As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

Password Management

captainkcaptaink TexasRegistered User regular
I'm pretty sure my passwords to multiple sites have gotten out there in some fashion, and I need to go about setting new ones basically everywhere.

What's the best way to do that these days? I need to get unique ones per site, but I also want them to not be a total pain in the ass to input on phones, consoles, etc. Management through my phone or gmail/drive account would be a massive plus.

Posts

  • GnomeTankGnomeTank What the what? Portland, OregonRegistered User regular
    edited March 2017
    I don't know about best, but I swear by LastPass. You have to pay a small premium fee to have it on all your devices (it's 12 dollers a year). It's very actively developed and has some great features (like easily generating long random passwords, even with filters like "easy to remember" and "easy to say"). I have it installed on everything. My iPhone, my iPad, my MacBook, my work PC, my home PC. It integrates with all the major browsers on PC, Mac and Android (iOS is obviously a walled garden when it comes to that stuff, so I have to open LastPass and copy passwords out, which is annoying but not LastPass's fault).

    In 2015 their master password database was compromised and they notified all users within hours and their encryption on the database was so strong that to date no known master passwords have been broken because of the compromise. As a professional in the industry I know compromises can happen, but their response to it and use of incredibly strong encryption that even they can't recover (it's one way) is very professional and gives me more trust in them not less.

    It's one disadvantage is that it only does local caching of your password database, which is stored heavily encrypted in the cloud. So if you are without an internet connection you can only access the passwords you've used recently. I personally feel it makes up for this in raw convenience and the trust I have in their security, but some people prefer a more bespoke solution using their own cloud storage, generally using something like KeePass.

    Links:
    https://lastpass.com/
    http://keepass.info/

    GnomeTank on
    Sagroth wrote: »
    Oh c'mon FyreWulff, no one's gonna pay to visit Uranus.
    Steam: Brainling, XBL / PSN: GnomeTank, NintendoID: Brainling, FF14: Zillius Rosh SFV: Brainling
  • fightinfilipinofightinfilipino Angry as Hell #BLMRegistered User regular
    i'm a big fan of 1Password, although i started using it before they moved to a per-month billing model. i guess i'm lucky, i paid like $30 for a single license that allows me to install 1Password on all of my Windows-based devices. the current pricing is $2.99/month, or what seems to be a one-time license fee of $65. matching Android/iOS apps are included.

    1Password allows you to store the associated keychain using Dropbox (built-in) or another syncing service (through allowing you to select the shared folder). 1Password also has a centralized server where you can store the keychain. this has an advantage over cloud-based services since your whole password file (or at least the most recently synced file) is available to you. it's also more secure - encryption/decryption happens at the local device level and is never transmitted.

    i've got PCs and Android devices, and the device intergration is top notch. the 1Password Android app in particular is really nice; it's set up as a "keyboard" in Android - you enter in your master password, and 1Password either autofills your username/password in the mobile app or browser, OR in some cases, you just find the matching account from a list and it then fills in the username/password.

    1Password does have a free trial, so you can check it out before deciding.

    ffNewSig.png
    steam | Dokkan: 868846562
  • dporowskidporowski Registered User regular
    edited March 2017
    1Password is the shit. I've only used it on iOS, but it's awesome, and at least if you just want to use "iOS", it's free for basic use which includes sync between iOS devices.

    Just... Do NOT lose your master password. If you do, everything is gone, gone, gone; there is explicitly no means to recover/decrypt your vault.

    Edit: Oh, and it does integrate with iOS, so if the app/etc supports it, you get autofill.

    dporowski on
  • bowenbowen How you doin'? Registered User regular
    I also use 1password

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • SynthesisSynthesis Honda Today! Registered User regular
    Another vote for 1Password--I didn't know they went over to a subscription model, I just bought licenses twice--once back on Windows 7 (and Windows 8), and then another time when they did a major update for Windows 10. My only complaint is that to sync with my phone, the phone app insists on using Dropbox, which I fucking hate for other reasons I won't go into detail here, which means I have to keep using Dropbox on my PC as well, but I guess that's the price of free service across devices.

  • NightslyrNightslyr Registered User regular
    I use Keepass

  • Casually HardcoreCasually Hardcore Once an Asshole. Trying to be better. Registered User regular
    edited March 2017
    I use keepass and store my database in Dropbox (which is protected by a heavy ass password and 2 step verification)

    Casually Hardcore on
  • GnomeTankGnomeTank What the what? Portland, OregonRegistered User regular
    edited March 2017
    LastPass does the same local encrypt/decrypt thing that 1Password does. It's basically how any good password manager should work at this point. The encryption keys are generated from your master password and never leave your devices.

    This is explicitly why they are not recoverable and why you CANNOT forget your master password or you're screwed.

    GnomeTank on
    Sagroth wrote: »
    Oh c'mon FyreWulff, no one's gonna pay to visit Uranus.
    Steam: Brainling, XBL / PSN: GnomeTank, NintendoID: Brainling, FF14: Zillius Rosh SFV: Brainling
  • tsmvengytsmvengy Registered User regular
    I use LastPass. Works very well, they have a two-factor authentication app as well for phones. One of the cool things about the phone app is that it now just pops up a check box for you to click, rather than showing you the numbers to type into the little box on your PC. Makes for much faster two-factor logins.

    steam_sig.png
  • GnomeTankGnomeTank What the what? Portland, OregonRegistered User regular
    I should switch to LastPass's two factor, but I currently use GoogleAuth for everything that allows me to.

    Sagroth wrote: »
    Oh c'mon FyreWulff, no one's gonna pay to visit Uranus.
    Steam: Brainling, XBL / PSN: GnomeTank, NintendoID: Brainling, FF14: Zillius Rosh SFV: Brainling
  • wunderbarwunderbar What Have I Done? Registered User regular
    for two factor I use Authy, becuase it allows sync of the codes between devices. There's even a chrome app so when I need to enter a 2FA code on my PC I can just copy/paste it from the chrome app.

    XBL: thewunderbar PSN: thewunderbar NNID: thewunderbar Steam: wunderbar87 Twitter: wunderbar
  • bowenbowen How you doin'? Registered User regular
    GnomeTank wrote: »
    I should switch to LastPass's two factor, but I currently use GoogleAuth for everything that allows me to.

    google auth is the best

    I also wish more places accepted amazon payments too, I wish I could buy everything through amazon and get them sick reward points

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • DarkewolfeDarkewolfe Registered User regular
    bowen wrote: »
    GnomeTank wrote: »
    I should switch to LastPass's two factor, but I currently use GoogleAuth for everything that allows me to.

    google auth is the best

    I also wish more places accepted amazon payments too, I wish I could buy everything through amazon and get them sick reward points

    Hang on, if you buy something with amazon payments you get amazon points, even if it's another vendor?

    What is this I don't even.
  • bowenbowen How you doin'? Registered User regular
    Darkewolfe wrote: »
    bowen wrote: »
    GnomeTank wrote: »
    I should switch to LastPass's two factor, but I currently use GoogleAuth for everything that allows me to.

    google auth is the best

    I also wish more places accepted amazon payments too, I wish I could buy everything through amazon and get them sick reward points

    Hang on, if you buy something with amazon payments you get amazon points, even if it's another vendor?

    I could use my amazon card and I got reward points for it.. at least on the thing I tried to buy.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • DarkewolfeDarkewolfe Registered User regular
    I have an amazon card. Didn't realize using amazon payments in that way might give points.

    And on topic to the thread, I am terrible. I have debated over doing KeePass with my DB stored on my google drive (operating under the assumption that my personal gmail is less of a target than the LastPass servers) vs just going LastPass.

    And I've been doing this for like two years now.

    What is this I don't even.
  • KendrikKendrik Lewisville, TXRegistered User regular
    bowen wrote: »
    GnomeTank wrote: »
    I should switch to LastPass's two factor, but I currently use GoogleAuth for everything that allows me to.

    google auth is the best

    I also wish more places accepted amazon payments too, I wish I could buy everything through amazon and get them sick reward points

    For reference, you can use Lastpass 2F for anything that Google Auth works with. The primary advantage to Lastpass is that if you use the lastpass browser plugin's it can do the "Click the Checkbox on your phone to allow" thing that tsmvengy was talking about.

    And I'm fully bought in on Lastpass. Sure, you're technically more exposed by trusting their servers as opposed to your own (because if you use cloud storage to share your Keepass database then you're still trusting a 3rd party) but it's a fair trade to me for the convenience. Add the fast and open response to potential exploits that they have shown and I'm good.

    steam_sig.png
    For your own Steam Signature visit https://alabasterslim.com/steam-signatures/
    Guild Wars 2: Kendrik.5984
  • MercadeMercade Registered User regular
    +1 for 1Password. I was so averse to password management apps before, but their interfaces on Win/OSX/iOS are slick and they all sync up nicely. Definitely worth the money for added peace of mind.

    Switch: SW-1909-0466-9585
  • UselesswarriorUselesswarrior Registered User regular
    GnomeTank wrote: »
    LastPass does the same local encrypt/decrypt thing that 1Password does. It's basically how any good password manager should work at this point. The encryption keys are generated from your master password and never leave your devices.

    This is explicitly why they are not recoverable and why you CANNOT forget your master password or you're screwed.

    Not actually true for LastPass, see https://lastpass.com/support.php?cmd=showfaq&id=375

    Hey I made a game, check it out @ http://ifallingrobot.com/. (Or don't, your call)
  • Inquisitor77Inquisitor77 2 x Penny Arcade Fight Club Champion A fixed point in space and timeRegistered User regular
    I have used LastPass for years. It's only gotten better since then, and it's well worth the cost.

  • furlionfurlion Riskbreaker Lea MondeRegistered User regular
    I use KeePass,it works for me and is free which is the main draw for me.

    sig.gif Gamertag: KL Retribution
    PSN:Furlion
  • UselesswarriorUselesswarrior Registered User regular
    edited March 2017
    The thing to be very aware of when using Keepass (or any local password db) is that file corruption is very real. Luckily Dropbox has a revert option, but it's very easy for that file to get corrupted on one machine and distribute to everything it's sync to.

    Uselesswarrior on
    Hey I made a game, check it out @ http://ifallingrobot.com/. (Or don't, your call)
  • electricitylikesmeelectricitylikesme Registered User regular
    The thing to be very aware of when using Keepass (or any local password db) is that file corruption is very real. Luckily Dropbox has a revert option, but it's very easy for that file to get corrupted on one machine and distribute to everything it's sync to.

    You shouldn't be using Keepass dumbly on top of dropbox (this kind of goes for everything).

    Instead have one Keepass file on the dropbox, and use the triggers to synchronize to it from one on the local disk (set one for on-open/on-close). Keepass also has an option for file transactions which can help.

  • fightinfilipinofightinfilipino Angry as Hell #BLMRegistered User regular
    i looked at KeePass before, but there were only third-party options for Android syncing, and no autofilling in Android to speak of. has that changed?

    the third-party part was especially a bummer; the fewer parties having access to my passwords the better.

    ffNewSig.png
    steam | Dokkan: 868846562
  • a5ehrena5ehren AtlantaRegistered User regular
    If you need mobile sync, the paid options are really the way to go. You can get KeePass to work for that, but it is a pain compared to LastPass and 1Password.

Sign In or Register to comment.