All right, for some incomprehensible reason I still don't use a password manager and it's time to start.
What are people's favorites? (And why?)
@CBrachyrhynchos Do other managers like LastPass have that vulnerability? I'm not a programmer or power user so I'm a little ignorant on javascript vulnerabilities
@fobo There have been a few attacks in the past that have worked against LastPass. As far as I know they've been patched within a reasonable timeframe.
@fobo KeePass, because it's Free Software, and decentralized.
@fobo I like using MasterPass. It's a password generator that uses key phrases to generate the same password every time instead of storing them.
Pros: don't have to worry about them being stored anywhere, works on most devices & any browser. On mobile, it's very easy to copy/paste.
Cons: Make sure you remember your key phrase correctly because the generator won't correct you in the browser app
@emmykei Thanks! Will check it out.
@fobo KeepassDroid because is simple and secure
@sandrofm Thanks! Most of the feedback I'm getting seems to be KeePass as the manager of choice.
@fobo I use LastPass because it's convenient and I'm not a particularly vulnerable user. My husband is more security-paranoid than me (with pretty decent reasons given the different jobs) and uses an offline manager that lives on his primary laptop and is backed up on a thumb drive. I forget what it's called but I'd bet it's more secure (and less convenient) than mine.
He's been fine with me using LastPass, though.
@eleanor Thanks! I'm a bit torn between the convenience of LastPass and the security but added complexity of KeePass, but my work is not particularly security-critical.
@fobo I tend not to put CRITICAL passwords into LastPass, I use long-strings I'll remember, but my LastPass is filled with trivial sites like forums. That's my compromise so I really only have to remember my email and banking passwords, and everything else gets stored.
@fobo It’s pretty functional. It keeps previous versions of passwords, it allows you to set expiration dates, and It allows you to attach files, so you can use it for storing licenses too. #Keepass #PasswordManager
@fobo Its functionality can be extended with plugins. For example, I use a plugin for generating diceware like passwords. #Keepass #PasswordManager
@bluewake no, I didn't. The keepassx client itself serves all my needs. Maybe it's because I don't know what's possible yet.
@fobo I've been using KeePass (now KeePassXC) for years and have never had a problem, despite a) not being elite and b) going thru a shocking number of clean OS installs.
Reasons I like it:
- database stored locally
- but encrypted
- back up the encrypted database literally anywhere, thumb drive, install keepass on a computer, open database, enter master pw, you're golden
- search/tag/folder functions
- locks itself if you leave it open
- generate custom hella strong pws
- also good usr/pw copy/paste function where you don't have to open the edit window to get the pw (I always worry I'll accidentally screw something up even though it's never happened)
- if you make a new entry and try to close the db w/o saving it'll remind you to save before closing! so considerate, has saved my bacon a couple of times
@fobo I use KeepassXC, which is less convenient but it looks like running a password manager in the same sandbox as Web javascript is a potential vulnerability.