sonba (OP)
|
|
September 11, 2011, 07:28:03 PM |
|
Hi there,
taken into account that every other month one website where I have a (unique) password on is hacked, I find it difficult to generate enough new passwords that I can actually memorize (I start mixing them up). Can you recommend me a good (and safe!!!) windows-compatible program to store my passwords locally on my computer? (Unfortunately, changing the OS is not an option for me at this moment of time).
Thanks in advance,
sonba
|
|
|
|
|
ovidiusoft
|
|
September 11, 2011, 07:34:08 PM |
|
KeePass - http://keepass.info/It's the best I could find. Very powerful encryption, versions for all desktop and mobile OS-es, and has a "autotype" function so you don't need to copy and paste your password, it will fill it directly to your browser (or any other app). Also has a very good password generator. I use it for some time now (2+ years) and I couldn't be happier.
|
|
|
|
Revalin
|
|
September 12, 2011, 12:52:03 AM |
|
|
War is God's way of teaching Americans geography. --Ambrose Bierce Bitcoin is the Devil's way of teaching geeks economics. --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
|
|
|
ctoon6
|
|
September 13, 2011, 02:53:49 AM |
|
whatever you do, dont store your passwords in an online database, to me this just defies all logic, an takes a hippo shit all over it.
|
|
|
|
ovidiusoft
|
|
September 13, 2011, 06:21:02 AM |
|
whatever you do, dont store your passwords in an online database, to me this just defies all logic, an takes a hippo shit all over it.
...but because I can already hear the voices shouting "But I want my passwords synced across devices! Pronto!", the good enough solution is to place the password database in Dropbox so it's automagically synced. The better solution would be Sparkleshare on your own server, when they'll have a stable client for all major platforms.
|
|
|
|
sonba (OP)
|
|
September 13, 2011, 06:32:15 AM |
|
Thanks for all the replies. Guess I gonna use KeePass - it got some good evaluations, as well. And no, I'm not gonna store them online. That's why I asked for a program running on my local machine Maybe I'm a bit paranoid there but it doesn't look to safe to me.
|
|
|
|
Gerken
|
|
September 13, 2011, 06:40:18 AM |
|
Keepass user as well here, it's nice to be able to keep track of usernames as well for sites I only visit a few times a year.
|
|
|
|
Jessica
|
|
September 14, 2011, 11:42:11 AM |
|
Keepass is great, you definitely should use it!
|
|
|
|
|
JBDive
|
|
September 14, 2011, 12:57:45 PM |
|
Roboform Portable is what I use however Keepass is nearly identical in function. What I don't like about Roboform is although the passwords are encrypted you can look into the file structure of the program enough to see that there are passwords stored for what sites as it uses the name you give it when storing the password as the file name:
F:\MyRoboForm Data -Default Profile -Blogs Bitcointalk.rfp
This in turn tells the attacker that first off you do have an account and at what site, something I may actually be trying to hide. It may be that I am actually trying to hide the fact that I have used say Facebook or a certain email provider as much as I am trying to hide the password itself. I also assume the attacker could concentrate his efforts on cracking that single file vs. the database as a whole. Granted I could type garbage for the name of the site, FGHE equals Facebook but then I have to keep track of that information as well.
Not sure how Keepass handles this.
|
|
|
|
ctoon6
|
|
September 14, 2011, 09:38:15 PM |
|
Roboform Portable is what I use however Keepass is nearly identical in function. What I don't like about Roboform is although the passwords are encrypted you can look into the file structure of the program enough to see that there are passwords stored for what sites as it uses the name you give it when storing the password as the file name:
F:\MyRoboForm Data -Default Profile -Blogs Bitcointalk.rfp
This in turn tells the attacker that first off you do have an account and at what site, something I may actually be trying to hide. It may be that I am actually trying to hide the fact that I have used say Facebook or a certain email provider as much as I am trying to hide the password itself. I also assume the attacker could concentrate his efforts on cracking that single file vs. the database as a whole. Granted I could type garbage for the name of the site, FGHE equals Facebook but then I have to keep track of that information as well.
Not sure how Keepass handles this.
keepass has all the passwords inside a single DB file.
|
|
|
|
Stalin-chan
|
|
September 14, 2011, 09:46:49 PM |
|
Use keypass. It's that simple.
|
|
|
|
TiagoTiago
|
|
September 14, 2011, 10:24:37 PM |
|
|
(I dont always get new reply notifications, pls send a pm when you think it has happened) Wanna gimme some BTC/BCH for any or no reason? 1FmvtS66LFh6ycrXDwKRQTexGJw4UWiqDX The more you believe in Bitcoin, and the more you show you do to other people, the faster the real value will soar!
|
|
|
JohnDoe
|
|
September 14, 2011, 10:44:24 PM |
|
What are Linux people using? KeePassX doesn't have browser integration as far as I can tell. I'm leaning towards LastPass for now. It doesn't seem more insecure than KeePass + Dropbox.
|
|
|
|
pekv2
|
|
September 14, 2011, 11:00:45 PM |
|
Lastpass is the best to use. If you ever format your pc, that is if you don't backup "firefox profile" "chrome" w/e browser you use, you sign into lastpass addon, all your passwords are there for you. Password database is encrypted on your pc before they get sent off to online through SSL. LastPass is an evolved Host Proof hosted solution, which avoids the stated weakness of vulnerability to XSS as long as you're using the add-on. LastPass strongly believes in using local encryption, and locally created one way salted hashes to provide you with the best of both worlds for your sensitive information: Complete security, while still providing online accessibility and syncing capabilities. We've accomplished this by using 256-bit AES implemented in C++ and JavaScript (for the website) and exclusively encrypting and decrypting on your local PC. No one at LastPass can ever access your sensitive data. We've taken every step we can think of to ensure your security and privacy. More reasons to use lastpassThere was one breech of lastpass, they patched it, but because everything that was encrypted, only most likely weak masterpassworded accounts might, might have been cracked but doubt it, so they suggested for all to just change the masterpassword for weak passworded accounts. Complete follow up found hereUnlike sony, they were breeched, everything was in plain text. Edit: Dropbox is not encrypted, I've heard waula is though. waula same as lastpass, encrypted on your pc before it leaves your pc.
|
|
|
|
ctoon6
|
|
September 15, 2011, 12:39:38 AM |
|
the files on dropbox are encrypted, however dropbox staff holds the keys. so if dropbox gets hacked, you should still be safe, however if a member of staff abuses their power, your screwed.
|
|
|
|
pekv2
|
|
September 15, 2011, 01:03:03 AM |
|
Ah, yea, thanks for correcting me. http://www.dropbox.com/help/27I just read their features vs waula. I would lean towards waula for storing password backups. Whether hiding something or not, I wouldn't trust dropbox with my password backups or anything else. Dropbox http://www.dropbox.com/help/27Dropbox employees are prohibited from viewing the content of files you store in your Dropbox account, and are only permitted to view file metadata (e.g., file names and locations).
Waula http://www.wuala.com/en/learn/technologyWuala protects your privacy: In stark contrast to most other online storage services, all your files get encrypted on your computer, so that no one - including the employees at Wuala and LaCie - can access your private files. Your password never leaves your computer.
|
|
|
|
ctoon6
|
|
September 15, 2011, 01:14:34 AM |
|
i would advise against having your passwords anywhere on the internet in any form, regardless of how secure you may think it is. all it takes is for someone to keylog you, or guess your password/recovery question or something. having the PW DB locally makes the task far more arduous if you are just key logged or something less serious. keepass can even launch programs with the password in a launch parameter, steam for example. cmd://"C:\Program Files (x86)\Steam\steam.exe" -login {USERNAME} {PASSWORD} minecraft.exe {USERNAME} {PASSWORD} if you want anymore things like that just post or pm or something. id be more than happy to help you secure your system, it bothers me to no end with people storing their information on the internet... that in your URL box will make it far more difficult to get your password remotely because they would not be specifically targeting that method of logging in.
|
|
|
|
JohnDoe
|
|
September 15, 2011, 03:12:38 AM |
|
i would advise against having your passwords anywhere on the internet in any form, regardless of how secure you may think it is. all it takes is for someone to keylog you, or guess your password/recovery question or something. having the PW DB locally makes the task far more arduous if you are just key logged or something less serious. keepass can even launch programs with the password in a launch parameter, steam for example.
LastPass has a screen keyboard and one time passwords to prevent keylogging.
|
|
|
|
|