Do you use password management/protection software?

extradosed

Professional Engineer, Amateur World Traveller
Lastpass is already essentially a paid product since you have the pay $12 per year to use it on mobile devices. Hopefully they won't jack up the price too much.
 

Vic Diaz

Level 2 Member
Lastpass is already essentially a paid product since you have the pay $12 per year to use it on mobile devices. Hopefully they won't jack up the price too much.
But you are not forced to pay for the product, its a premium feature which is understandable. Not allowing you the option to use a free version of it kinda sucks, thats what happened to me with LogMeIn.
 

StammesOpfer

Level 2 Member
Charity Forum Mod
Keepass with cloud storage (dropbox, box, onedrive, google drive) free and open source. Means you won't ever have to pay and they can't take features away.
 

Glenn

Level 2 Member
LastPass with YubaKey here. I like that it has been independently audited. I'm not even concerned if someone breaches the LastPass site since the blob is encrypted before anything gets uploaded. I won't be using 1Password though I hear good things about it. They've had some security issues recently that point to them making some bad choices when choosing between security and convenience (you could google metadata for example). Anyway, read this if you want to start following the breadcrumbs:

http://9to5mac.com/2015/10/20/1passwordanywhere-vulnerability/

Basically you need to be using something. And you need to be using passwords that are AT LEAST 12 characters these days, using all combinations including special characters if they'll let you. If you don't then an SQL injection that reveals the encrypted/salted passwords can STILL be decrypted by diligent attackers with lots of spare cycles.
 

DazeEnd

Level 2 Member
Another vote for Last Pass. I chose it over 1P because of the webservice. My wife knows my master password, so if I get hit by a bus, she'll have easy access to all my passwords. Plus the webservice allows us to share some passwords (think bank accounts, utilities, etc.) so we can both access shared accounts.
 

craig d

New Member
Keepass. Open source with great extra security features. Portable for my phone websurfing as well. Has never let me down.
 

G1ant

Level 2 Member
Dashlane has been reminding me today that I have a crapload of logins/password combinations the same as my Time Warner one. Obviously it is not great to have your bank password the same as a compromised one. This feature make Dashlane worth the money.
 
Last edited:

Touristtrap

Level 2 Member
I quit using password management software (Norton, Last Pass) after encountering problems with duplicate accounts at the same institution I am managing.

Obviously too time constrained to try to figure out the way around it as some of you reported it could be done.
 
Last edited:

Mark Pepper

New Member
While we all love convenience, we do need to respect that if major corporations can get hacked (i.e. Sony), so can we. To that end, Lastpass (which I use and like) was hacked last year. See http://www.forbes.com/sites/katevinton/2015/06/15/password-manager-lastpass-hacked-exposing-encrypted-master-passwords/#33cb4cb15a66 .

Having a career in tech, I would advise people to look at the impact in their lives if suddenly all of their usernames and passwords were compromised. My suggestion is to use what's called 2 step authentication with any password manager, and even sites like Dropbox where more valuable data may resides. For those unfamiliar with 2-step, a site like Lastpass will require you to first login to Lastpass on your computer or phone. Then, thru a separate app on your iphone or android phone, you will be asked to give Lastpass permission to open. The theory is that if someone else hacked your username and password, it's less likely they're in possession of your iphone/android phone. It's a slight inconvenience, but well worth the piece of mind. And I recommend that you use 2-step for your bank accounts and any other site that holds valuable data.
 

Falim

New Member
Been using 1password for a few weeks and decided to buy it. Great integration and plugins. Now I use it to hold all my CC info. I hate being away from home, wanting to make an online purchase, and not having the right card.
 

jws

New Member
I've been using 1Password for a long time now. Each update adds new features that I didn't know I needed until they were implemented! I store all of my login info in the vault but haven't done so with my CCs yet.
 

twentyseventy

Level 2 Member
I've been dying to something to use - I've got dozens, if not hundreds of passwords, and every site seems to have different requirements. I'll give 1P a whirl-
 

ElainePDX

Level 2 Member
I continue to love my 1Password but those still considering if/what to get may be interested in this:
http://thewirecutter.com/reviews/best-password-managers/?utm_source=The+Wirecutter&utm_campaign=5ac7afa28b-EMAIL_CAMPAIGN_2016_12_09&utm_medium=email&utm_term=0_bb5d08fe40-5ac7afa28b-87003461

BTW I really like The Wirecutter and its sister site, Sweethome. I've bought a number of items from vacuums to lamps based on their analysis and tweeted heads up when the price of one of their recommended products drops.
 

StammesOpfer

Level 2 Member
Charity Forum Mod
Since LastPass added sync between devices to the free version (fairly recently) that is the way to go unless you don't like the idea of it being hosted by a company in which case KeePass and a couple plug-ins will do it too just more initial setup work.
 

BuddyFunJet

Level 2 Member
I don't know if this feature is in free or premium but the thing that keeps me at Lastpass is what they call emergency access. You set up people who can request emergency access to all your passwords in case of emergency. You set the time from the request that they have to wait for access and can stop the request in that waiting period. With so much of my banking and CC billing being online, this is a comfort in case of death or injury.

This is different than sharing certain passwords between family members.
 

knaveconwy

Level 2 Member
I'm a huge fan of 1Password. One great feature I haven't seen mentioned in this thread is the teams/family accounts. It does require a subscription but makes sharing passwords with your spouse or others in your family really easy. For example, I have a shared vault with my wife that has all or credit card data and frequent flier numbers in it so we can both reference it when needed.
 

mlick41954

Level 2 Member
I've been using Lastpass for a few years. Only thing I think that could be improved is the application integration within IOS.
 

FullMoonMadness

Level 2 Member
Another vote for KeePass. I think it's probably a little more work than other apps if you want to share it across devices securely, but not prohibitively so.
 

El Ingeniero

Level 2 Member
While we all love convenience, we do need to respect that if major corporations can get hacked (i.e. Sony), so can we. To that end, Lastpass (which I use and like) was hacked last year. See http://www.forbes.com/sites/katevinton/2015/06/15/password-manager-lastpass-hacked-exposing-encrypted-master-passwords/#33cb4cb15a66 .
Someone was able to access a stash of encrypted master passwords. Encrypted password vault data was never compromised.

Panicked I'm not.

I changed my master password and went my way.
 

ct22025

New Member
I use lastpass, for which I paid the $12/YEAR to have on my laptop and phone. I can't say enough good things about it. I'm out of the forgotten password loop, and feel my stuff is more secure.
 

Mancolt

Level 2 Member
Thanks for sharing thehackernews article, Jack. Definitely gives me pause to see my Password Manager on that list (1Password). I've been happy with it, but I am taking it on faith that the company are managing the security side of things. Probably not the best, but I wanted something that was as minimally invasive as possible. I had been using Google Chrome's built in PW Manager, so I'm just hoping it's a step up from there.

Interesting to note that KeePass wasn't listed on there. I wonder if that's because KeePass is truly the most secure (owing probably to its open source nature) or because it didn't make their list of top 9 to test. I was looking for something a little more integrated and seamless, otherwise KeePass probably would have been #1 on my list.
 

JackCarter

New Member
KeePass also is one of the 3 password managers recommended in the following article:

"Privacy? I don't have anything to hide."

https://www.privacytools.io/

The author(s) has/have done an amazing job of providing tons of valuable info.

The reason I'm planning to investigate other pw managers is that - although basically happy with Roboform for the last ~4 years - is that it's not listed here.
One reason would be that it's a USA company.

Nobody should be using anything Google other than an Android if one prefers that over Apple. And then deny as many permissions as possible.

I'm going to make a few simple recommendations:

Use Firefox or another browser recommended in the article (I think some are mentioned) - never Chrome or IE.

Use DuckDuckGo or another Search Engine recommended in the article if there are any - I find DDG fine, and it does not keep records.
Google has a record of every search you've ever made. Youtube has a record of every video you've ever watched and also those you've searched for.
Google Voice has a record of every phone call. If you use the transcription (voice to print) they have a transcript of every call you've made.

I'm using a VPN for the 2nd year I'm happy with and was listed in an article of "VPN's which really care about privacy".
However, mine is not listed in the above article, and will almost certainly take the author's advice and switch to one recommended in the article.

Use Signal for phone calls and texting. Recommended by Snowden.
And was not hacked by the CIA, which some articles yesterday falsely reported.
Using their laptop version for live chat requires using the Chrome browser. I'm not sure what I'll turn to for computer live chat.

Everything I've mentioned specifically is free.

Everybody should be looking into these or other alternatives - it's as timely as ever today with the latest Wikileaks info.

"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say". - Edward Snowden
 
Last edited:

seespotjump

Level 2 Member
I use and recommend LastPass. It's easy to use, easy to configure, and has advanced features (filling special fields, etc.) if you want to dig that deep. Definitely worth the money in my opinion, and the free edition isn't so bad either!
 

notalent

Michael Bolton
Another vote for KeePass.

I have the db stored on dropbox and the keyfile stored locally on the devices I use it on.
Monthly I print all the passwords out and put them in the safe for the SO in case anything happens she can get into the many accounts I have (and in her name as well)
 

billygoat

Level 2 Member
Another vote for KeePass.

I have the db stored on dropbox and the keyfile stored locally on the devices I use it on.
Monthly I print all the passwords out and put them in the safe for the SO in case anything happens she can get into the many accounts I have (and in her name as well)
A little off topic, but is your safe fire proof? Why not a safety deposit box? I have a safe and its not fire proof, I guess i could just keep it in the freezer and that would have to be a hellava fire to destroy it then.
 

Felix

Level 2 Member
No I do not, the reason behind it is because I only use a few passwords with slight variation if needed.
 

FullMoonMadness

Level 2 Member
No I do not, the reason behind it is because I only use a few passwords with slight variation if needed.
Do you realize that if one account is compromised, any other account/website with which you are using the same password is also in jeopardy? That is not an uncommon tactic for the bad guys to use.
 

Felix

Level 2 Member
Do you realize that if one account is compromised, any other account/website with which you are using the same password is also in jeopardy? That is not an uncommon tactic for the bad guys to use.
I haven't had any issues yet and I've been on the internet since 1999.
 

billygoat

Level 2 Member
I see what your saying @FullMoonMadness - but their entire busines model relies on them maintaining top level security. I realize that doesnt help you if they are compromised. But I'm sure they are doing everything reasonably possible and more to ensure they have your trust.
 

Dante

New Member
I renewed my Roboform Everywhere license today for another year for $15.95 using coupon code JULY4 and it seems that I got an additional 6 months free: Starts on: 07/07/2016 Expires on: 01/06/2019

Roboform is ok, not great.
 

Seeme

Level 2 Member
I use Lastpass. saves me a lot of time honestly, but I don't really trust it to put password that I actually care about on.
 
Top