Advice Request Help in choosing a password manager

Please provide comments and solutions that are helpful to the author of this topic.

dark_wielder

Level 2
Thread author
Mar 7, 2020
67
Hi everyone,

I use Google Chrome because it can sync all my information and passwords on different devices but i don't like its stability. I want to use other browsers, but then I have problems.

I am looking for a free password manager extension, I am waiting for your suggestions. I tried the Opera and the new Edge before, but later I couldn't transfer my passwords to Google Chrome. I manually added :mad: my new passwords because the file formats are different. It is very important for me that the export ability of the extension I want to use is compatible with Google Chrome. Might be needed later.

I wanted to try Bitdefender Wallet, but I couldn't import my passwords because Google Chrome is not compatible with export.

It is important for me that export and import format compatibility, reliable and free.
I am waiting for your suggestions .
 

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,173
And you realy trust McAfee? I wouldn't use any software.
Also this isn't OpenSource, anyway i test their site and it doesn't look secure as such a company should do:
SSL Report: Grade B

Webbkoll Results for www.truekey.com:
More tests:
https://www.immuniweb.com/ssl/?id=WX3YcMJp https://observatory.mozilla.org/analyze/www.truekey.com https://securityheaders.com/?q=www.truekey.com&followRedirects=on https://www.hardenize.com/report/truekey.com/1588440106
Not very secure for a password manager isn't it?
So which suite is secure from your point of view 😊😊 ?

I don't now open source solution except bitwarden but it is development and audit is slow and by one developer so do you recommend such one @security123

The open source I really trust is keepass but unfortunately doesn't have online with synchronization version so I use it for offline backup only
 
F

ForgottenSeer 85179

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,173
Well, i still use oldschool (sorry for that :D) "offline" password manager: KeePass
yes offline is better and more secure and decrease data breach however it is not reliable if not shared between your devices such as your mobile or work machine.
may be for me but it is important feature as i create extremely complex passwords for my accounts using its built in password generator and use auto logins
if you used offline solution only then i should share them using cloud solution which i find it less secure than using password manager with synchronization feature
You can sync your database: Synchronization - KeePass
Thanks i will check it :love: :love:
 

stefanos

Level 28
Verified
Top Poster
Well-known
Oct 31, 2014
1,712
Stefanos password manager
IMG_20200502_195819.jpg
 

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,173
So which suite is secure from your point of view 😊😊 ?

I don't now open source solution except bitwarden but it is development and audit is slow and by one developer so do you recommend such one @security123

The open source I really trust is keepass but unfortunately doesn't have online with synchronization version so I use it for offline backup only
he True Key app is based on a zeroknowledge architecture with respect to users' passwords and wallet items (including safe notes). This means that the True Key app's Internet-based servers have no access to these assets, and that no McAfee employee has any access to these assets. This is achieved through the True Key app's underlying cryptosystem, the system of cryptographic measures that the True Key app uses to encrypt each user's assets and to authenticate users.

When a user has successfully logged in to the True Key app as described above, the True Key servers synchronize the user's passwords and wallet data to the client in encrypted form. The True Key client must then decrypt the data that was sent.

When the user adds, changes, or deletes password or wallet data, the True Key app re-encrypts the data using the same process on the user's own device, and transmits the new encrypted data to the True Key servers, where it is protected for backup purposes and available for synchronization to the user's other devices.

The True Key servers store only strongly encrypted passwords and wallet items, encrypted for each user with a Master Password known only to the user plus a salt value that is unique for each user. For this reason, in the unlikely event that an attacker were able to gain access to the True Key servers, the attacker would face the laborious, resource-intensive task of a separate brute force attack attempt on each user's AES encrypted user data. In other words, an attacker could not attempt to brute force the data of all users simultaneously, but would need to invest the massive resources required for a brute force attack again for each True Key user.
 
F

ForgottenSeer 85179

it is not reliable if not shared between your devices such as your mobile or work machine
I never understood which passwords needs to be shared over devices.
Bank data? For best security, only use it at home PC
non important forums? Just save the data in browser
other shopping data? Sync a second database with only needed passwords to that device e.g. use KeePass on Windows and KeePass DX (from F-Droid) on Android.

Why should i sync all my passwords (and other data) to other devices if they don't need all data? Only increase attack surface.
Also DuckDuckGo provide a password generator which can generate save random passwords too:

https://duckduckgo.com/?q=pwgen+strong+64&t=h_&ia=answer
"pwgen" is the command.
"strong" mean using high strength passwords
"64" in this case is the password lengh
 

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,173
I never understood which passwords needs to be shared over devices.
Bank data? For best security, only use it at home PC
non important forums? Just save the data in browser
other shopping data? Sync a second database with only needed passwords to that device e.g. use KeePass on Windows and KeePass DX (from F-Droid) on Android.

Why should i sync all my passwords (and other data) to other devices if they don't need all data? Only increase attack surface.
Also DuckDuckGo provide a password generator which can generate save random passwords too:

https://duckduckgo.com/?q=pwgen+strong+64&t=h_&ia=answer
"pwgen" is the command.
"strong" mean using high strength passwords
"64" in this case is the password lengh
i donot include bank account password in Truekey. it is just my mail and different forums/website accounts
 
F

ForgottenSeer 85179

i donot include bank account password in Truekey. it is just my mail
So you use Webmail instead of App? In App you only save the password once and 2FA isn't needed.

and different forums/website accounts
Then do that i recommend above for that ;)
Problem solved. No online password manager needed = your attack surface is reduced (y)
 

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
i am only using pay pal account with 20 characters passwords and 2FA is activated only that password is stored in my password manager

i'm talking about bank account not password strong or whatever well I'm not sure if your paypal account in the password manager could be leak ;/ if you have alot of money i would suggest to remove that account from password manager and 2FA is safe but maybe the hackers try attack who knows....
 
F

ForgottenSeer 85179

Sync is crucial nowadays.
Many of us have more then 1 device they use to access websites, apps etc.
Please read my post: Q&A - Help in choosing a password manager

Additional benefit is that you always have backup if you loose access to one of your devices.
Just backup your database ? No online sync needed for that

i'm talking about bank account not password strong or whatever well I'm not sure if your paypal account in the password manager could be leak ;/ if you have alot of money i would suggest to remove that account from password manager and 2FA is safe but maybe the hackers try attack who knows....
That's not how 2FA works ;)
But of course it's possible - with software token.
Not any more possible with hardware token / standards like U2F + FIDO2

Also it's fine to save passwords in a database if it's not somewhere in the Cloud. So you can use stronger passwords more than you can remember
 

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,250
yea i guess actually if i were DDE i would write it in the note and of course someone can remember bank account password (strong password) that will be in your brain as your memory is easy after learn the rest of others as forums, emails, etc in password manager, if i have many money i will be very worried..

I dont trust any password manager if i add bank account to...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top