Best Password Manager?

Discussion in 'Smalltalk' started by Echtap, Jul 9, 2016.

  1. Echtap

    Echtap New Member

    I am in the process of managing all my many passwords to different sites. I've been using DashLane but it doesn't sync across multiple devices without paying for a subscription. I also don't like how the program seems to have a different interface for both windows and mac :(

    Anyone got any suggestions for good free ones?
     
  2. sjau

    sjau Local Meanie Moderator

    I personally like pass and use QtPass as gui on my KDE installation... but I guess that's not an option for you.
     
  3. Echtap

    Echtap New Member

    I guess not! I feel like setting up my own syncing system and just reuploading/downloading the spreadsheet file each time I need the latest version. Problem is storing it online on a server is just going to be a security risk.
     
  4. sjau

    sjau Local Meanie Moderator

    that's why I like pass... it gpg encrypts by default... you get access through ssh/cli or gui client... integrated git to sync among several devices...
     
  5. Echtap

    Echtap New Member

    Hmm interesting. I'll definitely consider it then.
     
  6. sjau

    sjau Local Meanie Moderator

    Last edited: Jul 13, 2016
  7. matthewobrn

    matthewobrn New Member

    I've also been looking for something like this, will be good to try. Thanks
     
  8. Gia

    Gia New Member

    I use KeepassX on Ubuntu 16.04 and macOS, they use the same interface.
    They sync with DropBox and the work really well.
     
  9. sjau

    sjau Local Meanie Moderator

    I've been pondering, Win 10 supports now a Linux Subsystem (still has to be enabled though)... but with that linux subsystem one should gain easy access to pass and stuff. So pass (Password Store) shuld now also be easy to use on Windows.
     
  10. ericwright

    ericwright New Member

    you can look into their formula , something like this is nice but hard to remember
    strongpasswordgenerator{.}com
    i personally usually use some number i know + a word with capital & lower case + special characters
    never had an issue with that
     
  11. jackluter

    jackluter New Member

    The sticky password manager is the best, which helps in syncs data automatically.
     
  12. andrejones

    andrejones New Member

    Are these password managers reliable? I just don't feel safe having all my passwords in one place. Nothing is 100% secure when something is on the internet.
     
  13. sjau

    sjau Local Meanie Moderator

    define reliable? Pass is a "simple" bash scripts that creates gpg encrypted files in an easy and convenient manner. Git can be used to sync passwords among different devices.... the only drawback is, that the filenames are not encrypted but cleartext.... so you might not want to track them with public git.
     
  14. Loveless

    Loveless Member

    I don't want my externally stored encrypted data to be breakable when stored on servers I don't control, which is why I use LastPass. Yes, also on linux. It's also free. I've personally tested and experienced the fact that NSA or others cannot possibly access the blob containing your encrypted passwords and other data. I did try others, like keepass, dashlane, many of them, but there wasn't one that worked well enough in Firefox, and not one that stood the crypto-tests for me. I trust lastpass with my ssh, bank-account-keys and company docs too. There's nothing like it.
    They've suffered some minor audit breaches, like all passwd managers, the thing you have to watch out for is *how* software and its devs handle such breaches.
    It's (partly) closed-source software, but I personally know and trust Jeff, its founder and lead dev, which is why I trust them. They know their responsibility. And they understand I also would like to be able to access my data offline.
     
  15. sjau

    sjau Local Meanie Moderator

    LastPass is confortable but IMHO a security risk. There's too much going on in a browser as that I would trust a browser plugin with all my data. I stick with the cli tool "pass" and QtPass for Gui.

    Also, you seem to contradict yourself:
    "I don't want my externally stored encrypted data to be breakable when stored on servers I don't control, which is why I use LastPass."

    You don't control LastPass servers. You don't know if an update deactivates encryption. In the past, LastPass did store everything unencrypted. It's easy for LastPass to get your master key.
     
  16. Loveless

    Loveless Member

    I'm not contradicting myself at all. Like I wrote: It's not breakable. Others have turned out to be using breakable crypto, lastpass has not. In fact, you can control much of the crypto strength yourself when using LastPass. It offers multi-factor auth, so whenever you type your Master pass, you'll get warned. I don't see how that would ever make it through security-flaws anywhere, to be honest. Yes, you need to be able to secure your browser, but I don't feel threatened there myself. I have never been infected through browsing once, with anything, since, well, ~1994. https://blog.lastpass.com/2010/07/lastpass-gets-green-light-from-security.html/
     
  17. sjau

    sjau Local Meanie Moderator

Share This Page