Password Manager Recommendations

[unp|dissy]

I was on KeePass after using it in work.
I really liked it but I moved from Windows to Mac and couldn't get it to work on OSX so looked at alternatives.
After wanting to keep my DB on just my Mac (offline and not mobile) i went with Enpass.
It's OK but I do miss KeePass.

 

[ChrisD.]

I was on KeePass after using it in work.
I really liked it but I moved from Windows to Mac and couldn't get it to work on OSX so looked at alternatives.
After wanting to keep my DB on just my Mac (offline and not mobile) i went with Enpass.
It's OK but I do miss KeePass.

I'm also a Mac user but I use Windows at work and on my gaming PC. I would use Safari/keychain as a password manager but annoyingly you can't see passwords in Keychain from anything that isn't an Apple device.

 

[unp|dissy]

I'm also a Mac user but I use Windows at work and on my gaming PC. I would use Safari/keychain as a password manager but annoyingly you can't see passwords in Keychain from anything that isn't an Apple device.

I've never really looked at Keychain, except to turn it off

Would be handy for my phone, but I use Chrome for Interwebs.

And I'm really against having my passwords 'in the cloud'. I know I have plenty of other things there but still :S

 

[Sp00n]

I was on KeePass after using it in work.
I really liked it but I moved from Windows to Mac and couldn't get it to work on OSX so looked at alternatives.
After wanting to keep my DB on just my Mac (offline and not mobile) i went with Enpass.
It's OK but I do miss KeePass.

That's a shame, I use Keepassx on Mac osx for work and it works, I don't recall having to do anything out of the ordinary.

 

[Mp4]

Take a look at Enpass

 

[El Pew]

Another reason to stay well away from LastPass:

https://www.theregister.co.uk/2017/03/21/lastpass_vulnerabilities/

So in the last year or so they've had their cloud platform hacked, resulting in theft of customer data, and their browser plugins have been show to have multiple separate issues that can result in an attacker taking your passwords through and exploit, and now there's a vulnerability that allows remote execution of software on your machine.

Do not give these people your money. Or your passwords.

 

[ChrisD.]

Hmm. Such a shame I cannot access iCloud passwords from a Windows computer.

 

[joeyjojo]

Such a pity, we need tools like LastPass for novice users even more than advanced users IMO.

 

[ChrisD.]

At least LastPass have acknowledged the problem and are working on it, unlike others that would ignore it.

 

[Vimes]

Maybe that will remind me at the very least i need to think about other options than the convenience of LastPass.

 

[embalse]

I use 1Password on OS X, Windows and iOS having switched from LastPass when I got a MacBook a couple of years ago.

Highly recommended.

+1


.

 

[KIA]

At least LastPass have acknowledged the problem and are working on it, unlike others that would ignore it.

Both issues were fixed in under 24 hours. Not bad.

 

[CrimsonAvenger]

Kudos for that response time!

 

[Glanza]

Currently using Lastpass personally and we're trialing it at work with the share password option to a default account.

After reading this thread might give Enpass a trial.

 

[stoofa]

Still using Lastpass and happy to do so. Vulnerability found and closed in 24hrs.
What that tells me is that like all software it has issues, but when one is found it is fixed and quickly. That is the kind of service I like to see.

 

[ChrisD.]

Still using Lastpass and happy to do so. Vulnerability found and closed in 24hrs.
What that tells me is that like all software it has issues, but when one is found it is fixed and quickly. That is the kind of service I like to see.

Same.

 

[El Pew]

Still using Lastpass and happy to do so. Vulnerability found and closed in 24hrs.
What that tells me is that like all software it has issues, but when one is found it is fixed and quickly. That is the kind of service I like to see.

Or alternatively, they have had multiple severe issues over an extended period of time, so their practices are unsafe and they are not building their product to be secure from the ground up. It's not a quality product and its architecture leaves you, the customer, vulnerable. I suspect it's just a matter of time before another issue is found.

The weakest point appears to be the browser extensions. I personally don't trust any of the password managers that use one, as awkward as life is without browser integration - it's so easy to get owned by them. Cloud integration also requires you to trust that they can manage the platform properly, something LastPass has failed to do in the past. Better to stick with Keepass or Enpass or one of the locally installed password managers.

 

[joeyjojo]

^ I tend to agree. The browser-extension-less options (e.g. keepass) have a much smaller attack surface by design.

Two major flaws in two years would be enough to put me off using Lastpass to be honest. It's as good as useless if browser extensions have exposed the entire database to arbitrary web pages. It's a bit like using the same debit card and PIN after walking around for a year with it stuck to your back.

 

[beh]

What that tells me is that like all software it has issues, but when one is found it is fixed and quickly. That is the kind of service I like to see.

Aye, shouldn't expect any piece of software to be invulnerable, speed of patching and transparency is key.

The weakest point appears to be the browser extensions. I personally don't trust any of the password managers that use one, as awkward as life is without browser integration

It's a compromise, if it's too much hassle the average person will just (re)use weak passwords which is probably worse.

 

[bledd]

^ I tend to agree. The browser-extension-less options (e.g. keepass) have a much smaller attack surface by design.

This is why I use KeePass. It's a lot of eggs to have in one basket. I keep that basket pressed firmly against me.