Author Topic: Password Protection App?  (Read 8373 times)

Kairos

  • 5 O'Clock Shadow
  • *
  • Posts: 11
Password Protection App?
« on: June 16, 2016, 10:24:42 AM »
Looking for recommendations for a digital password security app. Seems like 1Password is the most used and popular. They offer two version- one time purchase for $65 or monthly subscription for $5 a month. Leaning towards the one time purchase but wondering if anyone has other recommendations or insight. Thanks so much!

MDM

  • Senior Mustachian
  • ********
  • Posts: 11477
Re: Password Protection App?
« Reply #1 on: June 16, 2016, 12:32:29 PM »
KeePass Password Safe works fine for us.  Didn't do an exhaustive comparison.

Mrs. PoP

  • Bristles
  • ***
  • Posts: 421
    • Planting Our Pennies
Re: Password Protection App?
« Reply #2 on: June 16, 2016, 12:44:01 PM »
I use Passwords Plus.  It's really basic, which for me was a plus, and had a relatively low 1-time fee when I bought.  Not sure what pricing is now.

JLee

  • Walrus Stache
  • *******
  • Posts: 7512
Re: Password Protection App?
« Reply #3 on: June 16, 2016, 12:47:44 PM »
I use LastPass (Premium).  $12/year, totally worth it.

There've been a massive amount of security breaches over the last few months/years -- having randomly generated 20+ character passwords everywhere is immensely helpful to keep yourself secure.

HipGnosis

  • Handlebar Stache
  • *****
  • Posts: 1824
Re: Password Protection App?
« Reply #4 on: June 16, 2016, 02:55:42 PM »
I use LastPass (Premium).  $12/year, totally worth it.

There've been a massive amount of security breaches over the last few months/years -- having randomly generated 20+ character passwords everywhere is immensely helpful to keep yourself secure.
How do you justify the cost when there are so many fully functioning free methods?
I use KeePass

Beaker

  • Bristles
  • ***
  • Posts: 334
Re: Password Protection App?
« Reply #5 on: June 16, 2016, 02:59:11 PM »
I use 1Password, because I wanted the multi-platform support. I like it, works fine for the most part. Some sites will mess up the browser form filling, but most of the time it's perfect. Sync over Dropbox works really well. I gather the WiFi-only sync works well too, if you want to go that route.

I use the browser plugin a *lot*. I don't recall which other options have that, but I would put it high on the list of features to look for.

JLee

  • Walrus Stache
  • *******
  • Posts: 7512
Re: Password Protection App?
« Reply #6 on: June 16, 2016, 03:05:30 PM »
I use LastPass (Premium).  $12/year, totally worth it.

There've been a massive amount of security breaches over the last few months/years -- having randomly generated 20+ character passwords everywhere is immensely helpful to keep yourself secure.
How do you justify the cost when there are so many fully functioning free methods?
I use KeePass

$1/mo is far below my cost justification threshold. If that is a problem for someone, they have a free version as well.  KeePass has no centralized storage, which makes it effectively useless for me (work desktop, work laptop, home desktop, home laptop, and phone).

katsiki

  • Handlebar Stache
  • *****
  • Posts: 2015
  • Age: 43
  • Location: La.
Re: Password Protection App?
« Reply #7 on: June 20, 2016, 07:21:47 PM »
KeePass

Rocket

  • 5 O'Clock Shadow
  • *
  • Posts: 99
  • Location: Los Angeles
Re: Password Protection App?
« Reply #8 on: June 20, 2016, 07:44:01 PM »
I use and like lastpass.  I do pay for the premium version to get the multiple device sync but the free version works well too.
« Last Edit: June 20, 2016, 07:49:32 PM by Rocket »

newton

  • Stubble
  • **
  • Posts: 179
Re: Password Protection App?
« Reply #9 on: June 24, 2016, 03:11:40 PM »
I use the free version of dashlane.  Not great but gives me the basics of not typing in personal information on forms and various log ins and passwords. 

9-Volt

  • 5 O'Clock Shadow
  • *
  • Posts: 36
  • Location: Vancouver B.C.
Re: Password Protection App?
« Reply #10 on: June 28, 2016, 09:53:45 AM »
KeePass

I use it every day. I keep it on a usb that is synced with dropbox, for backup.

madmax

  • Stubble
  • **
  • Posts: 159
  • Location: Bay Area
Re: Password Protection App?
« Reply #11 on: June 29, 2016, 08:08:17 AM »
I use LastPass (Premium).  $12/year, totally worth it.

There've been a massive amount of security breaches over the last few months/years -- having randomly generated 20+ character passwords everywhere is immensely helpful to keep yourself secure.
How do you justify the cost when there are so many fully functioning free methods?
I use KeePass

For $1 a month you get sync to your phone, also the Android app can fill in passwords in other Android apps which is worth it for premium alone. I also like that it has fingerprint auth support because my master password is really long.

arebelspy

  • Administrator
  • Senior Mustachian
  • *****
  • Posts: 28444
  • Age: -997
  • Location: Seattle, WA
Re: Password Protection App?
« Reply #12 on: June 30, 2016, 02:20:51 AM »
I used LastPass for YEARS.

Then they were bought out, by a company I don't trust, who is scummy.  =/

Now I use 1Password.

KeePass would be my main recommendation if their mobile apps were better.  If you don't care about that, use KeePass.
I am a former teacher who accumulated a bunch of real estate, retired at 29, spent some time traveling the world full time and am now settled with three kids.
If you want to know more about me, this Business Insider profile tells the story pretty well.
I (rarely) blog at AdventuringAlong.com. Check out the Now page to see what I'm up to currently.

thisisjeopardy

  • 5 O'Clock Shadow
  • *
  • Posts: 71
Re: Password Protection App?
« Reply #13 on: July 05, 2016, 10:17:30 AM »
+1 KeePass (I use v2). It's FREE. Open source, that is. Desktop app is one developer, mobile app is another (a few different variants). I installed it on all devices, sync the DB on google drive. I update on my desktop only and upload updated DB to gdrive.

Money spent: $0.

letired

  • Pencil Stache
  • ****
  • Posts: 824
  • Location: Texas
    • Needs More Glitter
Re: Password Protection App?
« Reply #14 on: July 05, 2016, 10:59:20 AM »
I use 1Password and am very happy with it. Last I checked, their Windows app wasn't the greatest (compared to their apps for other platforms), but their OSX and Android apps are very good.

Indexer

  • Handlebar Stache
  • *****
  • Posts: 1463
Re: Password Protection App?
« Reply #15 on: July 05, 2016, 05:59:33 PM »
I use LastPass (Premium).  $12/year, totally worth it.

There've been a massive amount of security breaches over the last few months/years -- having randomly generated 20+ character passwords everywhere is immensely helpful to keep yourself secure.

I also use lastpass. Remembering 1 really hard password and having that protect 20 more even more complicated passwords is a whole lot better than what most people do.

It also comes with free credit monitoring. I know, so do most credit cards, however I've noticed lastpass alerts me when my credit is run faster than other sources.

JLee

  • Walrus Stache
  • *******
  • Posts: 7512
Re: Password Protection App?
« Reply #16 on: July 05, 2016, 08:08:26 PM »
I use LastPass (Premium).  $12/year, totally worth it.

There've been a massive amount of security breaches over the last few months/years -- having randomly generated 20+ character passwords everywhere is immensely helpful to keep yourself secure.

I also use lastpass. Remembering 1 really hard password and having that protect 20 more even more complicated passwords is a whole lot better than what most people do.

It also comes with free credit monitoring. I know, so do most credit cards, however I've noticed lastpass alerts me when my credit is run faster than other sources.

20? I might have too many accounts...I have 121 stored credential sets.

NorCal

  • Handlebar Stache
  • *****
  • Posts: 1464
Re: Password Protection App?
« Reply #17 on: July 05, 2016, 08:40:51 PM »
I'm a huge fan of Passpack.  Lesser known, but good and free at the level I use it at.

It doesn't work well for mobile, but it's wonderful for regular computers.

Telecaster

  • Magnum Stache
  • ******
  • Posts: 3551
  • Location: Seattle, WA
Re: Password Protection App?
« Reply #18 on: July 11, 2016, 08:25:25 PM »
I used LastPass for YEARS.

Then they were bought out, by a company I don't trust, who is scummy.  =/

Now I use 1Password..

I'd like to hear more about this.  I use LastPass and it has been pretty good, but I dunno anything about the management. 

johnny847

  • Magnum Stache
  • ******
  • Posts: 3188
    • My Blog
Re: Password Protection App?
« Reply #19 on: July 11, 2016, 08:42:45 PM »
I used LastPass for YEARS.

Then they were bought out, by a company I don't trust, who is scummy.  =/

Now I use 1Password.

KeePass would be my main recommendation if their mobile apps were better.  If you don't care about that, use KeePass.

What did you find deficient about the mobile apps? I've been using one well on Android.

arebelspy

  • Administrator
  • Senior Mustachian
  • *****
  • Posts: 28444
  • Age: -997
  • Location: Seattle, WA
Re: Password Protection App?
« Reply #20 on: July 11, 2016, 09:25:43 PM »
I used LastPass for YEARS.

Then they were bought out, by a company I don't trust, who is scummy.  =/

Now I use 1Password.

KeePass would be my main recommendation if their mobile apps were better.  If you don't care about that, use KeePass.

What did you find deficient about the mobile apps? I've been using one well on Android.

Interesting, I haven't tried the Android one.  The iOS one is just poor.

But the Android 1Password app is fairly meh too, for the Android one, to fill in a password, I have to switch keyboards, fill the password, and switch back.  That's just annoying and tons of taps.

So I'd definitely be willing to switch.

How does the KeePass fill passwords on Android?
I am a former teacher who accumulated a bunch of real estate, retired at 29, spent some time traveling the world full time and am now settled with three kids.
If you want to know more about me, this Business Insider profile tells the story pretty well.
I (rarely) blog at AdventuringAlong.com. Check out the Now page to see what I'm up to currently.

johnny847

  • Magnum Stache
  • ******
  • Posts: 3188
    • My Blog
Re: Password Protection App?
« Reply #21 on: July 11, 2016, 09:47:47 PM »
What did you find deficient about the mobile apps? I've been using one well on Android.

Interesting, I haven't tried the Android one.  The iOS one is just poor.

But the Android 1Password app is fairly meh too, for the Android one, to fill in a password, I have to switch keyboards, fill the password, and switch back.  That's just annoying and tons of taps.

So I'd definitely be willing to switch.

How does the KeePass fill passwords on Android?

There is a good reason they do that. Personally, I too would be quite annoyed by having to switch keyboards. But it is a security risk:
Quote
== Keepass2Android Keyboard ==
A German research team has demonstrated that clipboard-based access of credentials as used by most Android password managers is not safe: Every app on your phone can register for changes of the clipboard and thus be notified when you copy your passwords from the password manager to your clipboard. In order to protect against this kind of attack, you should use the Keepass2Android keyboard: When you select an entry, a notification will appear in the notification bar. This notification lets you switch to the KP2A keyboard. ON this keyboard, click the KP2A symbol to "type" your credentials. Click the keyboard key to switch back to your favorite keyboard.


KeePass being open source means anybody can write an Android app for it, so there's a couple.

I use KeePassDroid. You have to unlock the database, select a username/password pair, and it'll add two notifications - one to copy your username, and one for your password, which you can then paste into the field.
You do have to unlock the database with the entire password each time which is annoying, as my password is 32 alphanumeric characters long.

There is another app called keepass2Android - comes in online and offline versions. It has a quick unlock feature. You can assign a quick unlock 3 character password. If it's guessed incorrectly just once, you have to use the full database password.
It also has the keyboard thing you were talking about, but I'm not sure if that's enforced or merely an option. I haven't tried it.
The online version can pull in your database from the web - Dropbox Google Drive, Skydrive, FTP, and WebDAV. This of course requires Android permissions to access the Internet, which of course requires you to trust that the app isn't sending the passwords in your database to the server. Hence an offline only app is provided.
You could install the Dropbox app and then have the offline version open your phone's local copy of your database on Dropbox.

I get around this whole need to copy paste your password thing by just encrypting my entire phone and then having Chrome remember all my passwords. Because of this I now much prefer mobile sites to dedicated Android apps, as Chrome will remember my passwords, whereas some apps (particularly banking passwords) will not.


In all I really like KeePass. The biggest issue you're going to face with KeePass vs 1Password or LastPass is keeping your database in sync. I personally just SSH into my computer and copy it, but that's a lot of trouble to setup just for this, especially when a friend of mine says using Dropbox works really well. With Keepass databases that are made with Keepass versions 2.x, the desktop program at least is file synchronization aware, so if it detects that Dropbox sync'd the file then it can merge the password entries.


arebelspy

  • Administrator
  • Senior Mustachian
  • *****
  • Posts: 28444
  • Age: -997
  • Location: Seattle, WA
Re: Password Protection App?
« Reply #22 on: July 11, 2016, 10:05:29 PM »
Got it.  Thanks for the info!
I am a former teacher who accumulated a bunch of real estate, retired at 29, spent some time traveling the world full time and am now settled with three kids.
If you want to know more about me, this Business Insider profile tells the story pretty well.
I (rarely) blog at AdventuringAlong.com. Check out the Now page to see what I'm up to currently.

Lordy

  • Stubble
  • **
  • Posts: 157
  • Location: Germany
Re: Password Protection App?
« Reply #23 on: July 12, 2016, 11:30:05 PM »
I have been using 1Password for years and recommend it.

It works great on OSX and iOS (haven't used it on other platforms) and the sync over Dropbox is flawless. It is also a good place to store software licenses and other stuff that's needed rarely but is somewhat important.

It has some nice advanced features such as OTP and Watchtower, which lets you know if your passwords may have been compromised. As it also tells you how "old" your passwords are it can help you in rotating them regularly.

All in all, I really like it and would buy it again any day (for the one-time fee).

beef

  • 5 O'Clock Shadow
  • *
  • Posts: 3
Re: Password Protection App?
« Reply #24 on: July 18, 2016, 02:33:00 PM »
Enpass (www.enpass.io) is also worth a look.

It has a totally cost-free desktop version, it can natively sync/backup your passwords using a variety of public clouds, and can also be used on mobile devices with a smallish onetime cost of $9.99 (i.e., NOT recurring).

The mobile app for iPhones also allows the use of your fingerprint (on 5S+) to unlock your password vault, which is a nice feature that some of the smaller solutions don't have. I use it on both a desktop and on my iPhone, and it works quite well.

Landlady

  • Stubble
  • **
  • Posts: 248
  • Location: WA
Re: Password Protection App?
« Reply #25 on: August 05, 2016, 05:52:33 PM »
I use LastPass! I convinced my employer to use it so now I've bundled my personal with my workplace LastPass so I don't have to pay the fees. :)

I find it clunky sometimes, but once you get the hang of it it's very satisfying to see your security score improve.

arebelspy

  • Administrator
  • Senior Mustachian
  • *****
  • Posts: 28444
  • Age: -997
  • Location: Seattle, WA
Re: Password Protection App?
« Reply #26 on: August 05, 2016, 09:16:44 PM »
I use LastPass! I convinced my employer to use it so now I've bundled my personal with my workplace LastPass so I don't have to pay the fees. :)

I'd worry a bit when you quit they will want the account back/change the account password, and then you lose your personal PWs (or they have access to them).  But obviously I don't know anything about your company, maybe it's a small company and you're the only IT person or something.
I am a former teacher who accumulated a bunch of real estate, retired at 29, spent some time traveling the world full time and am now settled with three kids.
If you want to know more about me, this Business Insider profile tells the story pretty well.
I (rarely) blog at AdventuringAlong.com. Check out the Now page to see what I'm up to currently.

letired

  • Pencil Stache
  • ****
  • Posts: 824
  • Location: Texas
    • Needs More Glitter
Re: Password Protection App?
« Reply #27 on: August 05, 2016, 10:36:48 PM »
I use LastPass! I convinced my employer to use it so now I've bundled my personal with my workplace LastPass so I don't have to pay the fees. :)

I'd worry a bit when you quit they will want the account back/change the account password, and then you lose your personal PWs (or they have access to them).  But obviously I don't know anything about your company, maybe it's a small company and you're the only IT person or something.

I'm a happy 1Password user, so I didn't do this when my company got LastPass, but there is a way to have a company and personal LastPass accounts such that you don't 'lose' your personal stuff when you leave the company. /super coherent detailed explaination

tyler2016

  • Stubble
  • **
  • Posts: 125
    • Tyler's Guides
Re: Password Protection App?
« Reply #28 on: August 29, 2016, 03:44:53 PM »
I actually wrote an article for my blog about this.

http://tylersguides.com/opinion/easy_way_to_track_passwords/

I recommend Keepass and Password safe. Source: 15 years of IT experience in various roles, studying cryptography formally and informally, and reviewing the source code of both programs.

The problem with closed source password managers is that it is very hard for security experts to vet them. Writing software using cryptography is quite a bit different than writing software in general because of very non-obvious things that can result in leaked crypto keys or passwords.  I don't trust that intelligence agencies and organized crime groups won't get the source code, or at minimum access to the vulnerabilities kept quiet by the company. Kevin Mitnick wrote about this in his book Ghost in The Wires. At least with publicly available code, security researchers have a chance to find and submit fixes before "bad guys" do. If you do decide to go with a web based password manager, make absolutely certain that your passwords are encrypted before they leave your computer and are decrypted after retrieving them from the service providers servers. I would also recommend keeping a local copy of your database because servers go down and companies go bankrupt.

FLA

  • Pencil Stache
  • ****
  • Posts: 575
Re: Password Protection App?
« Reply #29 on: August 29, 2016, 04:13:52 PM »
can anyone make a suggestion for an app that works with a macbook, iPhone, and iPad?

johnny847

  • Magnum Stache
  • ******
  • Posts: 3188
    • My Blog
Re: Password Protection App?
« Reply #30 on: August 29, 2016, 07:03:43 PM »
can anyone make a suggestion for an app that works with a macbook, iPhone, and iPad?

The previously mentioned KeePass has many different implementations of KeePass for iPhones/iPads and Macs.

http://keepass.info/download.html

tyler2016

  • Stubble
  • **
  • Posts: 125
    • Tyler's Guides
Re: Password Protection App?
« Reply #31 on: August 30, 2016, 02:46:57 AM »
FLA,

I agree with johnny847 with a few conditions:

1. Check the app permissions. There is absolutely 0 reason it should have network access. I don't care if it claims to sync it from something like drop box. In my opinion, this is a deal breaker.  Syncing the file manually is work, but I think it is worth it for the peace of mind. Unless you read the source code, you really don't know what it is doing. It could be sending all of your credentials to the developer and you would never know until you started seeing funny things on your credit report, accounts closed for sending spam, etc, money disappearing, etc.

2. Research the app first. See if there is any talk from the security community about it. Usually on security.stackexchange.com, someone will know what they are talking about. If there isn't anything, post a question on security.stackexchange.com about it and see what you get.

3. The source code is available. See my post above for my reasoning. Not a deal breaker, but a definite plus.

When you decide on one, can you let us know which one? I wouldn't mind taking a peak at the source code if it is available. I'm not a cryptography expert, but I know enough to know what to look for in source code of programs using crypto. I am sure the community would appreciate some level of vetting.
« Last Edit: September 01, 2016, 12:45:03 PM by tyler2016 »

johnny847

  • Magnum Stache
  • ******
  • Posts: 3188
    • My Blog
Re: Password Protection App?
« Reply #32 on: August 30, 2016, 06:20:16 AM »
FLA,

I agree with johnny847 with a few conditions:

1. Check the app permissions. There is absolutely 0 reason it should have network access. I don't care if it claims to sync it from something like drop box. In my opinion, this is a deal breaker.  Syncing the file manually is work, but I think it is worth it for the peace of mind. Unless you read the source code, you really don't know what it is doing. It could be sending all of your credentials to the developer and you would never know until you started seeing funny things on your credit report, accounts closed for sending spam, etc, money disappearing, etc.

2. Research the app first. See if there is any talk from the security community about it. Usually on security.stackexchange.com, someone will know what they are talking about. If there isn't anything, post a question on security.stackexchange.com about it and see what you get.

3. The source code is available. See my post above for my reasoning. Not a deal breaker, but a definite plus.

When you decide on one, can you let us know which one? I wouldn't mind taking a peak at the source code if it is available. I'm sure the community would appreciate having

1) Agreed.

2) Well thought

3) Not open source is a deal breaker for me.

Personally I use KeePassDroid on Android and KeePassX on Linux.