Password managers

[nick1988]

I've been using Dashlane for a number of years now and never had any problems with it personally. I find it invaluable now and wouldn't go without it personally especially if you match it with a yubikey.

I have been using Dashlane for the last year and about to renew, very pleased with it and would recommend it to anyone. Only niggle is sometimes it can be a bit too keen to autocomplete a form but you can always just turn it off for particular sites.

 

[nightwish]

I have been using KeePass on an external USB drive to store passwords. I'm not really up to date, is this still okay security wise?

Similar to me. Don't see why it wouldn't be secure. No known issues with KeePass that I'm aware of, and all else being equal, an offline manager has to be more secure than anything that integrates into a browser.

 

[Ozymandias]

I have been using KeePass on an external USB drive to store passwords. I'm not really up to date, is this still okay security wise?

If you are feeling particularly paranoid you can use a key file on another usb stick as well!

 

[AssaTM]

My biggest gripe with most of the major password managers is how every time you click a new field they're so keen to have you auto fill a form which then means authenticating yourself etc etc, I wish they was just a little bit more smart in that regard

 

[Ozymandias]

Is that the offline or online managers?

 

[throwaway4372]

My biggest gripe with most of the major password managers is how every time you click a new field they're so keen to have you auto fill a form which then means authenticating yourself etc etc, I wish they was just a little bit more smart in that regard

How about not using the password manager browser extension - but letting the browser remember the passwords instead?
So the password manager is just a tool for multi-device password storage, not a form-filling tool.

 

[Ozymandias]

Don't you then have two areas the bad guys can attack? The online password store and the password store in the browser.

 

[throwaway4372]

Yeah, it's just trade-offs.

 

[Ozymandias]

My thinking is that not having anything internet connected for my password storage (browser or online) is more secure.

 

[Cromulent]

My thinking is that not having anything internet connected for my password storage (browser or online) is more secure.

How secure is the physical location, though? When you store passwords in "the cloud" you not only get soft protection (encryption) but also hard (physical) security protection. With actual 24/7 security guards.

 

[Semple]

My thinking is that not having anything internet connected for my password storage (browser or online) is more secure.

Are you stuffed if you need to log into an account while you're not at home then?

 

[Ozymandias]

Only a problem if I'm using a computer I don't own and don't have my phone with me

 

[Ozymandias]

How secure is the physical location, though? When you store passwords in "the cloud" you not only get soft protection (encryption) but also hard (physical) security protection. With actual 24/7 security guards.

I don't think anyone will be physically breaking in to steal my passwords. They may fancy physically breaking in to steal millions of users passwords at a data centre though.

 

[throwaway4372]

Are you stuffed if you need to log into an account while you're not at home then?

If you backup your KeePass password database to cloud storage, assuming you memorise the cloud storage login, you can download the password database in a pinch.

 

[Semple]

If you backup your KeePass password database to cloud storage, assuming you memorise the cloud storage login, you can download the password database in a pinch.

Yes my sarcastic question was in response to

My thinking is that not having anything internet connected for my password storage (browser or online) is more secure.

As to log in anywhere that isn't home would require you to download your password database from the cloud.

 

[embalse]

Have used 1Password for many years with no issues.

.

 

[hdpcgamer]

I changed over from LastPass to Bitwarden due to the security breaches and haven't regretted it one bit.

 

[kindai]

Protonpass news:

They have undergone a full external security audit, and fixed everything found bar 1 thing on android.

The code is now fully open source.

Proton Pass is open source and audited for security | Proton

Proton Pass’s code has been made open source and passed an audit carried out by the security experts at Cure53.

proton.me

In addition new features:

Can now store credit cards in Proton Pass.

2FA code autofill

Generated password history.

Improved importers make it easier to import from other password managers.

Can now unlock Proton Pass conveniently from a website’s login page without opening the Proton Pass browser extension.

 

[rangor gubbins]

I changed over from LastPass to Bitwarden due to the security breaches and haven't regretted it one bit.

I did the same for the same reason and similarly have found it great.

 

[Fire Wizard]

Protonpass news:

They have undergone a full external security audit, and fixed everything found bar 1 thing on android.

The code is now fully open source.

Proton Pass is open source and audited for security | Proton

Proton Pass’s code has been made open source and passed an audit carried out by the security experts at Cure53.

proton.me

*Snip*

Kindai, if I may ask, have you used 1Password? If so, how would you compare it with Proton Pass? More or less the same? Also, in order to access a Proton Pass vault on a new system, what sort of information do you need? For 1Password, you need the following:

Email Address,​

​

Secret Key,​

​

Master Password,​

​

Two-Factor Authentication (optional),​

​

How does this compare with Proton Pass? I use Proton Mail so I am just wondering whether it's worth switching over to Proton Pass as well. Thank you for any help.