Discuss Password Managers 2019

[upnorth]

I have 2FA even on my old throw away yahoo account. Someone finally tried to access it and I got an alert and denied it. Never seen it in action before other than authenticating a session I initiated, pretty useful.

Was it caught and shared in some hack, that you know of?

https://haveibeenpwned.com/

 

[blackice]

Was it caught and shared in some hack, that you know of?

https://haveibeenpwned.com/

Yes it’s been part of multiple hacks. It’s actually a straight authenticated account. They just put in my email and attempted to login. The Authenticator asked if it was me. I had changed the password multiple times since the hacks. Then they switched their Authenticator to being password free, which I forgot about. I regularly run my emails and my wife’s emails through haveibeenpwned. Thankfully we’ve had few to deal with.

 

[upnorth]

Great example that it actually is possible to protect oneself, even in a event of a hack. Thanks @blackice

 

[Threadripper]

If you're hacked you're done, they take all the passwords from your local machine when you decrypt them with your master password - not from the remote server. To mitigate this

1) never store your 2FA codes for your accounts on the same password manager you use for your passwords (I'd go as far as don't use the same machine, to maximally decouple the 2nd factor from your passwords)
2) take measures to secure the machine to avoid compromise
3) don't sweat over it, if they only have the passwords without the 2FA codes for your logins nothing can happen and if you use a good security product this should not happen in the first place.

You said if they are hacked which is why I was talking about password managers, you're talking about using your password manager on a compromised device - obviously that's going to be a problem.

 

[notabot]

You said if they are hacked which is why I was talking about password managers, you're talking about using your password manager on a compromised device - obviously that's going to be a problem.

If you keep 2nd factors on a separate device, ie use PC for passwords, mobile for 2FA -- even then I don't think it's a total disaster.

 

[LDogg]

brain.exe is too busy and uses more resources on businesses than remembering passwords for 300 websites...

That's if you're not visiting 300 websites that you need to login to

Plus my memories amazing.

~LDogg

 

[The Cog in the Machine]

Free version doesn't support cross device syncing.

Got the lifetime version for $14.99

I do not mind paying I actually prefer paying for something that crucial so that I know that the developers make money out of it so they doing their best. That's how business work. I already pay 60€ a year for 1Password family plan. I am just looking for a good alternative (paid) because I do not like how 1Password works with autofilling

Last pass is year ahead for auto filling but I am worried about their security....

You might give Dashlane a try.

For those who are not sure about the security of their passwords, you can use Sticky Password Portable and you can use the WIFI sync functionality. Unfrotunately, the development of Sticky Password is very slow; it does not receive updates regularly.

 

[Upendra19]

Free version doesn't support cross device syncing.

You can find premium licence in many giveaways so one can avail of all premium features.

 

[security123]

I wonder how you guys use your online password manager without internet?

Eg I store in KeePass my VeraCrypt passwords for external USB drives. So if I would disconnect from network, reset windows and then want access to my external USB backup drive I cannot because of missing password from cloud. With KeePass that isn't a problem.

Also I would say that a local database is more secure then a cloud one. Of course a compromised PC is bad. It's always bad.
But don't think that store such important data on cloud would help in that case

 

[Umbra]

My password is in my brain, I have an easy to use and very safe formula, so I use a password manager more because I'm lazy to type 20+ characters than forget them.

 

[blackice]

I wonder how you guys use your online password manager without internet?

Eg I store in KeePass my VeraCrypt passwords for external USB drives. So if I would disconnect from network, reset windows and then want access to my external USB backup drive I cannot because of missing password from cloud. With KeePass that isn't a problem.

Also I would say that a local database is more secure then a cloud one. Of course a compromised PC is bad. It's always bad.
But don't think that store such important data on cloud would help in that case

Without the internet I don’t need most of my passwords, the few I do I remember.

 

[Handsome Recluse]

I use password managers because typing on phones is unwieldy.