Password Managers (PC / Android) Looking for Opinions

Kedwyn · Jul 5, 2014

I've had it in my head to try them out but never actually get around to doing so. Mostly because I see it as a giant pain in the ass to get setup only to go back to how I'm doing it now.

Essentially I'm wondering are these sites / programs worth using and if I do use them functionally are they a PIA to use or are they mostly seamless?

My list:

PC and Android support
Support for bank app in android so I can log in and do deposits / check stuff without being on my pc
Browser support so I can log in on my pc
Browser support so I can access the web pages on my phone
Ability to make good passwords
Ability to use the site / plugin / whatever to have the login done automatically when I go a site. The least amount of steps the better.

Any recommendations? First hand experience? I've been looking at last pass anyone with first hand experience with them?

Araxen · Jul 5, 2014

I use last pass and I'm very glad I made the switch. They just updated the Android app to autofill logins in other apps. You need premium for that functionality I believe which is $12 a year. Well worth it to me.

Tuco · Jul 5, 2014

I started using keepass. It's okay I guess. I just have it protecting my gmail account with some crazy password. The big problem I have is that now it's basically impossible for me to use my email account if I'm not at my computer or my phone.

Intrinsic · Jul 5, 2014

Been using Last Pass also and like it. Only problem I have with it is compatibility with programs on the desktop, like Wildstar, etc... On mobile it works fine for other apps though.

Kedwyn · Jul 5, 2014

Intrinsic_sl said:
Been using Last Pass also and like it. Only problem I have with it is compatibility with programs on the desktop, like Wildstar, etc... On mobile it works fine for other apps though.

How do games work with it (launcher)?

Intrinsic · Jul 5, 2014

That's the problem, they don't. I've invested exactly zero minutes in to finding a solution though. But launchers, Steam, etc... in a desktop environment don't work. My personal PC is probably the only place I use auto login though (and the only place I use those types of programs) so it isn't really a big big deal. A couple of clicks to launch the vault and copy / paste out.

BoldW · Jul 5, 2014

Has anyone tried dashlane and how does it compare to last pass and the others? I use dashlane on my PC but don't pay for the syncing to other devices... I really don't trust anyone to xfer or store my PWs. But the UI is easy to use and backup/print so it serves my needs atm. All new PWs I use auto-generated with a master then backup and print a copy to stick in my safe.

Grimmlokk · Jul 5, 2014

Tuco_sl said:
I started using keepass. It's okay I guess. I just have it protecting my gmail account with some crazy password. The big problem I have is that now it's basically impossible for me to use my email account if I'm not at my computer or my phone.

Same thing basically.

Funny thing is apparently the goofy ass random passwords are not the way to go. The trick is to use the whole password length. So like, pick a phrase or set of words you will remember and maybe tweak it a little bit. So instead of trying to remember "ycI9d6^m|=" you are remembering "banana_hammock_ball$ack". You won't forget it and it's actually more secure.

I'm currently going through various sites occasionally and updating my passwords in this fashion. No more forgetting.

Jovec · Jul 6, 2014

Grimmlokk_sl said:
Same thing basically.

Funny thing is apparently the goofy ass random passwords are not the way to go. The trick is to use the whole password length. So like, pick a phrase or set of words you will remember and maybe tweak it a little bit. So instead of trying to remember "ycI9d6^m|=" you are remembering "banana_hammock_ball$ack". You won't forget it and it's actually more secure.

I'm currently going through various sites occasionally and updating my passwords in this fashion. No more forgetting.

While that pic is true and good practice, this is an area where theory and reality don't mix. Password theft is almost never about password cracking, but rather lax security, poor coding, and social engineering. In fact I think you will be hard pressed to findanyactual password cracking in the wild.

One the biggest benefits of using a password manager is the ease in which every password can be unique.

Falstaff · Jul 6, 2014

Tuco_sl said:
I started using keepass. It's okay I guess. I just have it protecting my gmail account with some crazy password. The big problem I have is that now it's basically impossible for me to use my email account if I'm not at my computer or my phone.

Why don't you just use two factor authentication with gmail?

Void · Jul 6, 2014

I use keepass, but don't use it for my email passwords because of that exact reason. Every other random site I sign up for however, including torrent sites, I just click new entry, it auto-generates a 20-character random password, and I save it. The keepass file gets saved to my Dropbox, so I just install Dropbox and Keepass on secondary computers, tablets, phones, etc. and I'm good to go. It can be a bit of a nuisance if you have some app on your phone that continually needs you to enter it, but those are the places you don't use a manager and use those long word sequences like Grimmlokk mentioned. I still save it in Keepass though, just in case I forget and need to look it up again.

Zodiac · Jul 6, 2014

I use keepass / dropbox and passphrases, not the randomly generated passwords. That way I can still login to the stuff I use daily without having to open the password manager. If I forget a password I can go get it from keepass.

Pyksel · Jul 8, 2014

Another thumbs up for LastPass. I've tried Keepass + Dropbox and Dashlane but ultimately liked the functions/features that LastPass offered. You have to pay for the premium version though if you want the desktop and mobile app to accompany it but it's well worth the $12.

Browser integration is pretty straight forward, any site that you've put through LastPass will typically place an asterisk watermark in the credential fields that you can interact with and choose the credentials to populate if you don't use the auto login feature.

The desktop part of LastPass is a bit different but it basically has an icon that resides in your system tray on your desktop that allows you to "train" it by targeting the open application window (make sure your credentials are cleared at the start). You basically "find" the window, then click "train" and enter your credentials and save. Now you'll be able to either copy/paste the password (hidden & hashed) from the icon or there will now be a small asterisk watermark in the credentials field that you click on and can select the account you want to populate, similar to the browser integration.

It caught the recent heartbleed issues and it has a fairly decent security check that can go out and "score" your existing passwords and accounts to tell you where you might be deficient. There are plenty of other features that you'll discover such as exporting/importing, etc.

Letting go of the password management stuff was rough at first but after fully adopting it, it's been quite liberating.

Gator · Jul 9, 2014

pyksel_sl said:
Letting go of the password management stuff was rough.

This! I just can't bring myself to let the computer take over my passwords. It just feels unsafe even though its probably safer. Anyways, I've also seenBest Password Manager Form Filler | RoboFormthrown around a bit. No experience with it though.

Noodleface · Jul 9, 2014

Zodiac_sl said:
I use keepass / dropbox and passphrases, not the randomly generated passwords. That way I can still login to the stuff I use daily without having to open the password manager. If I forget a password I can go get it from keepass.

Pretty much this as well. I don't think any hackers are truly interested in my data.

Intrinsic · Jul 9, 2014

pyksel_sl said:
Another thumbs up for LastPass. I've tried Keepass + Dropbox and Dashlane but ultimately liked the functions/features that LastPass offered. You have to pay for the premium version though if you want the desktop and mobile app to accompany it but it's well worth the $12.

Browser integration is pretty straight forward, any site that you've put through LastPass will typically place an asterisk watermark in the credential fields that you can interact with and choose the credentials to populate if you don't use the auto login feature.

The desktop part of LastPass is a bit different but it basically has an icon that resides in your system tray on your desktop that allows you to "train" it by targeting the open application window (make sure your credentials are cleared at the start). You basically "find" the window, then click "train" and enter your credentials and save. Now you'll be able to either copy/paste the password (hidden & hashed) from the icon or there will now be a small asterisk watermark in the credentials field that you click on and can select the account you want to populate, similar to the browser integration.

It caught the recent heartbleed issues and it has a fairly decent security check that can go out and "score" your existing passwords and accounts to tell you where you might be deficient. There are plenty of other features that you'll discover such as exporting/importing, etc.

Letting go of the password management stuff was rough at first but after fully adopting it, it's been quite liberating.

Didn't know about the trainer or desktop app, just grabbed that and it is nice. Thanks for the heads up, will make Steam, Wildstar, and a few other things much better.

Selix · Jul 14, 2014

LastPass applications doesn't work with Wildstar. Not sure why as it works with most apps but it just can't find it for me. it does however supporttwo factor authenticationas well as family password sharing (great to give my read only access to sites that are important to our family) and one time keys.

As with all things the only fail safe system is to stay off the internet. If someone really wants to hack you it's highly unlikely they are going to do it through any password manager.

Pyksel · Jul 15, 2014

LastPass works just fine with Wildstar provided you're using the application. Is LastPass just not able to "Find" the application during the training process Selix?

Noodleface · Jul 15, 2014

Critical vulnerabilities in web-based password managers found

Pyksel · Jul 15, 2014

Noodleface_sl said:
Critical vulnerabilities in web-based password managers found

No password manager or even manual management of passwords is 100% free from attacks, however, LastPass is pretty upfront about attacks and exploits which is one of the reasons I recommend them.

"In the meantime, the LastPass Team has informed its users about the found vulnerabilities with the LastPass bookmarklet and One Time Passwords, the fact that they have fixed them and that they haven't been detected being exploited in the wild, and that there is no danger to users.

Regarding the OTP attack, it is a 'targeted attack', requiring an attacker to know the user's username to potentially exploit it, and serve that custom attack per user, activity which we have not seen. Even if this was exploited, the attacker would still not have the key to decrypt user data."

LastPass has also been on top of the Heartbleed security bug notifying which sites in your list may be susceptible to it.

Password Managers (PC / Android) Looking for Opinions

Silver Squire

Golden Baronet of the Realm

I got Tuco'd!

Person of Whiteness

Silver Squire

Person of Whiteness

Molten Core Raider

Ahn'Qiraj Raider

?

Ahn'Qiraj Raider

Experiencer

Lord Nagafen Raider

Rasterizing . . .

Molten Core Raider

A Mod Real Quick

Person of Whiteness

Lord Nagafen Raider

Rasterizing . . .

A Mod Real Quick

Rasterizing . . .