Password managers

[wooloomooloo]

I've searched the forum and found a few password manager threads but these are old now.

LastPass is obviously top-rated but I would prefer a one-off lifetime payment than continual subscription, though I do note a ten year subscription for $120.

Also required is multi-platform synch.

I'm am none too concerned with cloud storage and the potential for hacking. You pay your money and takes your choice.

This is something that I now need in my life.

[MJCM]

Keepass: http://keepass.info/

Addons: http://keepass.info/plugins.html

And best of all, it's free

edit: Added PS

Ps:

I can even use the Keepass Database on my iPhone with MiniKeepass

Link: https://itunes.apple.com/app/id451661808

Or for Android: https://play.google.com/store/apps/details?id=com.android.keepass

[thaimite]

Agreed

I use Keepass 2 with Linux and Windows and KeePsssDroid on my phone

sent from my Internet aware non fruity mobile device

[avander]

Have a look at mSecure too.

It has import and export capabilities. It also syncs to my Win 8 pc and my Android phone (wirelessly) and has good internal encryption. I also like the search facilities and category management and optional/additionalfields assignment too.

[keeniau96]

+1 for KeePassX

[MilesofSmiles]

+1 on lastpass.

I've been using it heavily for years, and can't imagine going back to life without it.

Version 3, released last week, which has some nice improvements.

It works on everything and has ubi key support.

Passwords stored online.

[Langsuan Man]

If you don't need it for mobile use, then Last Pass is what you need, and it is free. Other than having it available for multiple devices don't know what the difference, other than price, the paid subscription option gives you as far as functionality is concerned

Robo Form used to be great but they also went to the subscription model. The first year it was only $10 but now they want $30 per year, so I have opted for the Last Pass free option since I don't do anything sensitive on my Nexus 4 or 7 (BTW: Last Pass can copy your RoboForm information)

[longball53098]

I have been using Roboform Everywhere on 1 PC Win 7 and 3 Android devices. I paid $9.95 the first year and now $19.95 every year following. I don't know if this price scheme is still in effect for new users. I have used RF for at least 5 years and never tried another password manager so cannot compare. I use RF many, many times a day from the various devices and it works very well for me. Not just the password features but for form filling and other note keeping and identities.

Sounds like and ad for RF. But I have no affiliation what-so-ever. I just think this software is useful and works.

[wooloomooloo]

Many thanks for all your comments.

I took the plunge and subscribed to LastPass for two-years at USD 24 (GBP 15) and have to say that it works very well.

I have been unable to download to my iPhone so far as I am in LOS at the moment and waiting for my iPhone to be unlocked.

I do seem to have a problem with the autofill on Thai Visa though and have to prompt LastPass to action the autofill whereby it's automatic on all the other sites that I've added. Not sure why this is.

Also working my way through amending my passwords to 16 character auto-generated secure passwords with A-Z, a-z, 0-9 and special characters as standard and LastPass is reporting 100% strength on each one and found the percentage strength to be another useful tool.

Another useful security feature contained within the Vault is the setting 'Only allow login from selected countries'.

Overall - subscribing to a password manager has made me more security conscious and won't be looking back now.

[Langsuan Man]

If you don't need it for mobile use, then Last Pass is what you need, and it is free. Other than having it available for multiple devices don't know what the difference, other than price, the paid subscription option gives you as far as functionality is concerned

Robo Form used to be great but they also went to the subscription model. The first year it was only $10 but now they want $30 per year, so I have opted for the Last Pass free option since I don't do anything sensitive on my Nexus 4 or 7 (BTW: Last Pass can copy your RoboForm information)

longball53098 is correct. RoboForms went up to $19.95 after the first year not $30 as I stated in my post but is still a lot of money when they promised you lifetime use if you upgraded to Version 6+ only for force you into the subscription model

[THAIPHUKET]

How do you use LastPass on your android when you are on the road. I fail to understand what good it does to change the password AFTER, say 5 minutes rusage via a new hotspot. By that time any spy program will have harvested anything relevant on my mobile. The changed password will have no effect, too late. Right or Wrong?

In short , in practice, how do you use the one-time password? , auto-generated?

[wooloomooloo]

I downloaded LastPass last night through the hotel's WiFi to my iPhone and, again, appear to have no problems and will slowly work through my apps that require passwords. Though, already sorted out my Yahoo email and PayPal.

In short , in practice, how do you use the one-time password? , auto-generated?

There's no requirement to set auto-gen passwords as you are welcome to retain your original passwords if you so wish and these are default and LastPass will merely remember them for you and auto-login.

From my little experience it would appear easier to set auto-gen passwords through your PC which will be saved to your LastPass Vault.

[YeahSiam]

You guys using Lastpass should be careful.

http://news.cnet.com/8301-1009_3-20060004-83.html

Users who manage and store their passwords through password management service LastPass are being forced to change their master passwords after the site noticed an issue this week that raised the spectre of a possible security breach.

Some users got a big surprise.

[wooloomooloo]

Thanks, YeahSiam, but the article is well over two years old, or, was that the surprise?

[YeahSiam]

Thanks, YeahSiam, but the article is well over two years old, or, was that the surprise?

Yes it's a couple of years old but it raises a few questions about how secure these cloud password management services really are.

The surprise was for those Lastpass users who found their password vaults compromised if their master passwords weren't sufficient complex.

[MJCM]

Thanks, YeahSiam, but the article is well over two years old, or, was that the surprise?

Yes it's a couple of years old but it raises a few questions about how secure these cloud password management services really are.

The surprise was for those Lastpass users who found their password vaults compromised if their master passwords weren't sufficient complex.

It's like having the need for another password manager to manage the password of the other password manager

[wooloomooloo]

The surprise was for those Lastpass users who found their password vaults compromised if their master passwords weren't sufficient complex.

Nothing is watertight online and LastPass will admit that themselves and it goes without saying that your master password wants to be pretty robust as a hack could be pretty devastating.

I will say that I feel far more secure now with a subscription to LastPass than I did without. I've also set a tough master password.

[thaimite]

I prefer keepass cause I can store the database in a cloud server of my choosing

In addition I use a key file along with a strong password that is stored separately

sent from my Internet aware non fruity mobile device

[THAIPHUKET]

Can someone please explain how whatever PWmanager protects on the go?

1.I need new PW frequently in every new location.

2. supplied by PWmanger while in an internet cafe, i.e. it can be intercepted, my pc is an open book for the time I am online.

3. Next stop, same play

What am I getting wrong?

Here 3 apps from the NY Times http://www.evernote.com/shard/s99/sh/abfa6d7c-4ff2-4ef4-a279-3c9f673f72c5/820ca1518da97137acdde661a46ea59d

[Crushdepth]

Password Safe. Free and developed by a reputable cryptographer (Bruce Schneier).

[dharmabm]

Password Safe. Free and developed by a reputable cryptographer (Bruce Schneier).

that appears to be windows only though? not much help for mobile devices (and those who use REAL operating systems! )

[petedk]

This may be a little off topic but on the other hand some of you could use the information if you are still deciding which password manager to use.

Does anyone use Dash Lane?

I have been using it for sometime now without problems and recently decided to go for the paid version. A few days later Google changed their opening page for gmail (or Google accounts). I have three gmail accounts but my browser now remembers the last login. No matter which account I try to log in to I always get the saved version. I've tried adding all three accounts to my browser but Dash Line just can't handle this anymore.

Anyone else have this problem?

I know I can forward all emails to one account (and I do that) but I also want to keep them separate and access each account.

[2008bangkok]

For those using lastpass who want a bit of extra security use google authenticator, on top of ur master password u need to enter a app generated code before you can login, works well and means if someone some how found the master password they still couldn't login

[MJCM]

- Removed -

[wooloomooloo]

I have three gmail accounts but my browser now remembers the last login. No matter which account I try to log in to I always get the saved version. I've tried adding all three accounts to my browser but Dash Line just can't handle this anymore.

I have three PayPal accounts and when I login with LastPass the same will occur whereby my browser will remember the last login username and password.

With LastPass there will be a small icon with '3' to the right-hand side of the stored username. I simply click the number '3' which activates a dropdown with all three accounts and I can choose which account I require.

Is there a similar icon with Dashlane?

[Crushdepth]

Password Safe. Free and developed by a reputable cryptographer (Bruce Schneier).

that appears to be windows only though? not much help for mobile devices (and those who use REAL operating systems! )

Apparently there is a beta version for "Linux" but I don't know if its developed by the same people or a separate project.

[petedk]

I have three gmail accounts but my browser now remembers the last login. No matter which account I try to log in to I always get the saved version. I've tried adding all three accounts to my browser but Dash Line just can't handle this anymore.

I have three PayPal accounts and when I login with LastPass the same will occur whereby my browser will remember the last login username and password.

With LastPass there will be a small icon with '3' to the right-hand side of the stored username. I simply click the number '3' which activates a dropdown with all three accounts and I can choose which account I require.

Is there a similar icon with Dashlane?

Yes there is. In fact there are two icons: one for each login, but no matter which account I try to log in to, I get directed to last logged in.

[CaptHaddock]

Keeping one's passwords in the cloud in any form, including in encrypted software, is very foolish. Encryption is not a fool-proof safeguard. It only buys time. You will never know who may have access to your files in the cloud or what resources will be available to an attacker. You will never be able to assess that risk.

[Crushdepth]

Keeping one's passwords in the cloud in any form, including in encrypted software, is very foolish. Encryption is not a fool-proof safeguard. It only buys time. You will never know who may have access to your files in the cloud or what resources will be available to an attacker. You will never be able to assess that risk.

There is no evidence that mainstream encryption algorithms such as AES can be cracked (assuming the implementation is not broken). If you encrypt files locally before sending them to the cloud nobody can access them.

[THAIPHUKET]

@DISMEMBERED

That might address my concern, although one word of caution,= LastPass a few month ago had to notify subscribers that something was fishy and the password ought to be changed.Reportedly, No data were stolen. Furthermore, assuming LastPass uses AES , basically UN-corruptible, why do they suggest one-time passwords when switching .

But back to your thesis= how do you apply this in practice, encrypting before sending from my Android or PC . How does the receiver decipher the message?