Password management services?

[Scuba591]

I've used RoboForm in the past. liked it. Easy to remember a 4 digit main key. It also is a random generator like the others mentioned here.

 

[WebSnyper]

I use last pass. I'm pretty happy with it.

Same. I can't believe I didn't start using a password manager sooner. It makes life much easier.

Lastpass has an excellent track record. Even their incident record shows that they are very responsible and handle problems quickly and effectively. They do not have access to your account info, but do provide a "cloud" repository so that you can access your password info from anywhere.

That said, I'm even more paranoid and use Keepass/KeepassX. It is open source, well respected and the data doesn't go out to any company at all. That means that data backups and remote access to account info is up to you to setup.

Good choice to get a password manager. Make sure it covers all of the platforms you are interested in (desktop & phone OS). Secure it with a good password and ideally a second factor authentication item (2FA) and make sure you have backups as losing access to all those credentials is very nasty. I don't know most of my own passwords. They are generally 20+ gibberish characters.



I trust Keepass with that and more. Some of my medical info, my lock combinations, etc. These apps take data security very seriously and you'd have a hard time finding something better. Just one of many examples: when you ask it to automatically type in your userid/password on a web site, you can specify that it be obscured. That means that the characters will be filled in in a semi-random order (ex: first two characters, last three characters, insert remaining characters) using two different data channels. That means that even key logger malware (which monitor everything you type) will have a hard time successfully interpreting your info.

I use LastPass as well, though I don't use their browser extensions, just the vault piece. I may have to try their extensions again, but they were kind of clunky when I first started using it.

I do have the phone app, and MFA secure my vault. I need to start using more of their generated passwords.

 

[blackenedman]

Been happy with dashlane, myself...

 

[91FXRS]

My question is.... what if you think you are secure when you set all this up and manually input all your accounts and passwords, is there a chance you could be giving all this information to somebody as you are setting it up and entering all this information?

 

[PhxCollier]

I have been happy with keeper, it sync’s between my pad and phone, so I always have access.

 

[Phase2]

My question is.... what if you think you are secure when you set all this up and manually input all your accounts and passwords, is there a chance you could be giving all this information to somebody as you are setting it up and entering all this information?

If you are really concerned that they are lying about what they are doing (given experience with Facebook, Google, Microsoft, etc., I don't blame you), then you can go with an option that doesn't send data over the internet at all, like Keepass. It is also open source, so you can review the code (if you are technical) or trust that others have done it. If you take this route, then data backups and accessing data between PCs/phones is something you would have to setup.

LastPass has been in business for about 10 years and there have been no such reports of them compromising the customer's data. They offer a free version and a paid version with extra features, so you know you are the customer, rather than the product being sold to data collectors. Google and Facebook collect and sell your info as a way to pay for all those free services.

 

[squidvt]

Being fairly computer dumb, are those incidents pointing to hackers stealing data or do they indicate that LastPass was able to protect even though they had "incidents"?

As a Security Professional, I use Lastpass. Those security issues were patched quickly and with full disclosure. That's very rare.
All software will have security holes. How it's addressed is a good indication.

The extension and Android apps are pretty responsive and pretty secure. Their apps are useful. It uses 2FA if it does not recognize your device.

I like and recommend it.

 

[SmileDocHill]

B-Folders.
I've used it for many years. I like it because it doesn't sync with anything unless I "force" it to. I'm not a tech. guy, I haven't researched new options in years but I've been pleased. I have a desktop version and on my phone, sync them to serve as backup.

 

[gregkl]

As a Security Professional, I use Lastpass. Those security issues were patched quickly and with full disclosure. That's very rare.
All software will have security holes. How it's addressed is a good indication.

The extension and Android apps are pretty responsive and pretty secure. Their apps are useful. It uses 2FA if it does not recognize your device.

I like and recommend it.

Thanks. I think I'll sign up for LastPass. I am tired of managing probably 100 passwords or more.

 

[Haven]

I switched from SplashID to Lastpass a few years ago. Either one is a good though. My whole team uses Lastpass. I have it on my phone, tablets, desktop, and laptop. So that is running on Apple's iOS, Android, Windows, OSX, and Linux. I have two factor authentication turned on my account, so I can have it re-authorize a device every 30 or 60 days. Also on my phone and tablet it will by default use the LastPass DB to automatically fill in logins and passwords into applications if I allow it.

SplashID is also pretty good and available on everything as well. I just stopped using it because I was curious about LastPass, and Lastpass imported all my accounts from SplashID.

 

[SmileDocHill]

I'm looking into this for my office also. Like I said above, I use B Folders for personal. It's free for the phone app. cheap for the laptop, doesn't use any cloud service.
I'm now looking into either Teams or Enterprise version of Lastpass to use at the office and have a way for the million PW's required for all the sites and accounts to be stored. At the office my staff will be using 99% of them but I still need control of them. I have to figure out a way to prevent me personally having to be involved every time a site requires a PW change (every 30 days for some) but at the same time have my staff password storage acct be under my "Admin." acct.
I'm a dentist, not a tech guy. I'm going to overthink this and turn it into a "rabbit hole" for my brain to go into and end up spending WAAaaaay too much time on it.

If we could only just get rid of all the people that steal stuff instead, that would be easier.

 

[hoosierdoc]

OK, I just logged in with lastpass to INGO with a crazy unique password. Yay.

Now... how do I do that if I'm at work on their computer?

also... should I now delete all password data stored in my browser?

 

[JettaKnight]

also... should I now delete all password data stored in my browser?

Depends - is it critical?

For most stuff, I let my browser hold them (e.g. INGO), for stuff where an attacker can do bad things (e.g. my bank account), I don't let Firefox keep it.

 

[Spear Dane]

I use Dashlane. Liked the free version enough that I bought the paid, which lets you easily synch your passwords across many devices.

 

[epeery]

Looks like hoosierdoc already picked lastpass, but for others reading I'll log another vote for Keepass. I keep my databases on one of my online accounts so they sync across devices.

Recently found an add-in that will check stored credentials against known breaches to warn you to update your passwords.

 

[jkaetz]

Keepass user here too. I have it synched to a cloud storage account also protected by 2fa. An attacker could theoretically break into the cloud account to gain access to the keepass database, but they would then need to break that open before they had access.

Plenty of folks use Lastpass as well. Many business units as well. Businesses wouldn't use it if incidents were a problem.

 

[Haven]

OK, I just logged in with lastpass to INGO with a crazy unique password. Yay.

Now... how do I do that if I'm at work on their computer?

also... should I now delete all password data stored in my browser?

If you can, install the LastPass Browser plugin. If not talk to your IT department and see if they can install it for you. Then login with your LastPass account and off you go.

 

[squidvt]

OK, I just logged in with lastpass to INGO with a crazy unique password. Yay.

Now... how do I do that if I'm at work on their computer?

also... should I now delete all password data stored in my browser?

Once you import and change all your passwords.. yes delete them from your browser.
You can login to your LastPass vault and use that to get into Ingo.

 

[Sailor]

Last Pass with Sesame MFA enabled.

I have one very hard password memorized, that I have to enter through the sesame program on my key fob.

 

[LockStocksAndBarrel]

Do you have to navigate to the site and then click on "log in" to get the password generated and in the log in spaces or do you go to last pass, click on a site, say, INGO and it automatically navigates to the site and logs you in in one fell swoop?