Jump to content
Not connected, Your IP: 3.215.182.36
rebellatio

What password manager do you recommend if any?

Recommended Posts

I was never fond of password managers as a whole. If you lose the database, you lose it all. That applies to "my HDD gave up on life", "I lost my USB drive" and "someone found out my password and broke into the database".
So I created a sentence containing some info few would know, mixed with the website/service I want to use it on, then take the first letters of each word plus numbers and special characters and chain them to a unique password for every website/service. Keeping track of it was difficult, because... some websites restrict the number of characters (and I still can't understand WHY).

Then I heard about stateless password generators like Master Password. You never have to save or transmit anything anywhere, you only need the application making use of an algorithm. If all input is correct, the algorithm generates the same passwords on all devices. I'm using these almost exclusively now.
One problem with them, and it's not their fault: They do use "exotic" special characters occasionally. In addition to my problem with long sentences above some websites out there are also restricting which characters you can use. So sometimes you really have to switch to a less complicated password type.


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post
Posted ... (edited)

I use Keepass, it's pretty good. You can set passwords to expire which will cross them out in the UI and remind you to update them, and it's encrypted so even better. You can lock it up with a master password, key file and a Windows user lock, which pretty much stops another person aside from the user who created it from opening. I genuinely don't regret it, and I've used other password managers before.

Edited ... by bitcohen
Remove some whitespace under post

Share this post


Link to post
On 10/13/2019 at 8:23 AM, giganerd said:

I was never fond of password managers as a whole. If you lose the database, you lose it all. That applies to "my HDD gave up on life", "I lost my USB drive" and "someone found out my password and broke into the database".
So I created a sentence containing some info few would know, mixed with the website/service I want to use it on, then take the first letters of each word plus numbers and special characters and chain them to a unique password for every website/service. Keeping track of it was difficult, because... some websites restrict the number of characters (and I still can't understand WHY).

Then I heard about stateless password generators like Master Password. You never have to save or transmit anything anywhere, you only need the application making use of an algorithm. If all input is correct, the algorithm generates the same passwords on all devices. I'm using these almost exclusively now.
One problem with them, and it's not their fault: They do use "exotic" special characters occasionally. In addition to my problem with long sentences above some websites out there are also restricting which characters you can use. So sometimes you really have to switch to a less complicated password type.



giganerd,

If what you said was universally true I wouldn't use a password mgr either.  BUT, most excellent password mgrs allow you to download the file as a csv or json file to use with numerous other services.  I have many multiple backups and could quite easily recreate my accounts by migrating to another password mgr.  I use full U2F for all file access and don't lose one minute of sleep over worrying about data/file loss.  With U2F I don't worry about a hack either.

Share this post


Link to post
19 hours ago, iwih2gk said:

If what you said was universally true I wouldn't use a password mgr either. BUT, most excellent password mgrs allow you to download the file as a csv or json file to use with numerous other services.  I have many multiple backups and could quite easily recreate my accounts by migrating to another password mgr.


I.e., your passwords are stored AND transferred, making them not stateless by this definition, which is my point of using mpw: You not only never lose the passwords, you also don't save or send any of them anywhere, not even in encrypted form.
 
19 hours ago, iwih2gk said:

I use full U2F for all file access and don't lose one minute of sleep over worrying about data/file loss.  With U2F I don't worry about a hack either.


Define "full U2F for all file access", sounds exaggerating, no offense. Because I've never heard of a "half U2F", or even "double U2F". :D It's either you use it or you don't. 😮
But 2FA is a valid security point as of today. Although it's a universal concept not barring mpw for example. :)

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...