Password Management software

subedii

Too many websites, too many application forms, too many passwords to keep track of.

I've been told it'd be a good idea to get hold of some sort of Password Vault / Management software. I've always been a bit sceptical about this since in essence it's always seemed like putting all my eggs in one basket. The thing is, I can't realistically remember all off them, so I'm interested in suggestions.

So are there any recommendations? Preferably something which encrypts the stuff properly, I don't mind paying a small fee if the software is good, but freeware is always a bonus.

Also, if you've got any good reasons as to why I'd be better off without one, I'd like to hear them. To be honest, I'm still not certain it's a good idea to use one.

Bob Sapp

I use KeePass. Can do things like require your thumbdrive to be a key in addition to your password. The site can explain all the security details, but I just use it to store my passwords and I put a copy of the password database on one of those free remote backup sites (xdrive.com).

Edit: It's freeware.

subedii

I'll look it up.

One additional feature I'd like: If it can keep small strings of text and stuff as well, probably associated with password entries. Things like the answers to questions like "What's your pets name?" and crap that they always ask and I'm never quite sure half the time how to format my answer.

Evil_Reaver

KeePass is the most awesome piece of software ever.

subedii wrote: »

I'll look it up.

One additional feature I'd like: If it can keep small strings of text and stuff as well, probably associated with password entries. Things like the answers to questions like "What's your pets name?" and crap that they always ask and I'm never quite sure half the time how to format my answer.

Yes, each entry has a notes section where you can type stuff like that.

steeef

I keep reading KeePass as "Keep Ass".

I use RoboForm, which is not free (around $20), mostly because that's what work agreed to set me up with. It's good, uses AES encryption, you can store notes, and I synchronize it between work and home via a PDA. After reading KeePass's features, I'd say they're feature-equivalent, so if you're looking for something free, go with that.

That_Guy

At my last job we used Password Safe. I figure, if it is good enough for a Fortune 5 company it should be good enough for you. Did I mention it is free and open source?

steeef

Ok, after closer inspection, KeePass does not have a browser plugin. One of the neat things that Roboform does is watch for login entry in IE/Firefox, and asks if you want to save it. Also, you can right-click and save any form. Other than that, KeePass looks like a winner.

Satan.

1Password for any Mac users that come across this thread.

Evil_Reaver

Satan. wrote: »

1Password for any Mac users that come across this thread.

KeePass has an OSX equivalent called Keepass X. The databases between the Windows and OSX versions are compatible, so you can maintain a constant directory of passwords between the two OSes.

subedii

Looks like Keep Ass... er... Pass is the winner then. I'll have a look at Password Safe as well.

Thanks all.

CmdPrompt

Personally, I use TrueCrypt and just keep stuff in a .txt file.

It works well if you have other data you want to keep encrypted, but it's probably overkill otherwise.

GrimReaper

CmdPrompt wrote: »

Personally, I use TrueCrypt and just keep stuff in a .txt file.

It works well if you have other data you want to keep encrypted, but it's probably overkill otherwise.

This is the most secure method.

Lord Jezo

http://supergenpass.com

But with all of this stuff, what is the point? Cant a hacker just hack into your password keeping program and get everything like he would normally? I am more afraid of keeping them stored in a program than I am keeping them in my head. If he manages to crack the software he gets everything, yeah? If they can guess your master password then everything is theirs for the taking.

Janin

Lord Jezo wrote: »

But with all of this stuff, what is the point? Cant a hacker just hack into your password keeping program and get everything like he would normally? I am more afraid of keeping them stored in a program than I am keeping them in my head. If he manages to crack the software he gets everything, yeah? If they can guess your master password then everything is theirs for the taking.

Make sure your master password isn't "dog" and this isn't a danger.

Lord Jezo

Janin wrote: »

Lord Jezo wrote: »

But with all of this stuff, what is the point? Cant a hacker just hack into your password keeping program and get everything like he would normally? I am more afraid of keeping them stored in a program than I am keeping them in my head. If he manages to crack the software he gets everything, yeah? If they can guess your master password then everything is theirs for the taking.

Make sure your master password isn't "dog" and this isn't a danger.

But if its something crazy wouldn't you need another password management tool just to remember the crazy master password?

But then again, what are you supposed to do when you need to log onto a site from a remote location and dont have your password management tool? You'll be locked out until you get home/office/where ever, right?

Janin

Lord Jezo wrote: »

But if its something crazy wouldn't you need another password management tool just to remember the crazy master password?

Don't make it "crazy", just make it strong. You don't need an 80-character upper/lower/number/symbol/elvish password, use something you can remember. Just in case, write down the master password and keep it in a safe deposit box.

Lord Jezo wrote: »

But then again, what are you supposed to do when you need to log onto a site from a remote location and dont have your password management tool? You'll be locked out until you get home/office/where ever, right?

Keep a copy of your password database on your laptop. If it's not a computer you control, don't log into sensitive sites with it because 100% there will be a keylogger or two installed.

Trentus

Lord Jezo wrote: »

But then again, what are you supposed to do when you need to log onto a site from a remote location and dont have your password management tool? You'll be locked out until you get home/office/where ever, right?

Actually, one of the things I like about CmdPrompt's solution is that you could ssh into your box at home, decrypt the file and grab the info you need. Or just carry it around on a USB thumb drive or something.

Dark Shroud

Just to put more options out there, Comodo i-Vault. I have not tried this software as I use Opera's built in Password Wizard.

http://www.comodo.com/products/i-vault/

Satan.

GrimReaper wrote: »

CmdPrompt wrote: »

Personally, I use TrueCrypt and just keep stuff in a .txt file.

It works well if you have other data you want to keep encrypted, but it's probably overkill otherwise.

This is the most secure method.

Eh? What's the difference if TrueCrypt encrypts it or if someone else does? The other stuff has the added bonus of browser and program tie-ins.

Janin

Satan. wrote: »

Eh? What's the difference if TrueCrypt encrypts it or if someone else does? The other stuff has the added bonus of browser and program tie-ins.

TrueCrypt has a variety of advanced encryption tech in it, from the useful to the silly. I've never had a reason to keep my password file in a secret hidden partition hidden in unformatted data in a secondary encrypted OS, but I suppose somebody would want to.

Unknown

This content has been removed.

Darian

I use Keyring for PalmOS. Not browser integrated, but it combines something I have (my PDA) with something I know (master password for the program). There are also conduits available to access the database from my computer.