SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Do you use a password manager?
Page 1 2 3 
Go
New
Find
Notify
Tools
Reply
  
Do you use a password manager? Login/Join 
Semper Fi - 1775
Picture of Ronin1069
posted
I’ve been looking at Bitwarden and 1Password. Any thoughts/recommendations?


___________________________
All it takes...is all you got.
____________________________
For those who have fought for it, Freedom has a flavor the protected will never know

ΜΟΛΩΝ ΛΑΒΕ
 
Posts: 12448 | Location: Belly of the Beast | Registered: January 02, 2009Reply With QuoteReport This Post
Legalize the Constitution
Picture of TMats
posted Hide Post
I’ve had 1Password for…8 or 9 years. Obviously, I must be pretty happy with it.


_______________________________________________________
despite them
 
Posts: 13761 | Location: Wyoming | Registered: January 10, 2008Reply With QuoteReport This Post
Member
Picture of mcrimm
posted Hide Post
I’ve been using OneSafe+ for a number of years. I have waaay too many top secret passwords. Works for me.



I'm sorry if I hurt you feelings when I called you stupid - I thought you already knew - Unknown
...................................
When you have no future, you live in the past. " Sycamore Row" by John Grisham
 
Posts: 4292 | Location: Saddlebrooke, Arizona | Registered: December 24, 2013Reply With QuoteReport This Post
Member
Picture of IntrepidTraveler
posted Hide Post
I use SpashID. I migrated to it years ago from I don't remember what, one reason was it was able to import my old data. I keep using it out of momentum I guess. I'm satisfied with it, it works for me. I also have a ton of passwords.




Thus the metric system did not really catch on in the States, unless you count the increasing popularity of the nine-millimeter bullet.
- Dave Barry

"Never go through life saying 'I should have'..." - quote from the 9/11 Boatlift Story (thanks, sdy for posting it)
 
Posts: 3372 | Location: Grapevine TX/ Augusta GA | Registered: July 15, 2007Reply With QuoteReport This Post
Banned for
showing his ass
posted Hide Post
I keep a handwritten password book with backup copies in the safe. I prefer to keep all passwords separate from the computer and thus any possibility of computer hacking.

I also do not use the same user name nor password ... each access is totally different.
 
Posts: 3190 | Location: PNW | Registered: November 16, 2012Reply With QuoteReport This Post
Oriental Redneck
Picture of 12131
posted Hide Post
Handwritten, in codes, on a single page.


Q






 
Posts: 28226 | Location: TEXAS | Registered: September 04, 2008Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
I've been using one-or-another implementation of Password Safe on everything (home computers, work computers [when still employed], Android mobile devices, now Apple mobile devices) for years.

It's free. It's secure. It doesn't rely upon somebody's implementation of cloud storage. It's open source, so there's no wondering what is or isn't in it, you don't have to worry about somebody going out of business leaving you high and dry, and there are implementations for pretty much every extant platform on the market.

In all the years I've used it I've yet to have seen a single security advisory relating to it.

Only disadvantage is I have to manually copy the database between iCloud (in my case) and my home computer to keep mobile devices and desktop in sync. A minor inconvenience.

My wife's using it on her Apple mobile devices, too.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26034 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Freethinker
Picture of sigfreund
posted Hide Post
I could probably find someone’s* answer someplace on the ’net, but as the SIGforum is my first go-to, why do we believe that a list of passwords that are managed via the Internet is more secure than anything else that can be accessed through the Internet? What makes a PW manager special and immune to something that seems to happen regularly, including to organizations that should be as secure as it’s possible to be?

Although I have tried with my very limited knowledge of such things to imagine the answer myself, I’ve obviously been unsuccessful. Can someone set me straight? (A PW manager was recently recommended to me as a must-have in this day and age.)

* Someone in the business of managing passwords—?




“I can’t give you brains, but I can give you a diploma.”
— The Wizard of Oz

This life is a drill. It is only a drill. If it had been a real life, you would have been given instructions about where to go and what to do.
 
Posts: 47961 | Location: 10,150 Feet Above Sea Level in Colorado | Registered: April 04, 2002Reply With QuoteReport This Post
Semper Fi - 1775
Picture of Ronin1069
posted Hide Post
quote:
My wife's using it on her Apple mobile devices, too.


I was relatively satisfied with just using Apple’s keychain, but I find that it does not always sync well between devices; especially GMail.


___________________________
All it takes...is all you got.
____________________________
For those who have fought for it, Freedom has a flavor the protected will never know

ΜΟΛΩΝ ΛΑΒΕ
 
Posts: 12448 | Location: Belly of the Beast | Registered: January 02, 2009Reply With QuoteReport This Post
W07VH5
Picture of mark123
posted Hide Post
I pay for the $10/year Bitwarden service. I’m eventually going to move to a self-hosted vault but i haven’t yet.

Bitwarden is well vetted and very secure.
 
Posts: 45681 | Location: Pennsyltucky | Registered: December 05, 2001Reply With QuoteReport This Post
W07VH5
Picture of mark123
posted Hide Post
quote:
Originally posted by sigfreund:
I could probably find someone’s* answer someplace on the ’net, but as the SIGforum is my first go-to, why do we believe that a list of passwords that are managed via the Internet is more secure than anything else that can be accessed through the Internet? What makes a PW manager special and immune to something that seems to happen regularly, including to organizations that should be as secure as it’s possible to be?

Although I have tried with my very limited knowledge of such things to imagine the answer myself, I’ve obviously been unsuccessful. Can someone set me straight? (A PW manager was recently recommended to me as a must-have in this day and age.)

* Someone in the business of managing passwords—?


Something like Bitwarden is encrypted locally and even if someone wants to force Bitwarden to give their files even Bitwarden couldn’t decrypt them.
 
Posts: 45681 | Location: Pennsyltucky | Registered: December 05, 2001Reply With QuoteReport This Post
I Deal In Lead
Picture of Flash-LB
posted Hide Post
I personally wouldn't trust a password manager, so I keep mine in a passworded file that has no back door on my cell phone, which is also passworded and erases after 10 bad guesses at the password.
 
Posts: 10626 | Location: Gilbert Arizona | Registered: March 21, 2013Reply With QuoteReport This Post
Peace through
superior firepower
Picture of parabellum
posted Hide Post
Pop quiz:

Q: If you store your passwords online, who has access to them?

A: Other people

encrypted, decrypted, recrypted whatever -crypted you got. If you store it online, other people have access to it.
 
Posts: 110096 | Registered: January 20, 2000Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by sigfreund:
... why do we believe that a list of passwords that are managed via the Internet is more secure than anything else that can be accessed through the Internet?
Well, for starters: My password database is not accessed through the Internet. The database is stored locally on each device.

True: It is sync'd between my Apple mobile devices via iCloud storage, but, the database is transferred between devices and iCloud in it's encrypted form and it's re-encrypted, making it doubly-encrypted, in iCloud storage.

(If I wanted to be really paranoid about it, I could always disable the iCloud syncing and move it between everything manually. I'm pretty paranoid, but, not that paranoid Wink)

quote:
Originally posted by sigfreund:
What makes a PW manager special and immune to something that seems to happen regularly, including to organizations that should be as secure as it’s possible to be?
There is no such thing as "immune" in this context. Period. Full stop. You can safely ignore anybody who tells you any differently.

It helps to know how a lot of that happens. Without going into a pages-long dissertation on all the different ways such databases get 0wn3d, suffice it to say my password databases are not subject to those attack vectors.

What could happen is somebody could get a copy of my encrypted database. Being as I take great care in my selection of the platforms I use and how I use them, I believe that risk to be acceptably small.

Even then they'd be faced with brute-force attacks against the very long passphrase that protects it. Sure: They could--with enough resources and/or time would--eventually break it. I regard the risk of that equally small.

In the end it's a question of balancing risk against need. My current digital keyring has 466 entries in it. Far, far too many to be practical to keep track of with pen or pencil and paper.

Why so many keychain entries? I only rarely reuse usernames and always use a unique tagged email address for every account, everywhere, no matter how insignificant. I always use a different pseudo-randomly-generated password, passphrase, or PIN for everything, everywhere. There are never any shared patterns in the passwords, passphrases, or PINs.

Lastly: I use 2FA (two-factor authentication) where offered and feasible.

Btw: Here's something you can do with a password manager you can't do with paper: I never hand-type URLs to sensitive account sites. I open my keyring and copy-n-paste them. That way I will never inadvertently typo a URL, be led to a look-alike credentials-stealing site, and give credentials away.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26034 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Member
posted Hide Post
https://xkcd.com/538/


For the record, I use 1Password.


--
I always prefer reality when I can figure out what it is.

JALLEN 10/18/18
https://sigforum.com/eve/forum...610094844#7610094844
 
Posts: 2429 | Location: Roswell, GA | Registered: March 10, 2009Reply With QuoteReport This Post
A teetotaling
beer aficionado
Picture of NavyGuy
posted Hide Post
quote:
Originally posted by parabellum:
Pop quiz:

Q: If you store your passwords online, who has access to them?

A: Other people

encrypted, decrypted, recrypted whatever -crypted you got. If you store it online, other people have access to it.


Perhaps. Still, the security most of the popular programs employ are more secure than the note book in your desk drawer. The popular Last Pass program recently had a security breach. The actor gained access to some files, but all they got was 256-bit AES encrypted data that is totally useless as user's master password is needed to decipher this.

I've used Dashlane for about 6 years. Very full featured with auto fill once you put in your master password (which I change monthly). About $80 a year as I recall.



Men fight for liberty and win it with hard knocks. Their children, brought up easy, let it slip away again, poor fools. And their grandchildren are once more slaves.

-D.H. Lawrence
 
Posts: 11524 | Location: Fort Worth, Texas | Registered: February 07, 2007Reply With QuoteReport This Post
Just because you can,
doesn't mean you should
posted Hide Post
quote:
Originally posted by parabellum:
Pop quiz:

Q: If you store your passwords online, who has access to them?

A: Other people

encrypted, decrypted, recrypted whatever -crypted you got. If you store it online, other people have access to it.


A & B. The people that own the balloon.


___________________________
Avoid buying ChiCom/CCP products whenever possible.
 
Posts: 9986 | Location: NE GA | Registered: August 22, 2002Reply With QuoteReport This Post
Freethinker
Picture of sigfreund
posted Hide Post
quote:
Originally posted by NavyGuy:
Still, the security most of the popular programs employ are more secure than the note book in your desk drawer.

Well, I don’t store my list of passwords in a desk drawer that a bunch of co-workers or janitorial staff has access to. I haven’t even been able to do that since before computer passwords were something to have and keep secure.

But I can see how a manager could be important for many people, and thanks for all the replies and sort-of explanations. I understood some of what was explained, but not all, and therefore I would need a few more details if I were to seriously consider such a service for myself.

And for that consultant who was annoyed that I didn’t have them all memorized or at my fingertips via a manager when she wanted me to sign into an account from a different device that I never used, soon those of us like that won’t be around any longer to annoy you with our ancient ways. In fact, I’m a very unusual anomaly to be working at my age as it is, so if you want what I can give the organization, you’ll just have to put up with it.




“I can’t give you brains, but I can give you a diploma.”
— The Wizard of Oz

This life is a drill. It is only a drill. If it had been a real life, you would have been given instructions about where to go and what to do.
 
Posts: 47961 | Location: 10,150 Feet Above Sea Level in Colorado | Registered: April 04, 2002Reply With QuoteReport This Post
Experienced Slacker
posted Hide Post
quote:
Originally posted by parabellum:
Pop quiz:

Q: If you store your passwords online, who has access to them?

A: Other people

encrypted, decrypted, recrypted whatever -crypted you got. If you store it online, other people have access to it.


If you mean yours is stored only on a device in your control, I'd be interested in what you recommend. Not meaning to sound flippant, I'd genuinely like to know.

To answer the OP, I use "Keeper" and sign in with a bio-metric currently.

Serious questions: Since we are using our login info online, then aren't all passwords essentially stored online at one point or another by definition?
Is there some way to have more control of the third parties' access and use?
 
Posts: 7550 | Registered: May 12, 2004Reply With QuoteReport This Post
Optimistic Cynic
Picture of architect
posted Hide Post
b-folders is what I have used for the last 15 years or so. I have evaluated and tried pertty much every password vault implementation I have become aware of, and b-folders has always come out on top. Only downside I have found is that there is no IOS version, prob. because Apple doesn't want competition to their embedded app.
 
Posts: 6945 | Location: NoVA | Registered: July 22, 2009Reply With QuoteReport This Post
  Powered by Social Strata Page 1 2 3  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Do you use a password manager?

© SIGforum 2024