Author Topic: Please recommend a good password manager  (Read 5304 times)

naturelover

  • 5 O'Clock Shadow
  • *
  • Posts: 62
Please recommend a good password manager
« on: May 14, 2014, 12:35:58 PM »
I have been trying to keep track of all my passwords individually for a long time now, and it has just become insane with all of the accounts and sign-ons we all have these days.

If you use a password manager, which one did you choose and why?

Do they tend to run locally on a person's pc, or do they tend to be web-based?

I also have security fears about them (which may be unfounded), and it kind of gives me the willies to know that they are all in one place together, especially the financial accounts. Any comments/info that can ease those concerns?

Thanks much!

welliamwallace

  • 5 O'Clock Shadow
  • *
  • Posts: 86
  • Age: 31
  • Location: Eastern PA
  • Trying to squeeze out those whiskers
Re: Please recommend a good password manager
« Reply #1 on: May 14, 2014, 12:40:00 PM »
One option is to truly memorize them all, with some memory trick. Say your base password is the first letter of each word in the phrase "Twinkle Twinkle Little Star, How I Wonder What You Are" with some strange capitilization. They add a standard 2 digit number, and append the first 3 letters of the site's URL. For example, your yahoo account password would be

TtlsHiwwya98yah

Paul der Krake

  • Magnum Stache
  • ******
  • Posts: 4548
  • Age: 11
  • Location: USA
Re: Please recommend a good password manager
« Reply #2 on: May 14, 2014, 12:46:03 PM »
I use the one built into Firefox itself, it syncs across all my Firefox instances, and lock it with a master password just to be safe (you're prompted for the master password when restarting Firefox).

I trust Mozilla a lot more than I trust LastPass or OnePass or whoever is the leader these days.

zachd

  • Stubble
  • **
  • Posts: 102
Re: Please recommend a good password manager
« Reply #3 on: May 14, 2014, 12:50:30 PM »

I use keypass it is free and very secure.  You can run it from a memory stick so they aren't even on your computer let alone the web.

jfer_rose

  • Bristles
  • ***
  • Posts: 445
  • Age: 41
  • Location: Urban Dweller
Re: Please recommend a good password manager
« Reply #4 on: May 14, 2014, 12:52:24 PM »
I started using Keepass after the Heartbleed incident. I'm really liking it and it's open source which means that the price is right!

Dr. Doom

  • Bristles
  • ***
  • Posts: 469
  • Age: 42
  • Location: East Coaster

Rickk

  • 5 O'Clock Shadow
  • *
  • Posts: 81
Re: Please recommend a good password manager
« Reply #6 on: May 14, 2014, 01:01:32 PM »
Lastpass
Free to use - Web based, good browser support, smartphone apps if you pay, supports 2 factor authentication (Google authenticator, cell phone, printed cards).
I have been very happy with it - just make sure you use a GOOD password on it, and set up 2 factor authentication.

TreeTired

  • Bristles
  • ***
  • Posts: 449
  • Age: 135
  • Location: North Carolina
  • I think we can make it
Re: Please recommend a good password manager
« Reply #7 on: May 14, 2014, 01:03:19 PM »
We had a very onerous (and fairly typical) password requirement at my old place of work.

Passwords had to be changed every month!!!

Password must contain uppercase AND lowercase letters!

Password must contain a number!!!

Password must contain at least one special character,  $ % & @ #

I was wondering how the heck I could do this, every month and remember the freaking password???!?!?!?

IT support guy came by in June and  reset my password for me,  leaving me this note:

"Your new password is,   June@2007  "        After that I changed it myself, every month. 

Fishingmn

  • Bristles
  • ***
  • Posts: 331
  • Location: Twin Cities
  • You never have to recover from a good start
Re: Please recommend a good password manager
« Reply #8 on: May 14, 2014, 01:07:23 PM »
I use Keepass for all of my financial passwords (and use auto generated ones) and keep all others in an Excel document. I'm not as concerned if someone hacks my MMM account.

senecando

  • Bristles
  • ***
  • Posts: 486
  • Age: 29
  • Location: Madison, Wi
Re: Please recommend a good password manager
« Reply #9 on: May 14, 2014, 01:13:02 PM »
Lastpass
Free to use - Web based, good browser support, smartphone apps if you pay, supports 2 factor authentication (Google authenticator, cell phone, printed cards).
I have been very happy with it - just make sure you use a GOOD password on it, and set up 2 factor authentication.

I use Lastpass w/ two factor and I've turned on two factor for Google and Evernote as well. Pretty groovy.

Jack

  • Magnum Stache
  • ******
  • Posts: 4734
  • Location: Atlanta, GA
Re: Please recommend a good password manager
« Reply #10 on: May 14, 2014, 01:14:40 PM »
KeePass (or KeePass2), with the program and the password database stored in something like Google Drive or Dropbox. (The password database is encrypted, so you don't have to trust Google etc. to use it.)

bo_knows

  • Pencil Stache
  • ****
  • Posts: 814
  • Age: 38
  • Location: Fairfax, VA, USA
    • The Crowdsourced FIRE simulator
Re: Please recommend a good password manager
« Reply #11 on: May 14, 2014, 01:16:08 PM »
We had a very onerous (and fairly typical) password requirement at my old place of work.

Passwords had to be changed every month!!!

Password must contain uppercase AND lowercase letters!

Password must contain a number!!!

Password must contain at least one special character,  $ % & @ #

I was wondering how the heck I could do this, every month and remember the freaking password???!?!?!?

IT support guy came by in June and  reset my password for me,  leaving me this note:

"Your new password is,   June@2007  "        After that I changed it myself, every month.

Ha!  I have this comic posted on my cubicle wall: http://xkcd.com/936/

I work in defense contracting, and as you could imagine our passwords are pretty rough.

- Reset every 60 days
- Must have at least 2 uppercase, 2 lowercase, 2 numbers, 2 symbols
- Must be at least 14 characters long, with no english dictionary words, and no sequential repeating letters ('aa', 'GG', etc)
- Must not be any of your last 12 passwords (2 years worth!)

It's friggin 2014... why can't they just scan my eyeball?

MustachianAccountant

  • Bristles
  • ***
  • Posts: 433
  • Age: 41
Re: Please recommend a good password manager
« Reply #12 on: May 14, 2014, 01:47:01 PM »
Ha!  I have this comic posted on my cubicle wall: http://xkcd.com/936/

It's friggin 2014... why can't they just scan my eyeball?

Except that comic is totally wrong. Before password crackers use brute force (guessing every possible combination) they use "dictionaries" that try words and combinations of words.
If you find the idea of password cracking even remotely interesting, check out this Wired article:
http://www.wired.com/2012/11/ff-mat-honan-password-hacker/all/

ThatGuyFromCanada

  • 5 O'Clock Shadow
  • *
  • Posts: 81
  • Location: Calgary Alberta - Canada
    • www.jonathanneufeld.com
Re: Please recommend a good password manager
« Reply #13 on: May 14, 2014, 02:34:56 PM »
Lastpass
Free to use - Web based, good browser support, smartphone apps if you pay, supports 2 factor authentication (Google authenticator, cell phone, printed cards).
I have been very happy with it - just make sure you use a GOOD password on it, and set up 2 factor authentication.

I've started using LastPass as well and really like it.

nawhite

  • Handlebar Stache
  • *****
  • Posts: 1057
  • Location: An RV somewhere in the West
    • The Reckless Choice
Re: Please recommend a good password manager
« Reply #14 on: May 14, 2014, 03:05:27 PM »
KeePass (or KeePass2), with the program and the password database stored in something like Google Drive or Dropbox. (The password database is encrypted, so you don't have to trust Google etc. to use it.)

KeePass2 with Dropbox is my solution too. I use it with Windows 7, iOS on iPhone, Android, Ubuntu, and MacOS X. No complaints from me and my non-technical wife uses it too.

plantingourpennies

  • Bristles
  • ***
  • Posts: 441
  • None.
    • Money, Kittens, Happiness
Re: Please recommend a good password manager
« Reply #15 on: May 14, 2014, 05:26:15 PM »
We use Passwords Plus.  Encrypted database across all devices when unlocked with master password, so I have it on phone, tablet, and computer. 

I tried a couple others:
1Password - it was fine, but pricey. 
Dashlane - Freaking terrible.  The random passwords generated were far from random and didn't take advantage of longer lengths and special characters eligible in the password fields for many sites. 

arebelspy

  • Administrator
  • Senior Mustachian
  • *****
  • Posts: 27786
  • Age: -999
  • Location: Traveling the World
Re: Please recommend a good password manager
« Reply #16 on: May 14, 2014, 08:20:08 PM »
Lastpass.
We are two former teachers who accumulated a bunch of real estate, retired at 29, and now travel the world full time with two kids.
If you want to know more about me, or how we did that, or see lots of pictures, this Business Insider profile tells our story pretty well.
We (rarely) blog at AdventuringAlong.com. Check out our Now page to see what we're up to currently.

panthalassa

  • 5 O'Clock Shadow
  • *
  • Posts: 29
  • Age: 33
  • Location: Canada
Re: Please recommend a good password manager
« Reply #17 on: May 15, 2014, 02:14:16 AM »
I use this on my iPhone: https://keepersecurity.com/

RyanAtTanagra

  • Handlebar Stache
  • *****
  • Posts: 1092
  • Location: SF Bay, CA
Re: Please recommend a good password manager
« Reply #18 on: May 15, 2014, 10:35:16 AM »
Ha!  I have this comic posted on my cubicle wall: http://xkcd.com/936/

It's friggin 2014... why can't they just scan my eyeball?

Except that comic is totally wrong. Before password crackers use brute force (guessing every possible combination) they use "dictionaries" that try words and combinations of words.
If you find the idea of password cracking even remotely interesting, check out this Wired article:
http://www.wired.com/2012/11/ff-mat-honan-password-hacker/all/

The comic is spot on, but they should have mentioned diceware (http://world.std.com/~reinhold/diceware.html).  The entropy isn't due to the number of letters (brute force), it's due to the length of the wordlist.  With diceware you use a list of 7776 words and 5 dice to randomly choose them (each roll of 5 dice gives you one word).  Even if the person trying to guess your password knows you used diceware this still works, and you should always assume the bad guy understands your methodology in choosing your passwords, because we are rarely as clever and unique as we think, and they are better than you'd expect.  If your password wouldn't stand up if your method in choosing was known, it's a bad password.  With 4 diceware words like in the comic, that is 7776^4 possibilities to guess.  At 1000 guesses/sec (which is too low by about a million), that's 115k years.

7776^4/1000/60/60/24/365 = 115936.02

4 words are no longer good enough, you'd want 5 minimum, 6 ideally, but the idea in the comic in still very valid.

To the original question:  Lastpass, keeppass or 1password are all good options.  I use 1Password but only because I'm on a Mac.  Whatever you use, make sure your master password is good.

Ruth8

  • 5 O'Clock Shadow
  • *
  • Posts: 1
Re: Please recommend a good password manager
« Reply #19 on: May 16, 2014, 02:48:08 AM »
I am a long time user of Sticky Password, so I can recommend this one. These guys have never disappointed me - product works perfectly, now on my iPhone as well. Their support is very fast and they always try to fix issues if you have any also fast. Now I can not live without it. I generate super strong passwords and also have them unique for each site which makes me protected against any leaks or hacks of sites like Google etc. If someone will get one of my passwords somewhere, he will never guess the other one I have on another account. You can try them out here: www.stickypassword.com