We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Password Manager Suggestions

facade
Posts: 7,527 Forumite


in Techie Stuff
With all the recent talk about scammers, and having had most of my details published by a hack to a utility website, I suppose it is time to move into the 21st century and get a password manager.
Obviously it has to be free, or very low cost

I just want to prevent my browsers storing any passwords, and have the manager autofill the password when needed. (I imagine they all do this...)
I want local storage of my passwords (obviously encrypted) as I am a bit of a Luddite, and don't like the idea of my passwords being stored on t'interweb. Apart from not having control over who can steal them, if the storage site is down, or under attack I won't have access to my passwords. (I do know that if t'interweb itself is down I won't need them
)

So, The Comics seem to recommend bitwarden - but that uses web storage.
A search on "best password managers that use local storage" suggests KeepassXC.
Does anyone have any suggestions?
I want to go back to The Olden Days, when every single thing that I can think of was better.....
(except air quality and Medical Science
)
(except air quality and Medical Science

0
Comments
-
Keepass (or one of the compatible forks) is the obvious choice if local database is a requirement.
I used it for many years before moving to a cloud based solution, to allow use on multiple devices, and mobile.
Just make sure you have a very robust backup strategy, otherwise a local PC/storage problem could lead you to be unable to login to any online services.
Also ensure credentials etc for your backup, are not in your password manager.
Finally while you are reluctant to use cloud based password managers, the choice of master password, and manager configuration (encryption settings and password iterations), should mean that even if the vault/database is stolen (from cloud, or your PC), the data is safe for a long enough period to allow you to take action.
Or to put it another way, you can should be just as vigilant if using a local database or cloud based.3 -
I've used variants of KeePass for years. You can get clients for PC, Mac and Android. I assume there are also iphone clients. It works fine for me, but I'm techie, so I can't say how a normal user would find the interface.
1 -
Thanks both.I think I'll go with Keepass then.tbh, I'm not as concerned with the hosting site giving away my passwords as I am with it being down right when I need to log in somewhereI want to go back to The Olden Days, when every single thing that I can think of was better.....
(except air quality and Medical Science)
0 -
I, too, have been overhauling my security recently. I just wanted to put in a good word of Keeper, the password manager that I use. I have the Keeper app on my iPhone and this uses local storage on the iPhone so you always have access to your passwords even if you have no internet connection. It synchronises with the cloud-based vault seemlessly.
It also has a very good extension for Microsoft Edge, and supports a range of 2FA tokens for browser access on the PC. I agree with k_man's other comments re cloud-based password managers.
I actually wanted a pasword manager that had to be paid for because it means that the provider can afford to keep up to date with the latest threats and has a commercial obligation to do so, rather than a 'best-endevours' basis. A free service that doesn't have the backing of another signficant income stream seems likely to become vulnerable over time.
I have recently switched from Google Authenticator to 2FAS Auth as part of my security upgrade, and use this when I access my password manager via a browser on a PC.
I also use a FIDO (physical) USB token as a backup for the soft tokens provided by the Google/2FAS Authenticators.
(I currently have 461 password in my Keeper vault!)The comments I post are my personal opinion. While I try to check everything is correct before posting, I can and do make mistakes, so always try to check official information sources before relying on my posts.1 -
Keepass for me too, with Keepass2Android for my phone.
1 -
I personally use Password Safe, make a new file (on my laptop) for any entries that I have added / updated and then copy that file into my google drive in order to access the new file on my android phone
HTH
s_dSometimes I wonder...
"why is that frisbee getting bigger?"
...and then it hits me
:rotfl::rotfl::rotfl::rotfl:
Jesus loves you...A nice thing to hear in church, but a horrible thing to hear in a Mexican prison
:rotfl::rotfl::rotfl::rotfl:
Light travels faster than sound. This is why some people appear bright until you hear them speak.1 -
facade said:tbh, I'm not as concerned with the hosting site giving away my passwords as I am with it being down right when I need to log in somewhere3
-
400ixl said:facade said:tbh, I'm not as concerned with the hosting site giving away my passwords as I am with it being down right when I need to log in somewhereIt does?Bitwarden just bang on about the passwords being stored in the Microsoft Azure Cloud in the USA (if that isn't a red flag, I don't know what is
)
I tried bitwarden, I logged on, but nothing seems to have happened. I probably need to RTFM .I want to go back to The Olden Days, when every single thing that I can think of was better.....
(except air quality and Medical Science)
0 -
400ixl said:facade said:tbh, I'm not as concerned with the hosting site giving away my passwords as I am with it being down right when I need to log in somewhere0
-
You have to be logged into Bitwarden at the time that you are offline, but it will then continue to work. It does not store the master password on the local device which is required to login.
So yes it does keep a local copy of the passwords (encrypted), but not the master password. Gives a level of flexibility others don't but maintains the high level of security.
Obviously not entirely flawless in that if you haven't logged into Botwarden on the local device before going off line you won't get in, but for the vast majority of circumstances it works fine.
Better than manually copying vaults around between devies.1
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 350.3K Banking & Borrowing
- 252.9K Reduce Debt & Boost Income
- 453.2K Spending & Discounts
- 243.3K Work, Benefits & Business
- 597.9K Mortgages, Homes & Bills
- 176.6K Life & Family
- 256.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards