Are password managers worth it?

sangreal · Oct 26, 2017

Rad Bandolar said:
I'll throw in my support for LastPass as well. I don't have premium, but it works on mobile for me. Combined with the browser extensions, it's the best solution for me. When I register for a website, I can have it generate up to a 100 character length password, and it also gives options for alpha-numeric only, or alpha-numeric with special characters included. It's pretty slick.

The weak link in all of these password managers is your master password, but as far as I know, LastPass only receives a hash of your password (not the password itself), so they don't know what it is. Plus I think your vault is encrypted/decrypted locally on your machine, so no data travels "in the open," and your data that's on their servers is encrypted (even to them).

Yeah, lastpass just stores the vault for you. The encryption is handled locally and so is the password hashing for login so really your master password should never be going through their servers. It is, of course, still important to have a very strong master password. Fortunately when you only have to remember one, that becomes pretty easy

Aiii · Oct 26, 2017

So worth it. 1Password and Authy have been my go to apps for years now. Never looked back.

Prophet Steve · Oct 26, 2017

I've used Lastpass for a long time and definitely think a password manager is the safest way to go.

Since the increased price of premium I am considering https://bitwarden.comthough

Septimus Prime · Oct 26, 2017

I use LastPass and Authy (and I'll never let LastPass manage my Authy, like it wants to).

One thing, though, is that I actually completely forgot my LastPass master password for the longest time and had no way to actually use it. I was able to (fairly easily, actually) find an option to remote wipe my LastPass account and set it up again as new. So I guess that's one potential avenue of attack, where the attacker still can't get your passwords but could totally inconvenience you by deleting them all.

sca · Oct 26, 2017

Milchmann said:
It thought about moving from Lastpass to Bitwarden but Bitwarden haven't had a security audit yet.

True. I think that's in plans for this year. In the meantime, they've partnered with HackerOne since late September/early October. https://hackerone.com/bitwarden

They've mentioned that they'll release their enterprise version as open source, though you'd have to build from source, you would be able to host your own Bitwarden server locally

fuzzyset · Oct 26, 2017

I can't imagine not using a password manager in this day and age tbh. Lastpass can be awkward on iPhone but it's worth it to have separate strong passwords for everything.

timmbp · Oct 26, 2017

StrikeFirst117 said:
That is understandable, I think I'll be sticking to my encrypted file then, with Malwarebytes + Eset as security.

You should at least check out something like KeePassX. It's a password manager that uses a locally stored encrypted database. Other things like cloud syncing and browser extension are optional.

John Dunbar · Oct 26, 2017

my password manager is using the word password as password everywhere

sca · Oct 26, 2017

timmbp said:
You should at least check out something like KeePassX. It's a password manager that uses a locally stored encrypted database. Other things like cloud syncing and browser extension are optional.

KeePass the best

Izayoi · Oct 26, 2017

Netherscourge said:
I like Google's SmartLock just fine. Only need to remember 1 password (or PIN) as long as you only use Chrome and 2 or 3 select personal devices (phone, Home PC, work PC) for browsing.

Never even thought to try this... I will give it a shot.

I just really, really, really wish that Chrome for Android supported some kind of ad blocker. It's just too exposed.

Deleted member 7081 · Oct 26, 2017

timmbp said:
You should at least check out something like KeePassX. It's a password manager that uses a locally stored encrypted database. Other things like cloud syncing and browser extension are optional.

sca said:
KeePass the best

Pretty sad that KeePassX can be considered dead, its website is a mess. Gentoo removed it from their repo and I guess other Linux distributions will follow suit in the near future. But free software wouldn't be free software if there wasn't a proper fork already: https://keepassxc.org/

timmbp · Oct 26, 2017

ShadowOwl said:
Pretty sad that KeePassX can be considered dead, its website is a mess. Gentoo removed it from their repo and I guess other Linux distributions will follow suit in the near future. But free software wouldn't be free software if there wasn't a proper fork already: https://keepassxc.org/

Didn't realize KeePassX was dead. Guess KeePassXC it is.

sca · Oct 26, 2017

Izayoi said:
Never even thought to try this... I will give it a shot.

I just really, really, really wish that Chrome for Android supported some kind of ad blocker. It's just too exposed.

There is NetGuard, it doesn't require root to use. Don't use the version on the Play Store though, I believe it's missing ad-blocking or some other services that require it.

NetGuard Github
NetGuard Releases

StreamXSonik · Oct 26, 2017

Long time sceptic, but wouldn't go without one now. Incredibly easy to use too and helps me keep track of all the various logins I have across the internet.

Strong password for LastPass, strong password for my main email accounts, 2FA everywhere that offers it (and no storing of financial details anywhere that doesn't) and I feel pretty well covered.

Deleted member 7081 · Oct 26, 2017

sca said:
There is NetGuard, it doesn't require root to use. Don't use the version on the Play Store though, I believe it's missing ad-blocking or some other services that require it.

NetGuard Github
NetGuard Releases

Ironically the free version of NetGuard has ads these days which is pretty stupid for a firewall: https://forum.xda-developers.com/android/apps-games/app-netguard-root-firewall-t3233012/page310

DNS66 uses the VPN service to block ads /hosts, it requires no root. It's not available on the Play Store though (which I do not have anyway) but on F-Droid or as APK via GitHub:
https://forum.xda-developers.com/android/apps-games/app-dns66-source-host-ad-blocker-root-t3487497
https://f-droid.org/app/org.jak_linux.dns66
https://github.com/julian-klode/dns66

Ben Ghazi · Oct 26, 2017

I use LastPass. Does its' job.

Mammoth Jones · Oct 26, 2017

Looks like I'm gonna hook up a password manager as soon as I get my macbook back from the shop

sca · Oct 26, 2017

ShadowOwl said:
Ironically NetGuard has ads these days: https://forum.xda-developers.com/android/apps-games/app-netguard-root-firewall-t3233012/page310

DNS66 uses the hosts to block ads, requires no root. It's not available on the Play Store though (which I do not have anyway) but on F-Droid or as APK via GitHub:
https://forum.xda-developers.com/android/apps-games/app-dns66-source-host-ad-blocker-root-t3487497
https://f-droid.org/app/org.jak_linux.dns66
https://github.com/julian-klode/dns66

Ah cool. The ads didn't bother me much since I haven't really opened the application after I set up the hosts file, but I'll check it out.

edit: I'll switch over since it looks to be more lightweight. Hopefully I don't have those download problems that affect Nougat

Soulfang · Oct 26, 2017

KeePass is a fantastic free and open source solution. Let your database file live on your Dropbox and you can easily access your passwords across multiple devices.

Windows/macOS: KeePassXC
Chrome: CKPX
iOS: MiniKeePass

Lirion · Oct 26, 2017

I've been using 1Password for a while now with over 70 different passwords. :p It's definitely worth it in my opinion.

Dan · Oct 26, 2017

Another 1Password user here. Works great between OSX, Windows 10, IOS etc. Encrypted dropbox + Google Authenticator as well. My only complaint is that there is no Linux support as far as I know.

I really should migrate to Authy at some stage..

Deleted member 6511 · Oct 26, 2017

Dan said:
Another 1Password user here. Works great between OSX, Windows 10, IOS etc. Encrypted dropbox + Google Authenticator as well. My only complaint is that there is no Linux support as far as I know.

I really should migrate to Authy at some stage..

I use 1password for Windows, chrome and Android for some time now. In fact I paid the license, but when I recommend to a friend I realized they went SaaS... Hard to justify $5/month...

Izayoi · Oct 26, 2017

sca said:
There is NetGuard, it doesn't require root to use. Don't use the version on the Play Store though, I believe it's missing ad-blocking or some other services that require it.

NetGuard Github
NetGuard Releases

ShadowOwl said:
Ironically the free version of NetGuard has ads these days which is pretty stupid for a firewall: https://forum.xda-developers.com/android/apps-games/app-netguard-root-firewall-t3233012/page310

DNS66 uses the VPN service to block ads /hosts, it requires no root. It's not available on the Play Store though (which I do not have anyway) but on F-Droid or as APK via GitHub:
https://forum.xda-developers.com/android/apps-games/app-dns66-source-host-ad-blocker-root-t3487497
https://f-droid.org/app/org.jak_linux.dns66
https://github.com/julian-klode/dns66

Wow, great resources! Thanks guys! <3

Dio · Oct 26, 2017

im curious. seeing the bitwarden reccomendations here...what's the difference/advantages it has over lastpass?

Dan · Oct 26, 2017

Magus Z said:
I use 1password for Windows, chrome and Android for some time now. In fact I paid the license, but when I recommend to a friend I realized they went SaaS... Hard to justify $5/month...

Yep agreed - luckily I got in befre they went Saas - not much use to new customers though. It's a shame.

RedOnePunch · Oct 26, 2017

I finally had to get one. My passwords are much stronger now since I don't have to try and memorize them

sca · Oct 26, 2017

Dio said:
im curious. seeing the bitwarden reccomendations here...what's the difference/advantages it has over lastpass?

Usage case, they look to be similar. Bitwarden is open source, so users can look at the code and see what's going on. With the Enterprise edition, you'll be able to host your own Bitwarden cloud/server, so they've mentioned. The thing is that Bitwarden hasn't had a security audit yet. while LastPass has.

Yohane · Oct 26, 2017

1password is great on mac osx.

Teamocil · Oct 26, 2017

Just imported everything into Bitwarden.
I hate the LastPass interface. It just feels so blah to me. Like, it feels like it's a webapp with a wrapper. 1Password is fantastic but too expensive.

So far, Bitwarden seems great. When I get a new NAS this year I'll host my own server to store my passwords on too.

dark_prinny · Oct 26, 2017

I've been using 1password for many years now. Honestly, I don't know if i could survive without it at this point.

A Syrian Communist · Oct 26, 2017

I use 1Password. Kind of annoying that it's a paid service now, but at least it's one that's worth it imo.

anexanhume · Oct 26, 2017

Essential for me, especially when needing to share login info with my wife. We use dashlane, and it works pretty well.

Septimius · Oct 26, 2017

Use passphrases and change out a part of that passphrase with something derived from the site. Of course password managers can be considered safe, but it is still a single point of failure. Passphrases are virtually uncrackable, even if the attacker knows you're using a passphrase, given that one of the words are outside the top 500 words list. If you even throw in a special character somewhere, it'll be impossible to crack. Passphrases makes passwords easy to remember, and given that you have one part of it that's unique to each site, even if that is just a word, you can still remember that one rule very easily. You get rid of that single point of failure, and have just as uncrackable passwords as a password manager does.

born2bleed · Oct 26, 2017

Been using 1Password for the last 5 years. I myself having 60 or so different passwords randomly generated I think it's an essential app for me.

Dio · Oct 26, 2017

sca said:
Usage case, they look to be similar. Bitwarden is open source, so users can look at the code and see what's going on. With the Enterprise edition, you'll be able to host your own Bitwarden cloud/server, so they've mentioned. The thing is that Bitwarden hasn't had a security audit yet. while LastPass has.

i see. maybe when they do an audit, i'll consider testing it. does seem promising.

timmbp · Oct 26, 2017

Dio said:
im curious. seeing the bitwarden reccomendations here...what's the difference/advantages it has over lastpass?

I know some people switched because LastPass wasn't yet available for Firefox 57.

Teamocil · Oct 26, 2017

Does anyone know if 1Password integrates into iOS well? Like, if I'm in Safari on iOS and I'm creating an account or logging in, does 1Password pop up for autofill?

Edit: Actually, just noticed how ridiculous their family pricing is. Nah, not happening. The GF and I share a few accounts and this would be absolutely insane for that purpose.

sca · Oct 26, 2017

timmbp said:
I know some people switched because LastPass wasn't yet available for Firefox 57.

That was my reason originally

survivor · Oct 26, 2017

I use 1Password and it's definitely worth it. Outside of work passwords and email, I don't actually know any of my passwords, they are all auto generated.

It gets a bit annoying if I'm trying to access something outside of my laptop from home but I don't mind it that much.

Deleted member 412 · Nov 15, 2017

I got inspired by this thread some weeks ago, and I finally got some time off to set up 1password and Authy. It was stressful and time-consuming setting it up, having no experience with this kind of software (beforehand I rotated between 3-4 passwords and used 2FA with SMS on a few sites), but now I'm all done and it feels soooo good. Can't ever imagine going back. The only thing I dislike about 1password is that the Android app, Mac app and Windows app all have different design and layout.

Joezie · Nov 15, 2017

Absolutely for me. Keepass is a life saver and can be taken anywhere I need it to go. Sure it tends to lack some fancy sync settings that I might find in something like lastpass which is a bummer, but far from the end of the world.

If I do ever need or decide to go with a need for more synch like behavior then I'll probably add Bitwarden to the Repertoire.

sangreal · Nov 15, 2017

xJavontax said:
Does anyone know if 1Password integrates into iOS well? Like, if I'm in Safari on iOS and I'm creating an account or logging in, does 1Password pop up for autofill?

Edit: Actually, just noticed how ridiculous their family pricing is. Nah, not happening. The GF and I share a few accounts and this would be absolutely insane for that purpose.

I know this post is old, but safari on iOS has support for extensions like password mangers, you just have to hit the share button and select it before it will autofill. Of course, Apple has their own password manager which is better integrated and works in every app but that is useless for people with windows PCs

Neapolitan · Nov 15, 2017

I use KeePass combined with Authy. I synced the password database to Dropbox and don't have to worry about password in all my devices.

It's all free and totally worry it.

Xiyng · Nov 20, 2017

I've been using KeePass for a good while now. My only significant concern is losing my backups. I have the database saved on four different devices, but they're typically at home quite close to each other and if there was, say, a fire, I'd lose everything. I should back up my passwords in some other place as well, but I don't want to upload my passwords to any cloud service, and I kind of don't know where else I could reliably keep them.

Byshop303 · Nov 20, 2017

Dodongo said:
Yeah op, use one. KeePass is a good free option

+1 for KeyPass. I have a 40+ character passphrase for mine so I'm not terribly worried about it.

Gennady · Nov 20, 2017

Xiyng said:
I've been using KeePass for a good while now. My only significant concern is losing my backups. I have the database saved on four different devices, but they're typically at home quite close to each other and if there was, say, a fire, I'd lose everything. I should back up my passwords in some other place as well, but I don't want to upload my passwords to any cloud service, and I kind of don't know where else I could reliably keep them.

If you know a friend with a NAS you could always rsync/syncthing/newcloud it over to them, i use a similar scheme for my father who also refuses to trust any cloud but one managed by family.

JayC3 · Nov 20, 2017

Does anyone have any recommendations for a Android version of KeePass?

Gennady · Nov 20, 2017

I'm partial to Keepass2android, has lots of external sync options (sftp module is a bit dated and needs sha1 HMAC to work), and if you feel confident, there is also a timed quickunlock where you only need the last few characters or a fingerprint to unlock for an hour or so. However, if you don't trust Google Playthere is it's APK on codeplex, and there is also Keepassdroid on F-droid.

TeenageFBI · Nov 20, 2017

Xiyng said:
I should back up my passwords in some other place as well, but I don't want to upload my passwords to any cloud service

I was worried about this until I noticed the option to lock the database with a password AND a key file. So you could technically have access to my OneDrive account, my KeePass database and my KeePass master password and you still wouldn't be able to get in without the key file (which is stored elsewhere)

ronaldthump · Nov 20, 2017

The answer is hell yes.

Are password managers worth it?

何これ

EA

User requested account closure

Attempted to circumvent ban with alt account

User requested account closure

bork bork

One Winged Slayer

Attempted to circumvent ban with alt account