Bitcoin Forum
October 17, 2019, 04:34:52 PM *
News: If you like a topic and you see an orange "bump" link, click it. More info.
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Do you use a Password Manager? Which one is better?  (Read 364 times)
bitmover
Hero Member
*****
Offline Offline

Activity: 630
Merit: 1066



View Profile
July 23, 2019, 01:03:34 AM
Last edit: July 23, 2019, 01:16:43 AM by bitmover
Merited by bones261 (2), OgNasty (1)
 #1

I never used password managers, but I am inclined to use now.

I was reading about them, and find nice reasons to use one.

- Creates good passwords very easily, just clicking a button. If you use the same password on many websites, one of them may be hacked or whatever and the attacks can use the passwords in other websites which you will probably have accounts too.
- Easier to use, just click a button and it is available, you don't have to type.
- stored encrypted in the manager's vault.


Then I was searching about which one to use. I would like a free version, what do you guys recommend?


-LastPass is the one most people talk about. However, I read somewhere it was already hacked in the past...?
-KeePass I read nice things about this one too.
-I read also that Firefox has a built in password manager that can be encrypted with a Master Password.

What do you guys think is better to use? It would be nice if I didn't need to download one more add-on (I try to be minimalist with apps/add-ons).

1571330092
Hero Member
*
Offline Offline

Posts: 1571330092

View Profile Personal Message (Offline)

Ignore
1571330092
Reply with quote  #2

1571330092
Report to moderator
PLAY NOW
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
bones261
Legendary
*
Offline Offline

Activity: 1694
Merit: 1706



View Profile
July 23, 2019, 01:18:00 AM
Merited by DdmrDdmr (1)
 #2

I personally use Keepass. I personally like their autotype feature to input your user name and password. It defeats keyloggers because it inputs random characters while typing in characters. Unfortunately, some web pages don't work with this feature, so you have to resort to using the copy/paste feature which is less secure. It also has a feature for additional security which requires a Key file. I haven't used it because the keyfile cannot be changed or moved from it's location on the computer. If it becomes corrupted, deleted or moved, you could get locked out of your data base.
hatshepsut93
Hero Member
*****
Online Online

Activity: 1302
Merit: 889


Bitcoin realist


View Profile
July 23, 2019, 01:28:28 AM
 #3

I wrote my own password manager in Javascript, it encrypts the password storage with AES-GCM, and uses PBKDF2 for key derivation. I posted it in /r/crypto for review and people said it's ok. Just yesterday I turned it into an Electron app so it can work with files more conveniently, previously it was browser-based and relied on LocalStorage.

I don't recommend to role your own password manager to anyone, just want to say that using one is so much better than no manager at all, or relying on the browser, and nowadays everyone should have a strong a truly random password, especially if they deal with something like crypto.


-I read also that Firefox has a built in password manager that can be encrypted with a Master Password.


I always used the browser feature to save passwords, but it lacks one important function from password manager programs - generation of random passwords. Now that I have a full password manager, I'm not worried that I'll have similar passwords on multiple sites, and other accounts will get pwned if some of the sites has a security breach.

TryNinja
Legendary
*
Offline Offline

Activity: 1162
Merit: 1559



View Profile
July 23, 2019, 01:48:29 AM
Merited by mjglqw (1), bitmover (1)
 #4

My favorite ones are Bitwarden and KeePass.

KeePass if you want to store your passwords locally in a file - no risk of getting hacked - or Bitwarden (over Lastpass) if you don't mind using a third-party server (passwords are encrypted anyway). Both are open source and you can actually self-host your own Bitwarden server, storing everything in one of your servers.

Also, while Bitwarden works perfectly in their free version (no major features missing), you can actually pay for the pro version which is cheaper than any other password manager and have things like 2FA OTP in your entries.

GreatArkansas
Hero Member
*****
Offline Offline

Activity: 644
Merit: 599


WOLF.BET - Provably Fair Dice Game


View Profile WWW
July 23, 2019, 02:03:06 AM
Merited by Pmalek (1)
 #5

You can also try to visit my thread before, I have included some good password managers there included KeePass and Password Safe.
I included some of the tutorials on how to use them and also advantages/disadvantages of using password managers or creating a strong/secure passwords.

[GUIDE] How to Create a Strong/Secure Password
Hello everyone, I found another alternative for KeePass Password manager.

Just a piece of advice, try to use open-sourced password managers, avoid those password managers that have a subscription, because for me, no need to pay just for password managers, but it's still your choice if you really need their special feature for the premium password managers.

.WOLF.BET.
▀  ▀▀▀▀▀▀
  ▀ ▀▀▀
 ▄ ▄▄▄   
  ▄ ▄▄▄
▄  ▄▄▄▄▄▄
        ▄▄▄▀▀▀▀▄▄▄
    ▄███▌        ▀▀▄
  ▄▀   ▐█████████▄  ▀▄
 ▄▀  ▄█████████████▄  █
 ▌  █████████████████  █
▐  ████████████████ ▄█
█  █████████████████████▌
▐  ██████████████████ ▀█▌
 ▌ ▐█████████████████▌ ▐▀
 █  ██████████████▀ ▄▀
  █   ███████████▀  ▄▀
   ▀▄▄██ ▀▀▀▀▀▀▀  ▄▄▀
     ▀██▄▄▄▄▄▄▄▄▀▀▀
▄███████████▄
███████    ████████████▄
███████    ███████   ▀██
██████████████████    ██
██    ██████████████████
██    ███████    ███████
█████████████    ███████
███████    █████████████
███████    ███████    ██
██████████████████   ▄██
██        ▀███████████▀
██
██
      ▄█▄         ▄█▄
 ▄██ ███ ███████ ███ ██▄
▐███▄ ▀ ▄███████▄ ▀ ▄███▌
▐█▌▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▐█▌
▐█▌   ▄▄▄▄▄▄▄▄        ▐█▌
▐█▌   ████████        ▐█▌
▐█▌       ███     ▄▄▀▀▀██▄
▐█▌      ███    ██▀      ▀█
▐█▌     ███    ███         █
▐█▌    ███     ███          █
 ██▄           ███▄         █
  ▀█████████████████▄     ▄█
                  ▀▀█████▀▀

████
██
██
██
██
██
██
██
██
██
██
████


.AFFILIATE PROGRAM.
   ...FREE FAUCET........
..CHAT RAIN.............
mjglqw
Hero Member
*****
Online Online

Activity: 1092
Merit: 870


https://coinsources.io/bitcoin


View Profile WWW
July 23, 2019, 03:34:04 AM
 #6

My favorite ones are Bitwarden and KeePass.

+1 to both.

Which on of the two? You gotta decide yourself. KeePass can be more secure because your password database will only be stored on your computer, but this sacrifices a bit of the user-friendliness. With Bitwarden, you either let them host your password database, or you host it yourself on your own server. Hence you can more easily access your Bitwarden pwd database on multiple devices; and not to mention that Bitwarden has their own browser extension that has the auto-fill feature so you wouldn't need to manually copy paste every password.

I personally think Bitwarden is the perfect balance between security and usability, but it's up to you.

P.S. Both are open-source. Which is a huge plus in my book.

Winscosinally
Member
**
Offline Offline

Activity: 112
Merit: 10

send and receive money instantly, with no hidden c


View Profile
July 23, 2019, 04:46:52 AM
 #7

Not all webpages will recognise password managers that's why I don't use them

TryNinja
Legendary
*
Offline Offline

Activity: 1162
Merit: 1559



View Profile
July 23, 2019, 06:02:40 AM
 #8

Not all webpages will recognise password managers that's why I don't use them
You can easily click on the password manager icon and copy the username, paste it, copy the password, paste it. It takes literally 5 seconds.

Pffrt
Member
**
Offline Offline

Activity: 756
Merit: 66

HiveNet - Distributed Cloud Computing


View Profile
July 23, 2019, 06:25:27 AM
 #9

Not all webpages will recognise password managers that's why I don't use them
You can easily click on the password manager icon and copy the username, paste it, copy the password, paste it. It takes literally 5 seconds.
What if my device get hacked? Is it possible for the hacker to get my password from a password manager by having control of my device? I never felt the necessity of using a password becauss I am using only limited sites.

TryNinja
Legendary
*
Offline Offline

Activity: 1162
Merit: 1559



View Profile
July 23, 2019, 06:29:27 AM
 #10

What if my device get hacked? Is it possible for the hacker to get my password from a password manager by having control of my device? I never felt the necessity of using a password becauss I am using only limited sites.
If you get hacked, he’ll see everything you type. What difference will make if you’re using a password manager or not? Password managers aren’t fool proof.

Kakmakr
Legendary
*
Offline Offline

Activity: 1806
Merit: 1374

★ ChipMixer | Bitcoin mixing service ★


View Profile
July 23, 2019, 06:37:09 AM
Merited by Pmalek (1)
 #11

Password Managers are mostly used by lazy people. Why do you need a third party service to generate and store passwords for some of your most sensitive information? Do you have a 100% guarantee that those services are 100% secure? How will you know if they are not simply gathering data for some government agency?

Yes, the data is encrypted, but governments have access to very powerful equipment to possibly decrypt some of the data stored on these sites or they partner with companies that has knowledge and resources to do this.  Roll Eyes

psycodad
Hero Member
*****
Online Online

Activity: 935
Merit: 537


精神分析的爸


View Profile WWW
July 23, 2019, 07:20:47 AM
 #12

I wonder why nobody mentionned Bruce Schneier's passwordsafe:

https://www.schneier.com/academic/passsafe/

https://pwsafe.org/

HTH

I will uphold the right to arm bears.
ONEnergy
Member
**
Offline Offline

Activity: 97
Merit: 13


View Profile
July 23, 2019, 08:42:35 AM
 #13

Is there any one with stored pass in a cloud? Is this safe after-all?

I use two computers and mobile. I need something that can be synced once store a password on one device to be available on another.

★ HELIOS PROTOCOL ★ ✅[DAG]✅[BLOCKCHAIN]✅[PoS]✅[Masternodes] ✈✈✈[weekly Airdrop][join our discord to qualify]✈✈✈
  ▂▃▅▆█ Website  |  Github  |  Bitcointalk  | Bounties  | Discord  |  telegram █▆▅▃▂
bob123
Legendary
*
Offline Offline

Activity: 1050
Merit: 1568



View Profile WWW
July 23, 2019, 09:03:43 AM
Merited by bitmover (1)
 #14

Is there any one with stored pass in a cloud? Is this safe after-all?

I use two computers and mobile. I need something that can be synced once store a password on one device to be available on another.

With proper encryption, it theoretically is relatively safe.

However, this is not recommended at all. You never know who will gain access to the encrypted file.
And if later a vulnerability is found, all of your passwords are at risk.


The most secure option probably would be to simply 'sync' the database files yourself (i.e. copy it to your other devices).


LastPass and KeePass are both considered good.
I am using (and would recommend) KeePass. LastPass is not open-source, while KeePass is.

I definitely wouldn't use some browser-in-built password manager.

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1792
Merit: 2053

Use SegWit and enjoy lower fees.


View Profile WWW
July 23, 2019, 09:14:37 AM
 #15

While most people recommend KeePass, i'd recommend KeePassXC which is fork of KeePass with better support for cross-platform usage.
If you use Linux or Mac OS, you definitely should choose KeePassXC over KeePass.

bob123
Legendary
*
Offline Offline

Activity: 1050
Merit: 1568



View Profile WWW
July 23, 2019, 09:26:35 AM
 #16

If you use Linux or Mac OS, you definitely should choose KeePassXC over KeePass.

Or KeePassX (linux)  Smiley

darkv0rt3x
Jr. Member
*
Offline Offline

Activity: 38
Merit: 10


View Profile
July 23, 2019, 09:29:19 AM
 #17

I'm using LastPass.

There are some drawbacks that I'm not sure if they are related with the add-on itself or with my web browser (Google Chrome in the past and Chromium now on Linux).

At the beginning LastPass was flawless and worked like a charm. Lately, many sites are not showing up the context menu at the side of the "username" and "password" fields that would allow us to click and fill the data into those fields.

I'm using different pseudo-random passwords with a specific minimum number of chars (of all types) when sites allow that minimum number of chars for every site. So, no repeated passwords. Master Password is not random, though (maybe I have a flaw here). Anyways, I save an exported backup of all my passwords in LastPass in an encrypted volume but with a few twists to try to increase security. I save the passwords in a plaintext file that I encrypt with GPG, then I copy that file into the encrypted volume and lastely, I encrypt the file that is the encrypted volume itself. So my passwords are on my laptop hard drive but triple encrypted. Hope this makes any smart ass, that attempts to steal my passwords, life harder...
mjglqw
Hero Member
*****
Online Online

Activity: 1092
Merit: 870


https://coinsources.io/bitcoin


View Profile WWW
July 23, 2019, 09:48:11 AM
 #18

Password Managers are mostly used by lazy people. Why do you need a third party service to generate and store passwords for some of your most sensitive information? Do you have a 100% guarantee that those services are 100% secure? How will you know if they are not simply gathering data for some government agency?

It completely depends with the password manager you're using though. Some password managers are open-source, which you could compile yourself. If security is your main concern, the best choice would probably be KeePass[1].


[1] https://keepass.info/

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1792
Merit: 2053

Use SegWit and enjoy lower fees.


View Profile WWW
July 23, 2019, 09:58:53 AM
Merited by bob123 (3)
 #19

If you use Linux or Mac OS, you definitely should choose KeePassXC over KeePass.

Or KeePassX (linux)  Smiley

The reason i recommend KeePassXC over KeePassX because :
1. KeePassX hasn't been updated since Sep 4, 2016 according to https://github.com/keepassx/keepassx/releases & https://www.keepassx.org/news
2. KeePassXC latest release is Jun 11, 2019 - 22:00 CEST according to https://keepassxc.org/blog/
3. KeePassXC have some difference, see https://superuser.com/a/879013

I'm sure you prefer not to use outdated software Smiley

Pmalek
Legendary
*
Offline Offline

Activity: 1092
Merit: 1158



View Profile
July 23, 2019, 10:11:58 AM
Merited by bones261 (2), Kakmakr (1), ETFbitcoin (1), DdmrDdmr (1)
 #20

I personally use Keepass. I personally like their autotype feature to input your user name and password. It defeats keyloggers because it inputs random characters while typing in characters.
I researched Keepass in connection to keyloggers and found a test performed by malwaretips.com in 2015. They suggest that Keepass users should switch to Secure Desktop and use two-channel auto-type obfuscation whenever possible.

Without Secure Desktop several keyloggers were able to capture whole or parts of the passwords.

More about that here:
https://malwaretips.com/threads/keepass-vs-keyloggers.45891/




████████████████████████████
████████▀▀ █▀ █▀ ▀██████████
█████████▄ ▄▄▄▄▄▄███████████
██████████▀     ▀  ▀████████
███████▀ ▀  ▄█▀▀▀█▀▀████████
██████▄      █▄  ▀▀  ▀██████
██████         ▄▄█▄ ▄ ▀█████
█████ ▄         ▀▀ ▄ ▀ █████
██████▌          █▀█▀ ▐█████
███████  ▄▌         ▄ ██████
████████▄█         ▄████████
█████████▀     ▄▄ ▄█████████
████████████████████████████
.JACKMATE'S...........
.
MAJESTIC..
████████████████████████
███████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
.
..WIN 1 BITCOIN ON EVERY PREMIER LEAGUE MATCHDAY..
████████████████████████████████
████████████▀█▀ ▀█▀█▀███████████
███████████▄ ▄▄▄▄▄▄▄████████████
███████████▀▀▄▄▄▄▄▄▄▄███████████
█████████▀▄ ██▀▄▄▄ ▀ ▄▀█████████
███████▀ ▀█████▄▄▄█▄▄▄██████████
███████▀▄████████▀  ▀█ █▐███████
███████ ▀█████████▄█▀▀██ ███████
████████ ███▀██████ ▄ ██ ███████
████████▌▐▀▄ ██████████ ▄███████
█████████▄██▌▐█████▀██ █████████
████████████▄▀▀▀▀▀▄ ▀▄██████████
████████████████████████████████
.
.JOIN US - IT'S FREE! .
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!