Question Best password manager ( Free & Paid ) & why ?

Please provide comments and solutions that are helpful to the author of this topic.

rashmi

rashmi

Level 12
Jan 15, 2024
578
Game Of Thrones said:
this writing might be long because I nearly used every password manager out there, the best one is 1Password why? I put it in a spoiler so it does not bother people.making thread long.

its security model is the most advanced in terms of breach mitigation and securing the vault of people's passwords, the secret key that it creates makes even an easy-to-guess master password secure, it has 128bit protection so even if breaches happen and the user has lame master password the data is safe.

their model is really good for rogue employees or employees whose devices got compromised, the LastPass breaches were mostly because of the bad security model they had in which one of their employees got its device compromised (from a plex bug!) and the whole LastPass systems went into chaos, even codes were compromised vaults got stolen and because they did not have something like secret key the user's defense came from how good their master passwords were. many of them got compromised and their crypto assets got stolen.
1password has one of the best tactics and defenses against this kind of incident. I did read other security whitepapers and the 1Password one was really professional, detailed, logical, and practical.

breaches happen in every company but you should consider a company that is ready for it and has a structure so your data even after a breach does not get compromised. the security model of 1Password does this in the best way I've ever seen.

the 128-bit secret key model that 1Password has actually made any brute-force attack nearly impossible.

One of the most important features of password managers is autofill. 1Password beats every password manager out there in my heavy autofill testing on many websites in terms of speed, accuracy, and detail. it actually has one of the most features reached autofill of all. its credit card filling is top-notch. many people here use proton pass, its autofill is a joke. just go to the SoundCloud site go to login and see that the proton pass can not fill it!! it can not fill in credit card it can not fill identity information which makes filling forms super fast with 1Password you can have different IDs and choose fast. bitwarden and proton pass are jokes compared to 1passwords sophistication and quality of autofill features and accuracy.

1Password can fill any password or text in Windows or mac apps! just right-click on the field and click on: type in window! it fills it! you can even drag and drop!!!

the level of detail that makes users' lives easier in 1Password apps is sometimes insane compared to others: the UI design is logical, fully based on principles of design, your eye can find whatever you want in a glance, the use of color the use of UI sections and categories, the font, making it really easy to find what you want and really enjoyable to use.

small details in apps: using a TPM chip and using Windows Hello to unlock the app is easy and secure, unlike Proton Pass which their Windows app is a joke and can not use biometrics or a TPM chip. you can enlarge a password or username and view it in a large type, the password generator has an intelligent feature that can detect a website's requirements and suggest passwords based on their requirements. they have a GitHub page for that database and Apple is contributing to it too. they have a really good QR scanner and they were the first that implement it in a password manager, just go to the 2fa setting of a website, and when it shows the QR code click on scan QR in 1Password it creates the 2fa section !! in recent versions it even detects the code automatically and shows a notification that do you want me to save this 2fa? with just one click you are done!

their import capabilities are good too one of the best if you want to migrate to 1Password, just export your info from your current password manager and import it to 1Password its one of the most accurate in terms of detecting the info and your data, others have many problems in this regard not importing some info or even passwords(dashlane is an example!)

the speed of syncing is great when you make a change in one device it syncs super fast with your other ones, they even show a warning if the app can not sync and make you aware that it has a problem. others? nope, they don't give a warning when something is wrong with syncing.

the app development and bug squishing are really good the apps and extensions are in constant development and really stable. features get added fast. unlike Dashlane or Bitwarden

if you read the news they are the fastest in terms of resolving security issues and really transparent, unlike Bitwarden which resolves some security issues after 4 years!!.

1Password is one the most audited password managers, their codes get reviewed many times per year.

as you see the level of thoughtful and practical details is head and shoulders above from what other password managers offer. the attention to detail,security, level of transparency, speed, UI, etc is different from what normal password managers like Proton Pass offer. a list of details and features can go on but I think its enough 😄.

edit 1 :
I think I should add more info about the mobile apps of 1Password and how they are different from other password managers it seems you want some info about mobile app support too:

about mobile apps 1Password is the only password manager with a proper desktop-like extension for Safari in iOS, it shows inline login suggestions like the desktop app under the selected field like a desktop experience. it's the most powerful in Android browsers support, not slowing down the surfing in Android and creating a seamless experience. i tested dashlane(or its better to call them buglane) proton pass, bitwarden etc

the mobile app is actually a mini version of the desktop app, with nearly the same features and level of details.
Click to expand...
Enpass: Have you used it? If so, what's your review?
 
  • Like
Reactions: maximus and Captain Awesome
bazang

bazang

Level 8
Jul 3, 2024
365
KeePassium (iOS) and KeePassXC (Windows). The two work together seamlessly.

Store the KeePassXC in OneDrive Vault. Put MFA, biometrics (Windows Hello), or hardware-token in front of it. Use the OneDrive iOS app. The KeePassXC database on Windows is accessible by KeePassium on iOS via the OneDrive app.

Biometrics works well in both the KeePassium and KeePassXC programs.

On Windows, MFA is required to first access the OneDrive vault. Subsequently, biometrics is required to open the vault. Then a password and biometrics is required to open the KeePassXC database. On iOS, biometrics is used to access KeePassium and the OneDrive app requires credentials and MFA to access the KeePassXC database. When that database is updated, you have to manually re-upload it into KeePassium.

Seems to be a pain, but actually it is not. It just requires the willingness to do just a few steps. Quite secure. Reliable. Works every single time.
 
  • Like
Reactions: Captain Awesome
Game Of Thrones

Game Of Thrones

Level 6
Verified
Well-known
Jun 5, 2014
296
tofargone said:
ty for the heads up, will go back to sticky. I wonder if Robo is aware of the risks as you have just stated?
Click to expand...
I tested their apps. You can change the rounds in the setting. Change it to 600.000 or if you have good devices you can go for more, 600.000 is enough. At least they provide the option to change the rounds. Still they relying too much on master password.
i don't recommend them, just take a look at their audit history, they got audited once! In 2023,the audit report is a joke, no mention of the vulnerabilities, just saying good words in a 3 page! Compare it to something like 1password the difference is clear.
Compare something like this :
support.1password.com

Security audits of 1Password

1Password products have been reviewed by multiple independent security firms.
support.1password.com support.1password.com

To something like this:

They audited just once! In 2023. A password manager should be audited in a short term basis. Because the code of the products is changing constantly and needs to be reviewed.
 
  • Like
Reactions: Captain Awesome
Game Of Thrones

Game Of Thrones

Level 6
Verified
Well-known
Jun 5, 2014
296
rashmi said:
Enpass: Have you used it? If so, what's your review?
Click to expand...
they use PBKDF2 in sha512 form with 320,000 rounds, it's good and industry-accepted, but in my testing, the autofill of enpass is super weak and the apps are not polished. they don't do audits that much the apps got reviewed 2 years ago, the latest review is from 2023, and is not the apps, their hub. they have a feature named key file which is a file that you need to have next to your master password, this method is good and makes the attack on the master password not that successful but is not convenient like 1passwords secret key. It is actually the equivalent of secret key in 1Password. A thing I need to have more research on is that they use sha1 for their message authentication, sha1 is old and is somehow deprecated not that secure compared to others.

their apps were buggy when I was testing it , the import from other password managers did not work ok too. pricing and etc , 1password beats it.
 
Jonny Quest

Jonny Quest

Level 22
Verified
Top Poster
Well-known
Mar 2, 2023
1,156
SeriousHoax said:
Formerly Bitwarden + Authy, currently KeePassXC where I have also put all my 2FAs and syncing across devices with the help of Syncthing.
But I'm not too much of a fond the all-in-one basket approach and syncing via Syncthing is becoming annoying lately for me. I prefer to have a backup online for safety and I usually forget to manually back it up after a password change/adding something new.

I wasn't aware that Proton Pass is free to use. Ente auth also seems like a great replacement for Authy 2FA since it's available on all three platforms I need, Windows, Android, Linux, including a web interface? I'll have a look at them. Thanks @Captain Awesome and @Jonny Quest for mentioning this two.
Edit: Just realized that I already have an ente auth account, lol. I don't remember when I created it. It's empty at the moment.
Click to expand...
Yes, the free version is limited, but it works nicely for my needs :)
account.proton.me

Proton Pass: Sign-up

Create a new Proton Pass account
account.proton.me account.proton.me

proton.jpg
 

Similar threads

BigWrench
    • Like
On Sale! NordPass Password Manager (1-Year Subscription) - Download $9.99 with code LABDDV24297
Replies
0
Views
392
Discounts and Deals
BigWrench
BigWrench
Brownie2019
On Sale! Norton 360 Deluxe 2023 | 5 dev. | Unlimited Secure VPN & Password Manager | 1 year | €10.99
Replies
0
Views
360
Discounts and Deals
Brownie2019
Brownie2019
Brownie2019
    • Like
Unlimited Giveaway aiseesoft iPhone Password Manager
Replies
0
Views
647
Giveaways, Promotions and Contests
Brownie2019
Brownie2019

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top