Go | New | Find | Notify | Tools | Reply |
Semper Fi - 1775 |
I’ve been looking at Bitwarden and 1Password. Any thoughts/recommendations? ___________________________ All it takes...is all you got. ____________________________ For those who have fought for it, Freedom has a flavor the protected will never know ΜΟΛΩΝ ΛΑΒΕ | ||
|
Legalize the Constitution |
I’ve had 1Password for…8 or 9 years. Obviously, I must be pretty happy with it. _______________________________________________________ despite them | |||
|
Member |
I’ve been using OneSafe+ for a number of years. I have waaay too many top secret passwords. Works for me. I'm sorry if I hurt you feelings when I called you stupid - I thought you already knew - Unknown ................................... When you have no future, you live in the past. " Sycamore Row" by John Grisham | |||
|
Member |
I use SpashID. I migrated to it years ago from I don't remember what, one reason was it was able to import my old data. I keep using it out of momentum I guess. I'm satisfied with it, it works for me. I also have a ton of passwords. Thus the metric system did not really catch on in the States, unless you count the increasing popularity of the nine-millimeter bullet. - Dave Barry "Never go through life saying 'I should have'..." - quote from the 9/11 Boatlift Story (thanks, sdy for posting it) | |||
|
Banned for showing his ass |
I keep a handwritten password book with backup copies in the safe. I prefer to keep all passwords separate from the computer and thus any possibility of computer hacking. I also do not use the same user name nor password ... each access is totally different. | |||
|
Oriental Redneck |
Handwritten, in codes, on a single page. Q | |||
|
Nullus Anxietas |
I've been using one-or-another implementation of Password Safe on everything (home computers, work computers [when still employed], Android mobile devices, now Apple mobile devices) for years. It's free. It's secure. It doesn't rely upon somebody's implementation of cloud storage. It's open source, so there's no wondering what is or isn't in it, you don't have to worry about somebody going out of business leaving you high and dry, and there are implementations for pretty much every extant platform on the market. In all the years I've used it I've yet to have seen a single security advisory relating to it. Only disadvantage is I have to manually copy the database between iCloud (in my case) and my home computer to keep mobile devices and desktop in sync. A minor inconvenience. My wife's using it on her Apple mobile devices, too. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
Freethinker |
I could probably find someone’s* answer someplace on the ’net, but as the SIGforum is my first go-to, why do we believe that a list of passwords that are managed via the Internet is more secure than anything else that can be accessed through the Internet? What makes a PW manager special and immune to something that seems to happen regularly, including to organizations that should be as secure as it’s possible to be? Although I have tried with my very limited knowledge of such things to imagine the answer myself, I’ve obviously been unsuccessful. Can someone set me straight? (A PW manager was recently recommended to me as a must-have in this day and age.) * Someone in the business of managing passwords—? “I can’t give you brains, but I can give you a diploma.” — The Wizard of Oz This life is a drill. It is only a drill. If it had been a real life, you would have been given instructions about where to go and what to do. | |||
|
Semper Fi - 1775 |
I was relatively satisfied with just using Apple’s keychain, but I find that it does not always sync well between devices; especially GMail. ___________________________ All it takes...is all you got. ____________________________ For those who have fought for it, Freedom has a flavor the protected will never know ΜΟΛΩΝ ΛΑΒΕ | |||
|
W07VH5 |
I pay for the $10/year Bitwarden service. I’m eventually going to move to a self-hosted vault but i haven’t yet. Bitwarden is well vetted and very secure. | |||
|
W07VH5 |
Something like Bitwarden is encrypted locally and even if someone wants to force Bitwarden to give their files even Bitwarden couldn’t decrypt them. | |||
|
I Deal In Lead |
I personally wouldn't trust a password manager, so I keep mine in a passworded file that has no back door on my cell phone, which is also passworded and erases after 10 bad guesses at the password. | |||
|
Peace through superior firepower |
Pop quiz: Q: If you store your passwords online, who has access to them? A: Other people encrypted, decrypted, recrypted whatever -crypted you got. If you store it online, other people have access to it. | |||
|
Nullus Anxietas |
Well, for starters: My password database is not accessed through the Internet. The database is stored locally on each device. True: It is sync'd between my Apple mobile devices via iCloud storage, but, the database is transferred between devices and iCloud in it's encrypted form and it's re-encrypted, making it doubly-encrypted, in iCloud storage. (If I wanted to be really paranoid about it, I could always disable the iCloud syncing and move it between everything manually. I'm pretty paranoid, but, not that paranoid ) There is no such thing as "immune" in this context. Period. Full stop. You can safely ignore anybody who tells you any differently. It helps to know how a lot of that happens. Without going into a pages-long dissertation on all the different ways such databases get 0wn3d, suffice it to say my password databases are not subject to those attack vectors. What could happen is somebody could get a copy of my encrypted database. Being as I take great care in my selection of the platforms I use and how I use them, I believe that risk to be acceptably small. Even then they'd be faced with brute-force attacks against the very long passphrase that protects it. Sure: They could--with enough resources and/or time would--eventually break it. I regard the risk of that equally small. In the end it's a question of balancing risk against need. My current digital keyring has 466 entries in it. Far, far too many to be practical to keep track of with pen or pencil and paper. Why so many keychain entries? I only rarely reuse usernames and always use a unique tagged email address for every account, everywhere, no matter how insignificant. I always use a different pseudo-randomly-generated password, passphrase, or PIN for everything, everywhere. There are never any shared patterns in the passwords, passphrases, or PINs. Lastly: I use 2FA (two-factor authentication) where offered and feasible. Btw: Here's something you can do with a password manager you can't do with paper: I never hand-type URLs to sensitive account sites. I open my keyring and copy-n-paste them. That way I will never inadvertently typo a URL, be led to a look-alike credentials-stealing site, and give credentials away. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
Member |
https://xkcd.com/538/ For the record, I use 1Password. -- I always prefer reality when I can figure out what it is. JALLEN 10/18/18 https://sigforum.com/eve/forum...610094844#7610094844 | |||
|
A teetotaling beer aficionado |
Perhaps. Still, the security most of the popular programs employ are more secure than the note book in your desk drawer. The popular Last Pass program recently had a security breach. The actor gained access to some files, but all they got was 256-bit AES encrypted data that is totally useless as user's master password is needed to decipher this. I've used Dashlane for about 6 years. Very full featured with auto fill once you put in your master password (which I change monthly). About $80 a year as I recall. Men fight for liberty and win it with hard knocks. Their children, brought up easy, let it slip away again, poor fools. And their grandchildren are once more slaves. -D.H. Lawrence | |||
|
Just because you can, doesn't mean you should |
A & B. The people that own the balloon. ___________________________ Avoid buying ChiCom/CCP products whenever possible. | |||
|
Freethinker |
Well, I don’t store my list of passwords in a desk drawer that a bunch of co-workers or janitorial staff has access to. I haven’t even been able to do that since before computer passwords were something to have and keep secure. But I can see how a manager could be important for many people, and thanks for all the replies and sort-of explanations. I understood some of what was explained, but not all, and therefore I would need a few more details if I were to seriously consider such a service for myself. And for that consultant who was annoyed that I didn’t have them all memorized or at my fingertips via a manager when she wanted me to sign into an account from a different device that I never used, soon those of us like that won’t be around any longer to annoy you with our ancient ways. In fact, I’m a very unusual anomaly to be working at my age as it is, so if you want what I can give the organization, you’ll just have to put up with it. “I can’t give you brains, but I can give you a diploma.” — The Wizard of Oz This life is a drill. It is only a drill. If it had been a real life, you would have been given instructions about where to go and what to do. | |||
|
Experienced Slacker |
If you mean yours is stored only on a device in your control, I'd be interested in what you recommend. Not meaning to sound flippant, I'd genuinely like to know. To answer the OP, I use "Keeper" and sign in with a bio-metric currently. Serious questions: Since we are using our login info online, then aren't all passwords essentially stored online at one point or another by definition? Is there some way to have more control of the third parties' access and use? | |||
|
Optimistic Cynic |
b-folders is what I have used for the last 15 years or so. I have evaluated and tried pertty much every password vault implementation I have become aware of, and b-folders has always come out on top. Only downside I have found is that there is no IOS version, prob. because Apple doesn't want competition to their embedded app. | |||
|
Powered by Social Strata | Page 1 2 3 |
Please Wait. Your request is being processed... |