How safe are Password Management Programs?

[Moebius327]

Wondering how safe are programs like:

- LastPass (https://lastpass.com/index.php?fromwebsite=1)
- KeePass (http://keepass.info)
- 1Password (https://agilebits.com/onepassword)
...
etc.

I mean they offer Form Fillers, Generation of Strong passwords and so on. Is the risk from key loggers lower/non existent?

Is the only security risk brute forcing password-archive encryption?

[escrow.ms]

Wondering how safe are programs like:

- LastPass (https://lastpass.com/index.php?fromwebsite=1)
- KeePass (http://keepass.info)
- 1Password (https://agilebits.com/onepassword)
...
etc.

I mean they offer Form Fillers, Generation of Strong passwords and so on. Is the risk from key loggers lower/not existent?

Is the only security risk brute forcing password-archive encryption?

They are safe than browser's inbuilt password storage,but not 100% secure, formgrabber still can steal password.

[Moebius327]

Wondering how safe are programs like:

- LastPass (https://lastpass.com/index.php?fromwebsite=1)
- KeePass (http://keepass.info)
- 1Password (https://agilebits.com/onepassword)
...
etc.

I mean they offer Form Fillers, Generation of Strong passwords and so on. Is the risk from key loggers lower/not existent?

Is the only security risk brute forcing password-archive encryption?

They are safe than browser's inbuilt password storage,but not 100% secure, formgrabber still can steal password.

What is more widely spread formgrabbing or keylogging?

[tutkarz]

good thing about these programs is that you can create really long and complicated passwords which makes brute force really hard or even impossible to do. not to mention keyloggers have harder time to gather data if you use special options these programs provide. you can store many passwords in one place and then print them all on paper easy.
of course i would use only open source versions

[pekv2]

Form grabber and keylogger is pointless when you have lastpass grid or google authentication enabled on your lastpass account.

Say like, even if your pw is snatched, and lastpass grid is enabled, there is no way for them to get into you LP account unless they print off your grid from your house or screen capture the grid the first time you use it. You can have grid to be used on "your" pc once or all the time "recommend once". You can set remember this computer etc.

By far this is one of the badass option lastpass has.

 https://helpdesk.lastpass.com/security-options/multifactor-authentication-options/grid-multifactor-authentication/

I highly recommend lastpass with a strong masterpassword.

Also, check out my stay safe link in my sig.

[prezbo]

Am I the only one who finds it interesting people trying to be security-conscious but trust a closed-source software of a for-profit company to keep all their passwords? I wouldn't even touch lastpass with a stick.

[r3wt]

well if passwords were your hands, it would be about as safe as sticking your hand into a running garbage disposal

[pekv2]

Am I the only one who finds it interesting people trying to be security-conscious but trust a closed-source software of a for-profit company to keep all their passwords? I wouldn't even touch lastpass with a stick.

The addon is open source .

https://en.wikipedia.org/wiki/LastPass_Password_Manager#Source_code

[grue]

keepass has "two channel obfuscation", which attempts to screw up keyloggers/clipboard monitors. however, with all password managers, a virus can (at the very least) hijack the subroutine that accepts the password at the target program. it's certainly safer than nothing, but it's not guaranteed security.