Password manager websites.

[KhunHeineken]

With so many internet accounts from everything from an email account to a bank account to a Thaivisa account, it's getting difficult to remember so many passwords.

I know it's not a good idea to have one password for all of my various accounts, so have been considering using one of the below websites as password manager.

https://lastpass.com/

https://www.dashlane.com/

Has anyone had any experience with either of these two websites, or any other similar websites, as I know there are quite a few?

I must admit, I don't exactly feel safe having one password that accesses everything. What makes these websites so much stronger than other websites which have been hacked recently, like Ebay?

I understand they put some software on your computer, but what if your computer is stolen, or you want access from a public computer, or a friend's computer?

Any explanations on how they work, thoughts, ideas, advice and suggestions will be appreciated.

Thanks.

KH

[RichCor]

I use LastPass to store all my critical/sensitive data and have it SYNC the encrypted database between my Cloud account, PC and Smartphone.

But I don't use it to automatically enter any of my credentials -- I still do that manually. I use an easily remembered algorithm to manually create a site-specific password that I can later recreate/recall in my head. (The only hard part is when the site has some strange requirement, then I'll have to refer to LastPass for the code).

Many of the 'wallet' style programs will display common templates that you fill in with information.

Most of these programs maintain a LOCAL encrypted database (opened with one password or passphrase that you created), but the encrypted database can safely be copied to other locations. It might be necessary to re-synchronize the databases when data is added or modified.

Many of the programs (or add-on extensions) to automatically fill in your credentials. I don't like using this feature so don't know too much about it.

Edited June 16, 2014 by RichCor

[Pib]

I must admit, I don't exactly feel safe having one password that accesses everything.

You still have individual passwords for all your different sites; it's just the Password Manager will remember/store/insert those passwords for you...and of course when you change a password on one of your individual sites like Ebay you will need to update that password in your Password Manager. A Password Manager will not enter/inject your password for an individual site until you open the Password Manager with it's password....some people call that the master password. Password Managers can be setup to where when you open the Password Manager with its password it will either enter/inject the sites password when open the site's logon page or it would require you to enter the Password Manager's password before it would inject the sites specific logon info (User ID and Password). Now all of your sites individuals passwords are encrypted on your local drive and/or the Password Manager cloud server....AES 128/256 bit encryption is used.

[Cloggie]

I use Keepass: http://keepass.info/

Store the database in a Dropbox folder and you will always have all your password with you. Works also on Android and Linux devices so from every device I can update my password(s)

Then I disable all password storage on browsers (Firefox / Google Chrome) and then use some plugins from Keepass to make my life easy like ChromeIpass for Google Chrome.

Use it for years and works very easy.

[NeverSure]

Right. I use LastPass and then I only have to remember it's master password. The passwords for sites, when first entered, are encrypted and sent to the cloud. Then when I go to that site again, LastPass does what I originally told it to do with that site. Options are never remember that site, remember but require the master password to log in, or automatically log in which I do when I don't need security such as on this site.

After installing LastPass, when you go to a site it doesn't know and enter your user/pass, LastPass will give you a pop-up asking you if you want it to remember the site. If you do, you have the options right there as to the security levels. Done.

Another cool thing is that if you install it on another computer, all you have to remember is LastPass's login, and it will begin to log you into your sites because it knows you and has your passwords in the cloud, encrypted. Your computer encrypts the user/pass for each site before they go to the cloud, and unencrypts them when you need them. Therefore the security is on your computer, needing your user/pass for LastPass to work.

[DogNo1]

I've used RoboForm for many years. For a yearly subscription fee, it keeps all of your passwords and identity information on its server and automatically synchs with all of your machines. You have an ID and password that you must use for the initial install on each machine and then you can password protect each password that you use so that even if someone stole your machine, they wouldn't be able to access your sites unless they knew the password with which you protected that site's password. There's a free trial that can be downloaded from roboform.com. The program is well-maintained with frequent updates. Check it out.

[JSixpack]

Right. I use LastPass and then I only have to remember it's master password. The passwords for sites, when first entered, are encrypted and sent to the cloud. Then when I go to that site again, LastPass does what I originally told it to do with that site. Options are never remember that site, remember but require the master password to log in, or automatically log in which I do when I don't need security such as on this site.

After installing LastPass, when you go to a site it doesn't know and enter your user/pass, LastPass will give you a pop-up asking you if you want it to remember the site. If you do, you have the options right there as to the security levels. Done.

Another cool thing is that if you install it on another computer, all you have to remember is LastPass's login, and it will begin to log you into your sites because it knows you and has your passwords in the cloud, encrypted. Your computer encrypts the user/pass for each site before they go to the cloud, and unencrypts them when you need them. Therefore the security is on your computer, needing your user/pass for LastPass to work.

Great form filler, too, and useful for remembering various bits of crucial info.

[KhunHeineken]

I must admit, I don't exactly feel safe having one password that accesses everything.

You still have individual passwords for all your different sites; it's just the Password Manager will remember/store/insert those passwords for you...and of course when you change a password on one of your individual sites like Ebay you will need to update that password in your Password Manager. A Password Manager will not enter/inject your password for an individual site until you open the Password Manager with it's password....some people call that the master password. Password Managers can be setup to where when you open the Password Manager with its password it will either enter/inject the sites password when open the site's logon page or it would require you to enter the Password Manager's password before it would inject the sites specific logon info (User ID and Password). Now all of your sites individuals passwords are encrypted on your local drive and/or the Password Manager cloud server....AES 128/256 bit encryption is used.

Thanks to those who have replied.

Pib, I understand your post.

Can I ask, when I enter the password manager website, how do I then get to the website of my choice, like Thaivisa or my bank?

Do I open another browser window, or is there a link stored in the password manager and you must enter through there?

I've watch a few You Tube tutorials, but it's still unclear to me and I still have a few questions.

Another one is, if all the passwords are stored in the password manager, if your password manager is hacked or breached, you are in a lot of trouble.

By using one of these sites, aren't you putting all your eggs in one basket, which is a little dangerous? What makes these sites safer than say, Ebay, which was recently hacked?

[wooloomooloo]

Can I ask, when I enter the password manager website, how do I then get to the website of my choice, like Thaivisa or my bank?

I can only allude to LastPass as that's all I've used.

After you have downloaded the password manager's software, it will effectively run in the background.

As per the below screenshot, you will note the small asterisk in the top left hand corner in red. I have logged in to LastPass when the icon is red. Otherwise it is grey when logged out.

You surf the internet as you usually do. No requirement to open the password manager website.

When you arrive at a site that you require to login, then the password manager will invariably form fill [but not all sites].

There's far more to it than that, but that is the basics.

[Pib]

I don't uses LastPass but another password manager, but in my password manager you are actually entering several bits of info for each site you want to log onto: the logon webpage, the User ID, and the Password. It basically a bookmark link within the password manager...click on it...it takes you to the logon webpage and injects your User ID/password. Before you know it you are logged on.

[Globalist]

Can recommend LastPass. It works on most popular browsers.