MBP 2016 is coming next month where I'll be using Safari so cross platform is essential.

bledd · 23 Nov 2016 at 04:33

Keepass

I'm not a fan of the online type.

Sp00n · 23 Nov 2016 at 08:43

Keepass

Semple · 23 Nov 2016 at 08:52

I've started using lastpass, but not for any sites for finance - i.e. bank accounts, credit cards, paypal etc.

Keepass is fine for a solely offline function, however most people i speak to who use it, also backup their database to the cloud. Which makes it just as vulnerable as lastpass then.

enigma27 · 23 Nov 2016 at 09:38

can you make Keepass auto fill in webpages as you visit them or do you have to keep going back to the programme and clicking auto type??

I would prefer to have an offline solution but the nice thing about Lastpass is that i dont have to touch it for it to fill in details.

joeyjojo · 23 Nov 2016 at 09:57

I switched to keepass (and keepassx on linux) last week, it's ace.

enigma27 said:
can you make Keepass auto fill in webpages as you visit them or do you have to keep going back to the programme and clicking auto type??

Yep. If any password entries are found in the window title it will auto type. E.g. I have an entry called "Overclockers UK Forums" so to log in just click the username box and press the auto type hotkey.

Works most of the time, but not on sites which have generic titles for the log in page. There's a workaround for those occasions but I haven't figured it out yet.

enigma27 · 23 Nov 2016 at 10:24

Thanks Joey

whats the best option on windows? install or portable USB key? if using usb key can you make it auto start when you plug it in? say if i wanted to use it on another PC

WuMyster · 23 Nov 2016 at 11:12

But it looks like Keepas isn't a cross platform manager so that is straight out the window already.

Looking for something to use on my iPhone, MBP and windows desktop.

Stoner81 · 23 Nov 2016 at 13:36

bledd said:
Keepass

I'm not a fan of the online type.

Semple said:
however most people i speak to who use it, also backup their database to the cloud. Which makes it just as vulnerable as lastpass then.

Bledd where do you keep the database?

I have been a Lastpass user for over 5 years now and never once had any issues with it or the service they provide. I store pretty much everything in my Lastpass vault except for card information since that is saved in most of the sites I use and failing that I use Paypal wherever possible (mostly because I hate Verified By Visa but that's another matter).

Lastpass comes highly recommended!

WuMyster said:
But it looks like Keepas isn't a cross platform manager so that is straight out the window already.

Looking for something to use on my iPhone, MBP and windows desktop.

Lastpass works across multiple platforms and devices so everything will always be in sync with each other.

Stoner81.

bledd · 23 Nov 2016 at 13:45

^On the cloud. Need 1 password to get to the file and another one to open it.

It's where the password is stored that worries me. Also.. http://www.theregister.co.uk/2016/0..._millions_of_lastpass_users_who_visit_a_site/

joeyjojo · 23 Nov 2016 at 14:46

enigma27 said:
whats the best option on windows? install or portable USB key? if using usb key can you make it auto start when you plug it in? say if i wanted to use it on another PC

Multiple clients or one portable one on a USB is much of a muchness. I use different clients of different devices and keep the database shared with syncthing but you can use dropbox or whatever.

Keeping a portable install on a USB stick is fine as long as it runs on all the platforms you want to run it on. If you want to use it on anything that doesn't have a USB socket (mobile) you'll need to set up some sort of sync anyway so that's why I just went down that road.

I personally have the database set up with a long password (40 character 'diceware' style) and a key file. The idea with a key file (I use a particular photo) is that you manually copy it to each 'authorized' device. This makes it practically impossible for someone to get into your database even if e.g. your sync (dropbox or whatever) gets compromised AND they sniff your password e.g. with a keylogger, they still can't get in because the key file was never exposed. (Unless they get a keylogger onto your system AND are able to read your hard drive in which case you're screwed.)

WuMyster said:
But it looks like Keepas isn't a cross platform manager so that is straight out the window already.

Looking for something to use on my iPhone, MBP and windows desktop.

keepass is Windows and anything that can run with the Mono library (Linux, OSX, BSD, ...). keepassX is specifically for Linux. For Android there's KeePassDroid. For iOS it looks like there's something called minikeepass. It's a pity there's not something like fdroid for iOS because I don't know if I'd trust anything (especially free) from the iOS store.

Sp00n · 23 Nov 2016 at 14:59

WuMyster said:
But it looks like Keepas isn't a cross platform manager so that is straight out the window already.

Looking for something to use on my iPhone, MBP and windows desktop.

Keepass apps are available for all platforms.

Windows = Keepass
Mac = Keepassx
iOS = Keepass touch (not used this myself)
Android = Keepassdroid

edscdk · 23 Nov 2016 at 15:04

Sp00n said:
Keepass apps are available for all platforms.

Windows = Keepass
Mac = Keepassx
iOS = Keepass touch (not used this myself)
Android = Keepassdroid

bit of a roller coaster ride there...

Keepass.. --- looks great yaaaaayyyy ill use it

no crosss platform... --- nOOOOOOOOOOOOOOOOOOOOOOO

YES IT IS!!! --- YAAAAAAAAY

RoyMi6 · 23 Nov 2016 at 15:45

I specifically use KyPass 3 on iOS (think it costs about £3)

Works great using Dropbox to keep in sync and even supports Touch ID.

WuMyster · 23 Nov 2016 at 16:44

Potentially dumb question but if I do move to a password manager completely, should I not be using the "remember me" function in chrome/websites?

joeyjojo · 23 Nov 2016 at 16:53

WuMyster said:
Potentially dumb question but if I do move to a password manager completely, should I not be using the "remember me" function in chrome/websites?

Up to you, depends how you use the Chrome one. As of 2013 it was a bad idea according to

http://security.stackexchange.com/q...fe-as-using-lastpass-if-you-leave-it-signed-i (and many other links, just search "chrome safe remember passwords")

but hopefully they've got a grip on that by now. You might want to clear them all and just use a proper password manager to be safe.

Edit: the link above makes one excellent point I've not seen before actually. In one case the built-in browser password store is better than a manual one like keepass etc.: at preventing phishing, because it will only fill in the password for the real site and can't be fooled by a similar-looking phishing site that might trick a human. Interesting.

f3rr3t · 23 Nov 2016 at 17:04

Just looking into this myself. Some really useful info in here, thanks.

D3K · 23 Nov 2016 at 17:19

I use LastPass.

Analyses your passwords for strength and repitition, gives you a score to work towards. Acts like a bookmark tool too. Also stores non-web-based info if you choose to (wifi/router pws, bank details, payment auto-fills).

Worth the £12 a year fee for the premium version. Would be dire if it got hacked, but I don't see it happening.

Spacedeck · 23 Nov 2016 at 17:22

Lastpass here. Nothing but good things and very easy to use.

bscott · 23 Nov 2016 at 17:24

I use 1Password on OS X, Windows and iOS having switched from LastPass when I got a MacBook a couple of years ago.

Highly recommended.