Looking for Password Manager recommendations?

Guddu2k17

Junior Member
Dec 18, 2017
11
0
11
Hi, till now I have been keeping all my passwords in notepad and manually copying it where it is needed to sign in. It's kinda difficult and even more difficult in mobile. So, I was looking at Dashlane and LastPass and sometimes ago I heard that LastPass database was hacked so upon googling, I found some articles that it was true.

So I kept on searching and people nowadays recommending open source pass manager like KeePass to be completely safe.

What are you using yourselves and what do you recommend?

Thanks in advance!
 

mikeymikec

Lifer
May 19, 2011
17,830
9,855
136
There's no such thing as "completely safe", and you framed your question to pretty much mean "how can I make my password management less secure?", when you introduced convenience as a relevant factor.

Generally speaking:
More secure = less convenient
More convenient = less secure

I have been keeping all my passwords in notepad and manually copying it where it is needed to sign in

I have a similar system. For truly unimportant stuff (in terms of the security of my personal data) I let the browser save the password. For some highly sensitive bits of information/access, I only have the login details memorised.
 

lxskllr

No Lifer
Nov 30, 2004
57,511
7,703
126
Keepass and/or one of its forks. Crossplatform for just about every feasible system, and libre software. Specifically, I use KeepassX on gnu/linux, and keepassdroid on Android.
 

ch33zw1z

Lifer
Nov 4, 2004
37,840
18,122
146
I've personally been using Safe in Cloud. End up with two very secure passwords I need to remember. safe in cloud's db password, and the cloud server i use to sync it.

works well so far, started helping others migrate to it.
 

RLGL

Platinum Member
Jan 8, 2013
2,079
300
126
I used robo form in the past, switched to LastPass about one year ago
 

sourceninja

Diamond Member
Mar 8, 2005
8,805
65
91
All lastpass hacks have been around tricking it into inputing passwords or tricking users into thinking they are using lastpass to get your master password. The database has not been compromised.
 

ch33zw1z

Lifer
Nov 4, 2004
37,840
18,122
146
I thinks it's important to note that I don't use browser plugins for safe in cloud either. I feel that adds additional security risks
 

repoman0

Diamond Member
Jun 17, 2010
4,501
3,382
136
Keepass and/or one of its forks. Crossplatform for just about every feasible system, and libre software. Specifically, I use KeepassX on gnu/linux, and keepassdroid on Android.

This is my favorite too. Key file goes on all the computers / devices you need, strong password goes in your head, and then you can freely share the actual database file over whatever channel (e-mail, dropbox, cloud etc) without worrying about compromising it.
 

ky54

Senior member
Mar 30, 2010
532
1
76
FWIW I've been using Lastpass for about 6 years. Never had a single issue but would I recommend it? None of them are foolproof so I say go with what you feel comfortable with.
 
  • Like
Reactions: corkyg

SMOGZINN

Lifer
Jun 17, 2005
14,202
4,401
136
This is my favorite too. Key file goes on all the computers / devices you need, strong password goes in your head, and then you can freely share the actual database file over whatever channel (e-mail, dropbox, cloud etc) without worrying about compromising it.

I do something like this as well. I have the portable version of Keepass in my Dropbox along with the database file, then I have the key file on a USB drive on my keychain and with it all I need is my keys, my Dropbox password, and my database password. With that I can get all my account information from any computer with an internet connection.

Keepass will allow you to have some super paranoia level of encryption on your database, and can be set up to require two-factor authentication with both a master password and keyfile to decrypt. You can sacrifice some security for convenience by choosing to use a keyfile or password and not both.
 

Guddu2k17

Junior Member
Dec 18, 2017
11
0
11
Yes keepass seems good coz I don't feel safe storing my passwords in a cloud managed by any company. I know they will say that they CANT even look at the passwords of their clients and is encrypted using 256-bit encryption but think about this, they made that password manager software and they did all the coding. Who knows what they do in the background. They are not gonna say it out loud.
 

Billb2

Diamond Member
Mar 25, 2005
3,035
70
86
Another vote for Lastpass.

You can login to Lastpss from any computer you're on and then logon to anything in Lastpass. Lots of nice features - automatically generate secure passwords and automatically change passwords. Been using it for 4 years, desktop and mobile, and no issues at all.
 

balloonshark

Diamond Member
Jun 5, 2008
6,350
2,781
136
Another vote for keepass. I gave up a long time ago trying to remember passwords. That's especially true now that I'm up to 7.5 written pages of usernames and passwords.

P.S. I also agree with not liking a password manager that stores data in the cloud. Plus the about me of last pass used to say they were located just outside D.C. Now I guess they are owned by logmein whoever that is. Let's not forget that these companies can be sold or bought by anyone which is another good reason to use open source software.

Just be sure to use a good master password and keep database backups in multiple locations. It wouldn't be a bad idea to have one at another property or online in case your home catches fire.
 

Alpha One Seven

Golden Member
Sep 11, 2017
1,098
124
66
Hi, till now I have been keeping all my passwords in notepad and manually copying it where it is needed to sign in. It's kinda difficult and even more difficult in mobile. So, I was looking at Dashlane and LastPass and sometimes ago I heard that LastPass database was hacked so upon googling, I found some articles that it was true.

So I kept on searching and people nowadays recommending open source pass manager like KeePass to be completely safe.

What are you using yourselves and what do you recommend?

Thanks in advance!
There is none better than your own human brain. :)
 

Alpha One Seven

Golden Member
Sep 11, 2017
1,098
124
66

lxskllr

No Lifer
Nov 30, 2004
57,511
7,703
126
I do it, so it IS possible. You do realize that the guy that made up the rules about a strong password has since said it was a big mistake and has had the effect of making passwords easier to crack by algorithm

https://www.nbcnews.com/tech/securi...now-about-passwords-says-man-who-made-n790711.

He's not talking about random passwords generated by a decent manager. He's talking about trivial substitutions people make by using character substitution. It's been long known they're susceptible to attack. That's why a properly random generated password is good. I use a couple ridiculously long, memorable passwords as masters to get into databases, but after that, I let the password manager generate them for me. Aside from that, some sites use highly restrictive password form, that won't allow for length. The only decent answer is randomization.
 

Guddu2k17

Junior Member
Dec 18, 2017
11
0
11
I saw a video on youtube and its recommended to keep a strong stupid with no meaning sentence as the master pass.

Also, I am literally hanging towards LastPass because they have a country exclusion login feature. We can exclude logins from other countries that Dashlane can't, just had a chat with Dashlane support. They said they are gonna implement that soon. Also, the support agent told me that Premium users get more fast and quick support than FREE users.

Any other managers that have the feature to exclude logins from other countries? I am about to get premium. I looked at KeePass but I was sold on the UI and smoothness of LastPass and Dashlane. :)
 
Last edited:

Puffnstuff

Lifer
Mar 9, 2005
16,033
4,798
136
I use lastpass, norton vault and bitwarden and favor lastpass. Just turn off autofill so it doesn't mess with sites that require manual entry.
 

WilliamM2

Platinum Member
Jun 14, 2012
2,465
541
136
The main issue with all the password manager applications is that they cannot rule out the human factor. In other words, you must use an email account as your connection to the software. If you forget your password to your password manager or the email account you associate with it gets hacked, you can say goodbye to all your passwords.

I've never had to use an email address at all for Keepass. Not sure what you mean there.

And for those that are really paranoid, store the Keepass data file in a hidden encrypted folder.