Poll Password Manager Poll (2022)

Which Password manager do you use?(Poll)

  • KeePass

    Votes: 36 16.3%
  • NordPass

    Votes: 3 1.4%
  • Sticky password

    Votes: 9 4.1%
  • LastPass

    Votes: 15 6.8%
  • Bitwarden

    Votes: 112 50.7%
  • Dashlane

    Votes: 6 2.7%
  • Firefox

    Votes: 3 1.4%
  • 1Password

    Votes: 18 8.1%
  • Kaspersky Password Manager

    Votes: 8 3.6%
  • Roboform

    Votes: 11 5.0%

  • Total voters
    221

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
My vote this time goes to Sticky password, at least it allows me to sync over Wi-Fi and network locations and also gives me the option to disable the sync if I want to. I have control over the password manager. I also use keepass which I load on my USB stick, memory card and my external hard drive. I wish a Happy New Year! to all MT members. May the year 2023, be more secure than 2022. ;)
 

R2D2

Level 6
Verified
Well-known
Aug 7, 2017
270
1Password is by default more secure, as you need a unique key, along with your username+password to access the vault.
Well, yes, arguably so because of the additional key authentication other than the master password and TOTP authentication.

But then Lastpass is/was secure too at least encryption wise till hackers got into their backend or storage systems and copied customer data which regrettably includes my data and that of my family members. Yes, we all use strong passwords and TOTP/2FA to secure our accounts other than location based access which is a moot point if hackers get into the storage, a potential smorgasbord of info related to LP users, instead of trying to hack my single run-of-the-mill low value family account via the UI or website.

TBH I am not more confident about 1PW or BW staff being more resistant to phishing or other attacks than Lastpass staffers. None of these companies have assured us they follow better or more stringent best practices than LP ever did that in turn will ensure, at least with a reasonable degree of confidence, that they are less prone to break-in than LP is/was.

At this point in time I am a bit concerned about my data on the net and actively looking at using PMs that offer local sync. The family and I would be a bit safer that way.
 

mlnevese

Level 28
Verified
Top Poster
Well-known
May 3, 2015
1,761
1Password is a disaster right now. The latest version barely works on Android, and even iOS users are jumping ship like nuts. Add to that their ridiculously high pricing structure, and there's simply no reason to use them anymore.
I use it on 4 different Android devices, 2 Android 11 and 2 Android 13. I have no problems in any of them. Also use it on 3 different Windows machines and 1 Linux Machine with no problems. On Android, make sure you gave it all the permissions it requires.
 

R2D2

Level 6
Verified
Well-known
Aug 7, 2017
270
I use 1PW a lot on both Android and iOS. It's not a disaster from the UI perspective, in fact I like it better than Dashlane and even BW. Quite polished if you ask me. 1PW is a little expensive, like Dashlane, but then we have less expensive choices like BW @ $10/year.
 

entropism

Level 4
Verified
Jul 30, 2019
184
I use it on 4 different Android devices, 2 Android 11 and 2 Android 13. I have no problems in any of them. Also use it on 3 different Windows machines and 1 Linux Machine with no problems. On Android, make sure you gave it all the permissions it requires.
You're in the minority then. People are fleeing 1Password like crazy, just read the reviews on their latest version of their software.
 

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
You're in the minority then. People are fleeing 1Password like crazy, just read the reviews on their latest version of their software.
A few power users seem to hate the new app. The internet is full of vocal minorities. Most of the people are leaving because of the desktop app (the mobile app did have a faceid issue one iOS that didn’t affect everyone: We never experienced issues), which few people use since the browser extensions work great. I wouldn’t say a majority is fleeing. It works fine for our family as well. So I would say with our small sample size on this thread the minority is the people fleeing.
 

Divine_Barakah

Level 33
Verified
Top Poster
Well-known
May 10, 2019
2,289
Enpass is great, I've never been happier post 1Password
I, too, ditched 1Password after they started using Electron.

Well, yes, arguably so because of the additional key authentication other than the master password and TOTP authentication.

But then Lastpass is/was secure too at least encryption wise till hackers got into their backend or storage systems and copied customer data which regrettably includes my data and that of my family members. Yes, we all use strong passwords and TOTP/2FA to secure our accounts other than location based access which is a moot point if hackers get into the storage, a potential smorgasbord of info related to LP users, instead of trying to hack my single run-of-the-mill low value family account via the UI or website.

TBH I am not more confident about 1PW or BW staff being more resistant to phishing or other attacks than Lastpass staffers. None of these companies have assured us they follow better or more stringent best practices than LP ever did that in turn will ensure, at least with a reasonable degree of confidence, that they are less prone to break-in than LP is/was.

At this point in time I am a bit concerned about my data on the net and actively looking at using PMs that offer local sync. The family and I would be a bit safer that way.
Well, I see no point in comparing LP, 1P and BW. The aforementioned three are cloud-based and prone to the same security issues. Offline password managers give peace of mind as the data never leaves your devices.

If you're looking at offline password managers, Sticky Password, Enpass and Keepass XC. Enpass has a family plan and I believe you could grab it for a discount now. It allows you to sync you data via WIFI or using one of a long list of cloud storage providers. It supports creating custom fields and you can attach documents.

1PW is a little expensive, like Dashlane,
Dashlane is way cheaper to be honest. There are millions of discount codes available. And they usually send customers %50 discount on email.

I was a fan of 1Password despite the fact it is very expensive. I was also using Dashlane, but when they dropped support for their desktop app, I had to leave. Dashlane transition to web-first experience and the reliance of 1P on Electron, caused a backlash. I will post some of the links about what's going on with the new electron-based 1P (the backend is using rust).

What's so wrong with Electron?
Goodbye 1Password
Electron? Really?
1Password 8 for Mac Regressions
 

Scirious

Level 2
Feb 22, 2022
91
I've been using Enpass for a while. Could grab a lifetime license for a discounted price. Offline sync works great. Both windows and android apps also work great. Sometimes I believe Enpass works better on android than 1Password, and I don'ty have to keep payng yearly.
 

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
Well, yes, arguably so because of the additional key authentication other than the master password and TOTP authentication.

But then Lastpass is/was secure too at least encryption wise till hackers got into their backend or storage systems and copied customer data which regrettably includes my data and that of my family members. Yes, we all use strong passwords and TOTP/2FA to secure our accounts other than location based access which is a moot point if hackers get into the storage, a potential smorgasbord of info related to LP users, instead of trying to hack my single run-of-the-mill low value family account via the UI or website.

TBH I am not more confident about 1PW or BW staff being more resistant to phishing or other attacks than Lastpass staffers. None of these companies have assured us they follow better or more stringent best practices than LP ever did that in turn will ensure, at least with a reasonable degree of confidence, that they are less prone to break-in than LP is/was.

At this point in time I am a bit concerned about my data on the net and actively looking at using PMs that offer local sync. The family and I would be a bit safer that way.
One other thing you can do, if you don't trust cloud based password manager or for other reasons, or because you are a little bitparanoid, you just store a part of your password in your password manager, not everything for example: let's say your password for your account is this
@wR69Y3&N$e6UY4
you save that password in your password manager and add + something for example:
<+A9*03=(5)
you memorize just this one
<+A9*03=(5)
and the other one which would be this
@wR69Y3&N$e6UY4
you leave it saved inside your password manager, if your password manager is compromised like what happened with Lastpass recently it will be useless to a hacker, with only the first password he won't be able to access any of your accounts, because it will be incomplete, the other part only you know. I had seen this somewhere I do not remember where, I do not remember type password + Salt something like that. ;)
 

R2D2

Level 6
Verified
Well-known
Aug 7, 2017
270
...if your password manager is compromised like what happened with Lastpass recently it will be useless to a hacker, with only the first password he won't be able to access any of your accounts, because it will be incomplete, the other part only you know.
Yes, I read that suggestion somewhere earlier this year possibly after the 1st LP breakin back in Aug. It is something I am actively considering but given the sheer number of site login entries in my PM (600+ at last count) this is gonna be heck of a tough exercise. :)

Problem is PMs have made it too easy for us users to generate and safely store complex passwords and forgetful ol' me is going ot have a bit of a tough time remembering prefixes or suffixes unless they are used everywhere which, when one thinks of it, is not such a bad idea at all. It still makes me a bit hacker proof than I was earlier.
 

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
Yes, I read that suggestion somewhere earlier this year possibly after the 1st LP breakin back in Aug. It is something I am actively considering but given the sheer number of site login entries in my PM (600+ at last count) this is gonna be heck of a tough exercise. :)

Problem is PMs have made it too easy for us users to generate and safely store complex passwords and forgetful ol' me is going ot have a bit of a tough time remembering prefixes or suffixes unless they are used everywhere which, when one thinks of it, is not such a bad idea at all. It still makes me a bit hacker proof than I was earlier.
Yes, this is true, it goes against the purpose of using a PM, PMS was created exactly for this, to store passwords, emails, secure notes, bookmarks, attachments, etc.. "Secure" and "Encrypted", and just memorize a password, which is a master, strong, long and unique password that is you know. But this may change in the future, maybe I am wrong, with company breaches coming up every day and computers are evolving, in the future this may change, putting AES 256 Bits Encryption in check as we know it today.

When you talk about +600 Accounts saved in a PM that is a lot, it would take you a long time to change and add a prefix or suffix to your passwords.

But, it seems to me when the person gave the idea about this, it was only the most important accounts, the most sensitive ones for example: bank applications, the email you use from your PM, personal or business emails and social networks, especially those involving family and professional side. It seems to me that the name the guy gave is "Blindspot" password manager something like that, if I remember and find it I will pass it on to you.
suffix is the same for all accounts for example: you have a facebook account and your password is this for example:
Ro@LgKG*EST85g5
and you have a google account that uses this password
x$8qm! u6PPg%TRf
the passwords are different you just add this <+A9*03=(5) in your passwords, I used this as an example, but you create it the way you want, it is just a demonstration and an example, you can use words, number, letters or way you think best. And now comes the problem, when the PM fills the password field, you let the PM fill it and then type the secret suffix, and if the PM asks you to update the password you ignore the password update, and leave only a part of the password saved in the PM
I have few accounts saved in my PM, not even half as many as you have, but if I were to start using a PM today from scratch, I would use this way prefixes or suffixes and not even worry if one day my safe would be stolen in the future. ;)
NOTE: I kindly ask that no one use any of the passwords I mentioned in this comment, it is only for didactic purposes. Thanks!(y)
 
  • Like
Reactions: R2D2

R2D2

Level 6
Verified
Well-known
Aug 7, 2017
270
The process of resetting passwords began a day after LP disclosed additional details of the breach rather late IMHO and during the holidays. Step 1 was to backup LP to a CSV and encrypting the file after which I began deleting my account(s) and that of my family members.

So, passwords for bank accounts, Google and some other critical accounts were the 1st to be changed and this exercise shall continue in the coming days/weeks. It's a painful and tedious exercise but there's no other option. And remember, changing passwords is the easier option. I was trying LP Authenticator that backs up to the cloud (oh, my bad!) and anybody using these 2 LP products should be prepared to reset passwords AND 2FA tokens. Well, at least one of them for sure.

TBH this double exercise feels like a ton of bricks on my shoulder right now but there's no option. #*#^* u LP thanks for letting us subscribers & users down. I am p1$$ed. :mad:
 
  • Like
Reactions: piquiteco

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top