Password Management?

[mbjerry]

How do you manage your passwords? I have been using 1Password for years and love it but have my annual $60 bill coming due. Anyone use something that is free and you feel comfortable with the security of it?

[Dave1442397]

I used the free version of LastPass from 2017 up until last month, when I finally signed up for a subscription.

https://www.lastpass.com/

The free version was perfectly fine for use on my main PC, but this year I decided to upgrade so that I could use it on my iPhone as well.

[snic]

Generally, with security you get what you pay for. I'm happy to pay $35/year for Keeper, which has worked quite well for me. ($75 for the family plan.) One could probably come up with a very secure free alternative (such as a list of passwords stored in a file on a free cloud drive that's encrypted with a strong key you possess and protected with 2FA; one possibility is ProtonDrive), but it would be much less convenient.

[JLee]

I use 1Password personally and also implemented it for a couple companies I work with.

[Archipelago]

I use the password manager through Microsoft Edge. My wife uses keychain on her MacBook Pro. Both are free.

[dang1]

Google Password Manager

[Ichabod]

I moved from LastPass to BitWarden when LastPass nerfed their free option. It was easy to migrate my passwords over, and it's mostly the same workflow. BitWarden has the most full-featured free plan, and it's open-source, so if they did change their pricing model, you could self-host if you really wanted to.

KeePass is the other notable free option, which does pretty much what @snic describes. It is open-source and self-hosted although extensions exist that make it easier. You don't need to be a software engineer to use KeePass, but it's not quite as idiot-proof as the other options.

I don't see a ton of differentiation between the paid options that are out there in either features, security, or usability. So pick what you like and are willing to pay for.

Any password manager that you use will be safer than not using one. I prefer a dedicated solution over the built-in ones (like Google). A dedicated one will make your passwords more portable, and at least in the past, if someone gained access to your machine, it wasn't terribly hard to scrape the passwords from the built-in solutions.

[Michael in ABQ]

Spreadsheet with passwords semi-coded.  I.e. if part of my password was the word "dog" I would just put "d" in the spreadsheet. It may not be the most secure, but it's not in a file labeled something obvious like "passwords" and it's not hosted by some third-party that may get hacked.

Many of my passwords are save in Microsoft Edge or Google Chrome but I don't save any passwords for financial websites. So even if someone gained access to my computer they couldn't get into my bank account, etc.

[mbjerry]

I moved from LastPass to BitWarden when LastPass nerfed their free option. It was easy to migrate my passwords over, and it's mostly the same workflow. BitWarden has the most full-featured free plan, and it's open-source, so if they did change their pricing model, you could self-host if you really wanted to.

KeePass is the other notable free option, which does pretty much what @snic describes. It is open-source and self-hosted although extensions exist that make it easier. You don't need to be a software engineer to use KeePass, but it's not quite as idiot-proof as the other options.

I don't see a ton of differentiation between the paid options that are out there in either features, security, or usability. So pick what you like and are willing to pay for.

Any password manager that you use will be safer than not using one. I prefer a dedicated solution over the built-in ones (like Google). A dedicated one will make your passwords more portable, and at least in the past, if someone gained access to your machine, it wasn't terribly hard to scrape the passwords from the built-in solutions.

I just migrated from 1Password to the free Bitwarden. Was a seamless transition and Bitwarden seems to offer all the same functionality that made the paid 1Password great. Plus Bitwarden seams to have a good security reputation. So far I am happy with the $60 saved! Thanks for the suggestion.

[Metalcat]

I switched to Bitwarden thanks to the last thread here about password managers when LastPass started charging.

Seamless transition. Really liking Bitwarden, so thanks everyone here for the recc

[Bartlebooth]

KeePass file (.kdbx) which is saved on my OneDrive account.  There are plenty of apps for any platform that can work with this file type.  You can use pretty much any file sync service you want (Dropbox, Syncthing, NextCloud, whatever...it is literally just a file).  Most clients will handle merging simultaneous edits reasonably well too.

• No cost
• Many UIs to choose from
• Complete control of your destiny (no forced upgrades, changes in rates, etc.)
• No support if you mess things up

[JupiterGreen]

I do not use one of those password sites. I have a non-digital (written) copy of my important passwords that I update periodically, I also change my passwords regularly. Between that and 2-step authentication I feel pretty secure with my system.

[JLee]

I do not use one of those password sites. I have a non-digital (written) copy of my important passwords that I update periodically, I also change my passwords regularly. Between that and 2-step authentication I feel pretty secure with my system.

I can't imagine doing that myself - between personal and work accounts, I have nearly 1,000 items saved in 1Password.

[JupiterGreen]

I do not use one of those password sites. I have a non-digital (written) copy of my important passwords that I update periodically, I also change my passwords regularly. Between that and 2-step authentication I feel pretty secure with my system.

I can't imagine doing that myself - between personal and work accounts, I have nearly 1,000 items saved in 1Password.

1000, holy guacamole! Yeah that's a whole other level. I probably have fewer than 30 so my current system works for that, if I had 1000 I'd have to do something else.

[JLee]

I do not use one of those password sites. I have a non-digital (written) copy of my important passwords that I update periodically, I also change my passwords regularly. Between that and 2-step authentication I feel pretty secure with my system.

I can't imagine doing that myself - between personal and work accounts, I have nearly 1,000 items saved in 1Password.

1000, holy guacamole! Yeah that's a whole other level. I probably have fewer than 30 so my current system works for that, if I had 1000 I'd have to do something else.

Lol, yeah it's a bit absurd.  The main driver of my 1Password choice is it supports multiple accounts, so I have two different companies plus my own personal account all searchable at once, without having to switch accounts manually every time (e.g. like Keeper).

[innkeeper77]

I hate the idea of someone else managing them- so I use Keepass. (KeepassXC to be specific) and share the encrypted file across all of my devices by myself. I use a NAS, but Dropbox or something would also work fine. As it’s encrypted, I don’t stress about it much.

[SquarePeg]

Another KeePass user here. Vanilla KeePass (https://keepass.info/) on Windows and KeePassDroid on Android. It doesn't have as much "integration" with other apps and browsers as other options do (that I know of), but I actually like having the pieces decoupled. Makes me feel a little safer -- I seem to remember one of the big paid programs having a security problem with their browser plugin at one point.

Ah yeah, here it is, mentioned toward the end of this article:
https://www.bleepingcomputer.com/news/security/lastpass-users-warned-their-master-passwords-are-compromised/

Also found this from just a little while ago:
https://www.bleepingcomputer.com/news/security/lastpass-says-hackers-had-internal-access-for-four-days/

All things considered LastPass wouldn't be on my candidate list...

[Cool Hwhip]

I use Bitwarden. It works well for me!

[GuitarStv]

No need for a password manager.  I have a main password made up of a random alphanumeric string.  Then I have specific prefix and suffixes for each thing.

So like, if my main password is Hjkl45_5 then to long in to Amazon I'll have something like:
Amazon_Hjkl45_5_nozamA
Spotify9_Hjkl45_5_9yfitopS  (spotify doesn't let you reuse passwords, and freaks out from my VPN so it's always changing, hence the number added)
Bank - MyBankName_Hjkl45_5_emaNknaByM

Then I just write down the prefix and suffix separated by a random string and email the list to myself or keep a printed copy in my wallet . . . looks something like this:
Amazon - Amazon_fds*(jk_nozamA
Spotify - Spotify9_0sf(dD_9yfitopS 
Bank - MyBankName_9s9fef_emaNknaByM

This way, even if someone manages to steal my 'passwords' file they still won't know which parts of the password to replace, but I can still quickly find/reference a password that I don't often use and have forgotten.