OP is a dumb cunt that finally decided to move on with security and start using a password manager. Pen and paper seems to be not enough anymore.
Google gives fuckton of options to pick from. For better or worse, Lastpass seems to be leading the race. What does Cred Forums think of this one? Good? Bad? Ugly?
What are Cred Forums's preferred alternatives?
Other urls found in this thread:
github.com
jamespic.github.io
youtube.com
spideroak.com
twitter.com
Keepass
Good commercial solution: 1Password
Good open source solution: keepass
I use 1Password, they are a mom and pop software shop that's been around since the old days of computing and its always been an excellent product with great support.
Keypass 2.19+Db Backup plugin
Why is no one on Cred Forums using their brain anymore? If you have over 30 passwords then you have a shitty password management system that no password stealing software will solve for you.
I use a veracrypted usb pen and a .txt file
...
Same as me, just keep it somewhere safe
KeePass + Dropbox here.
I know it's not secure against the NSA, but it's convenient and works on all my devices.
Obviously for more secure offline stuff you don't put that in the cloud.
Are you trying to say that everyone should re-use the same password over and over again? Are you retarded?
Use keepassX if you want real security
>keeping all your logins on the computer
Yeah cuz the next thing to be compromised after some site containing your details is your PC.
What would happen if your pc crashes ?
Might as well use pen + paper since your physical location isn't going to get broken into by random russian or chinese hacker
This is pretty good, doesn't work if you lose a password though:
I backup that drive. Well, most of it anyway, on a portable HDD
>LastPass leading the race
What kind of post-ironic counter-shilling is this?
If there's one thing that people seem to universally agree upon, it's that LastPass is a piece of shit that can be safely disregarded
Personally my recommendation is to use passwordstore.org. It uses only well-established and proven cryptography and strays away from home-grown crap like KeePassX etc. use. It's also forwards-compatible, works on any system with GnuPG, fully decentralized (thanks to git) and easy to integrate.
Not for everything, but a password can be shared across services/websites that you don't feel would compromise you or have financial danger.
Password hierarchy is good as long as you don't use the password for each level, so a password across several technology forums could be the same but the password for the email that they are registered to should be different as it will be on a higher hierarchical level.
>What would happen if your pc crashes ?
You turn it on again?
Live demo:
Run it wherever you like, locally on your work machine or wherever. Generates deterministic passwords for each site by hashing the details together with your master password.
>keepassX
>home grown crypto implementations
>many known issues in the past
>custom and non-portable database format
enjoy being cucked for the rest of your life I suppose
Just google "password manager". Several articles list it as "top tier shit".
I don't say it's true. Actually, I doubted it.
I wanted to validate what people actually use. That's why I asked Cred Forums.
That said, thank you for your input. As well as everyone else in this thread.
I bought 1 year of LastPass yesterday. Their android app is pretty comfy too. I changed every major service password I use into a 20 char string and enabled 2FA where I could.
I keep password on paper in a safe attaches to the ground.
It's a pain in the ass but it works.
I can't see how saving my passwords with some program is secure.
>Just google "password manager". Several articles list it as "top tier shit".
Oh, that makes sense. I don't generally browse the normienets or “articles”.
If you want a good recommendation, ask a security researcher, and not some random hobo with a blog “reviewing” android password apps.
sorry i'm not clever enough to memorize passwords like 6}T}t3caR*[2[x:oNshH for every site
lastpass fingerprint authentication on android is pretty sweet, though.
>Lastpass
another minion for the botnet
Passphrases are good enough and are easy to memorize. You're overcomplicating it.
Please read my reply here Would you care to provide actually useful input instead?
This. I have a shit password and a real password.
so do you remember every passphrase for every site or are you just a pleb that reuses his passwords?...
"ThisIsAnAlrightPasswordForFacebook.com#'
For example. Its not that hard...
>Because Yahoo got boned.
youtube.com
305 you're on the horn
KeePass, write the master password down and lock it away. KeeFox/chromeipass are kind of shit but work
so how do you remember the different formulas for the different sites? or do you just do "*sitename*"? because that's just as bad as having the same password everywhere...
It's likely you use the same algorithm then for every password and change only something related to the site being visited, e.g. the domain. I used to do the same thing before I wised up.
>try to use a password manager (keep ass)
>clunky as shit
>doesn't fucking work half the time
>lost all my passwords
Yeah, fuck that.
>lost all of my passwords
How even
You could change the adjective to start with the same letter as the domain, and add a number somewhere in it, and write both down if you really wanted.
Just gotta be creative with it.
Fuck if I know, keep ass is shit, I guess.
I Should point out im not saying this is better than a password manager, it totally isn't. I just cba with it. Ive had a formula like this for 14 years without one getting busted that i know of. And my passwords are all over the database leaks.
Lost your master password
>keep ass is shit
Stick to sticky notes on your monitor
>Hidden
I laughed a bit too hard at that
...
Explorer is configured to show hidden files, it's not to hide ot from whoever is in front of my PC as much as it it to make it les visible to other programs.
Didn't have a master password. Keep ass just completely lost everything on its own.
so, basically you tell someboy the username and site and it generates the password for you.
This is a new approach on how to fuck somebody up. I like it.
>normienets
spoken like a true faggot that has a facebook account and tries to "hack" some girl email account when they don't answer back to the endless pms
I see, it's just that if your formula is good enough that a semi-intelligent person won't figure it out from 2 passwords, but you have to write down the pseudorandom elements then I can't see how that's better than having a password manager. but hell if it works for you then who the fuck am I to judge
I don't understand this affection for LastPass. It has been shown to be pwned several times, including recently. LostPass phishing attack, and several others. Same goes for many of the other password managers like 1password and the like, which are proprietary as fuck.
Look, if you want a cloud-based password manager (and understand the pros and cons of using one) then I suggest Encryptr. Its part open source (ie built on open source crypton framework) and hosted by SpiderOak who make their business on security/privacy (as much as you can trust any American/5 eyes company isn't backdooring the thing). It uses a documented zero knowledge, end to end encryption scheme at least.
spideroak.com
Pretty much does what LastPass does, but more securely so far.
Now, if you're willing to take a bit more responsibility...
KeePass 2.x database style is probably rhe way to go. Keepass.info has more features than KeepassX.org , and a fuckload more plugins and whatnot. There are Android (and even iOS) apps that support the format, some of which are open source, like Keepass2Android.
Now the question many people have is where do I store my Keepass DB, sync it etc... well, you can pretty easily do so with any of the sync services (don't use Dropbox, which is a shitshow, even regarding other proprietary syncing services. Even Google Drive is probably more secure)., but you can also use Syncthing or Syncany for a full open source syncing setup. Want to host it yourself? Get yourself a NextCloud (ie updated, improved fork of OwnCloud by the original devs. Much like Libre Office) and host your DB there, accessible to all your devices.
I have never visited facebook even once in my entire life
>Look, if you want a cloud-based password manager (and understand the pros and cons of using one) then I suggest Encryptr.
Or you could just use password-store and use git for synchronization
Top fucking kek @ those keepass using autists on this board bashing Lastpass.
When the fuck was Lastpass "pwned"? Their servers got hacked once, so fucking what? Container files are encrypted anyway, so what good is it to you. Anyone who isn't a retard uses a strong password + 2FA anyway. You niggers storr your keepass files either on one of the cloud providers who legally steal your data or on your own servers which are easily hackable because you people don't know shit.
Second thing is, you have to install plugins programmed by shitty weebfag niggers just to use things like 2FA. In Order to use a browser extension with Keepass you have to have .NET or Mono installed HAHAHAHAHAHAHAHA.. I mean WHAT THE FUCK?
Lastpass saves you all that trouble while still being secure. Even if it had backdoors, which isn't the case.. top fucking kek because the NSA doesn't give a shit about your password on a weeaboo message board or your Bankaccount worth 5000$..
>When the fuck was Lastpass "pwned"?
It was trivial to read out passwords from any website by accessing the local RPC with client-side AJAX.
>Passphrases
You should look into dictionary attacks. Using actual words present in a language for passowrds is really unsafe nowadays.