Password fatigue...

Drez

Can anyone recommend a good (preferably offline) tool or whatever that I can trust to store all my logins and passwords in? I'm just getting tired of keeping all this stuff in my head. I want to replace that brain space with other things.

bowen

Drez wrote: »

Can anyone recommend a good (preferably offline) tool or whatever that I can trust to store all my logins and passwords in? I'm just getting tired of keeping all this stuff in my head. I want to replace that brain space with other things.

lastpass and 1password are the biggest of the bunch

Mugsley

Here you go:

https://thewirecutter.com/reviews/best-password-managers/


Many really like Bitwarden because it's open source (and free). Most popular password managers are generally well received. I bought a 1Password license years ago on a different computer; I should probably look into that again.

physi_marc

I've been using 1Password for years. Absolutely worth the money. I'm sure the other highly recommended ones are also good.

Make sure to generate word-based passwords (in the password recipe) if a site's password rules allow it. It's much easier to enter if for some reason you can't auto-fill the password field or paste into it.

CelestialBadger

I use LastPass. It's good.

TelMarine

I've been using KeePass, which is free: https://keepass.info/

There's also a Linux port, KeePass XC.

Drez

Thanks, all.

KeePass looks good
1Password currently has a 30 day trial for personal users and is only $2.99 after that per month (annually, so $36 for the year).
LastPass looks like it might ultimately be the way to go since it's completely free for personal use with 1 user. I do not need password sharing so...yeah.

I may try them all? Unless they kind of conflict with each other?

Anyone have a recommendation on UI or ease of use comparatively across the three?

furlion

I use keepass and it is pretty bare bones. It is completely locally stored unless you upload it somewhere yourself. There is an Android (and possibly iOS don't know) version and while they are not official it is open source software. The UI is simple but intuitive and the built in password generator has a lot of options to match whatever Byzantine requirements your current web page asks for. I use Dropbox to sync between my PC and Android versions. It does not do auto fill for apps or webpages instead requiring you to copy and paste, although it does make it easy to do with some double clicking.

Soggybiscuit

furlion wrote: »

I use keepass and it is pretty bare bones. It is completely locally stored unless you upload it somewhere yourself. There is an Android (and possibly iOS don't know) version and while they are not official it is open source software. The UI is simple but intuitive and the built in password generator has a lot of options to match whatever Byzantine requirements your current web page asks for. I use Dropbox to sync between my PC and Android versions. It does not do auto fill for apps or webpages instead requiring you to copy and paste, although it does make it easy to do with some double clicking.

I use MiniKeePass on iOS. It works pretty well, but it won't automatically sync with dropbox. You have to export the changes to MiniKeePass everytime you change the password database somewhere else, likewise changes made on your phone are not automatically sync everywhere else without an export from MiniKeePass.

I also use KeePassXC on linux/mac and regular KeePass on Windows and I have for years. It works really well.

djmitchella

I have lastpass, which I like because of the syncing so if I make an account on a site and tell desktop Chrome to store it, my phone knows about it as well and I can just use fingerprint to unlock things. I also _finally_ have decent random gibberish passwords because I don't have to remember them any more. (we have the family edition so that school-related accounts can get saved away in there, that seems to work okay as well)

Pailryder

djmitchella wrote: »

I have lastpass, which I like because of the syncing so if I make an account on a site and tell desktop Chrome to store it, my phone knows about it as well and I can just use fingerprint to unlock things. I also _finally_ have decent random gibberish passwords because I don't have to remember them any more. (we have the family edition so that school-related accounts can get saved away in there, that seems to work okay as well)

lastpass (and maybe others) also has the nice feature of checking your passwords and reporting on things like duplicate usage, weak strength, haven't changed in a long period of time, etc.

Echo

Pailryder wrote: »

djmitchella wrote: »

I have lastpass, which I like because of the syncing so if I make an account on a site and tell desktop Chrome to store it, my phone knows about it as well and I can just use fingerprint to unlock things. I also _finally_ have decent random gibberish passwords because I don't have to remember them any more. (we have the family edition so that school-related accounts can get saved away in there, that seems to work okay as well)

lastpass (and maybe others) also has the nice feature of checking your passwords and reporting on things like duplicate usage, weak strength, haven't changed in a long period of time, etc.

1Password does that too, and can check if your password has been in a leak through HaveIBeenPwned.

Iruka

Drez wrote: »

I may try them all? Unless they kind of conflict with each other?

I suggest using one at a time. They all are meant to autoprompt you when you are asked to logged in, and while you can turn the automation off, I find the overlays conflict with one another when running different ones.

Drez

Thanks all!

I downloaded 1Password to play with it last night. I like that you can store Credit Card info too.

I didn't get to play with it much, but I will at lunch.

Mugsley

I'm trying to find the info but I believe it's LastPass that had a data breach last Fall. I'm one of the few working in the office so I'm distracted by work at the moment.

Iruka

https://forums.penny-arcade.com/discussion/comment/41739445/#Comment_41739445 I'd note this comment here as its accurate. LastPass had an issue in October last year and it was patched and dealt with. All companies that manage your data will get breached, handling the breaches responsibly is what you want from these guys.

Mercade

I've been on 1Password for a couple years and I love it. Well worth the money. The Windows, MacOS, and iOS apps all have nice, native apps with familiar UIs that make it a breeze.

Phoenix-D

Drez wrote: »

Thanks all!

I downloaded 1Password to play with it last night. I like that you can store Credit Card info too.

I didn't get to play with it much, but I will at lunch.

If you keep it there is a buy once instead of subscribe option. They just hide it well.

TelMarine

Phoenix-D wrote: »

Drez wrote: »

Thanks all!

I downloaded 1Password to play with it last night. I like that you can store Credit Card info too.

I didn't get to play with it much, but I will at lunch.

If you keep it there is a buy once instead of subscribe option. They just hide it well.

Careful with the 1-time license. It may be different now, but a couple years ago when I bought it, you couldn't use 1Password6 (the latest at the time). You could only use the old version, 1Password4, which they didn't tell you anywhere. I ended up getting a refund because of that.

Inquisitor77

Iruka wrote: »

https://forums.penny-arcade.com/discussion/comment/41739445/#Comment_41739445 I'd note this comment here as its accurate. LastPass had an issue in October last year and it was patched and dealt with. All companies that manage your data will get breached, handling the breaches responsibly is what you want from these guys.

I actually trust LastPass quite a bit because they quickly and transparently report data breaches.

Also, single-factor authentication (i.e., just using a password) is unfortunately no longer acceptable for high-risk situations like access to your financial accounts. You should always be using another form of authentication that is out-of-band (i.e., can't be accessed via the password manager, such as your phone or an RSA token) to ensure that even if someone knows your password, they still can't log in to your account.

davidsdurions

I’ve been using RememBear for a good while now and I like it. Does all the stuff all the others do and has a cute bear mascot.