Password Managers

Adebisi

What a time to be alive
25,456
37,662
17d 19m
There's a Password Manager thread buried deep in Product Reviews, but I think it might thrive better here.

What's good? Now that I've got three computers for myself and two kids, I'll have to manage all those logins for shit like Steam, Minecraft, Blizzard Launcher, etc.

PC and Android preferred.
 
  • Like
Reactions: chthonic-anemos

Funkor

Lord Nagafen Raider
643
566
11d 23h 19m
I use Keepass personally. Has a PC version that you can either install or run entirely off a USB drive you carry around, and the Android app I use is Keepass2Android which has cloud hosting stuff set up on it to sync your key file over all devices. To remove cloud hosting as an attack vector where someone could steal your keyfile you can use an app/program like Syncthing on every device that runs at startup and keeps the keyfile synchronized without involving Dropbox or whatever.
 
  • 2Solidarity
Reactions: Ukerric and Void

lurkingdirk

<Medals Crew>
14,691
9,941
30d 8h 12m
LastPass seems pretty great to me. I use it over a lot of different computers, from mac to pc, and it's always great.
 

Deathwing

<Bronze Donator>
11,157
3,938
44d 6h 50m
I use Keepass. The database uses billions of mathematical transformations so that it takes ~10s for a modern CPU to open the database. This is to mitigate brute forcing in case someone gets your database. Hopefully, you'll know your database is compromised before they brute force it. The database requires an english sentence that's easy to remember but also mitigates brute forcing. It also requires a key file that has to be manually added to each device that wants to access the database. The key file lives on a USB stick in a safe. Lastly, for convenience, the database lives on my Google Drive.
 
  • 2Solidarity
Reactions: Ukerric and Void

Pyksel

Rasterizing . . .
784
261
9d 7h 39m
+1 for LastPass. I've tried Keepass and others but in the end my wife has to use it too and LastPass is very user-friendly.
 

Captain Suave

Caesar si viveret, ad remum dareris.
879
608
14d 35m
I use Keepass personally. Has a PC version that you can either install or run entirely off a USB drive you carry around, and the Android app I use is Keepass2Android which has cloud hosting stuff set up on it to sync your key file over all devices. To remove cloud hosting as an attack vector where someone could steal your keyfile you can use an app/program like Syncthing on every device that runs at startup and keeps the keyfile synchronized without involving Dropbox or whatever.
+1 for KeePass hosted on Google Drive. I'm not quite so worried about security as to invoke all the protections Deathwing lists, but they're there if you want them.

Sadly, also -1 for not wife-friendly.
 
  • Solidarity
Reactions: Ukerric

Lanx

Silver Baron of the Realm
19,956
48,135
68d 8h 24m
+1 lastpass, it's free unless you pay for the subscription for mobile? which i think is just the app? but you can just login to get your passwords anyway.
 

Denamian

Night Janitor
<Prior Amod>
2,174
3,242
39d 22h 57m
+1 for KeePass hosted on Google Drive. I'm not quite so worried about security as to invoke all the protections Deathwing lists, but they're there if you want them.

Sadly, also -1 for not wife-friendly.
Same here. It's not as user friendly as it could be, but KeePass gets the job done well enough for me.
 
  • Solidarity
Reactions: Void

Pyksel

Rasterizing . . .
784
261
9d 7h 39m
One of the nice things about LastPass is the integration of it into the browser which functions on both the desktop & mobile client. This lets you easily enter in your credentials without having to open up the vault, copy/paste, etc. On the desktop you just select the watermarked icon in the credentials fields but on mobile you can tie it right into any type of biometrics you have.

I would imagine you could do something similar with Tusk + KeePass or Kee + KeePass, but it's just nice to have it consolidated in one tool.
 

Void

We're America, bitch!
<Bronze Donator>
6,535
3,529
27d 5h 58m
Another vote for Keepass here. I use Dropbox to sync it across my devices. I'm not worried about someone at Dropbox figuring out how to crack my password, but as mentioned you can use other methods if you are.
 
  • 2Solidarity
Reactions: sleevedraw and Ukerric

Ronaan

Lord Nagafen Raider
906
439
7d 13h 9m
OK maybe I'm forgetting something but how is that lastpass thing different from Chrome giving me my login data across devices?
 

Ukerric

Bearded Ape
<Bronze Donator>
4,398
4,203
25d 8h 50m
Chrome does "trust our cloud with your passwords". Password managers don't; even if you use cloud-based syncs, you're syncing encrypted files. As long as your key/password is not on the cloud service, you can't have your password safe stolen. If you have:

1) Your passwords synced on the cloud
2) You can reset your password
3) You still have your passwords

Then Google has everything required to decrypt your passwords. Or a hacker who gets access to your base. Or the NSA. But usually all three.


As a CISO, I use exclusively keepass, because it's the only password manager certified by our national (french) cybersecurity agency. It is used internally (with an additional architecture) to keep all service accounts for every internal application/DB/system safe.
 
  • Solidarity
Reactions: Void

Ronaan

Lord Nagafen Raider
906
439
7d 13h 9m
Chrome does "trust our cloud with your passwords". Password managers don't; even if you use cloud-based syncs, you're syncing encrypted files. As long as your key/password is not on the cloud service, you can't have your password safe stolen. If you have:

1) Your passwords synced on the cloud
2) You can reset your password
3) You still have your passwords

Then Google has everything required to decrypt your passwords. Or a hacker who gets access to your base. Or the NSA. But usually all three.


As a CISO, I use exclusively keepass, because it's the only password manager certified by our national (french) cybersecurity agency. It is used internally (with an additional architecture) to keep all service accounts for every internal application/DB/system safe.
Alright that makes sense. Thanks.
 

Lanx

Silver Baron of the Realm
19,956
48,135
68d 8h 24m
OK maybe I'm forgetting something but how is that lastpass thing different from Chrome giving me my login data across devices?
you shouldn't rely on chrome for that, for instance i work w/ companies that still default to only IE for corporate stuff.