Poll Password Manager Poll (2022)

Which Password manager do you use?(Poll)

  • KeePass

    Votes: 36 16.3%
  • NordPass

    Votes: 3 1.4%
  • Sticky password

    Votes: 9 4.1%
  • LastPass

    Votes: 15 6.8%
  • Bitwarden

    Votes: 112 50.7%
  • Dashlane

    Votes: 6 2.7%
  • Firefox

    Votes: 3 1.4%
  • 1Password

    Votes: 18 8.1%
  • Kaspersky Password Manager

    Votes: 8 3.6%
  • Roboform

    Votes: 11 5.0%

  • Total voters
    221

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
In bitwarden browser extension you can set it up so that you key in a short code, say a 4 digit pin on that particular browser to access the PW extension. It can be setup such that the PW manager remains open until you close the browser, so entering the master password repeatedly is unnecessary.


Sure. That's provided you don't restart the browser. What if on/off your PC in-between? Will BW still work without the need to key in the master password?
 
  • Like
Reactions: Nevi and piquiteco

mkoundo

Level 8
Verified
Well-known
Jul 21, 2017
358
You can customise the time-out period as you wish:- even set it to never timeout

Untitled.png
 

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
In bitwarden browser extension you can set it up so that you key in a short code, say a 4 digit pin on that particular browser to access the PW extension. It can be setup such that the PW manager remains open until you close the browser.
I was going to tell that to HarborFront, but since I'm on my way out and I was going to talk to him another day. So I didn't want to stretch the conversation. Almost every PMS has a way to set up a face, your fingerprint or a PIN, and some of the PMs integrate with Windows Hello in Windows 10/11. My master password is strong, long and even exaggerated, if I put it here most people wouldn't believe it, but I don't type it very often. For security reasons and to not forget I type it once in a while. (y)
 

Divine_Barakah

Level 33
Verified
Top Poster
Well-known
May 10, 2019
2,289
I am very well-aware of LP incident, but I see no point in migrating to Bitwarden. Is it more secure? I do not think so. I believe it is as flawed as any other cloud password manager. The majority of people use Bitwarden because it is free. If it was not, the whole thing would be different.

One thing we can do is help and donate to Keepass so that it can make Android and iOS apps.
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
I know many users here use Password Manger(s). Have you all read their privacy policy and what data are being collected and used?

I just read the Privacy Policy of Sticky Password and I find it reasonable

 

Divine_Barakah

Level 33
Verified
Top Poster
Well-known
May 10, 2019
2,289
I know many users here use Password Manger(s). Have you all read their privacy policy and what data are being collected and used?

I just read the Privacy Policy of Sticky Password and I find it reasonable

The only problem with SP is that data is store on AWS.
 
  • Like
Reactions: piquiteco

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
The only problem with SP is that data is store on AWS.

But those are secured AWS servers and so far there's no news of their servers being breached

Regardless, even if the servers are breached, Sticky Password utilizes Zero-Knowledge security, which throws the ball to the user to remember their Master Password. They won’t keep that password, and data from the vault cannot be read without that master password.

Hence, it’s practically impossible for data thieves to read your data, even if they manage to somehow breach Sticky Password’s considerably secure fortresses.



Quote

The storage space and back-end system reside on secure Amazon AWS services (Amazon S3 and Amazon EC2). All stored data is also backed up to the user’s local devices covered by the license.

Unquote

If you feel cloud is unsafe then can use local WiFi or manual for sync. I'm not sure whether it can backup to your favorite cloud and sync from there

The CONS I can find of Sticky Password are

1) Not FOSS
2) No security audit being done
3) No different vaults for different purpose
4) No recovery option if master password is lost
5) No custom field support
6) Need GA on mobile device to enable 2FA

My vote this time goes to Sticky password, at least it allows me to sync over Wi-Fi and network locations and also gives me the option to disable the sync if I want to. I have control over the password manager. I also use keepass which I load on my USB stick, memory card and my external hard drive. I wish a Happy New Year! to all MT members. May the year 2023, be more secure than 2022. ;)

Sticky Password says Google Authenticator is needed on mobile device to enable 2FA. Can I use another one like Aegis Authenticator or andOTP? Just don't like anything from Google on my mobile.

Thanks
 
Last edited:

Divine_Barakah

Level 33
Verified
Top Poster
Well-known
May 10, 2019
2,289
But those are secured AWS servers


Quote

The storage space and back-end system reside on secure Amazon AWS services (Amazon S3 and Amazon EC2). All stored data is also backed up to the user’s local devices covered by the license.

Unquote

If you feel cloud is unsafe then can use local WiFi or manual for sync. I'm not sure whether it can backup to your favorite cloud and sync from there
I am in no place to judge if AWS is secure or not, but I have no control over it and yes if I need cloud sync, I prefer to sync to a cloud of my choosing.

Regarding Wifi/local sync in SP, good luck if you are using more than two devices. SP struggles in syncing data offline for more than 2 devices.
Sticky Password says Google Authenticator is needed on mobile device to enable 2FA. Can I use another one like Aegis Authenticator or andOTP? Just don't like anything from Google on my mobile.

Thanks
Yes I used it with Aegis and andOTP before it.
Anyway, if you enable 2FA in SP, you need to be conmected to the internet everytime you log in. Yoi cannot use SP offline if you have 2Fa enabled.
 

mkoundo

Level 8
Verified
Well-known
Jul 21, 2017
358
The CONS I can find of Sticky Password are

1) Not FOSS
2) No security audit being done
3) No different vaults for different purpose
4) No recovery option if master password is lost
5) No custom field support
6) Need GA on mobile device to enable 2FA

for BW:

1) is open source: Open Source | Bitwarden

2) Multiple security audits have been done: see
Results of Bitwarden security audit published - gHacks Tech News

3) Multiple account logins available on mobile and desktop: Account Switching | Bitwarden Help Center

4) Personally I see that as a +ve as it reduces the chance of your account being compromised. You can set up a one time recovery code for your TOTP when you set it up:

5) custom fields:

6) You don't have to use GA. I use Aegis and it works A-OK.
 

Divine_Barakah

Level 33
Verified
Top Poster
Well-known
May 10, 2019
2,289
The CONS I can find of Sticky Password are

1) Not FOSS
2) No security audit being done
3) No different vaults for different purpose
4) No recovery option if master password is lost
5) No custom field support
6) Need GA on mobile device to enable 2FA
1- I do not see this is a problem. Windows is not open source, security product are not, too.

2- As for security audits, they cost considerable amounts of money, so not all products can afford doing them. And as I said before, one should not blindly trust audits. Regarding SP security, Kaspersky and Eset have incorporated SP as their password manager before

3- I agree here. Multiple vaults are a plus.

4- Not a bad thing security wise. It is only one password that you have to remember. You can keep it on a piece of paper and store it somewhere.

5- This is one of the main reason why I stopped using SP. No matter how many time I suggested that feature to support, they had no intention of implementing it. I guess they have to rebuild their software from ground up to add it.

6- You can use any authenticator and not only GA. The problem is once you enable 2FA, you cannot access your passwords offline which is very, very inconvenient.

One should also consider how many trackers are in there. Why would a password manager, which stores your most valuable data, incorporate 7 trackers?

1Password and SP are two of the few password managers that have zero trackers. Anyway, you can easily block trackers using NextDNS.

You can always check how many and which trackers are implemented in any app using this website.
 

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,158
@Divine_Barakah @mkoundo

Regarding BW

1) How you view it's based in a 5-eyes country vs SP which is based in a non-5/9/14 eyes country
2) @Divine_Barakah

Your quotes

Regarding Wifi/local sync in SP, good luck if you are using more than two devices. SP struggles in syncing data offline for more than 2 devices.

In SP Anyway, if you enable 2FA in SP, you need to be connected to the internet every time you log in. Yoi cannot use SP offline if you have 2Fa enabled

Unquote

Will these happen in BW?

3) Does BW and SP has 2FA support on websites like Keeper?

4) Privacy Policy - BW vs SP. Which is better? I find SP reasonable and BW a bit excessive. What's your take?



A recent BW review



Thanks

FI, I'm using the video below as a rough guide in selecting a Password Manager

 
Last edited:

mkoundo

Level 8
Verified
Well-known
Jul 21, 2017
358
Regarding BW

1) How you view it's based in a 5-eyes country vs SP which is based in a non-5/9/14 eyes country
Your name/address are not required to open a free account with BW. Should you wish to hide your ip, you could use a vpn or even host your own BW vault. Personally I'm not bothered about ip collection. I'm more concerned for the security of my passwords.

tbh, if you were targeted by a 5-eyes country, I doubt there's very much you could do about it.
 
Last edited:

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
Sticky Password says Google Authenticator is needed on mobile device to enable 2FA. Can I use another one like Aegis Authenticator or andOTP? Just don't like anything from Google on my mobile.
Divine_Barakah already answered your question. Just confirming what Divine Barakah said. Yes, Sticky Password works with Aegis Authenticator, andOTP, Microsoft Authenticator, Google Authenticator, any authenticator application etc. (y)

You are welcome, my friend! Enjoy! ;)

6- You can use any authenticator and not only GA. The problem is once you enable 2FA, you cannot access your passwords offline which is very, very inconvenient.
Yes you can, 2FA is enabled on my account and I access my offline passwords normally without having to be connected to the internet. (y)
 

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
Personally I'm not bothered about ip collection. I'm more concerned for the security of my passwords.
+1 The same here I also worry more about security which is the most important thing, and give up my privacy leaving it in the background.

Are you talking about SP?
Yes, I am talking about SP
It explicitly tells you that if you enable 2FA you need internet connection to access the vault. I do not have SP installed right now.
Yes, they do say that. Only when you activate 2FA only for the first time, then you have offline access in your vault normally, no need to be connected to the internet.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top