Password managers

wigster · 14 Jun 2024 at 17:35

I find myself looking at this thread thinking it's now time i need a password manager, One thing free versions vs paid is there any less protection in the free versions?

Cromulent · 14 Jun 2024 at 17:36

wigster said:
I find myself looking at this thread thinking it's now time i need a password manager, One thing free versions vs paid is there any less protection in the free versions?

No. But if you go with Bitwarden you can get all the premium features for £10 a year which in my mind is basically free anyway.

Wing-Man · 14 Jun 2024 at 17:39

Cromulent said:
No. But if you go with Bitwarden you can get all the premium features for £10 a year which in my mind is basically free anyway.

All I would say is don’t just pick one because it’s cheaper or free over one that’s never had a breach. Google is your friend. But password management is a prime target for hackers.

Cromulent · 14 Jun 2024 at 17:48

Wing-Man said:
All I would say is don’t just pick one because it’s cheaper or free over one that’s never had a breach. Google is your friend. But password management is a prime target for hackers.

Bitwarden has had multiple external audits and is open source and is pretty well regarded.

If you are really security focused you can even run it on your own servers and not share any data with anyone else.

Wing-Man · 14 Jun 2024 at 18:20

I wasn’t saying anything bad about Bitwarden I would just saying in general. There is a few password managers that have had data loss and it’s not very well reported.

Any manager your looking to use spend a few days hitting google about it before investing the time to use it

wigster · 16 Jun 2024 at 15:28

Think I'm going to start with Bitwarden. On the subject of passwords is number passwords better than a word password?

Wing-Man · 16 Jun 2024 at 15:29

Makes no difference as long as it random.

wigster · 16 Jun 2024 at 15:42

Wing-Man said:
Makes no difference as long as it random.

Interesting as I was always told that numbers instead of words are a lot better, that was 20 odd years ago though. The same person use to say using postcodes are a good idea as you can easily remember them.

Wing-Man · 16 Jun 2024 at 15:45

Well I don’t know this for sure. Like the actual one is better. But if it’s random there is more possible combinations with the full alphabet to use over just 10 numbers.

But what’s I mean is…

Hdvrhoghavqhidbtbfufns..
not worlds like SamsungDogHouse

kindai · 16 Jun 2024 at 16:11

wigster said:
Interesting as I was always told that numbers instead of words are a lot better, that was 20 odd years ago though. The same person use to say using postcodes are a good idea as you can easily remember them.

Its all about password entropy.

I highly suggest Protonpass personally. While its still a little rough around the edges, some of the privacy features it offers are simply amazing.

nightwish · 16 Jun 2024 at 17:03

Wing-Man said:
Well I don’t know this for sure. Like the actual one is better. But if it’s random there is more possible combinations with the full alphabet to use over just 10 numbers.

But what’s I mean is…

Hdvrhoghavqhidbtbfufns..
not worlds like SamsungDogHouse

If you're using a password manager, why would you limit yourself? The whole point is that the manager remembers it so you don't have to. So on that basis, why wouldn't you have 20+ characters of a bit of everything?

Wing-Man · 16 Jun 2024 at 17:17

Yes but some managers ask is you want to use words number or letters… I assumed that was his question.

Mine was use upper and lower case, numbers and symbols. It also uses European special that’s don’t come and a standard qwerty keyboard.

Rabtech · 16 Jun 2024 at 19:18

Bitwarden free here, both the wife and myself use the same account - works well, I do have to keep reminding her to put the new password into Bitwarden when she changes/resets it however.

Rainmaker · 16 Jun 2024 at 20:40

wigster said:
Think I'm going to start with Bitwarden. On the subject of passwords is number passwords better than a word password?

As another poster said, it's all about entropy. Passphrases are generally better at this than passwords. You want your master password (the one that unlocks the vault) to be as secure as possible, and to have MFA (multi-factor authentication) such as a security key, a passkey or OTP code.

Ideally, a fairly random and longish sentence you will always remember is best. One with spaces, punctuation, and numbers. Something like When I was @school Mary was in year 3 and JohnB was in year 6, but this was in 1987! is a bit of an extreme example, but you get the gist. Make it personal so you'll always remember it, but nobody else will have the first clue on where to start guessing. The entropy on something like that is simply massive, but any similar sentence you're used to will take barely a second or two to type and aeons to brute force. My passphrase is in the order of 50 characters using the full ASCII range, but takes barely two seconds to type out even on a phone (I'm used to it).

wigster · 16 Jun 2024 at 22:01

Rainmaker said:
As another poster said, it's all about entropy. Passphrases are generally better at this than passwords. You want your master password (the one that unlocks the vault) to be as secure as possible, and to have MFA (multi-factor authentication) such as a security key, a passkey or OTP code.

Ideally, a fairly random and longish sentence you will always remember is best. One with spaces, punctuation, and numbers. Something like When I was @school Mary was in year 3 and JohnB was in year 6, but this was in 1987! is a bit of an extreme example, but you get the gist. Make it personal so you'll always remember it, but nobody else will have the first clue on where to start guessing. The entropy on something like that is simply massive, but any similar sentence you're used to will take barely a second or two to type and aeons to brute force. My passphrase is in the order of 50 characters using the full ASCII range, but takes barely two seconds to type out even on a phone (I'm used to it).

Thanks for that I must say in the past my passwords have been a bit on the easy side but then I wasn't really bothered as it wasn't that it was sensitive material.

Just having a read up about passphrases never even knew that was a thing lol

wigster · 18 Jun 2024 at 13:32

Rainmaker said:
As another poster said, it's all about entropy. Passphrases are generally better at this than passwords. You want your master password (the one that unlocks the vault) to be as secure as possible, and to have MFA (multi-factor authentication) such as a security key, a passkey or OTP code.

What would you say is the best Account Two-step Method to use in Bitwarden? The Google Authenticator App or the email verification code.

Cromulent · 18 Jun 2024 at 14:51

wigster said:
What would you say is the best MFA to use in Bitwarden?

Yubikey.

wigster · 18 Jun 2024 at 14:54

Cromulent said:
Yubikey.

Sorry I had just done a sneaky edit to my orginal post.

wigster said:
What would you say is the best Account Two-step Method to use in Bitwarden? The Google Authenticator App or the email verification code.

Cromulent · 18 Jun 2024 at 14:57

wigster said:
Sorry I had just done a sneaky edit to my orginal post.

The Google app but I'd use Authy instead which is the same but syncs your keys.

wigster · 18 Jun 2024 at 15:02

Cromulent said:
The Google app but I'd use Authy instead which is the same but syncs your keys.

Cheers I haven't ever used those apps before.

Password managers

Sgarrista