Password managers! (Fed up of lastpass!)

Kouba said:
I use bitwarden myself - but I'm wondering, how's everyone dealing with 2FA authentication? Mainly the backup passwords, is everyone storing those on their password managers or storing them somewhere physically?
Click to expand...

I paid for Bitwarden premium as it's so worth it. Embeds the 2FA in the app, for recovery passwords I do also save them in the account. May seem like a flaw in security, but frankly if my BitWarden account is compromised then I've got bigger problems to deal with.

I also do not store anything like banking details on there.
 
RoboForm, been using it for years and it works very well on my PC, iPhone, iPad and Apple Watch and all data syncs flawlessly between them. UI is very simple and easy to understand, surprised how few seem to use it.
 
I use Bitwarden having moved over from Lastpass, no issues here (other than forgetting my master password when I upgraded computers and logging myself out. Luckily the hint and memory got me back into it.
 
Semple said:
I paid for Bitwarden premium as it's so worth it. Embeds the 2FA in the app, for recovery passwords I do also save them in the account. May seem like a flaw in security, but frankly if my BitWarden account is compromised then I've got bigger problems to deal with.

I also do not store anything like banking details on there.
Click to expand...
Actually never knew about this - this would solve a huge headache for me. Many thanks!
 
I'm still using keepass, it's free open source software that offers AES-256 encryption as a standard.

Like most decent software, you have to put the time and effort in to get the best out of it.

Not for those who want loads of features like such as password auto-saving and auditing, password sharing, dark web monitoring, and a native mobile app etc..

Keepass is old skool
 
Genuine question below, never used anything like Bitwarden so any advise would be good etc.

Can I ask why people use this over storing the passwords in the browser?

I have had a quick look at this and can see they are stored online on your account and accessed via a browser extension.

Wouldn't keeping these stored locally on your PC\browser be safer than online?, for example if Bitwarden got hacked and all your passwords where stolen or something?

I see it can generate passwords for you and save them as well to stop you using the same pw for multiple sites etc.
 
ED209 said:
Genuine question below, never used anything like Bitwarden so any advise would be good etc.

Can I ask why people use this over storing the passwords in the browser?

I have had a quick look at this and can see they are stored online on your account and accessed via a browser extension.

Wouldn't keeping these stored locally on your PC\browser be safer than online?, for example if Bitwarden got hacked and all your passwords where stolen or something?

I see it can generate passwords for you and save them as well to stop you using the same pw for multiple sites etc.
Click to expand...

I think historically browser password managers weren't seen as very secure; they were limited and your passwords could be lifted from your machine by simply copying the file where the browser was storing them. That is different now; most are very robust and they are a totally viable choice if that is what you find convenient.

Storing/syncing your passwords online is a risk/convivence choice. Bitwarden as a whole isn't going to "get hacked" and reveal all your passwords (unless there is a fundamental flaw in their encryption algorithms, but you should consider that their codebase is open source and independently audited to minimize the chance of this). Your individual account might get compromised though, so if someone were able to steal your vault password and your two factor authentication then yes all your passwords (and anything else you've stored in the vault) would be revealed to the attacker. But someone being able to steal both a strong vault password and your two factor is something requiring a very targeted attack against yourself (or again, a fundamental flaw in Bitwarden authentication processes).
 
Last edited:
As above - passwords in the browser, at most, require your Windows password to get into (if you're using Edge) which can easily be reset (if you encrypt your drive with Bitwarden it's far harder - otherwise it's just a Linux live CD and you can easily reset the password to blank).

With Bitwarden, also my recommendation, it requires authentication to the plugin on each new browser session which means the passwords are much more secure. If your device is stolen you can change the password for extra piece of mind. I used to store passwords in the browser for convenience but I now just use the plugin.

Bitwarden also has MFA (which, again, i'd recommend you use if you go down the Bitwarden path) so it makes it that little bit more secure.


M.
 
andshrew said:
I think historically browser password managers weren't seen as very secure; they were limited and your passwords could be lifted from your machine by simply copying the file where the browser was storing them. That is different now; most are very robust and they are a totally viable choice if that is what you find convenient.

Storing/syncing your passwords online is a risk/convivence choice. Bitwarden as a whole isn't going to "get hacked" and reveal all your passwords (unless there is a fundamental flaw in their encryption algorithms, but you should consider that their codebase is open source and independently audited to minimize the chance of this). Your individual account might get compromised though, so if someone were able to steal your vault password and your two factor authentication then yes all your passwords (and anything else you've stored in the vault) would be revealed to the attacker. But someone being able to steal both a strong vault password and your two factor is something requiring a very targeted attack against yourself (or again, a fundamental flaw in Bitwarden authentication processes).
Click to expand...
m4cc45 said:
As above - passwords in the browser, at most, require your Windows password to get into (if you're using Edge) which can easily be reset (if you encrypt your drive with Bitwarden it's far harder - otherwise it's just a Linux live CD and you can easily reset the password to blank).

With Bitwarden, also my recommendation, it requires authentication to the plugin on each new browser session which means the passwords are much more secure. If your device is stolen you can change the password for extra piece of mind. I used to store passwords in the browser for convenience but I now just use the plugin.

Bitwarden also has MFA (which, again, i'd recommend you use if you go down the Bitwarden path) so it makes it that little bit more secure.


M.
Click to expand...
Thanks for replying.

Ill give it a ponder over as currently my passwords are not synced online through Chrome and if I ever format my PC I export my bookmarks and passwords to re import once back up and running.

I did notice that you need your master key to access your account from the plugin so always handy
 
i go through phases :)
currently using lastpass, it just works for me. Have a self hosted vaultwarden on a raspberrypi 3b and also got a keepassxc setup too. Lastpass is by far the easiest for me and has always worked
 
InHuman said:
I'm very tempted lol
Click to expand...
Perhaps look into whether you can use Windows Hello for biometrics based access into Bitwarden. If you use laptops you might already have a compatible device, if it's a desktop there are USB fingerprint readers that work (I'm looking at these at the moment).

That way you could likely configure it so you login once per day with your password, then subsequent unlocks can be done via fingerprint (or another Windows Hello method).
 
You must log in or register to reply here.
Back
Top Bottom