Password Manager

Soldato
Joined
10 Mar 2003
Posts
6,660
Hi,

Currently I've been using Password Manager XP as I have an old licence for it - it's actually pretty good but I don't want to spend more money on upgrading it to the latest version so that it supports new web browsers.

What I'd like is:


  • Intergrated into IE9 (i.e. right click and fill field)
  • Mobile IOS application
Is there anything out there that's good and cheap and fulfills the above? I don't mind paying for it - I just want to pay once though rather than annually.






M.
 
Soldato
Joined
18 Oct 2002
Posts
6,147
Location
Bedfordshire
Another vote for keypass. I use the android app and dropbox together and it works great. I'm sure there's an ios version and best of all it's free.
 

One

One

Soldato
Joined
24 Aug 2011
Posts
6,162
Location
ABQ, NM
Just use the same password for everything as that is what you do with these password manager programs.
 

One

One

Soldato
Joined
24 Aug 2011
Posts
6,162
Location
ABQ, NM

I understand that my encrypted data will be sent to LastPass

You don't think there's a team of Koreans trying every possible way to hack that encrypted data, if they get your master password you've had it.

You're not even supposed to write your passwords down and keep it in a safe, yet you lot all happily trust an encryption process that is pretty easy to crack if even a tiny fault in a piece of code is found, or better yet just stick it on brute force for a few years and hey presto.

You guys even keep your banking passwords in these managers?
 
Soldato
OP
Joined
10 Mar 2003
Posts
6,660
No I don't keep banking details in them.

I'm talking about keeping a file on my own PC which is encrypted via a master password (20+ characters long) and then transferring the file to a phone which is PIN protected and also requires the master password to open.

I'm not on about putting it in the cloud.



M.
 

KIA

KIA

Man of Honour
Joined
14 Nov 2004
Posts
13,661
You don't think there's a team of Koreans trying every possible way to hack that encrypted data, if they get your master password you've had it.

You're not even supposed to write your passwords down and keep it in a safe, yet you lot all happily trust an encryption process that is pretty easy to crack if even a tiny fault in a piece of code is found, or better yet just stick it on brute force for a few years and hey presto.

You know very little about encryption. A strong passphrase will take many years to crack using today's technology. KeePass doesn't store anything in the cloud.

https://www.grc.com/haystack.htm
 
Caporegime
Joined
6 Dec 2005
Posts
36,482
Location
Birmingham
You don't think there's a team of Koreans trying every possible way to hack that encrypted data, if they get your master password you've had it.

You're not even supposed to write your passwords down and keep it in a safe, yet you lot all happily trust an encryption process that is pretty easy to crack if even a tiny fault in a piece of code is found, or better yet just stick it on brute force for a few years and hey presto.

You guys even keep your banking passwords in these managers?




1pSdl
 

One

One

Soldato
Joined
24 Aug 2011
Posts
6,162
Location
ABQ, NM
You know very little about encryption. A strong passphrase will take many years to crack using today's technology. KeePass doesn't store anything in the cloud.

https://www.grc.com/haystack.htm

I know that modem encryption simply relies on using big numbers that take a long time to factorize, but as computers get faster the numbers become easier and easier to factorize. Government facilities and their super computers are very good at factorizing large numbers. Our intelligence services would be pretty useless if a simple 256 encryption made everything watertight.

I didn't look at KeePass, LastPass doesn't seem safe to me. What is the advantage to using KeePass over the built in password saver in the Chrome browser?
 
Soldato
Joined
18 Oct 2002
Posts
6,147
Location
Bedfordshire
I know that modem encryption simply relies on using big numbers that take a long time to factorize, but as computers get faster the numbers become easier and easier to factorize. Government facilities and their super computers are very good at factorizing large numbers. Our intelligence services would be pretty useless if a simple 256 encryption made everything watertight.

I didn't look at KeePass, LastPass doesn't seem safe to me. What is the advantage to using KeePass over the built in password saver in the Chrome browser?

Chrome is only as secure as your windows password. Keypass would require access to the master file and the master key, this is more than enough for me and I use dual factor authentication whenever it's available (email & banking)

I have to ask, who the hell is going to spend years trying to crack an individual database of a few website passwords? The data isn't valuable enough and if the police wanted access you have to tell them the key otherwise that's an offence in itself.

If you start using the same password for all sites then as soon as one of those sites gets compromised (sony) you're in the **** and is a far more likely scenario than the above.
 

KIA

KIA

Man of Honour
Joined
14 Nov 2004
Posts
13,661
I know that modem encryption simply relies on using big numbers that take a long time to factorize, but as computers get faster the numbers become easier and easier to factorize. Government facilities and their super computers are very good at factorizing large numbers. Our intelligence services would be pretty useless if a simple 256 encryption made everything watertight.

AES256 with a strong passphrase does make everything watertight which is why products such as Truecrypt are so successful.
 
Soldato
OP
Joined
10 Mar 2003
Posts
6,660
Some of the encryption is 8192 bit as well. Coupled with a master password of over 20 characters I think it's going to take more than a few hours even for super computers to crack.

Windows is so easy to crack (unless the disk is encrypted) it's untrue - once you've passed Windows login then Chrome / Firefox / etc. is pointless. There's also many tools that can export from them as well.

I'm trialling a couple of them at the moment - Sticky Password I've found quite good. I'm going to look at Lastpassword / Keepass and 1password later to find a good fit for me.



M.
 
Soldato
Joined
18 Oct 2003
Posts
19,398
Location
Midlands
I've been thinking about taking my login passwords off all my machines. Just have Prey installed on everything and encrypt all of my saved passwords using one of these methods.

It's a double edged sword, if someone does steal your machine you can have a pass on it and they'll probably format it, or you can not and they can access all your files but Prey will be tracking it. Anyone done similar?
 
Top Bottom