Password Managers

  • Guest, it's time once again for the hotly contested and exciting FoH Asshat Tournament!



    Go here and fill out your bracket!
    Who's been the biggest Asshat in the last year? Once again, only you can decide!

Adebisi

Clump of Cells
<Silver Donator>
27,661
32,677
There's a Password Manager thread buried deep in Product Reviews, but I think it might thrive better here.

What's good? Now that I've got three computers for myself and two kids, I'll have to manage all those logins for shit like Steam, Minecraft, Blizzard Launcher, etc.

PC and Android preferred.
 
  • 1Like
Reactions: 1 user

Funkor

Molten Core Raider
733
618
I use Keepass personally. Has a PC version that you can either install or run entirely off a USB drive you carry around, and the Android app I use is Keepass2Android which has cloud hosting stuff set up on it to sync your key file over all devices. To remove cloud hosting as an attack vector where someone could steal your keyfile you can use an app/program like Syncthing on every device that runs at startup and keeps the keyfile synchronized without involving Dropbox or whatever.
 
  • 2Solidarity
Reactions: 1 users

lurkingdirk

AssHat Taint
<Medals Crew>
39,965
166,878
LastPass seems pretty great to me. I use it over a lot of different computers, from mac to pc, and it's always great.
 
  • 2Like
Reactions: 1 users

Deathwing

<Bronze Donator>
16,315
7,313
I use Keepass. The database uses billions of mathematical transformations so that it takes ~10s for a modern CPU to open the database. This is to mitigate brute forcing in case someone gets your database. Hopefully, you'll know your database is compromised before they brute force it. The database requires an english sentence that's easy to remember but also mitigates brute forcing. It also requires a key file that has to be manually added to each device that wants to access the database. The key file lives on a USB stick in a safe. Lastly, for convenience, the database lives on my Google Drive.
 
  • 2Solidarity
Reactions: 1 users

Pyksel

Rasterizing . . .
840
284
+1 for LastPass. I've tried Keepass and others but in the end my wife has to use it too and LastPass is very user-friendly.
 

Captain Suave

Caesar si viveret, ad remum dareris.
4,678
7,922
I use Keepass personally. Has a PC version that you can either install or run entirely off a USB drive you carry around, and the Android app I use is Keepass2Android which has cloud hosting stuff set up on it to sync your key file over all devices. To remove cloud hosting as an attack vector where someone could steal your keyfile you can use an app/program like Syncthing on every device that runs at startup and keeps the keyfile synchronized without involving Dropbox or whatever.

+1 for KeePass hosted on Google Drive. I'm not quite so worried about security as to invoke all the protections Deathwing lists, but they're there if you want them.

Sadly, also -1 for not wife-friendly.
 
  • 1Solidarity
Reactions: 1 user

Lanx

Oye Ve
<Prior Amod>
60,065
131,355
+1 lastpass, it's free unless you pay for the subscription for mobile? which i think is just the app? but you can just login to get your passwords anyway.
 

Denamian

Night Janitor
<Nazi Janitors>
7,116
18,728
+1 for KeePass hosted on Google Drive. I'm not quite so worried about security as to invoke all the protections Deathwing lists, but they're there if you want them.

Sadly, also -1 for not wife-friendly.

Same here. It's not as user friendly as it could be, but KeePass gets the job done well enough for me.
 
  • 1Solidarity
Reactions: 1 user

Pyksel

Rasterizing . . .
840
284
One of the nice things about LastPass is the integration of it into the browser which functions on both the desktop & mobile client. This lets you easily enter in your credentials without having to open up the vault, copy/paste, etc. On the desktop you just select the watermarked icon in the credentials fields but on mobile you can tie it right into any type of biometrics you have.

I would imagine you could do something similar with Tusk + KeePass or Kee + KeePass, but it's just nice to have it consolidated in one tool.
 

Void

Experiencer
<Gold Donor>
9,374
10,987
Another vote for Keepass here. I use Dropbox to sync it across my devices. I'm not worried about someone at Dropbox figuring out how to crack my password, but as mentioned you can use other methods if you are.
 
  • 2Solidarity
Reactions: 1 users

Ronaan

Molten Core Raider
1,092
436
OK maybe I'm forgetting something but how is that lastpass thing different from Chrome giving me my login data across devices?
 

Ukerric

Bearded Ape
<Silver Donator>
7,862
9,413
Chrome does "trust our cloud with your passwords". Password managers don't; even if you use cloud-based syncs, you're syncing encrypted files. As long as your key/password is not on the cloud service, you can't have your password safe stolen. If you have:

1) Your passwords synced on the cloud
2) You can reset your password
3) You still have your passwords

Then Google has everything required to decrypt your passwords. Or a hacker who gets access to your base. Or the NSA. But usually all three.


As a CISO, I use exclusively keepass, because it's the only password manager certified by our national (french) cybersecurity agency. It is used internally (with an additional architecture) to keep all service accounts for every internal application/DB/system safe.
 
  • 1Solidarity
Reactions: 1 user

Ronaan

Molten Core Raider
1,092
436
Chrome does "trust our cloud with your passwords". Password managers don't; even if you use cloud-based syncs, you're syncing encrypted files. As long as your key/password is not on the cloud service, you can't have your password safe stolen. If you have:

1) Your passwords synced on the cloud
2) You can reset your password
3) You still have your passwords

Then Google has everything required to decrypt your passwords. Or a hacker who gets access to your base. Or the NSA. But usually all three.


As a CISO, I use exclusively keepass, because it's the only password manager certified by our national (french) cybersecurity agency. It is used internally (with an additional architecture) to keep all service accounts for every internal application/DB/system safe.
Alright that makes sense. Thanks.
 

Lanx

Oye Ve
<Prior Amod>
60,065
131,355
OK maybe I'm forgetting something but how is that lastpass thing different from Chrome giving me my login data across devices?
you shouldn't rely on chrome for that, for instance i work w/ companies that still default to only IE for corporate stuff.