Password Managers

Adebisi

What a time to be alive
<Donors Crew>
25,097
10d 13h 0m
Reactions
23,986 1,214 0 0
#1
There's a Password Manager thread buried deep in Product Reviews, but I think it might thrive better here.

What's good? Now that I've got three computers for myself and two kids, I'll have to manage all those logins for shit like Steam, Minecraft, Blizzard Launcher, etc.

PC and Android preferred.
 

Funkor

Knight of the Realm
621
7d 6h 43m
Reactions
302 40 0 0
#2
I use Keepass personally. Has a PC version that you can either install or run entirely off a USB drive you carry around, and the Android app I use is Keepass2Android which has cloud hosting stuff set up on it to sync your key file over all devices. To remove cloud hosting as an attack vector where someone could steal your keyfile you can use an app/program like Syncthing on every device that runs at startup and keeps the keyfile synchronized without involving Dropbox or whatever.
 

lurkingdirk

<Donors Crew>
13,810
16d 7h 39m
Reactions
4,556 1,010 0 0
#3
LastPass seems pretty great to me. I use it over a lot of different computers, from mac to pc, and it's always great.
 

Deathwing

Ahn'Qiraj Raider
10,361
26d 20h 40m
Reactions
2,071 162 0 0
#4
I use Keepass. The database uses billions of mathematical transformations so that it takes ~10s for a modern CPU to open the database. This is to mitigate brute forcing in case someone gets your database. Hopefully, you'll know your database is compromised before they brute force it. The database requires an english sentence that's easy to remember but also mitigates brute forcing. It also requires a key file that has to be manually added to each device that wants to access the database. The key file lives on a USB stick in a safe. Lastly, for convenience, the database lives on my Google Drive.
 

Pyksel

Rasterizing . . .
<Donors Crew>
763
5d 18h 44m
Reactions
231 3 0 0
#5
+1 for LastPass. I've tried Keepass and others but in the end my wife has to use it too and LastPass is very user-friendly.
 

Captain Suave

Caesar si viveret, ad remum dareris.
<Donors Crew>
662
4d 16h 49m
Reactions
215 18 0 0
#7
I use Keepass personally. Has a PC version that you can either install or run entirely off a USB drive you carry around, and the Android app I use is Keepass2Android which has cloud hosting stuff set up on it to sync your key file over all devices. To remove cloud hosting as an attack vector where someone could steal your keyfile you can use an app/program like Syncthing on every device that runs at startup and keeps the keyfile synchronized without involving Dropbox or whatever.
+1 for KeePass hosted on Google Drive. I'm not quite so worried about security as to invoke all the protections Deathwing lists, but they're there if you want them.

Sadly, also -1 for not wife-friendly.
 

ZyyzYzzy

He called the shit poop
<Moderation Tools>
17,932
41d 3h 36m
Reactions
23,253 1,470 0 0
#8
Piece of paper locked in a safe
 

Lanx

Aten Ha Ra Slayer
16,391
39d 15h 2m
Reactions
23,403 4,525 0 0
#9
+1 lastpass, it's free unless you pay for the subscription for mobile? which i think is just the app? but you can just login to get your passwords anyway.
 

Denamian

Night Janitor
<Moderation Tools>
1,954
25d 1h 34m
Reactions
1,804 119 0 0
#10
+1 for KeePass hosted on Google Drive. I'm not quite so worried about security as to invoke all the protections Deathwing lists, but they're there if you want them.

Sadly, also -1 for not wife-friendly.
Same here. It's not as user friendly as it could be, but KeePass gets the job done well enough for me.
 

Pyksel

Rasterizing . . .
<Donors Crew>
763
5d 18h 44m
Reactions
231 3 0 0
#11
One of the nice things about LastPass is the integration of it into the browser which functions on both the desktop & mobile client. This lets you easily enter in your credentials without having to open up the vault, copy/paste, etc. On the desktop you just select the watermarked icon in the credentials fields but on mobile you can tie it right into any type of biometrics you have.

I would imagine you could do something similar with Tusk + KeePass or Kee + KeePass, but it's just nice to have it consolidated in one tool.
 

ToeMissile

Knight of the Realm
971
3d 3h 46m
Reactions
225 15 0 0
#12
Lastpass here for a few years. Definitely recommend.
 

Void

We're America, bitch!
<Donor All-Stars>
6,156
15d 21h 23m
Reactions
1,867 262 0 0
#13
Another vote for Keepass here. I use Dropbox to sync it across my devices. I'm not worried about someone at Dropbox figuring out how to crack my password, but as mentioned you can use other methods if you are.
 

Ronaan

Knight of the Realm
801
5d 19m
Reactions
243 19 0 0
#14
OK maybe I'm forgetting something but how is that lastpass thing different from Chrome giving me my login data across devices?
 

Ukerric

Bearded Ape
<Donor All-Stars>
3,928
14d 13h 13m
Reactions
2,461 67 0 0
#15
Chrome does "trust our cloud with your passwords". Password managers don't; even if you use cloud-based syncs, you're syncing encrypted files. As long as your key/password is not on the cloud service, you can't have your password safe stolen. If you have:

1) Your passwords synced on the cloud
2) You can reset your password
3) You still have your passwords

Then Google has everything required to decrypt your passwords. Or a hacker who gets access to your base. Or the NSA. But usually all three.


As a CISO, I use exclusively keepass, because it's the only password manager certified by our national (french) cybersecurity agency. It is used internally (with an additional architecture) to keep all service accounts for every internal application/DB/system safe.
 

Ronaan

Knight of the Realm
801
5d 19m
Reactions
243 19 0 0
#16
Chrome does "trust our cloud with your passwords". Password managers don't; even if you use cloud-based syncs, you're syncing encrypted files. As long as your key/password is not on the cloud service, you can't have your password safe stolen. If you have:

1) Your passwords synced on the cloud
2) You can reset your password
3) You still have your passwords

Then Google has everything required to decrypt your passwords. Or a hacker who gets access to your base. Or the NSA. But usually all three.


As a CISO, I use exclusively keepass, because it's the only password manager certified by our national (french) cybersecurity agency. It is used internally (with an additional architecture) to keep all service accounts for every internal application/DB/system safe.
Alright that makes sense. Thanks.
 

Lanx

Aten Ha Ra Slayer
16,391
39d 15h 2m
Reactions
23,403 4,525 0 0
#17
OK maybe I'm forgetting something but how is that lastpass thing different from Chrome giving me my login data across devices?
you shouldn't rely on chrome for that, for instance i work w/ companies that still default to only IE for corporate stuff.