Bitcoin Forum

I have read a lot of hacking incidents I don't know each one story they all said it was hacked, but is it safe to use a password manager like Roboform, keypass and dashlane to manage all your online login details and how safe are these devices.

One master password for all of your passwords? Not a fan. Although, it can be convenient it doesn't mean its the best option. However, I believe password managers do have 2 factor as well like requiring a certain file to login. That could be something thats useful, and attackers wouldn't think of looking at. A popular choice seems to be Yubikey, and keepass together. I've used password managers in the past, but have moved on since to the old fashion way of remembering them, and recording them locally for complex passwords.

It really depends. Its as safe as the environment its kept in, and the strength of the password.

I use a variation of pelmanism to create unique passwords for every site. However I use auto-fill for some of the sites I visit regularly.

lastpass.com

You are probably aware of this but I'll say it for other people using the auto fill option. Auto fills can be tricked and potentially be phished for information by hidden form fields. If you login to this site for example then the auto fill will just put in your username and password right? Well if the site owner has a hidden text box for a credit card your auto fill may well input your credit card information into that box giving them this information.

Its something which has been a known issue with Chrome, Safari and lastpass. I would recommend against auto fill options whenever possible or be careful where you are using autofill and what information is stored in your password manager.

Even if you use a password manager, your accounts can still get hacked. It's not a guarantee that you are 100% safe.. Its just a step yo safety.
I think someone who would do a combination of all the security measures is better off
➖ Keep your computer or devices clean off malware and shady apps... Lately there have been incidents of crypto related apps that act as malware
➖ Bookmark all important links
➖ Install critical security add ons like cryptonite, ublock, netcraft to avoid getting phished whilst avoiding shady addons on your browser
➖ Use complex unpredictable passwords
➖ Use 2FA verification with every account you have especially with Authy or Google Authenticator
➖ Don't use the same password for all sites

Thanks for the warning.

I have a plastic card reader which creates a unique, short-life 6 digit code for each login, and this needs to be input for online account transactions. I'm not sure why more banks don't provide similar facilities

If we dont trust exchanges with our funds or wallets that we dont have the private keys for I dont see much sense to trust a third party with the passwords we use for those exchanges and sites that are important to us. Plus password managers are hack-able and pass stealers and keyloggers can be configured to search for the files that those password managers create to store the passwords in.
Not to mention leakages or if a bad actor decided to sell millions of passwords of their clients one day.  
 

Are you sure about this? From what I've seen, auto-fill only works on sites where I've entered that data before. That's why a phishing version of this forum (.to) asks me to enter my username, which is an instant red flag warning me I'm not on the real site.

yes I'm using lastpass and it's very convenient you should just take good care of your master password and you are good to go,it's very convenient the only way it could go compromise is if you have a malware in your computer so be sure you use a good anti virus

Nope. I don't like the idea of a third party program being in charge of all that stuff, even more so when you have to pay for it. I also don't fancy the idea of everything hanging on one password. I'll stick to 2FA and my own astonishing abilities to remember what's needed.

No, I don't want to trust my passwords to 3rd party service. Maybe it's convenient to use, but I manage my passwords in old fashioned way. I trying to use unique password for every website and it's really difficult to remember all these different passwords fir every website. Especially I'm struggling to remember passwords on websites which I use rarely. So, often I forced to click forgot password button.
I'm often using autofill for convenience. I know it's not adviced to do that. For example Firefox even warn not to use autofill on websites which don't have https. So, I'm trying not use autofill on websites like PayPal, crypto exchanges and others which are related to money.

Not a fan as well of those third party password apps. I'm still as old school as you can get, I even used excel spreadsheet before and we had a discussions about it many times already (not recommended). So I just try to write down all my unique password in my notebook, and when its time to log-in, just pull all the data and I'm off to go.

I do not use a password manager. Any password related program that I have used is only for protection from small children in my home or people who have access to my computer.

However, if you are going to use a password manager, I will suggest to got only for paid ones with solid reviews.

No need to go with paid password managers.

KeePass is completely free, open source and doesn't require any third-party cloud server/storage (and that's why it's the one I use it).

---

KeePass is the way.

So, if one has already done this auto fill how to undo this to forget auto fill? I am using Mozilla Firefox and avast browser. These browser offers auto fill. Is there any chance that it could be undo the auto fill?

This thinks me already that I have to undo the auto fill. How I wish I did not accept the auto fill option on mozilla firefox and avast browser.

I am using Roboform (https://www.roboform.com) password manager. It has full browser integration. Also support cloud save/load.
It's very hard to manage if you have hundred of usernames/passwords for your job like me.

I used Roboform a decade ago. I even bought a license key but they fucked their customers after requiring to buy another license since Firefox updated to another version (at this time it was not often to see a new browser release) Since I moved to LastPass, using it for years now and it's the most useful tool on the web. (not sure if it has 2FA)

I divide all my passwords into several groups.
The first is passwords of credit cards, Internet banks and other services related to finance. I encode these passwords and keep them as email draft in this form.
The second group is passwords from emails and hostings. These passwords are in my notebook. And finally, the third group is passwords from forums, social networks and other services. They're in open access right on the desktop. I know that no one but me will use them in my place.

For taking the best security for my assets and private keys I have been using LastPass for a long time. It is very secure and most reliable I think. But there are some investors do not like to use third-party software if it brings trouble which could be more costly. But So far I have not faced with any trouble yet.

Just after your comment, a request occurred on my mind for LastPass. I would like to try, but transferring the identities from roboform to LastPass, will probably kill me all the weekend. Thank you for suggestion.

I never did use a pass manager. Hence, I don't know how trustworthy those are. I have commented here only for sharing my tricks to generate password and possible way to be safe.
I use 4 mail account for all of my accounts. I only know the password of my mail. Those are written in paper though. On other platform, whereas I need to create a password, I create a totally random password like- 272@iSHdianAkal bla, bla, bla. Every passwords are different from one to other. Whenever I need to login, I just need to reset password. It's quite boring though, but it's okay for me because I don't sign up in a place where I barely visit. I only sign up on places where I always like to visit like bitcointalk. I think it's a good way to be secured.

No, I'm not using any of that. I just have a wallet that has good back up feature. The wallet I'm using has HODLER Secure Backup (HSB) which is an innovative feature developed by HODLER team. It will allow the user to create a backup of their seed alternative to the standard paper backup. This feature creates a PDF file containing a QR code of the seed. The PDF file is then packed as an encrypted archive. This has state of the art AES256 algorithm to encrypt the archive, and it can only be decrypted by using the password you typed while creating a wallet. This way I don't need any kindnof password manager.

Me either. 2FA is all good for now and already have it backup my keywords onto somewhere safe. Having a third-party app is like giving away your password to your fortunate. Even sometimes it's hard to remember some details so taking be more cautious and won't depend to an app is more fine at all.

Really, even on google I didn't let my password remember it.

Nowadays it is much needed to save our passwords so we can feel to use different types of password manager. So I have been using keey pass which is really trustable and fully free. I would also decide to use LastPass what I know about this passwords manager it is also a helful tool and makes secure from the various unknown web.

I've gone through several different options for managing the password. So far I've tried 1password, lastpass, keepass, enpass and bitwarden.

At the end I've gone with 1Password just due to to the ease of use as it supports organisations and password sharing. If I were just storing my own passwords I would probably go with Bitwarden.

Ease of use is a good point, if something is too complicated to use, it won't get used. Keepass was always a hassle with multiple devices and getting passwords synced between these.I've got 400 unique passwords currently stored, with every critical account protected with yubikey when available so in the case of someone getting to my password manager the critical accounts are still in the clear. If yubikey isnt available I've gone with TOTP based 2FA.

Also be smart with what to store in the password manager. For example, I haven't stored any credit cards. Also keeping your TOTP there kind of defeats the purpose of 2FA.

Yes, I am using a password manager but at storing the passwords in the simple text is not recommended at all. One should develop his own unique and difficult characters/digit/symbol pattern to encrypt passwords and then storing such passwords in the password managers so even in the case of compromisation of the server, we won't suffer much.

I use KeePass. It's open source and passwords are only stored locally (unless you store them yourself somewhere else..). Can't live without it anymore.

I just use offline encrypted text files for passwords.

I do not use anything like this. I do not Believe any password manager. if I talk about the last pass, this is the only store for password and email. My suggestion, create your own unique password, such us capital latter, small later, number, and symbol. remember one thing, Do not use the similar password to all accounts. Use different types of password for the different account. Hacker can not hack easily any account. I hope your account will be secure.

How do you expect people to remember all their passwords if they need a unique password with [capital letter, lower case, numbers, and symbols] for every account? That's when you need a password manager to store passwords that look like this: "!FO9;mvgyPv7m$OGPv, (my BTT password looks like this, and it was generated by KeePass - an open source and offline password manager).

You are right, it is not possible to remember many passwords. Generally, I have type in text my all password, and my all important text file I store in my laptop and my pen drive. and sometimes I write in my personal book. A little trouble, but Feel secure.

another vote for keepass

So far I have not used a password manager yet in fact, i do not feel to use any kind of password manager. Users who need to use a password manager then I would like to suggest them if they ready to pay RoboForm is the best for them. Otherwise, they can use a full free password manager KeePass.