DDE_Server

Level 21
Verified
And you realy trust McAfee? I wouldn't use any software.
Also this isn't OpenSource, anyway i test their site and it doesn't look secure as such a company should do:
SSL Report: Grade B

Webbkoll Results for www.truekey.com:
More tests:
https://www.immuniweb.com/ssl/?id=WX3YcMJp
https://observatory.mozilla.org/analyze/www.truekey.com
https://securityheaders.com/?q=www.truekey.com&followRedirects=on
https://www.hardenize.com/report/truekey.com/1588440106

Not very secure for a password manager isn't it?
So which suite is secure from your point of view 😊😊 ?

I don't now open source solution except bitwarden but it is development and audit is slow and by one developer so do you recommend such one @security123

The open source I really trust is keepass but unfortunately doesn't have online with synchronization version so I use it for offline backup only
 

security123

Level 24
Verified

DDE_Server

Level 21
Verified
Well, i still use oldschool (sorry for that :D) "offline" password manager: KeePass
yes offline is better and more secure and decrease data breach however it is not reliable if not shared between your devices such as your mobile or work machine.
may be for me but it is important feature as i create extremely complex passwords for my accounts using its built in password generator and use auto logins
if you used offline solution only then i should share them using cloud solution which i find it less secure than using password manager with synchronization feature
You can sync your database: Synchronization - KeePass
Thanks i will check it :love: :love:
 

geminis3

Level 13
Verified
Malware Tester
Been using Bitwarden for the last 3-4 years, no issues so far, except the server being down for an hour, but that was on its earlier days. Bitwarden actually changed my way of registering on websites, and stopped relying in the ol' school method of handwriting passwords to a notebook.
 

DDE_Server

Level 21
Verified
So which suite is secure from your point of view 😊😊 ?

I don't now open source solution except bitwarden but it is development and audit is slow and by one developer so do you recommend such one @security123

The open source I really trust is keepass but unfortunately doesn't have online with synchronization version so I use it for offline backup only
he True Key app is based on a zeroknowledge architecture with respect to users' passwords and wallet items (including safe notes). This means that the True Key app's Internet-based servers have no access to these assets, and that no McAfee employee has any access to these assets. This is achieved through the True Key app's underlying cryptosystem, the system of cryptographic measures that the True Key app uses to encrypt each user's assets and to authenticate users.

When a user has successfully logged in to the True Key app as described above, the True Key servers synchronize the user's passwords and wallet data to the client in encrypted form. The True Key client must then decrypt the data that was sent.

When the user adds, changes, or deletes password or wallet data, the True Key app re-encrypts the data using the same process on the user's own device, and transmits the new encrypted data to the True Key servers, where it is protected for backup purposes and available for synchronization to the user's other devices.

The True Key servers store only strongly encrypted passwords and wallet items, encrypted for each user with a Master Password known only to the user plus a salt value that is unique for each user. For this reason, in the unlikely event that an attacker were able to gain access to the True Key servers, the attacker would face the laborious, resource-intensive task of a separate brute force attack attempt on each user's AES encrypted user data. In other words, an attacker could not attempt to brute force the data of all users simultaneously, but would need to invest the massive resources required for a brute force attack again for each True Key user.
 

security123

Level 24
Verified
it is not reliable if not shared between your devices such as your mobile or work machine
I never understood which passwords needs to be shared over devices.
Bank data? For best security, only use it at home PC
non important forums? Just save the data in browser
other shopping data? Sync a second database with only needed passwords to that device e.g. use KeePass on Windows and KeePass DX (from F-Droid) on Android.

Why should i sync all my passwords (and other data) to other devices if they don't need all data? Only increase attack surface.
Also DuckDuckGo provide a password generator which can generate save random passwords too:

https://duckduckgo.com/?q=pwgen+strong+64&t=h_&ia=answer
"pwgen" is the command.
"strong" mean using high strength passwords
"64" in this case is the password lengh
 

DDE_Server

Level 21
Verified
I never understood which passwords needs to be shared over devices.
Bank data? For best security, only use it at home PC
non important forums? Just save the data in browser
other shopping data? Sync a second database with only needed passwords to that device e.g. use KeePass on Windows and KeePass DX (from F-Droid) on Android.

Why should i sync all my passwords (and other data) to other devices if they don't need all data? Only increase attack surface.
Also DuckDuckGo provide a password generator which can generate save random passwords too:

https://duckduckgo.com/?q=pwgen+strong+64&t=h_&ia=answer
"pwgen" is the command.
"strong" mean using high strength passwords
"64" in this case is the password lengh
i donot include bank account password in Truekey. it is just my mail and different forums/website accounts
 

security123

Level 24
Verified
i donot include bank account password in Truekey. it is just my mail
So you use Webmail instead of App? In App you only save the password once and 2FA isn't needed.

and different forums/website accounts
Then do that i recommend above for that ;)
Problem solved. No online password manager needed = your attack surface is reduced (y)
 

CyberTech

Level 32
Verified
i am only using pay pal account with 20 characters passwords and 2FA is activated only that password is stored in my password manager
i'm talking about bank account not password strong or whatever well I'm not sure if your paypal account in the password manager could be leak ;/ if you have alot of money i would suggest to remove that account from password manager and 2FA is safe but maybe the hackers try attack who knows....
 

security123

Level 24
Verified
Sync is crucial nowadays.
Many of us have more then 1 device they use to access websites, apps etc.
Please read my post: Q&A - Help in choosing a password manager

Additional benefit is that you always have backup if you loose access to one of your devices.
Just backup your database ? No online sync needed for that

i'm talking about bank account not password strong or whatever well I'm not sure if your paypal account in the password manager could be leak ;/ if you have alot of money i would suggest to remove that account from password manager and 2FA is safe but maybe the hackers try attack who knows....
That's not how 2FA works ;)
But of course it's possible - with software token.
Not any more possible with hardware token / standards like U2F + FIDO2

Also it's fine to save passwords in a database if it's not somewhere in the Cloud. So you can use stronger passwords more than you can remember
 

CyberTech

Level 32
Verified
yea i guess actually if i were DDE i would write it in the note and of course someone can remember bank account password (strong password) that will be in your brain as your memory is easy after learn the rest of others as forums, emails, etc in password manager, if i have many money i will be very worried..

I dont trust any password manager if i add bank account to...
 
Top