Password Managers

[YLwpLUbcf77U 32]

I'm looking into a password manager.  Naturally, I checked out Last Pass first, but I also heard good things and bad about it and their competitors.

 

Anyone have any recommendations?

 

I also heard the most secure is STRIP.  Can anyone confirm?

 

Free vs Paid is not important.  I just want one that's secure, safe, and works easily.

[S.O.A. 82]

I have used Last Pass for awhile and would highly recommend it. Last Pass comes highly recommended by many people and tech companies. They have a big user base and a good reputation to protect. So I would imagine they would be on top of things if an issue arose. 

 

I hope this helps you out. 

[stupidcats 14]

I'm looking into a password manager.  Naturally, I checked out Last Pass first, but I also heard good things and bad about it and their competitors.

 

Anyone have any recommendations?

 

I also heard the most secure is STRIP.  Can anyone confirm?

 

Free vs Paid is not important.  I just want one that's secure, safe, and works easily.

 

Check KeePassX. It doesn't have the bells'n'whistles that lastpass provides (atleast not by default), such as auto-login into sites. LastPass is, as you know, a cloud solution and KeePassX is an offline manager, which, as you probably know, is much better from a security standpoint.

 

I use both Lastpass and KeepassX. Lastpass for forums accounts and sites that don't need that much security (like RSS readers, etc).

 

I use keepass for important stuff, like bank info, sites that have my address (sites that I shop from), etc..

 

 

I have used Last Pass for awhile and would highly recommend it. Last Pass comes highly recommended by many people and tech companies. They have a big user base and a good reputation to protect. So I would imagine they would be on top of things if an issue arose. 

 

I hope this helps you out. 

I think the reason why people might be hesitant to use lastpass is not for security bugs (as you mentioned, they're quite good at avoiding those) but for the fact they're a cloud software, closed source, based in the US  (see lavabit).

[PortlyNinja 17]

I don't use password managers because hackers only need to break one password and they have all my accounts. I am no expert though and password managers may be alot safer nowadays. I would only use them for unimportant stuff i am a curtain twitcher and a member of the shhh brigade

[Artful Dodger 23]

I use KeePass. You can set it to auto log by using addons. (Like Lastpass).

 

Add the plugin KeePassHttp to KeePass (will need to restart KeePass) and then add the extension chromeIPass to a Chromium web browser or PassIFox for Firefox.

 

When adding a password to Keepass make sure you enter the URL to the webpage the username/password is on in KeePass.

 

ChromeIPass and PassIFox can be downloaded from https://github.com/pfn/passifox/, and keepasshttp from https://github.com/pfn/keepasshttp/. 

[S.O.A. 82]

@Epsilon

 

You do bring up a good point. Although cloud storage is secure, it does have the potential to be looked in on by the hosts. However, LastPass does have a section in their privacy policy pertaining to this issue. After looking at KeepassX it is definitely another option to LastPass. This is good! It gives the forum writer the options and opinions they wanted. 

[OpenSourcerer 1363]

I'm looking into a password manager.

 

The best password manager is your (offline) notepad. Be sure to hide it appropriately, though.

[YLwpLUbcf77U 32]

I went with STRIP.  The high security reviews and offline-only nature of it along with having a bunch of Amazon Payments credit made my decision.

[Lyaios 2]

When it comes to usability and intuitive design, I'd also thrown Dashlane in. Much clearer design and generally more organised than LastPass in my opinion. The downside is that Dashlane doesn't support the more advanced security features that LastPass offers like the possibility to use yubikey although they do allow two factor authentication via Google Authenticator.

You get the cloud sync feature for the first 30 days or if you buy the premium account, afterwards it basically works like a local password manager.

[kc88 0]

I've used Last Past - highly recommended! 

[yukatan65 3]

Lastpass is brilliant, check Steve Gibson's comments in www.grc.com archives re security.I use Lastpass but with 2 factor authentication from Yubikey, which I highly recommend.These 2 things have changed my life.

[hashswag 11]

+1 for KeePassX.  I prefer to keep my password database encrypted with a (very) long password and off-line.  I do back it up, but always within a truecrypt (pre-7.2) volume.

[wer 14]

I'm using KeePassX as well and a Yubikey to access the database. The password stored on my Yubikey is just a part of the password. Backup is in a truecrypt safe in a safe place.

+1 for KeePassX.  I prefer to keep my password database encrypted with a (very) long password and off-line.  I do back it up, but always within a truecrypt (pre-7.2) volume.

 

I consider my passwords to be pretty strong. Unless companies take security [e.g. storing user passwords on secure servers, supporting 2FA and so on] more seriously these measures aren't worth much.