I think it's time for me to start using a password manager. I have no idea where to start or what tool to use. Please enlighten me!
I think it's time for me to start using a password manager. I have no idea where to start or what tool to use. Please enlighten me!
I have never bothered with a password manager, I'm not saying they're a bad idea just that I don't think they would work for me.
I use a password system - websites etc are in four categories:
1 people can actually get at and / or spend my money. I use a complicated password which I change at roughly yearly intervals. It is slightly 'personalised' for the occasion eg for PayPal it has PP on one end. Most browsers won't try to remember them, if they offer I decline.
2 people can access an account and create orders or post sensitive stuff, Amazon is an example though I don't use 1-click and checkout needs an L1 password. Password here is averagely complicated but rarely changes. Some are prefix or suffix personalised. I won't let browsers remember them.
3 Risk of reputation or embarrassment!, eg GRM Forums, YouTube. Password strength similar to L2 but shortish, I allow browsers to remember them.
4 Don't care... sites I only visit once (or very rarely) that want a login and password. Stupid alias and a password with a capital, 4 letters and 3 digits. Hasn't changed since "forever". I allow browsers to remember.
I do keep an encrypted database (actually based on MS Cardfile) that details various accounts logins etc. It is passworded, although it's not a terribly good one, but is only accessible from one PC which is protected by a multi digit pin. Don't put the actual password on the cards, just a number and maybe the personalisation.
E&OE, YMMV, all advice is worth exactly what you paid for it
Happy learning
Richard
I've used Last Pass in the past. A few of my more computer-minded friends, and especially the more security conscious ones, have said it is a good one.
Hopefully that is still the case.
I used to use LastPass until they recently put multiple device support behind their paywall.
I have switched to BitWarden. Supports multiple OS and devices (Computers and Phone), can do auto fill. I think that it is even possible for you to store your encrypted password file in something like Google drive, Dropbox, etc. instead of their service.
if you are in the Apple ecosystem, then Apple can share passwords across all devices via iCloud.
I use 1Password, and it's not bad. I used to use LastPass, but when they put the multi-platform features behind their subscription model I opted to pay for a subscription from someone else. I would have been more likely to spend my money with them if they developed a new feature and charged for it, but taking an existing feature that is pretty much a table-stakes item and starting to charge for it just rubbed me the wrong way.
One of the more annoying things about using a password manager is that there are some sites out there that won't let you use special characters or passwords that are 32 characters long. Not a big deal when you're trying to create passwords that you have to type, but if you never have to actually type it why not make it super complex?
At a high level, you're putting your login information - as well as other sensitive data - into a database that lives on a server that belongs to someone else. "In Theory", the data is encrypted with a key that only you have. But then, "In Theory" Proton Mail didn't keep logs, either, so there's that. There are some that allow you to host your own password store, but that can be a bit of a PITA if you're not already comfortable with that sort of thing.
It's really nice to be able to have your logins available everywhere, independent of browser or platform. I can create a netflix account on my computer, for example, and then when I open the app on my Android phone, 1Password will allow me to fill the app's login box with my username and password. It's also got some provisions for being able to log in and change my passwords for me. Several of them also do some reporting and tell you if your passwords are used on multiple sites or it's a password that's been compromised and posted on the internet somewhere. You can also get a family plan and create multiple vaults. My GRM login is available only to me, but the bank account login is accessible to my wife as well. And the Disney Plus login is in the vault that the kids can see.
You can also use the vault for things that aren't password related. For example, I've got my credit cards stored so I don't have to go running for my wallet to get the Visa when RockAuto decides to try to do that mastercard security thing that never works. I use it to store access keys for S3 buckets, notes that I need to have available, and I can even put documents in there if I want to.
My recommendation is to try three or four of them out and see what you like. I found that LastPass was better at being able to identify when I was changing a password so it would update the vault, whereas 1Password sometimes needs to be nudged a bit in that direction. The flip side to that is that LastPass was also constantly interrupting me on my phone asking me if I wanted to save something in LastPass but 1Password keeps its mouth shut most of the time.
+1 on 1Password. The subscription allows for multiple users as well as multiple platforms & devices, so all 4 of us in the PaddyGarcia family use it. Some passwords like Amazon get put in the shared archive, others like GRM get kept all super sekrit in individual archives.
Another Bitwarden user here. works well across multiple devices and OS.
It's open source, fairly easy to setup/backup. Generates strong secure passwords and supports autofill.
I use mSecure. I have it on Windows, Android and iThingy devices and sync them all across my internal network.
You'll need to log in to post.
