Password Manager

m4cc45 · 12 Apr 2012 at 08:31

Hi,

Currently I've been using Password Manager XP as I have an old licence for it - it's actually pretty good but I don't want to spend more money on upgrading it to the latest version so that it supports new web browsers.

What I'd like is:

Intergrated into IE9 (i.e. right click and fill field)
Mobile IOS application

Is there anything out there that's good and cheap and fulfills the above? I don't mind paying for it - I just want to pay once though rather than annually.

M.

Stoner81 · 12 Apr 2012 at 09:01

LastPass.

Stoner81.

Azza · 12 Apr 2012 at 12:22

KeePass

/thread

KIA · 12 Apr 2012 at 12:32

KeePass.

Uhtred · 12 Apr 2012 at 12:56

Another vote for keypass. I use the android app and dropbox together and it works great. I'm sure there's an ios version and best of all it's free.

m4cc45 · 12 Apr 2012 at 13:42

Thanks guys.

I'll have a look at them.

M.

One · 12 Apr 2012 at 14:54

Just use the same password for everything as that is what you do with these password manager programs.

KIA · 12 Apr 2012 at 16:45

desires said:
Just use the same password for everything as that is what you do with these password manager programs.

One · 12 Apr 2012 at 16:53

KIA said:

I understand that my encrypted data will be sent to LastPass

You don't think there's a team of Koreans trying every possible way to hack that encrypted data, if they get your master password you've had it.

You're not even supposed to write your passwords down and keep it in a safe, yet you lot all happily trust an encryption process that is pretty easy to crack if even a tiny fault in a piece of code is found, or better yet just stick it on brute force for a few years and hey presto.

You guys even keep your banking passwords in these managers?

m4cc45 · 12 Apr 2012 at 17:12

No I don't keep banking details in them.

I'm talking about keeping a file on my own PC which is encrypted via a master password (20+ characters long) and then transferring the file to a phone which is PIN protected and also requires the master password to open.

I'm not on about putting it in the cloud.

M.

KIA · 12 Apr 2012 at 19:34

desires said:
You don't think there's a team of Koreans trying every possible way to hack that encrypted data, if they get your master password you've had it.

You're not even supposed to write your passwords down and keep it in a safe, yet you lot all happily trust an encryption process that is pretty easy to crack if even a tiny fault in a piece of code is found, or better yet just stick it on brute force for a few years and hey presto.

You know very little about encryption. A strong passphrase will take many years to crack using today's technology. KeePass doesn't store anything in the cloud.

https://www.grc.com/haystack.htm

ukSleek · 12 Apr 2012 at 19:41

Been using RoboForm Pro for years

metalmackey · 12 Apr 2012 at 21:11

I use RoboForm too.

Azza · 13 Apr 2012 at 00:07

desires said:
You don't think there's a team of Koreans trying every possible way to hack that encrypted data, if they get your master password you've had it.

You're not even supposed to write your passwords down and keep it in a safe, yet you lot all happily trust an encryption process that is pretty easy to crack if even a tiny fault in a piece of code is found, or better yet just stick it on brute force for a few years and hey presto.

You guys even keep your banking passwords in these managers?

One · 13 Apr 2012 at 09:22

KIA said:
You know very little about encryption. A strong passphrase will take many years to crack using today's technology. KeePass doesn't store anything in the cloud.

https://www.grc.com/haystack.htm

I know that modem encryption simply relies on using big numbers that take a long time to factorize, but as computers get faster the numbers become easier and easier to factorize. Government facilities and their super computers are very good at factorizing large numbers. Our intelligence services would be pretty useless if a simple 256 encryption made everything watertight.

I didn't look at KeePass, LastPass doesn't seem safe to me. What is the advantage to using KeePass over the built in password saver in the Chrome browser?

DragonWoLf · 13 Apr 2012 at 09:26

1Password here although slightly expensive

Uhtred · 13 Apr 2012 at 09:35

desires said:
I know that modem encryption simply relies on using big numbers that take a long time to factorize, but as computers get faster the numbers become easier and easier to factorize. Government facilities and their super computers are very good at factorizing large numbers. Our intelligence services would be pretty useless if a simple 256 encryption made everything watertight.

I didn't look at KeePass, LastPass doesn't seem safe to me. What is the advantage to using KeePass over the built in password saver in the Chrome browser?

Chrome is only as secure as your windows password. Keypass would require access to the master file and the master key, this is more than enough for me and I use dual factor authentication whenever it's available (email & banking)

I have to ask, who the hell is going to spend years trying to crack an individual database of a few website passwords? The data isn't valuable enough and if the police wanted access you have to tell them the key otherwise that's an offence in itself.

If you start using the same password for all sites then as soon as one of those sites gets compromised (sony) you're in the **** and is a far more likely scenario than the above.

KIA · 13 Apr 2012 at 09:40

desires said:
I know that modem encryption simply relies on using big numbers that take a long time to factorize, but as computers get faster the numbers become easier and easier to factorize. Government facilities and their super computers are very good at factorizing large numbers. Our intelligence services would be pretty useless if a simple 256 encryption made everything watertight.

AES256 with a strong passphrase does make everything watertight which is why products such as Truecrypt are so successful.

m4cc45 · 13 Apr 2012 at 13:41

Some of the encryption is 8192 bit as well. Coupled with a master password of over 20 characters I think it's going to take more than a few hours even for super computers to crack.

Windows is so easy to crack (unless the disk is encrypted) it's untrue - once you've passed Windows login then Chrome / Firefox / etc. is pointless. There's also many tools that can export from them as well.

I'm trialling a couple of them at the moment - Sticky Password I've found quite good. I'm going to look at Lastpassword / Keepass and 1password later to find a good fit for me.

M.

gord · 13 Apr 2012 at 14:21

I've been thinking about taking my login passwords off all my machines. Just have Prey installed on everything and encrypt all of my saved passwords using one of these methods.

It's a double edged sword, if someone does steal your machine you can have a pass on it and they'll probably format it, or you can not and they can access all your files but Prey will be tracking it. Anyone done similar?