Password Manager Suggestions

facade
facade Posts: 7,527 Forumite
Part of the Furniture 1,000 Posts Name Dropper
With all the recent talk about scammers, and having had most of my details published by a hack to a utility website, I suppose it is time to move into the 21st century and get a password manager.

Obviously it has to be free, or very low cost :smile: 

I just want to prevent my browsers storing any passwords, and have the manager autofill the password when needed. (I imagine they all do this...)

I want local storage of my passwords (obviously encrypted) as I am a bit of a Luddite, and don't like the idea of my passwords being stored on t'interweb. Apart from not having control over who can steal them, if the storage site is down, or under attack I won't have access to my passwords. (I do know that if t'interweb itself is down I won't need them ;) )


So, The Comics seem to recommend bitwarden - but that uses web storage.

A search on "best password managers that use local storage" suggests KeepassXC.


Does anyone have any suggestions?
I want to go back to The Olden Days, when every single thing that I can think of was better.....

(except air quality and Medical Science ;))
«1

Comments

  • k_man
    k_man Posts: 1,636 Forumite
    1,000 Posts Second Anniversary Name Dropper
    Keepass (or one of the compatible forks) is the obvious choice if local database is a requirement.
    I used it for many years before moving to a cloud based solution, to allow use on multiple devices, and mobile.

    Just make sure you have a very robust backup strategy, otherwise a local PC/storage problem could lead you to be unable to login to any online services.

    Also ensure credentials etc for your backup, are not in your password manager.

    Finally while you are reluctant to use cloud based password managers, the choice of master password, and manager configuration (encryption settings and password iterations), should mean that even if the vault/database is stolen (from cloud, or your PC), the data is safe for a long enough period to allow you to take action.
    Or to put it another way, you can should be just as vigilant if using a local database or cloud based.
  • mgfvvc
    mgfvvc Posts: 1,220 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    I've used variants of KeePass for years. You can get clients for PC, Mac and Android. I assume there are also iphone clients. It works fine for me, but I'm techie, so I can't say how a normal user would find the interface.
  • facade
    facade Posts: 7,527 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    Thanks both.

    I think I'll go with Keepass then.

    tbh, I'm not as concerned with the hosting site giving away my passwords as I am with it being down right when I need to log in somewhere
    I want to go back to The Olden Days, when every single thing that I can think of was better.....

    (except air quality and Medical Science ;))
  • tacpot12
    tacpot12 Posts: 9,196 Forumite
    Ninth Anniversary 1,000 Posts Name Dropper
    edited 7 March 2023 at 1:35PM
    I, too, have been overhauling my security recently. I just wanted to put in a good word of Keeper, the password manager that I use. I have the Keeper app on my iPhone and this uses local storage on the iPhone so you always have access to your passwords even if you have no internet connection. It synchronises with the cloud-based vault seemlessly.

    It also has a very good extension for Microsoft Edge, and supports a range of 2FA tokens for browser access on the PC. I agree with k_man's other comments re cloud-based password managers.

    I actually wanted a pasword manager that had to be paid for because it means that the provider can afford to keep up to date with the latest threats and has a commercial obligation to do so, rather than a 'best-endevours' basis. A free service that doesn't have the backing of another signficant income stream seems likely to become  vulnerable over time.

    I have recently switched from Google Authenticator to 2FAS Auth as part of my security upgrade, and use this when I access my password manager via a browser on a PC.  

    I also use a FIDO (physical) USB token as a backup for the soft tokens provided by the Google/2FAS Authenticators.   

    (I currently have 461 password in my Keeper vault!)
    The comments I post are my personal opinion. While I try to check everything is correct before posting, I can and do make mistakes, so always try to check official information sources before relying on my posts.
  • outtatune
    outtatune Posts: 719 Forumite
    500 Posts Third Anniversary Name Dropper
    Keepass for me too, with Keepass2Android for my phone.
  • stinky_daddy
    stinky_daddy Posts: 452 Forumite
    Part of the Furniture 100 Posts Photogenic
    I personally use Password Safe, make a new file (on my laptop) for any entries that I have added / updated and then copy that file into my google drive in order to access the new file on my android phone

    HTH

    s_d
    Sometimes I wonder...
    "why is that frisbee getting bigger?"
    ...and then it hits me
    :rotfl::rotfl::rotfl::rotfl:
    Jesus loves you...A nice thing to hear in church, but a horrible thing to hear in a Mexican prison
    :rotfl::rotfl::rotfl::rotfl:
    Light travels faster than sound. This is why some people appear bright until you hear them speak.
  • 400ixl
    400ixl Posts: 4,482 Forumite
    1,000 Posts Third Anniversary Name Dropper
    facade said:


    tbh, I'm not as concerned with the hosting site giving away my passwords as I am with it being down right when I need to log in somewhere
    Then go with Bitwarden which is the better choice. Yes it keeps a copy online, but it also keeps a sync'd copy to your devices so you are not dependent on the internet connectivity for it to work.
  • facade
    facade Posts: 7,527 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    400ixl said:
    facade said:


    tbh, I'm not as concerned with the hosting site giving away my passwords as I am with it being down right when I need to log in somewhere
    Then go with Bitwarden which is the better choice. Yes it keeps a copy online, but it also keeps a sync'd copy to your devices so you are not dependent on the internet connectivity for it to work.

    It does?

    Bitwarden just bang on about the passwords being stored in the Microsoft Azure Cloud in the USA (if that isn't a red flag, I don't know what is :) )

    I tried bitwarden, I logged on, but nothing seems to have happened. I probably need to RTFM .
    I want to go back to The Olden Days, when every single thing that I can think of was better.....

    (except air quality and Medical Science ;))
  • 400ixl said:
    facade said:


    tbh, I'm not as concerned with the hosting site giving away my passwords as I am with it being down right when I need to log in somewhere
    Then go with Bitwarden which is the better choice. Yes it keeps a copy online, but it also keeps a sync'd copy to your devices so you are not dependent on the internet connectivity for it to work.
    Don't think it does. It encrypts passwords (& other data) locally before moving it to the vault which is usually their cloud but can be your own server solution.
  • 400ixl
    400ixl Posts: 4,482 Forumite
    1,000 Posts Third Anniversary Name Dropper
    You have to be logged into Bitwarden at the time that you are offline, but it will then continue to work. It does not store the master password on the local device which is required to login.

    So yes it does keep a local copy of the passwords (encrypted), but not the master password. Gives a level of flexibility others don't but maintains the high level of security.

    Obviously not entirely flawless in that if you haven't logged into Botwarden on the local device before going off line you won't get in, but for the vast majority of circumstances it works fine.

    Better than manually copying vaults around between devies.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.3K Banking & Borrowing
  • 252.9K Reduce Debt & Boost Income
  • 453.2K Spending & Discounts
  • 243.3K Work, Benefits & Business
  • 597.9K Mortgages, Homes & Bills
  • 176.6K Life & Family
  • 256.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.