Author Topic: Choosing a password manager--advice needed  (Read 9539 times)

Spork

  • Walrus Stache
  • *******
  • Posts: 5753
    • Spork In The Eye
Re: Choosing a password manager--advice needed
« Reply #50 on: May 10, 2017, 12:52:23 PM »
This is what I mean by "clever".  If you have a formula that is easily applied: "password is concatenation of 5th word, 9th word, 5th letter of 15th word, etc in a paragraph"  then you have, effectively, an encrypted password. 

Now, if you need to add other facts: different userid, password reset questions/answers, a PIN, where/how this password applies, a few facts like "this was the administrative password between 2006-2007 for the mail systems".   Then this becomes harder.  It's still doable, but hard to do in your head.  At some point, you'll need a program to actually manage this -- even if using steganograpy.  This is all doable (as evidenced by lifeanon) but doing it *well* and in a way that provides lots of details and produces readable text and scales to large numbers and is searchable -- and doing it quickly -- that becomes harder.

There are folks that spend their entire career just building encryption systems (and even they make boneheaded mistakes or build systems that age-out over time).  I personally prefer to use things that are off-the-shelf encryption systems with open algorithms and a crap ton of peer review eyes looking at it.  That said: eventually even these systems will fall to errors or computational growth.  That's how it works.

StetsTerhune

  • Bristles
  • ***
  • Posts: 451
Re: Choosing a password manager--advice needed
« Reply #51 on: May 12, 2017, 07:22:03 AM »
I agree with GoingToMaine...  It's no different than having a folder full of notes and having one boring one entitled "2013 Summit on Managerial Effectiveness" that contains userids/passwords.  Unless you are extremely clever, it's going to look like userids and passwords.  And if a BadPerson™ knows enough about you to have a little bit of an idea what to look for... using an exhaustive search on the local hard drive for some key strings isn't that hard, regardless of where it might be hidden.

I'm not an expert in passwords, but I am an expert in risk analysis. One of the core tenets of risk analysis is to first ask yourself what risks it is that you're worried about.

I'm not worried about some "BadPerson™ who knows enough about me" finding my passwords and stealing my money. I'm not worried about anyone who knows me that well, and I don't know why anyone else would target me enough to spend that kind of effort on me. If I were famous or rich or a corporation or government, this is the threat I'd be worried about it. But as a NormalPerson™", it's pretty much the last threat I'm worried about.

I'm worried about broad attacks by criminal gangs. These would likely either be in the form of picking the low-hanging fruit, or hacking some tool has a lot of passwords. So while some advice makes sense for that (not having stupid, common passwords, not using the same password for everything), some doesn't make sense for that: saving your password anywhere, no matter how secure, that is would be a good target for a criminal gang looking for a bunch of accounts to exploit.

Criminal hackers gangs™ have and will continue to attack password managers. It's guaranteed. Whether they'll succeed or not, I don't know, but they will try. What I can completely and totally guarantee, is they'll never look through my stuff for a piece of paper that has 20 passwords written down. That piece of paper is obscure enough that if some random person found it, they woulldn't know what it was or how to use it. And it's physical enough that no hacker will ever get it.

Spork

  • Walrus Stache
  • *******
  • Posts: 5753
    • Spork In The Eye
Re: Choosing a password manager--advice needed
« Reply #52 on: May 12, 2017, 07:58:14 AM »
I'm not worried about some "BadPerson™ who knows enough about me" finding my passwords and stealing my money. I'm not worried about anyone who knows me that well, and I don't know why anyone else would target me enough to spend that kind of effort on me. If I were famous or rich or a corporation or government, this is the threat I'd be worried about it. But as a NormalPerson™", it's pretty much the last threat I'm worried about.

For what it's worth, posting on a wealth-building finance related site might be enough.  It doesn't take more than a handful of facts and a few hours stalking to work from "anonymous poster on forum" to "Bob Smith of Tallahassee, Florida."

And I have no idea what you do for a living... but targeted attacks are becoming more common.  Maybe they don't apply to you...  But if you work in an area where you have more information than the average guy, you can be targeted.  (Health care worker, IT worker, finance worker, payroll worker, etc)

Criminal hackers gangs™ have and will continue to attack password managers. It's guaranteed. Whether they'll succeed or not, I don't know, but they will try. What I can completely and totally guarantee, is they'll never look through my stuff for a piece of paper that has 20 passwords written down. That piece of paper is obscure enough that if some random person found it, they woulldn't know what it was or how to use it. And it's physical enough that no hacker will ever get it.

Totally true.  Criminal gangs probably won't.  Going through papers is more likely to happen with people you trust.

If you have complex passwords, they're also really hard to copy/paste from paper.  This makes me LazyPerson™.




lifeanon269

  • Bristles
  • ***
  • Posts: 337
Re: Choosing a password manager--advice needed
« Reply #53 on: May 12, 2017, 08:13:53 AM »
StetsTerhune, you're absolutely right that ultimately it comes down to risk assessment and each individual will have to do that for themselves.

However, as Spork touched upon, there are certain considerations to take into account when going the phyiscal copy approach.

We live in a very mobile world and that means for a lot of people, they'll want/need access to those accounts from many different locations (work, home, vacation, etc). So if you go the physical route, then that immediately means that you'll need to be carrying around that physical copy in some form or another. While that physical copy might be very secure while it is stashed away at home, it won't be as secure when you're on the move.

Also, bad habits that might be OK for specific scenarios for the individual privately, they are almost never OK when in the business world. So if you develop those habits personally, you'd have to be very diligent to not allow those habits to carry over into an environment that requires a more stringent approach to security.

As Spork mentioned as well, keeping your passwords secret from bad actors shouldn't be your only concern. There are also many people in our lives, those we trust, that it might be important to keep our passwords secret from (for example, children).

While the physical approach might be OK for specific secluded "homebodies" that only ever use the internet from a single computer at home, the risk isn't low enough for the majority of internet users that I could ever feel comfortable recommending that advice to the general public.

joonifloofeefloo

  • Walrus Stache
  • *******
  • Posts: 5130
  • On a forum break :)
Re: Choosing a password manager--advice needed
« Reply #54 on: May 12, 2017, 11:29:31 AM »
I've really appreciated the entire discussion here, and the comic helped me SO MUCH, as did the little chart.

It's all convinced me to finally make a move to a manager, and that will be a project for this weekend.
It sounds like Keepass or Lastpass are what most people are satisfied with, and in that order, yes?

Keepass has had no security breaches, but Lastpass is synced across all devices. The latter sounds like a great boon to me personally (i.e., what will encourage me to use a manager, which increases my security overall).

Questions:

1. With keepass not synced across devices, how does a person manage this on multiple devices?

2. Given the breaches that have occured with Lastpass and similar programs, do most security folks here scream "NOT LASTPASS"? Or do you shrug off the security breaches, feeling satisfied with how those played out?

3. When I swap out computers (loaners from my school and kid's school), does one or the other (keepass/lastpass) have an advantage, in terms of preventing conniptions in me?(I'm thinking lastpass again/)

GoingToMaine

  • 5 O'Clock Shadow
  • *
  • Posts: 64
  • Age: 41
  • Location: Virginia (for now)
Re: Choosing a password manager--advice needed
« Reply #55 on: May 12, 2017, 05:22:12 PM »
I've really appreciated the entire discussion here, and the comic helped me SO MUCH, as did the little chart.

It's all convinced me to finally make a move to a manager, and that will be a project for this weekend.
It sounds like Keepass or Lastpass are what most people are satisfied with, and in that order, yes?

Keepass has had no security breaches, but Lastpass is synced across all devices. The latter sounds like a great boon to me personally (i.e., what will encourage me to use a manager, which increases my security overall).

Questions:

1. With keepass not synced across devices, how does a person manage this on multiple devices?

2. Given the breaches that have occured with Lastpass and similar programs, do most security folks here scream "NOT LASTPASS"? Or do you shrug off the security breaches, feeling satisfied with how those played out?

3. When I swap out computers (loaners from my school and kid's school), does one or the other (keepass/lastpass) have an advantage, in terms of preventing conniptions in me?(I'm thinking lastpass again/)

KeePass hasn't had a large scale "breach" per se, but it has had vulnerabilities found just like the others.  The difference is that it's usually run locally on a machine rather than in a centralized hosted model.

Regarding your other questions, and as a security person with 15+ years in the business:

1.  There are methods to use DropBox or similar to sync your KeePass database to multiple devices.  I've tried it and it works fine, but it does require more work than something built to sync natively like LastPass.

2.  LastPass and Dashlane have both patched their vulnerabilities in a timely manner, as has KeePass for that matter, so I wouldn't run screaming from any of them.  Just manage your risk.  If they notify you of a breach and say you should change your master password, do it.

3.  LastPass will be easier simply because there are fewer moving parts.

Spork

  • Walrus Stache
  • *******
  • Posts: 5753
    • Spork In The Eye
Re: Choosing a password manager--advice needed
« Reply #56 on: May 12, 2017, 05:48:47 PM »
I've really appreciated the entire discussion here, and the comic helped me SO MUCH, as did the little chart.

It's all convinced me to finally make a move to a manager, and that will be a project for this weekend.
It sounds like Keepass or Lastpass are what most people are satisfied with, and in that order, yes?

Keepass has had no security breaches, but Lastpass is synced across all devices. The latter sounds like a great boon to me personally (i.e., what will encourage me to use a manager, which increases my security overall).

Questions:

1. With keepass not synced across devices, how does a person manage this on multiple devices?

2. Given the breaches that have occured with Lastpass and similar programs, do most security folks here scream "NOT LASTPASS"? Or do you shrug off the security breaches, feeling satisfied with how those played out?

3. When I swap out computers (loaners from my school and kid's school), does one or the other (keepass/lastpass) have an advantage, in terms of preventing conniptions in me?(I'm thinking lastpass again/)

KeePass hasn't had a large scale "breach" per se, but it has had vulnerabilities found just like the others.  The difference is that it's usually run locally on a machine rather than in a centralized hosted model.

Regarding your other questions, and as a security person with 15+ years in the business:

1.  There are methods to use DropBox or similar to sync your KeePass database to multiple devices.  I've tried it and it works fine, but it does require more work than something built to sync natively like LastPass.

2.  LastPass and Dashlane have both patched their vulnerabilities in a timely manner, as has KeePass for that matter, so I wouldn't run screaming from any of them.  Just manage your risk.  If they notify you of a breach and say you should change your master password, do it.

3.  LastPass will be easier simply because there are fewer moving parts.

This also depends on your requirements for "synced across devices".  What devices?

Are we talking about multiple computers?  Or extending to mobile devices?  I still have a fairly large (possibly bordering on irrational) distrust of most mobile devices.  I tend to only use passwords I deem "not important" on mobile. In a sense: I don't care about accessing passwords from them.  The passwords I use on mobile are passwords I'm okay with just saving in an app.

If we're just talking about multiple computers, the simplest method of sharing is to use a password manager that will run and store its data on a USB stick.  (Dear lord: have a religiously adhered to process that keeps a backup, please!)  Since I am a bit of a dinosaur and use linux and my own methods for password management... I can't really give honest recommendations on packages that will run in a USB environment.  I know pwsafe does... and I suspect many of them do.

joonifloofeefloo

  • Walrus Stache
  • *******
  • Posts: 5130
  • On a forum break :)
Re: Choosing a password manager--advice needed
« Reply #57 on: May 12, 2017, 06:23:23 PM »
Between my teen and me -and busienss/school/personal- it's two computers at a time (replaced frequently per school loaner system), one tablet, two phones.

Yes, I'm good about backing up. I have back up of archives in a safe deposit box, and keep current projects in DropBox. My computer died recently and I lost nothing, just opened a new loaner and carried on.

GoingToMaine

  • 5 O'Clock Shadow
  • *
  • Posts: 64
  • Age: 41
  • Location: Virginia (for now)
Re: Choosing a password manager--advice needed
« Reply #58 on: May 12, 2017, 06:45:08 PM »
Since you're already using DropBox, KeePass synced with DropBox would be a nice, free solution.

Not sure if you need this functionality, but if you wanted to be able to share certain passwords with your teen, but keep others to yourself, LastPass can do that kind of thing.  It's a little tougher to do that with KeePass last time I looked.

One reason I personally go with LastPass is that it has an emergency access feature that allows me to grant access to other people.  You specify a wait time, and if they try to access your password database, they have to wait that long or you can reject the request any time in between.  I like this because I can put like a 2 week wait time on it and grant my mom access.  So then if I die or become incapacitated, she can get into my accounts.  With just about all my account statements being paperless these days, nobody else would be able to figure out the tangled web of accounts I'd be leaving behind without it.

joonifloofeefloo

  • Walrus Stache
  • *******
  • Posts: 5130
  • On a forum break :)
Re: Choosing a password manager--advice needed
« Reply #59 on: May 12, 2017, 06:52:36 PM »
Thanks very much, GoingToMaine and Spork! I find this all so intimidating, so I really appreciate the directed help. I'm going to start playing around this eve and see what I experience as a first attempt...

Shane

  • Pencil Stache
  • ****
  • Posts: 878
  • Location: Independent
Re: Choosing a password manager--advice needed
« Reply #60 on: May 12, 2017, 06:56:02 PM »
For the past several years we've been using Keeper Security to store passwords and it works well for us. My wife and I share an account that is synced across all of our devices. The Android app we use accepts fingerprint sign in, so we don't even need to bother with typing in the master password when we're using our phones.

GoingToMaine

  • 5 O'Clock Shadow
  • *
  • Posts: 64
  • Age: 41
  • Location: Virginia (for now)
Re: Choosing a password manager--advice needed
« Reply #61 on: May 12, 2017, 07:16:14 PM »
For the past several years we've been using Keeper Security to store passwords and it works well for us. My wife and I share an account that is synced across all of our devices. The Android app we use accepts fingerprint sign in, so we don't even need to bother with typing in the master password when we're using our phones.
Keeper's good too.  I always forget about that one.  It's similar feature-wise to Dashlane and LastPass.  Solid choice.

lifeanon269

  • Bristles
  • ***
  • Posts: 337
Re: Choosing a password manager--advice needed
« Reply #62 on: May 13, 2017, 02:36:57 PM »
I just wanted to share this information in case anyone finds it useful. It touches more on the concepts I talked about above (Length>Complexity), but talks about how you can take advantage of that fact to create really easy passwords to remember, but are also extremely stong passwords.

https://www.grc.com/haystack.htm

If anyone is still trying to decide on the best solution for a password manager and is finding it difficult, an option could be to take advantage of the password haystacking concept.

When an attacker has exhausted all their easier options for cracking a password (dictionary, rainbow tables, common passwords, etc), then their only other option is to do an exhaustive brute-force search. Once that's begun, the only thing that matters is length.

So how can you take advantage of this fact? Well, as the article talks about, all you need to do is come up with a simple and easy to remember password (for example, "Tig3r"), and then simply pad its length. Since all that matter is length, the padding will take care of that for you. All you need to do is worry about making sure that each site has a different password. Since an attacker isn't going to know what part of the password is different from site to site, each site's "key" only needs to be a few characters long.

What you could then do is simply create a key list for all your sites. For example, Amazon.com = ke2, ebay.com = pq5, etc...

You can then combine your password, with the key for that site, and then simply pad the rest with a character. So my passwords could look like this (using my example memorable password from above):

Amazon.com =
Tig3rke2!!!!!!!!!!!!

ebay.com =
Tig3rpq5!!!!!!!!!!!!

You could then simply store that key anywhere you'd like and have it with you anywhere you'd need it. It doesn't even need to be secure, since it isn't useful information to a hacker until other data breaches have also taken place. Let me explain...

Let's look at some scenarios:

Scenario 1) Compromising your actual website passwords is extremely difficult because of their length. That's already true and your secure from a password cracking/brute-force perspective. Nobody knows the concept behind your passwords since it is only in your head. Therefore, the strength of your 20 character passwords are just as strong as even the most randomized 20 character passwords.

Scenario 2) Let's say your Amazon.com password was exposed because you fell victim to a phishing website. So they didn't need to crack your password because you gave it away. All they know is that "Tig3rke2!!!!!!!!!!!!" is your Amazon.com password. They'd have no idea that the passwords for your other websites have patterns similar to it. They also have no idea of the existence of your key list. So your other websites are safe.

Scenario 3) Final scenario is that your key list is compromised. Since your website passwords haven't been compromised, they'll have no idea what those three characters for each website are for and would have no idea how to apply them. They're as good as nothing.

Long story short, password haystacking is a great way to create memorable passwords that are extremely difficult to crack. Your only chore is to design a method that takes advantage of the fact that length matters above all else to create different passwords for each website so that if one password is compromised, they all aren't.

If you're uneasy about using a password manager (and there is enough reason to be, IMO), then hopefully this advice is useful for coming up with another alternative that might be useful for some.

Final note, even if you do decide to use a password manager, you will still need to memorize at least one password. I highly recommend using the haystacking (length) technique as described.

joonifloofeefloo

  • Walrus Stache
  • *******
  • Posts: 5130
  • On a forum break :)
Re: Choosing a password manager--advice needed
« Reply #63 on: May 13, 2017, 02:56:54 PM »
lifeanon269: Loved every word of that, thank you!

All: Looked at keepass last night and was surprised to see the site so...industrial looking. I will go a bit further than first glance today, but I know that YNAB's esthetic is a huge part of what has kept me willing to stick with it, so I might consider a shinier option on the shininess account alone.

joonifloofeefloo

  • Walrus Stache
  • *******
  • Posts: 5130
  • On a forum break :)
Re: Choosing a password manager--advice needed
« Reply #64 on: May 13, 2017, 04:24:20 PM »
Okay, I'm down to Lastpass and Dashlane. The latter because, "...it can reset your passwords at once, saving you time and worry in the event of a major data breach." The cost doesn't bother me.

So, my one concern is, "...its read-only web interface, which prevents you from making any changes to your vault while away from your primary computer." If my primary computer dies or returned to its loaner company or I just choose not to have a computer for a while -relying on my tablet and phone as I sometimes do for weeks at a time- how do changes to the vault? In my particular lifestyle, is Lastpass better than Dashlane?

Or, has Lastpass by any chance developed the ability to change all passwords at once since the article quoted above was written?

Rocket

  • 5 O'Clock Shadow
  • *
  • Posts: 99
  • Location: Los Angeles
Re: Choosing a password manager--advice needed
« Reply #65 on: May 13, 2017, 05:25:23 PM »
I'm not sure having a password manager reset all your passwords is a good thing.  You'd end up with not being able to log into half your accounts.  Every site handles password reseting differently and some use 2 factor authentication and other security measures.  I'm doubting it would work.

GoingToMaine

  • 5 O'Clock Shadow
  • *
  • Posts: 64
  • Age: 41
  • Location: Virginia (for now)
Re: Choosing a password manager--advice needed
« Reply #66 on: May 13, 2017, 08:04:52 PM »
Or, has Lastpass by any chance developed the ability to change all passwords at once since the article quoted above was written?
I don't see anything like that in Lastpass, but I do see a "change compromised passwords" section under their Security Challenge option.  Mine's empty at the moment, but I presume that if a site I use was compromised, it would show up here so I could click a button and change the password used for it.

With This Herring

  • Handlebar Stache
  • *****
  • Posts: 1207
  • Location: New York STATE, not city
  • TANSTAAFL!
Re: Choosing a password manager--advice needed
« Reply #67 on: May 18, 2017, 09:27:54 AM »
OP here--wow, never a dull moment on the MMM boards!

Thanks for the product recommendations, tech discussion and general security tips. So far, of the commercial products, Lastpass has received the most votes, followed by KeePass. Anyone else want to chime in?

I am not an IT person.  I am just a person who has passwords.  I do not value being able to access my financial accounts on computers outside of my home.  I have a dumbphone, so it doesn't need password access either.

I have been using KeePassX, which is cross-platform (and is, to my knowledge, the same program as KeePass).  I like that things are stored on my computer instead of the cloud.  I like that it will generate random passwords that are as long as I want and that I can limit the character set for those stupider websites that don't allow special characters.  It will also store answers to those security questions, so "Mother's maiden name" can be "ALargePileOfRocks" or "amsdiutpc384p9c!@#$%^&*("  I appreciate the auto-type feature, where you can set up a hot-key sequence that will allow you to press three keys and log in to a specific website.  This last part can be a bit fiddly.  Finally, I can set reminders for me to change the passwords on specific sites every week/month/six months/etc.

Also, I would like to complain that Merrill Lynch, for the account I had through an employer, required a six-character password with JUST letters and numbers, no special characters.  See confirmation here.  What the heck.  I hope this has been changed since the time I left that employer and closed that account.

joonifloofeefloo

  • Walrus Stache
  • *******
  • Posts: 5130
  • On a forum break :)
Re: Choosing a password manager--advice needed
« Reply #68 on: May 18, 2017, 09:45:39 AM »
I went with Dashlane (per accessing/swapping computers all over the lands). Love it! Thanks very much to everyone who has participated in this thread. That had been on my to-do list for a looooooooooong time, just didn't have the info I needed til this thread.

Spork

  • Walrus Stache
  • *******
  • Posts: 5753
    • Spork In The Eye
Re: Choosing a password manager--advice needed
« Reply #69 on: May 18, 2017, 09:54:46 AM »
Also, I would like to complain that Merrill Lynch, for the account I had through an employer, required a six-character password with JUST letters and numbers, no special characters.  See confirmation here.  What the heck.  I hope this has been changed since the time I left that employer and closed that account.

I briefly had an online account with them a little over a year ago -- though directly with ML, not through an employer.  No special characters were allowed, but they allowed up to 20 characters. 

I've been amazed how many folks have silly/differing requirements.... differing ideas of what a "special" is... none allowed at all, etc.


With This Herring

  • Handlebar Stache
  • *****
  • Posts: 1207
  • Location: New York STATE, not city
  • TANSTAAFL!
Re: Choosing a password manager--advice needed
« Reply #70 on: May 18, 2017, 10:12:49 AM »
Also, I would like to complain that Merrill Lynch, for the account I had through an employer, required a six-character password with JUST letters and numbers, no special characters.  See confirmation here.  What the heck.  I hope this has been changed since the time I left that employer and closed that account.

I briefly had an online account with them a little over a year ago -- though directly with ML, not through an employer.  No special characters were allowed, but they allowed up to 20 characters. 

I've been amazed how many folks have silly/differing requirements.... differing ideas of what a "special" is... none allowed at all, etc.

I'm just now finding this:
Quote
Enter and confirm your new Password. It must be 6 to 12 characters, using letters and numbers and no special characters (e.g. ?, *). Your Password should be unique to you and difficult for others to guess.

I think they have different requirements for different types of accounts.  For the employer account, my username was my account number.

katsiki

  • Handlebar Stache
  • *****
  • Posts: 1385
  • Age: 38
  • Location: La.
Re: Choosing a password manager--advice needed
« Reply #71 on: May 18, 2017, 04:16:03 PM »
Finally, I can set reminders for me to change the passwords on specific sites every week/month/six months/etc.

Thanks for mentioning this!  I didn't realize it did this.  I use KeePass and will have to look into that feature.

Abe

  • Handlebar Stache
  • *****
  • Posts: 1235
Re: Choosing a password manager--advice needed
« Reply #72 on: May 18, 2017, 07:52:30 PM »
I have a question about the security of the fingerprint detector on the Iphone. Assuming it's not stolen by someone who has recreated my fingerprint, is there a program that can use that to unlock a list of passwords stored on the phone for you to type into a computer or elsewhere?

billybob

  • 5 O'Clock Shadow
  • *
  • Posts: 14
Re: Choosing a password manager--advice needed
« Reply #73 on: May 19, 2017, 11:24:46 AM »
easy way and cheap way to do it, is in gmail, open a draft and write it all down there, the draft will always save and you'll always have access to it

Maurits28

  • 5 O'Clock Shadow
  • *
  • Posts: 14
  • Age: 39
  • Location: Mexico
Re: Choosing a password manager--advice needed
« Reply #74 on: May 19, 2017, 01:33:29 PM »
I'm surprised nobody mentioned Enpass. I use it for a long time now, very satisfied. It stores your password file locally, encrypted with one master password. https://www.enpass.io/


If you want to sync between devices, it can store the passwordfile on your personal Google drive or any of the other popular cloud services, or your own cloud server. So there is no central 'cloud' to be attacked like with LastPass. And even if they attack your personal Google Drive, they won't have the master password to decrypt it.

For computers it is free, if you want to add a mobile device, you pay once (no annual fees) per device. Which I think is reasonable.

It has a password generator where you can adjust the 'recipe'. It comes with plugins for Chrome/Firefox to store and automatically fill in passwords in your browser (if you want that), it runs on all platforms like Mac, Windows, Linux, Android, iOs etc.


AshStash

  • 5 O'Clock Shadow
  • *
  • Posts: 53
Re: Choosing a password manager--advice needed
« Reply #75 on: May 19, 2017, 07:27:31 PM »
I have a question about the security of the fingerprint detector on the Iphone. Assuming it's not stolen by someone who has recreated my fingerprint, is there a program that can use that to unlock a list of passwords stored on the phone for you to type into a computer or elsewhere?

1password lets you access your passwords with your fingerprint (instead of your master password) on iOS devices

tp_from_ks

  • 5 O'Clock Shadow
  • *
  • Posts: 6
Re: Choosing a password manager--advice needed
« Reply #76 on: May 19, 2017, 08:16:31 PM »
Any thoughts on Safari or other browsers that have password storage features built in besides what's been said about risk of cloud data?

I used Keepass for years before the majority of my computer usage changed to smartphone / tablet. Now I find Safari integration way too convenient for most things except financial accounts.