We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
The Forum is currently experiencing technical issues which the team are working to resolve. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Password Manager
Comments
-
Keepass on Android and all my PCs, synced with my own Nextcloud server. So no 3rd party cloud needed.
There is also the addon "Kee" for Firefox which can autofill my credentials on websites.0 -
Roboform is the best0
-
Keepass on Android and all my PCs, synced with my own Nextcloud server. So no 3rd party cloud needed.
I have the same setup, hosting on OwnCloud, which I run on a server I physically own and have full control over. It works well and I've yet to have any issue with my use. I chose Keepass as it worked on the systems I use (Linux, Android and Windows) and doesn't rely on a 3rd party cloud service.
Granted, this isn't a setup to a non-technical person, as Keepass isn't a cloud backed system, so requires additional configuration to sync across devices.
Whatever manager you use protect it with a passphrase, not a password. A passphrase could just be a long sentence, including punctuation that you will not forget and couldn't be easily guessed. If you are using a cloud based solution make sure it supports 2-factor authentication. Sure this makes it slower to access your passwords, but adds extra security as the contents of your password manager are like the crown jewels.
Regards,
Steve0 -
Put all passwords in an Excel file and then protect it with a password.Happiness is buying an item and then not checking its price after a month to discover it was reduced further.0
-
Put all passwords in an Excel file and then protect it with a password.
Care to send me the file?
I can crack those in a few minutes.:wall: Flagellation, necrophilia and bestiality - Am I flogging a dead horse? :wall:
Any posts are my opinion and only that. Please read at your own risk.0 -
Another keepass user here.Pants0
-
+1 for KeePass. I used to use LastPass and it was great, but left it when they were bought out by logmein.0
-
I doubt that if the user is using a modern version of Excel and has used a strong password:I can crack those in a few minutes.
https://en.wikipedia.org/wiki/Microsoft_Office_password_protection0 -
Care to send me the file?
I can crack those in a few minutes.
Let's assume you can't (I have actually cracked a Word doc before but it was ~15 years ago and took over a week). Why is a password manager better than a password-protected Excel file?
(I am using 1Password as an example here since this is what I use).- Closed source but audited by an independent party
- Excel is written as an office app, a password manager if security-focused
- Creates cryptographically secure passwords*
- Warns you if you use the same password twice
- Warns you if 2FA is available and you're not using it
- Warns you if a password you're using has been involved in a breach (this will literally never happen if you use cryptographically secure passwords)
- Desktop app for MacOS and Windows
- Available anywhere with a browser and an internet connection (so long as you have your secret key)
- Browser extensions for Firefox, Safari and Chrome which is far more convenient than a spreadsheet since it is searchable and auto-fills the login form for you
- Securely store files
- Storage of different data type, not just logins (credit cards, bank accounts, servers, routers, etc)
*A cryptographically secure password looks like this:
Bc;e6RdGbYKgfPPKNj$pctnY
According to https://howsecureismypassword.net/ this would take 297 octillion years to crack and issues no warning.
Compare it to Garfield1970 as an example password. This takes 3 thousand years to crack according to the same site. Fine, right? You'll be dead by then. Only notice the warning it gives: Possibly a Word and a Number. This negates the entropy (randomness) of the password since cracking is more effective based on patterns and dictionaries than it is brute forcing (guess all combinations). With a cryptographically secure password the only way in is to brute force since there is no pattern to it.
A password manager is predicated on the fact that humans are terrible at creating (and remembering) secure passwords and computers aren't.
Other than you can't afford to I've not heard of a good reason not to use a password manager. 1password syncs locally so if they shut down you could still decrypt everything via the app so I wouldn't even consider them going out of business a good reason. If they did they would at least give you enough time to migrate to a new manager anyway before they close their doors.0 -
Also a good password manager will proactively manage the clipboard to prevent your usernames and passwords from being exposed that way.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.5K Banking & Borrowing
- 252.9K Reduce Debt & Boost Income
- 453.3K Spending & Discounts
- 243.5K Work, Benefits & Business
- 598.2K Mortgages, Homes & Bills
- 176.7K Life & Family
- 256.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards