Sure. That's provided you don't restart the browser. What if on/off your PC in-between? Will BW still work without the need to key in the master password?
Password Manager Poll (2022)
- Thread starter Abu Hussam
- Start date
Sure. That's provided you don't restart the browser. What if on/off your PC in-between? Will BW still work without the need to key in the master password?
- Jul 21, 2017
- 358
You can customise the time-out period as you wish:- even set it to never timeout
- Oct 16, 2022
- 624
I was going to tell that to HarborFront, but since I'm on my way out and I was going to talk to him another day. So I didn't want to stretch the conversation. Almost every PMS has a way to set up a face, your fingerprint or a PIN, and some of the PMs integrate with Windows Hello in Windows 10/11. My master password is strong, long and even exaggerated, if I put it here most people wouldn't believe it, but I don't type it very often. For security reasons and to not forget I type it once in a while.
Do you know whether Sticky Password has this capability? Thanks
- May 10, 2019
- 2,289
I am very well-aware of LP incident, but I see no point in migrating to Bitwarden. Is it more secure? I do not think so. I believe it is as flawed as any other cloud password manager. The majority of people use Bitwarden because it is free. If it was not, the whole thing would be different.
One thing we can do is help and donate to Keepass so that it can make Android and iOS apps.
One thing we can do is help and donate to Keepass so that it can make Android and iOS apps.
- Jul 21, 2017
- 358
not sure about Sticky - I haven't used that one
- May 10, 2019
- 2,289
If I understand this correctly, yes SP has the option to set when it gets locked.
- Oct 16, 2022
- 624
Yes, Sticky Password has a way to set a PIN. You go to Settings->Security see the screenshot in the spoiler I made.
- Jul 8, 2012
- 895
I personally prefer to use Bitwarden, but I have KeepassXC installed as a backup.
I know many users here use Password Manger(s). Have you all read their privacy policy and what data are being collected and used?
I just read the Privacy Policy of Sticky Password and I find it reasonable
www.stickypassword.com
I just read the Privacy Policy of Sticky Password and I find it reasonable
Privacy Policy | Sticky Password
Privacy and personal data protection policy of Lamantine Software a. s. | Sticky Password
www.stickypassword.com
- May 10, 2019
- 2,289
The only problem with SP is that data is store on AWS.I know many users here use Password Manger(s). Have you all read their privacy policy and what data are being collected and used?
I just read the Privacy Policy of Sticky Password and I find it reasonable
Privacy Policy | Sticky Password
Privacy and personal data protection policy of Lamantine Software a. s. | Sticky Password
But those are secured AWS servers and so far there's no news of their servers being breached
Regardless, even if the servers are breached, Sticky Password utilizes Zero-Knowledge security, which throws the ball to the user to remember their Master Password. They won’t keep that password, and data from the vault cannot be read without that master password.
Hence, it’s practically impossible for data thieves to read your data, even if they manage to somehow breach Sticky Password’s considerably secure fortresses.
Sticky Password Review: 7 Pros and 5 Cons of Sticky Password
What makes Sticky Password so great? What about them makes people wax poetic about the software, why did Tom’s Guide, CNET and Techradar rate them so highly? To find out, we installed the password manager into all our machines and used it for a few days to get a feel of how the program really […]
www.bitcatcha.com
Quote
The storage space and back-end system reside on secure Amazon AWS services (Amazon S3 and Amazon EC2). All stored data is also backed up to the user’s local devices covered by the license.
Unquote
If you feel cloud is unsafe then can use local WiFi or manual for sync. I'm not sure whether it can backup to your favorite cloud and sync from there
The CONS I can find of Sticky Password are
1) Not FOSS
2) No security audit being done
3) No different vaults for different purpose
4) No recovery option if master password is lost
5) No custom field support
6) Need GA on mobile device to enable 2FA
My vote this time goes to Sticky password, at least it allows me to sync over Wi-Fi and network locations and also gives me the option to disable the sync if I want to. I have control over the password manager. I also use keepass which I load on my USB stick, memory card and my external hard drive. I wish a Happy New Year! to all MT members. May the year 2023, be more secure than 2022.
Sticky Password says Google Authenticator is needed on mobile device to enable 2FA. Can I use another one like Aegis Authenticator or andOTP? Just don't like anything from Google on my mobile.
Thanks
Last edited:
- May 10, 2019
- 2,289
I am in no place to judge if AWS is secure or not, but I have no control over it and yes if I need cloud sync, I prefer to sync to a cloud of my choosing.
Regarding Wifi/local sync in SP, good luck if you are using more than two devices. SP struggles in syncing data offline for more than 2 devices.
Yes I used it with Aegis and andOTP before it.
Anyway, if you enable 2FA in SP, you need to be conmected to the internet everytime you log in. Yoi cannot use SP offline if you have 2Fa enabled.
- Jul 21, 2017
- 358
for BW:
1) is open source: Open Source | Bitwarden
2) Multiple security audits have been done: see
Results of Bitwarden security audit published - gHacks Tech News
Bitwarden 2020 and 2021 Security Audits are Complete | Bitwarden Blog
We are pleased to announce that Bitwarden has completed a thorough security assessment and penetration test by auditing firm Insight Risk Consulting. Read our executive summary and download the full 2020 Assessment Report to learn more.
bitwarden.com
3) Multiple account logins available on mobile and desktop: Account Switching | Bitwarden Help Center
4) Personally I see that as a +ve as it reduces the chance of your account being compromised. You can set up a one time recovery code for your TOTP when you set it up:
Recovery Codes | Bitwarden Help Center
This article explains how to generate a recovery code to disable two-step login services if you lose access to your secondary device.
bitwarden.com
5) custom fields:
Custom Fields | Bitwarden Help Center
Custom fields in the Bitwarden password manager enable you to add unique data to a login for autofill. Learn how to create one with just a few clicks.
bitwarden.com
6) You don't have to use GA. I use Aegis and it works A-OK.
- May 10, 2019
- 2,289
1- I do not see this is a problem. Windows is not open source, security product are not, too.
2- As for security audits, they cost considerable amounts of money, so not all products can afford doing them. And as I said before, one should not blindly trust audits. Regarding SP security, Kaspersky and Eset have incorporated SP as their password manager before
3- I agree here. Multiple vaults are a plus.
4- Not a bad thing security wise. It is only one password that you have to remember. You can keep it on a piece of paper and store it somewhere.
5- This is one of the main reason why I stopped using SP. No matter how many time I suggested that feature to support, they had no intention of implementing it. I guess they have to rebuild their software from ground up to add it.
6- You can use any authenticator and not only GA. The problem is once you enable 2FA, you cannot access your passwords offline which is very, very inconvenient.
One should also consider how many trackers are in there. Why would a password manager, which stores your most valuable data, incorporate 7 trackers?
1Password and SP are two of the few password managers that have zero trackers. Anyway, you can easily block trackers using NextDNS.
You can always check how many and which trackers are implemented in any app using this website.
@Divine_Barakah @mkoundo
Regarding BW
1) How you view it's based in a 5-eyes country vs SP which is based in a non-5/9/14 eyes country
2) @Divine_Barakah
Your quotes
Regarding Wifi/local sync in SP, good luck if you are using more than two devices. SP struggles in syncing data offline for more than 2 devices.
In SP Anyway, if you enable 2FA in SP, you need to be connected to the internet every time you log in. Yoi cannot use SP offline if you have 2Fa enabled
Unquote
Will these happen in BW?
3) Does BW and SP has 2FA support on websites like Keeper?
4) Privacy Policy - BW vs SP. Which is better? I find SP reasonable and BW a bit excessive. What's your take?
www.stickypassword.com
A recent BW review
Thanks
FI, I'm using the video below as a rough guide in selecting a Password Manager
Regarding BW
1) How you view it's based in a 5-eyes country vs SP which is based in a non-5/9/14 eyes country
2) @Divine_Barakah
Your quotes
Regarding Wifi/local sync in SP, good luck if you are using more than two devices. SP struggles in syncing data offline for more than 2 devices.
In SP Anyway, if you enable 2FA in SP, you need to be connected to the internet every time you log in. Yoi cannot use SP offline if you have 2Fa enabled
Unquote
Will these happen in BW?
3) Does BW and SP has 2FA support on websites like Keeper?
4) Privacy Policy - BW vs SP. Which is better? I find SP reasonable and BW a bit excessive. What's your take?
Privacy Policy | Sticky Password
Privacy and personal data protection policy of Lamantine Software a. s. | Sticky Password
www.stickypassword.com
A recent BW review
Thanks
FI, I'm using the video below as a rough guide in selecting a Password Manager
Last edited:
- Jul 21, 2017
- 358
Your name/address are not required to open a free account with BW. Should you wish to hide your ip, you could use a vpn or even host your own BW vault. Personally I'm not bothered about ip collection. I'm more concerned for the security of my passwords.
tbh, if you were targeted by a 5-eyes country, I doubt there's very much you could do about it.
Last edited:
- Oct 16, 2022
- 624
Divine_Barakah already answered your question. Just confirming what Divine Barakah said. Yes, Sticky Password works with Aegis Authenticator, andOTP, Microsoft Authenticator, Google Authenticator, any authenticator application etc.
You are welcome, my friend! Enjoy!
Yes you can, 2FA is enabled on my account and I access my offline passwords normally without having to be connected to the internet.
- May 10, 2019
- 2,289
Are you talking about SP? It explicitly tells you that if you enable 2FA you need internet connection to access the vault. I do not have SP installed right now.Yes you can, 2FA is enabled on my account and I access my offline passwords normally without having to be connected to the internet.
- Oct 16, 2022
- 624
+1 The same here I also worry more about security which is the most important thing, and give up my privacy leaving it in the background.
Yes, I am talking about SP
Yes, they do say that. Only when you activate 2FA only for the first time, then you have offline access in your vault normally, no need to be connected to the internet.
Similar threads
