Page 1 of 2 12 LastLast
Results 1 to 16 of 18

Thread: Which Password Manager?

  1. #1
    Senior Member
    Join Date
    Aug 2016
    Posts
    3,069
    Thanks
    781
    Thanked
    743 times in 539 posts

    Which Password Manager?

    I don't think we've done this subject for a while, and as goalposts keep moving (thanks, Lasspass ) I thought maybe now was a suitable time.

    And in one of those weird and utterly coincidental coincidences, I'm in the final stages of testing to make sure my new one isn't going to bite me in the rear end.

    As changing (thanks again, Lastpass) can be a right pain, I thought I'd also bounce my choice off you guys (using the term in a gender-neutral way) in case there's a gotcha I've missed.

    So what do you prefer, and why?

    My criteria were :-

    - prefer free, but will buy if need be to get the right package. This is important.
    - I hate subscription services
    - I loathe credit card auto-renewal
    - I will do both the above if it's really necessary,
    - obviously, reliability and security are critical for a PW manager
    - I want my password database held locally, not on a rempte server.
    - must support 2FA. In my case, Yubikey.

    So, I tried all sorts but as my old one effectively died (development ceased years ago) I finally bit the bullet, runnaged around and it looks like being KeepassXC.

    Prime candidates included Bitwarden, Roboform and a number of others.

    Anyone know of a good reason not to settle on KeepassXC? Got any better suggestions. I'd rather change tack now than get everything set up and tested then have to do it again (third and last time for .... thanks ever so much, Lastpass, which I had just finished setting up when you messed it up for me).
    A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".

  2. #2
    Banhammer in peace PeterB kalniel's Avatar
    Join Date
    Aug 2005
    Posts
    30,849
    Thanks
    1,828
    Thanked
    3,329 times in 2,674 posts
    • kalniel's system
      • Motherboard:
      • Gigabyte Z390 Aorus Ultra
      • CPU:
      • Intel i9 9900k
      • Memory:
      • 32GB DDR4 3200 CL16
      • Storage:
      • 1TB Samsung 970Evo+ NVMe
      • Graphics card(s):
      • nVidia GTX 1060 6GB
      • PSU:
      • Seasonic 600W
      • Case:
      • Cooler Master HAF 912
      • Operating System:
      • Win 10 Pro x64
      • Monitor(s):
      • Dell S2721DGF
      • Internet:
      • rubbish

    Re: Which Password Manager?

    Changing from LastPass is pretty painless actually - it exports a database in CSV I think and just about every other manager can import that database.

    For your needs I'd tend to agree about KeepPassXC - in particular your requirement for a locally held database. Others, like Bitwarden, Google, Firefox, Roboform etc. store it remotely, which is a boon for synch'ing across multiple devices but that's not your use case.

  3. #3
    Senior Member
    Join Date
    Aug 2016
    Posts
    3,069
    Thanks
    781
    Thanked
    743 times in 539 posts

    Re: Which Password Manager?

    The CSV thing doesn't always go smoothly, though, and can lead to a fair bit of tidying up. But in my case, most of my stuff was still in the manager that stopped developing years ago, and that I was in the process of moving to Lastpass. But there's a lot of dross in there too, so I'm doing it all manually in order to, first, weed out the stuff I no longer need, and second re-visit my idea of suitable passwords, especially given the Yubikey, so I want to manually reverify each login as I set it up. I'll end up with a more secure password in use, and at the same time, thin down what I actually need in there. It's a pain, but way overdue.
    A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".

  4. #4
    Banhammer in peace PeterB kalniel's Avatar
    Join Date
    Aug 2005
    Posts
    30,849
    Thanks
    1,828
    Thanked
    3,329 times in 2,674 posts
    • kalniel's system
      • Motherboard:
      • Gigabyte Z390 Aorus Ultra
      • CPU:
      • Intel i9 9900k
      • Memory:
      • 32GB DDR4 3200 CL16
      • Storage:
      • 1TB Samsung 970Evo+ NVMe
      • Graphics card(s):
      • nVidia GTX 1060 6GB
      • PSU:
      • Seasonic 600W
      • Case:
      • Cooler Master HAF 912
      • Operating System:
      • Win 10 Pro x64
      • Monitor(s):
      • Dell S2721DGF
      • Internet:
      • rubbish

    Re: Which Password Manager?

    Makes sense, as per another Hexite's experience, be careful with whatever editing tool you're using to make sure it doesn't do any autocorrection/formating! Depending on the UI, it might be better to do the clean out within LastPass or KeepPassXC instead.

  5. Received thanks from:

    Saracen999 (14-07-2021)

  6. #5
    Senior Member
    Join Date
    Aug 2016
    Posts
    3,069
    Thanks
    781
    Thanked
    743 times in 539 posts

    Re: Which Password Manager?

    Going old school, Kal .... manually with Ctrl-C and Ctrl-V.
    A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".

  7. #6
    Registered+
    Join Date
    Jul 2008
    Posts
    40
    Thanks
    3
    Thanked
    1 time in 1 post
    • Xuse's system
      • Motherboard:
      • Asus Tuf H570 Pro
      • CPU:
      • 11700k
      • Memory:
      • 32 GB (4x 8GB) Crucial Ballistix BL2K8G32C16U4B 3200 MHz
      • Storage:
      • 1TB Samsung 980 Pro, 1TB Samsung 960 Evo, 1TB WD, 2TB external, Toshiba 16TB MG Series Enterprise
      • Graphics card(s):
      • 3070 FE
      • PSU:
      • Corsair rm850x (2018)
      • Case:
      • Lian Li Lancool II Mesh Performance
      • Operating System:
      • Windows 10 Enterprise
      • Internet:
      • 900/110 FTTP

    Re: Which Password Manager?

    I don't use the online ones. I use KeePassXC I find it pretty good, and have been using it for a while now. You can set it up to autofill on browser etc, but I mostly don't bother. I say stick with it. You can even set it up to support 2FA on sites so you don't need to use a phone / authy, but I've never tried that feature.

  8. Received thanks from:

    Saracen999 (14-07-2021)

  9. #7
    Missed by us all - RIP old boy spacein_vader's Avatar
    Join Date
    Sep 2014
    Location
    Darkest Northamptonshire
    Posts
    2,015
    Thanks
    184
    Thanked
    1,084 times in 410 posts
    • spacein_vader's system
      • Motherboard:
      • MSI B450 Tomahawk Max
      • CPU:
      • Ryzen 5 3600
      • Memory:
      • 2x8GB Patriot Steel DDR4 3600mhz
      • Storage:
      • 1tb Sabrent Rocket NVMe (boot), 500GB Crucial MX100, 1TB Crucial MX200
      • Graphics card(s):
      • Gigabyte Radeon RX5700 Gaming OC
      • PSU:
      • Corsair HX 520W modular
      • Case:
      • Fractal Design Meshify C
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • BenQ GW2765, Dell Ultrasharp U2412
      • Internet:
      • Zen Internet

    Re: Which Password Manager?

    KeePassXC with Yubikey is what I've been using the past few years, never had a reason to change.

  10. Received thanks from:

    Saracen999 (14-07-2021)

  11. #8
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,466
    Thanks
    1,749
    Thanked
    1,321 times in 986 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Which Password Manager?

    pen and paper? statistically safer than storing digitally I'm told - so long as not kept in your actual wallet when you're out and about.

  12. #9
    Chaos Monkey Apex's Avatar
    Join Date
    Jul 2003
    Location
    Huddersfield
    Posts
    4,578
    Thanks
    1,052
    Thanked
    249 times in 177 posts
    • Apex's system
      • Motherboard:
      • Asus Z87M-PLUS
      • CPU:
      • Intel i5-4670K
      • Memory:
      • 32 GiB
      • Storage:
      • 14 TiB
      • Graphics card(s):
      • R9 480X 8Gib
      • PSU:
      • 750
      • Case:
      • Core View 21
      • Operating System:
      • Windows 10 pro
      • Monitor(s):
      • Dell S2721DGFA
      • Internet:
      • 200Mb nTL Cable

    Re: Which Password Manager?

    KeePassXC for me.

  13. Received thanks from:

    Saracen999 (14-07-2021)

  14. #10
    Senior Member
    Join Date
    Aug 2016
    Posts
    3,069
    Thanks
    781
    Thanked
    743 times in 539 posts

    Re: Which Password Manager?

    Quote Originally Posted by ik9000 View Post
    pen and paper? statistically safer than storing digitally I'm told - so long as not kept in your actual wallet when you're out and about.
    I hear you, and yeah, probably safer .... sorta. But, where do you keep the paper? If not in a safe it's not .... ummm .... safe? And if it is, I'm supposed to unlock the safe every time I want to i-visit a site that requires login credentials?

    So yeah, I'm naturally sympathetic to that but, unfortunately, I'm also turning into a lazy barsteward in my dotage and I think in that case, the balance between safety and convenience doesn't go quite that far towards safety.

    But that is one reason )though not the only one) for a decent modern PW manager - a honking great long password for sites (one each, I mean), and a substantial one with 2FA to get into the PW manager in the first place.
    A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".

  15. #11
    Registered+
    Join Date
    Jul 2008
    Posts
    40
    Thanks
    3
    Thanked
    1 time in 1 post
    • Xuse's system
      • Motherboard:
      • Asus Tuf H570 Pro
      • CPU:
      • 11700k
      • Memory:
      • 32 GB (4x 8GB) Crucial Ballistix BL2K8G32C16U4B 3200 MHz
      • Storage:
      • 1TB Samsung 980 Pro, 1TB Samsung 960 Evo, 1TB WD, 2TB external, Toshiba 16TB MG Series Enterprise
      • Graphics card(s):
      • 3070 FE
      • PSU:
      • Corsair rm850x (2018)
      • Case:
      • Lian Li Lancool II Mesh Performance
      • Operating System:
      • Windows 10 Enterprise
      • Internet:
      • 900/110 FTTP

    Re: Which Password Manager?

    I actually had an idea to engrave the more important stuff on a piece of metal. Making it at the very least fire resistant.

    Then I realized I don't actually have anything of value to do that on. £200 of BTC doesn't really count.

  16. #12
    Missed by us all - RIP old boy spacein_vader's Avatar
    Join Date
    Sep 2014
    Location
    Darkest Northamptonshire
    Posts
    2,015
    Thanks
    184
    Thanked
    1,084 times in 410 posts
    • spacein_vader's system
      • Motherboard:
      • MSI B450 Tomahawk Max
      • CPU:
      • Ryzen 5 3600
      • Memory:
      • 2x8GB Patriot Steel DDR4 3600mhz
      • Storage:
      • 1tb Sabrent Rocket NVMe (boot), 500GB Crucial MX100, 1TB Crucial MX200
      • Graphics card(s):
      • Gigabyte Radeon RX5700 Gaming OC
      • PSU:
      • Corsair HX 520W modular
      • Case:
      • Fractal Design Meshify C
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • BenQ GW2765, Dell Ultrasharp U2412
      • Internet:
      • Zen Internet

    Re: Which Password Manager?

    Quote Originally Posted by Saracen999 View Post
    I hear you, and yeah, probably safer .... sorta. But, where do you keep the paper? If not in a safe it's not .... ummm .... safe? And if it is, I'm supposed to unlock the safe every time I want to i-visit a site that requires login credentials?

    So yeah, I'm naturally sympathetic to that but, unfortunately, I'm also turning into a lazy barsteward in my dotage and I think in that case, the balance between safety and convenience doesn't go quite that far towards safety.

    But that is one reason )though not the only one) for a decent modern PW manager - a honking great long password for sites (one each, I mean), and a substantial one with 2FA to get into the PW manager in the first place.
    Also manually generated passwords tend to be a lot less random than computer generated ones.

  17. #13
    RIP Peterb ik9000's Avatar
    Join Date
    Nov 2009
    Posts
    7,466
    Thanks
    1,749
    Thanked
    1,321 times in 986 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Which Password Manager?

    Well that's your problem right there. Just use the same 3 digit password for all sites then it's easy to remember. Something that you're not likely to forget like "the" or "and" etc. Things starting with a are best cos then if you forget it somehow you have a better chance of brute forcing it using a script that you can find online. So handy what you can do these days.

  18. #14
    Senior Member
    Join Date
    Aug 2016
    Posts
    3,069
    Thanks
    781
    Thanked
    743 times in 539 posts

    Re: Which Password Manager?

    Quote Originally Posted by ik9000 View Post
    pen and paper? statistically safer than storing digitally I'm told - so long as not kept in your actual wallet when you're out and about.
    I do actually keep a couple of pn codes written down.

    But .... not it a way that will mean anything to anybody else. Picture it this way .... a block of random numbers 50 columns wide, and 50 columns deep. In there is a PIN. But it is not necessarily in a block of four, not necessarily read left to right, and there isn't just one block of 50x50 numbers. And they're in a safe.

    I think that's pretty secure ... for PINs.

    Mostly, I use these PINs from memory. But some aren't used very often, and I have had occasions in the past where I struggled to remember an infrequently used one. Hence ... written down. But first, someone has to know they exist. I guess shot that one down with this post. Second, I didn't say where the safe is. Hint - not at my home. Third getting into the safe. Fourth, picking the right sheet for the PIN to be in it. And fifth, picking the correct location in that block of 2500 numbers, for each digit. And knowing how many digits. And in which order.

    Those last few bits aren't written down anywhere. They are in my head. Which you might think is kinda circular, since it was failing to remember the numbers that started me down this rabbithole in the first place. However, I am not hugely good at it but I use the memory-palace idea to remember how to find the correct number in the correct sequence. I'm not good enough to remember the damn numbes, but I am good enough to remember the clues I use for positioning, if that makes sense. It's all agigantic pain in the rear end.

    Also, this is viable for remembering a PIN if my memory fails me, but if used for everyday passwords to websites or online services would be the password equivalent of the HHGTTG locating of plans for the hyperspace bypass in a planning department in the town hall of an alien department in a far-flung star system, in a third level sub-basement behind the door marked "Beware of the Panther".

    For my day to day needs, I start from a couple of premises. First, I'm protecting against casual hackers, maybe even passing fairly serious criminal hackers but I'm not protecting against state level actors. If the NSA or some inimical other intelligence agence with access to bleeding edge supercomputer power really want to crack the encryption to my password manager, they probably can, but the cost in electrical power tobthem of doing so is going to exceed anything thwey can rip off from me, unless their target is my recipe collection and access to my grandma's secret bked bean casserole recipe.

    For anybody else, my logic is that they won't have access to the computing power necessary (if even the NSA have it, which I don't know but wouldn't assume they don't) to crack the password manager's encryption, then there is a relatively small attack surface to get at the passwords. Two weaknesses exist. First, somehow getting in-between my password manager and the login dialog when the password manager accesses a given service, and second, getting the PW manager's master password. That latter is, needless to say, as secure as I can get it while still being practical for me to access (and hence, Yubikey and/or other TFA, etc).

    Ultimately, 100% security doesn't exist. You can only even remotely sensibly only go so far. I mean, I could copy my PiN codes onto paper, encase that in plastic, put it inside a stainless steel box, insde a tupperware container and bury it in the back garden. Of my neighbour. It'd be pretty secure, but a bit of a nuisance to access.

    My biggest single premise for security is that I don't have anything sufficently worth protecting to keep out the kind of people likely to be able to get through a decent PW manager, and those that might try (casual passing hackers) can't, and almost certainly won't have physical access to get at my written backup, even if they knew it existed and how to use it if they did.

    In other words, those that maybe could have no reason to want to, and those that maybe have reason to want to, can't.
    A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".

  19. #15
    Registered User
    Join Date
    Jul 2021
    Posts
    1
    Thanks
    0
    Thanked
    1 time in 1 post

    Re: Which Password Manager?

    I used to use LastPass Free for years until they recently made it more limited to a single device type, and I use password managers on my phone and laptop/PCs.

    If I paid for one it would probably be Bitwarden, but I looked around a bit more and found BitwardenRS, a third party implementation that you can host in your own server/PC.

    This has now been renamed to VaultServer. There is a Docker container for it to make it super easy to set up.

    I run it on my home server and use an nginx reverse proxy with HTTPS with an auto renewed free Lets Encrypt SSL certificate.

    On my phone I have the standard Bitwarden app, and on my laptops and PCs I use the standard browser extension.

    You can specify in the app/extension to point it at your own Bitwarden server, i.e. the hostname associated via nginx, and hey presto, free password manager, available remotely, hosted at home, sync'd to your devices.

  20. Received thanks from:

    Saracen999 (30-07-2021)

  21. #16
    Senior Member
    Join Date
    Aug 2016
    Posts
    3,069
    Thanks
    781
    Thanked
    743 times in 539 posts

    Re: Which Password Manager?

    An interesting option I hadn't considered. I think my only reservation would be about the third party in "third party implementation". But unless it's an entirely open source product heavily scrutinised by the community, that will be a reservation for any product (short of writing it myself). That was the mistake LastPass (IMHO) made, just as WhatsApp did, driving loadsa people to Signal, Telegraph, etc .... user trust, user confidence, whatever you call it. For a password manager, who do you trust?
    A lesson learned from PeterB about dignity in adversity, so Peter, In Memorium, "Onwards and Upwards".

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •