Re: best password manager?
Lastpass or Norton Identity Safe.
Norton's offering has the advantage of being free for mobile platforms too, Lastpass charge money for that. Norton will also check your search results and highlight any dodgy ones.
Personally I use Lastpass, which works exceedingly well for me on Chrome and Firefox. I moved to Lastpass when they bought Xmarks (very useful bookmarks sync plugin).
Re: best password manager?
+1 for Lastpass, love it so much I paid for it
Re: best password manager?
I have similar concerns although not had problems like you have had (touch wood) and have decided to go with Keepass. It’s cross platform and open source, and it offers strong security, multiple user keys, a portable (no install) version, export/import in various formats, database transfer, password groups, time fields and entry attachments, auto-type/global auto-type hot key, drag and drop, secure clipboard handling, search and sort, a strong random password generator, and plug-ins. Oh and it's FREE.
Re: best password manager?
I use keepass combined with dropbox to keep things synced across various platforms and places
Re: best password manager?
Just thought you may want to consider more options so here is a link to a review of 5 free options including KeePass: http://www.techrepublic.com/blog/fiv...;siu-container
John
Re: best password manager?
TrueCrypt volume (with MS Access DB) + Dropbox works great...
Re: best password manager?
I also use Keepass, which is great.
If you have Kaspersky Pure antivirus, they also provide a password manager (I have not tried it though)
Re: best password manager?
The problem with password managers is that in most cases all the passwords are protected by one master password. If that gets hacked then your are little better than having the same password for everything.
The only real protection is if you have some token method of authenticating you as the user, either software, such as a public/private key pair or a physical token that you have to have in your possession (or better still, both, with a password protected private key on (say) a usb stick) and then you have to ensure that neither the key nor the password are cached)
Perhaps the most secure method of accessing online services is to have a diskless system (boot off removeable media) with an encrypted datastore on (say) a usb stick that you keep physically safe.
The next best thing is to use whole disk encryption to protect data at rest, and again use removeable protected storage for a password store.
But if you are using whole disk encryption, for most users the password managers provided by browsers or operating system will be sufficient.
The final step though is to ensure that the passwords for the services you are using have strong passwords (and with a password manager, they can be long random strings) and that you have a very strong master password protecting the key or other protection mechanism.
Re: best password manager?
Quote:
Originally Posted by
peterb
(or better still, both, with a password protected private key on (say) a usb stick) and then you have to ensure that neither the key nor the password are cached)
I do something like this with Keepass. Master password and keyfile, With Keepass on 1 USB stick and the keyfile on another USB stick + a password that I can remember.
I did use roboform once but, didn't feel it offered the same security and Keepass is freeware too.
Re: best password manager?
Thats very true Peter but I have more faith in my system staying clean than leaving passwords to random companies :P.Going to spend sunday doing all my passwords finally :D.
Re: best password manager?
Quote:
Originally Posted by
Hicks12
Thats very true Peter but I have more faith in my system staying clean than leaving passwords to random companies :P.Going to spend sunday doing all my passwords finally :D.
I wasn't suggesting that you did use the cloud as such - at least not in clear! I use an encrypted container on dropbox as an archive for sensitive data - like private keys, which themselves are password protected.
By diskless, I meant boot off a live CD (or stick) on a system without any permanent storage) so that there is no risk of caching data on a hard drive.
Re: best password manager?
oh haha I get you :). That was the plan anyway to have the passwords available on my phone ill be using dropbox. Fun times ahead!
Re: best password manager?
Quote:
Originally Posted by
Hicks12
oh haha I get you :). That was the plan anyway to have the passwords available on my phone ill be using dropbox. Fun times ahead!
Yes, but are you encrypting your files on dropbox? I know dropbox say that they encrypt, but I am sceptical about it, particularly when there is sensitive data involved! (not an issue with the encryption, more with theit key management and their access)
Re: best password manager?
I use Lastpass and I've enabled 2 factor authentication on it.
It come highly recommended by Twit.tv's SecurityNow.