Advice Request What password manager to you use as of 2017 ?

  • Thread starter WolfensteinXeen
  • Start date

Please provide comments and solutions that are helpful to the author of this topic.

Status
Not open for further replies.
W

WolfensteinXeen

Thread author
So it's already July and why not take the time and talk about what password manager do we use as of 2017.

Are you using the native password manager of your browser ? And if you're using a third party one, is it open source such as KeePass or proprietary, stored locally or cloud based, used on your PC only or on all your devices ? And if happen to don't use any password manager at all, what's your trick to ensure your online safety ?

This is not a comparison or about what's THE best password manager, but about what's your favorite one and why you use it. And of course all related talks such as 2 step authentification, password strength, etc...
 
F

ForgottenSeer 58943

Thread author
I am very pleased with Sticky Password and RoboForm.

Sticky is good, lots of security settings/features. I've talked with their engineers a good deal about back end security such as brute force protection that aren't evident in the product by the settings. So far the only two I am inclined to use would be Sticky/Kaspersky or Bit Warden. I've spent so much time picking the brain of the OpenSource Bit Warden developer that I am pretty confident it's safe. But I can't commit to it until they offer secure-notes. (soon)

Roboform scares me.. I wouldn't use it after I saw a few years ago it stored sites in plain text. But then I read this;

How secure is #Roboform? The 5 minute challenge.

I agree about automatic changers - too much control for an app. Also, I extensively tested Dashlane last year and would not put my confidence in them. For one thing they monitor every single thing you do in the password manager and every interaction the manager has. You can sniff/monitor the traffic to see for yourself. With a single computer running Dashlane there were approximately 125 telemetry sends to logs.dashlane.com (based in Ireland at the time). No way to disable this, Dashlane claims they must have deep logging to 'ensure user satisfaction'.. YMMV I like Passwordboss, but since many AV's list it as malware and they use malware-like packers, I won't use it.

I've personally ruled out everything but Keepass, Sticky/Kaspersky, Bit Warden and possibly Commonkey. Commonkey is a relative newcomer from last year. I've spoken in depth (verbally) with the primary engineers on the project and it has given me confidence. (so far) Commonkey is free for up to 3 users. Our lab at work has been evaluating, testing and probing Commonkey for almost a year to determine if it is something we can offer our clients. No resolution yet on that but so far no issues have been found.

CommonKey

I'm sort of shocked so many use VA-based LastPass, especially with all of their 'issues' over the years.
 
Last edited by a moderator:
F

ForgottenSeer 58943

Thread author
As I said, I love Sticky. But hate the fact the database is stored in VA on AWS utilizing the AWS API. Ugh..

As I dig into Bit Warden I am liking it more and more. According to the developer the fact they are OpenSource protects them AND us because the code is there for the world to see. Second, today he said he 'might' be forced to comply with a NSL but that any data they could give out would largely be useless. The encrypted databases would be useless. Since no name/address/phone is required for signup that information isn't there to give. They'd actually have trouble identifying an individual from all of their accounts if anything more than an email address and IP is required.

Also, I am a bit shocked nobody is using 1Password.. A lot of savvy IT guys I know use that. It's expensive but seems reliable and full of security considerations. Of course, they use AWS..

My monthly password change day is coming up. Each time I do this I evaluate existing PW solutions but each time I end up staying with Sticky...:eek:
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Any password manager will do to make not only for security but also convenience on auto fill of credentials.

Of course Lastpass, Roboform, Sticky and others are already well reliable on different functionalities; although I've used Keepass since just wanted to explore the deep alternatives of password manager.
 

jetman

Level 10
Verified
Well-known
Jun 6, 2017
470
I'm interested in using a password manager from one of the larger providers like Kaspersky or Norton. The Norton one is actually free, and kaspersky's is not that expensive. Anyone know if these are any good ? I somehow feel I can trust those major security companies better than a smaller start-up, particularly in terms of updating software in light of new security vulnerabilities. Also- are passwords safe in the cloud ??
 
  • Like
Reactions: WolfensteinXeen

spaceoctopus

Level 16
Verified
Top Poster
Content Creator
Well-known
Jul 13, 2014
766
I'm interested in using a password manager from one of the larger providers like Kaspersky or Norton. The Norton one is actually free, and kaspersky's is not that expensive. Anyone know if these are any good ? I somehow feel I can trust those major security companies better than a smaller start-up, particularly in terms of updating software in light of new security vulnerabilities. Also- are passwords safe in the cloud ??
Sometimes the password manager that you get with security suites, are often from 3rd parties. For example Panda uses Password depot. I also noticed that ESET password manager has a striking ressemblence with Sticky password. Better buy or use a password manager as a standalone product,rather in a security suite, they are more stable and feature rich.:)
 
W

WolfensteinXeen

Thread author
I'm interested in using a password manager from one of the larger providers like Kaspersky or Norton. The Norton one is actually free, and kaspersky's is not that expensive. Anyone know if these are any good ? I somehow feel I can trust those major security companies better than a smaller start-up, particularly in terms of updating software in light of new security vulnerabilities. Also- are passwords safe in the cloud ??

Well Kaspersky's password manager is a branded version of Sticky Password so it will probably be good. As for Norton i heard it's decent too. The problem however is that if you rely on an AV company for your passwords, you will more likely feel "stuck" with them. If their product are becoming less good, you'll hesitate to change just because of the hassle of changing the password manager. That's why i would advise you too take a separate PM.
 
F

ForgottenSeer 58943

Thread author
Sometimes the password manager that you get with security suites, are often from 3rd parties. For example Panda uses Password depot. I also noticed that ESET password manager has a striking ressemblence with Sticky password. Better buy or use a password manager as a standalone product,rather in a security suite, they are more stable and feature rich.:)

Also sometimes the PW manager as part of a suite are discontinued. Norton has stopped providing a stand-alone version of their password manager. Trend Micro has stopped this and is in the process of taking their password manager to legacy.

ESET, Kaspersky both appear to license Sticky. Intel bought out Passwordbox then cancelled all of the lifetime licenses for that.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top