Password Managers

Adebisi

What a time to be alive
<Donors Crew>
25,199
12d 22h 30m
Reactions
24,446 1,243 0 0
#1
There's a Password Manager thread buried deep in Product Reviews, but I think it might thrive better here.

What's good? Now that I've got three computers for myself and two kids, I'll have to manage all those logins for shit like Steam, Minecraft, Blizzard Launcher, etc.

PC and Android preferred.
 

Funkor

Knight of the Realm
635
8d 20h 8m
Reactions
333 40 0 0
#2
I use Keepass personally. Has a PC version that you can either install or run entirely off a USB drive you carry around, and the Android app I use is Keepass2Android which has cloud hosting stuff set up on it to sync your key file over all devices. To remove cloud hosting as an attack vector where someone could steal your keyfile you can use an app/program like Syncthing on every device that runs at startup and keeps the keyfile synchronized without involving Dropbox or whatever.
 

lurkingdirk

<Donors Crew>
14,123
21d 14h 23m
Reactions
5,275 1,149 0 0
#3
LastPass seems pretty great to me. I use it over a lot of different computers, from mac to pc, and it's always great.
 

Deathwing

Ahn'Qiraj Raider
10,590
31d 11h 32m
Reactions
2,177 170 0 0
#4
I use Keepass. The database uses billions of mathematical transformations so that it takes ~10s for a modern CPU to open the database. This is to mitigate brute forcing in case someone gets your database. Hopefully, you'll know your database is compromised before they brute force it. The database requires an english sentence that's easy to remember but also mitigates brute forcing. It also requires a key file that has to be manually added to each device that wants to access the database. The key file lives on a USB stick in a safe. Lastly, for convenience, the database lives on my Google Drive.
 

Pyksel

Rasterizing . . .
<Donors Crew>
778
7d 2h 30m
Reactions
239 3 0 0
#5
+1 for LastPass. I've tried Keepass and others but in the end my wife has to use it too and LastPass is very user-friendly.
 

Captain Suave

Caesar si viveret, ad remum dareris.
<Donors Crew>
721
8d 15h 39m
Reactions
304 24 0 0
#7
I use Keepass personally. Has a PC version that you can either install or run entirely off a USB drive you carry around, and the Android app I use is Keepass2Android which has cloud hosting stuff set up on it to sync your key file over all devices. To remove cloud hosting as an attack vector where someone could steal your keyfile you can use an app/program like Syncthing on every device that runs at startup and keeps the keyfile synchronized without involving Dropbox or whatever.
+1 for KeePass hosted on Google Drive. I'm not quite so worried about security as to invoke all the protections Deathwing lists, but they're there if you want them.

Sadly, also -1 for not wife-friendly.
 

ZyyzYzzy

Shitpost Counsel
<Prior Amod>
18,124
50d 13h 39m
Reactions
24,073 1,542 0 0
#8
Piece of paper locked in a safe
 

Lanx

Aten Ha Ra Slayer
17,918
51d 1h 8m
Reactions
29,086 5,799 0 0
#9
+1 lastpass, it's free unless you pay for the subscription for mobile? which i think is just the app? but you can just login to get your passwords anyway.
 

Denamian

Night Janitor
<Prior Amod>
2,058
30d 15h 26m
Reactions
2,071 150 0 0
#10
+1 for KeePass hosted on Google Drive. I'm not quite so worried about security as to invoke all the protections Deathwing lists, but they're there if you want them.

Sadly, also -1 for not wife-friendly.
Same here. It's not as user friendly as it could be, but KeePass gets the job done well enough for me.
 

Pyksel

Rasterizing . . .
<Donors Crew>
778
7d 2h 30m
Reactions
239 3 0 0
#11
One of the nice things about LastPass is the integration of it into the browser which functions on both the desktop & mobile client. This lets you easily enter in your credentials without having to open up the vault, copy/paste, etc. On the desktop you just select the watermarked icon in the credentials fields but on mobile you can tie it right into any type of biometrics you have.

I would imagine you could do something similar with Tusk + KeePass or Kee + KeePass, but it's just nice to have it consolidated in one tool.
 

ToeMissile

Knight of the Realm
985
3d 23h 29m
Reactions
232 15 0 0
#12
Lastpass here for a few years. Definitely recommend.
 

Void

We're America, bitch!
<Donor All-Stars>
6,334
21d 42m
Reactions
2,194 285 0 0
#13
Another vote for Keepass here. I use Dropbox to sync it across my devices. I'm not worried about someone at Dropbox figuring out how to crack my password, but as mentioned you can use other methods if you are.
 

Ronaan

Knight of the Realm
854
6d 7h 2m
Reactions
279 22 0 0
#14
OK maybe I'm forgetting something but how is that lastpass thing different from Chrome giving me my login data across devices?
 

Ukerric

Bearded Ape
<Donor All-Stars>
4,109
18d 20h 56m
Reactions
2,864 92 0 0
#15
Chrome does "trust our cloud with your passwords". Password managers don't; even if you use cloud-based syncs, you're syncing encrypted files. As long as your key/password is not on the cloud service, you can't have your password safe stolen. If you have:

1) Your passwords synced on the cloud
2) You can reset your password
3) You still have your passwords

Then Google has everything required to decrypt your passwords. Or a hacker who gets access to your base. Or the NSA. But usually all three.


As a CISO, I use exclusively keepass, because it's the only password manager certified by our national (french) cybersecurity agency. It is used internally (with an additional architecture) to keep all service accounts for every internal application/DB/system safe.
 

Ronaan

Knight of the Realm
854
6d 7h 2m
Reactions
279 22 0 0
#16
Chrome does "trust our cloud with your passwords". Password managers don't; even if you use cloud-based syncs, you're syncing encrypted files. As long as your key/password is not on the cloud service, you can't have your password safe stolen. If you have:

1) Your passwords synced on the cloud
2) You can reset your password
3) You still have your passwords

Then Google has everything required to decrypt your passwords. Or a hacker who gets access to your base. Or the NSA. But usually all three.


As a CISO, I use exclusively keepass, because it's the only password manager certified by our national (french) cybersecurity agency. It is used internally (with an additional architecture) to keep all service accounts for every internal application/DB/system safe.
Alright that makes sense. Thanks.
 

Lanx

Aten Ha Ra Slayer
17,918
51d 1h 8m
Reactions
29,086 5,799 0 0
#17
OK maybe I'm forgetting something but how is that lastpass thing different from Chrome giving me my login data across devices?
you shouldn't rely on chrome for that, for instance i work w/ companies that still default to only IE for corporate stuff.