Hugo z Hor

Level 1
More than 5 years Secure Password Manager from Securekit, but in the future will migrate to Keepass, because of password autofill hotkey conflict in Windows 10 (win + a). :D
 
  • Like
Reactions: Solarlynx

Dirk41

Level 17
Verified
I think it is like RoboForm Desktop version : you can choose the path, so you can save the database on an external devices (usb key, etc...)
Thank you for sharing :) I did not know about roboform, interesting
And what you do on mobile ? They are not encrypted there ?


And 2 questions for everyone :
Isn't suggested in general to use opensource app ? So that more experienced people can look for vulnerabilities ? So most of you trust LP?i used it but I am not sure if 2FA everywhere isn't already enough .

And why it is less safe to use app that sync ?
Isn't local storing dangerous as well? If a thief steals your PC / laptop/ etc , if the pw is encrypted ( we should specify what kind of encryption.. What encryption a does keepass, Roboform and true key use ? Even FF encrypt but I could not find what type ) , well in the meantime he tries to decrypt , you change them all... But if a malware steals your encrypted pw and you don't even know it ?
Even many ransomware are decrypted after some time .

Thank you for reading :)
 

DardiM

Level 26
Verified
Trusted
Malware Hunter
Thank you for sharing :) I did not know about roboform, interesting
And what you do on mobile ? They are not encrypted there ?


And 2 questions for everyone :
Isn't suggested in general to use opensource app ? So that more experienced people can look for vulnerabilities ? So most of you trust LP?i used it but I am not sure if 2FA everywhere isn't already enough .

And why it is less safe to use app that sync ?
Isn't local storing dangerous as well? If a thief steals your PC / laptop/ etc , if the pw is encrypted ( we should specify what kind of encryption.. What encryption a does keepass, Roboform and true key use ? Even FF encrypt but I could not find what type ) , well in the meantime he tries to decrypt , you change them all... But if a malware steals your encrypted pw and you don't even know it ?
Even many ransomware are decrypted after some time .

Thank you for reading :)
And what you do on mobile ? They are not encrypted there ?
I don't use any pw manager for other devices than my computer (and then I don't store any password on).

What encryption a does keepass, Roboform and true key use ?
All password-protected Passcards and Identities are stored in files that are encrypted by a Master Password using AES, BlowFish or 3DES.

RoboForm Frequently Asked Questions

Algorithm Key Length Block Size
AES 128-256 16
Blowfish 256 8
RC6 256 16
3-DES 64 8
1-DES 64 8

AES key length depends on Master Password key length:
* 128 bit for MP less than 32 chars,
* 192 bit for MP from 32 to 47 chars,
* 256 bit for MP 48 chars or longer.

Dual Master Password : allows you to give different levels of access to a passcard, depending on which variant of Master Password is entered. Dual Master Passwords consist of two parts separated by backslash "\".

* If only the first part of the password is entered (Example: employee enters "pass") then user can only log in with the passcard but not view or edit it.
* If both parts of the Master Password are entered (Example: supervisor enters "pass\word") then user gains unlimited access to the passcard which includes viewing and editing.
* Note that the "long" Master Password (both parts) should contain at least 6 characters.
 
  • Like
Reactions: frogboy and Dirk41

DardiM

Level 26
Verified
Trusted
Malware Hunter
It does sync . I never think about that because I never used it on any other untrusted devices

And even if @_CyberGhosT_ said that it does not worth to remember here why it is less safer to use pw manager that sync, it does worth for unexperienced members like me :p :p


So what are pw manager that does not use sync and use AES encryption ? Sticky, then? Roboform? Then ?

Thank you
About RoboForm, the only one I use :
You can use AES as default, and not activate the sync service.
 

DardiM

Level 26
Verified
Trusted
Malware Hunter
I am reading it is free: multiple device and aes too? Everything free ?
No, the free version is limited.
Free versions of RoboForm has certain limitations, the most significant of them is that you can have 10 Passcards or less in free version.
You can view, edit and delete all Passcards and identities even
after the trial period is over, only automated form filling and logins do not work".

"There are several versions : "RoboForm Desktop", "RoboForm Everywhere" and "RoboForm2Go"
If you use RoboForm only on one computer, get 1 RoboForm Desktop license, it is the cheapest solution. If there are 2 computers that belong to you and have one RoboForm User Data set, buy 1 RoboForm Everywhere license (covers future major updates) or 2 RoboForm Desktop licenses, you may also buy 1 RoboForm2Go license to use RoboForm2Go in Pro mode from the USB drive on both PCs.
2 Desktop licenses cost the same as 1 RoboForm2Go license but provide more flexibility, they have one time payment. RoboForm Everywhere is per person and is considered to be the most flexible, but it has annual fee.
If you have 3 or more computers, you can either buy a RoboForm Desktop license for each computer or one RoboForm2Go license to use RoboForm2Go from a USB drive on that computers (PCs only) or a RoboForm Everywhere license that covers all computers.
Note though that with RoboForm Desktop license all computers can have different sets of RoboForm Passcards but with RoboForm2Go or RoboForm Everywhere license you must have only one set of RoboForm Passcards that you must physically move between your computers using a removable disk or by synchronization with RoboForm Everywhere account online. Certainly you may purchase 2 RoboForm Everywhere licenses, one for each RoboForm Profile.
 
Last edited:

Dirk41

Level 17
Verified

thank you..it does not seem a simply cloud sync..maybe I need a degree to properly understand it..I will take some time to understand


meanwhile , in the past posts of this thread I discovered truekey True Key™ by Intel Security: Multi-Factor Password
I don't get if , when it says 15 pw, it means 15 accounts or 15 logins (I mean if I have 15 PCs and 1 google account, does it count for 1 or 15 ?? )
but it seems it autimatically syncs anyway In che modo posso eseguire la sincronizzazione tra tutti i miei dispositivi? (unfortunately it loads automatically an italian webpage to me..but maybe you can see it in english)

it says Cosa succede se i server True Key vengono attaccati da un hacker? that on truekey servers there are only encrypted pw and even if hackers get them, they can to nothing without masterpass


maybe I just fell in love with truekey..thank you @_CyberGhosT_


I just discovered that truekey is bundeld with adobe flash player (ita website)
 
Last edited:
  • Like
Reactions: DardiM