Password Managers

Can anyone recommend me a good password manager? I’ve not got any problem keeping track of my passwords, it’s just I’ve had the same two or three passwords across dozens of platforms for several years and I probably need to start updating them all. So rather than do that, I’m looking at password managers.

Are they secure, i.e. better than normal passwords? How do they work if you have multiple computers plus an iPad? I don’t mind paying for one if the free versions aren’t very good.

I’d be grateful for any advice.

Share

28 thoughts on “Password Managers

  1. 3M make an excellent product that I have found invaluable down the years, for just such ocassions.

    I believe that it is called a “post-it” note.

  2. I use LastPass – it works seamlessly between my iphone, PC, and Mac. It is ok on my ipad. I use Chrome everywhere. It can generate passwords, etc, etc. I keep my credit card and debit cards and all that crap as secure notes.

    I believe is is $12/year or something like that. I’ve been using it for a decade.

    -XC

  3. There’s a nice fellow in Nigeria who handles my passwords for me. Apparently, his cousin is a former prince or something who’s still trying to smuggle his $millions out of the country.

  4. Another for LastPass. I use it across numerous PC’s (and mobile) and various browsers.

    I use the free version, since it’s sufficient for my needs; the Premium version is $24 per year.

  5. 1Password is excellent – I’ve used it for years. It syncs across multiple devices using Dropbox or iCloud (the latter only on the Mac / iOS), and it’s multi-platform (Mac, Windows, iOS, Android). Once you’ve entered all your passwords it will alert you to duplicates and to weak passwords.

    However I think it’s quite pricey now, and they are pushing a subscription model now which is $2.99 a month.

  6. Don’t worry too much, you don’t have enough bread to be targeted. Plus we know who you are.

  7. Don’t the password managers get their databases hacked every now and then?

  8. LassPass belongs to LogMeIn, who are a horrible company to have a business (or probably any kind of) relationship with.

    I would vote for 1Password, because I use it and several of the high-profile Internet security people seem to endorse it.

  9. “Are they secure, i.e. better than normal passwords? How do they work if you have multiple computers plus an iPad? I don’t mind paying for one if the free versions aren’t very good.”

    Not really. They’re a secure store for your passwords. But, using unique passwords is good – if someone hacks a database and maybe your password can easily be looked up on the rainbow tables (a lookup of hash to actual password), someone could use it on another system. If each password is different then you’re only compromised on the original system.

    The way they work is that the file is encrypted using a master password that you know. So to anyone without that, it’s unreadable. That’s how you can have it managed by a company on the cloud. Even they don’t see your passwords as it is encrypted by the client application (whether that’s a Windows PC browser plugin or something for iPad). All that gets sent up and down is the encrypted file.

    I can’t recommend mine as it doesn’t work on iPad, but I know people who use LastPass successfully.

  10. I use paired registration numbers of my vehicles and simply name them as a reminder. e.g. XBB497HVNL42J as a password and they are listed against the relevant website as Viva and Honda (the family Vauxhall Viva and the Honda motorcycle I owned years ago). Since then, the various registration numbers and vehicle types I have owned permit a good selection of such passwords.

    Sufficiently random and obscure enough to be unguessable. I write them down in a notebook I keep to hand. It is difficult to hack a notebook electronically, or so I believe.

  11. Make a single really strong password and commit to memory. Iterate one digit for each site Nd memotise the important ones. Keep the iterated digit only in a spreadsheet somewhere, ideally not on any kind of cloud service. If any one gets busted it should buy you enough time to change everything.

  12. LastPass free user here. The LogMeIn link is regrettable but there has been little sign of problems resulting from it yet, and the firm does seem to follow good security practice from what we can see. I would add that you should enable two factor authentication everywhere that supports it too. Authy is a decent app/browser extension to stop you having to have a million code generator apps on your phone.

  13. +1 for Lastpass – use two-factor authentication for extra security. The built-in password generator is very handy, so each site can have a separate one. I’ll be checking out 1Password after the other comments here though…

  14. About three-quarters of my sites require a password, but they have no need of security. I have the same password for all.

    For sites with money, I use a system like BiG describes. A longish password with a different code attached, which runs off the name of the site, but which I can figure out each time.

    I have my bank send a confirmation text for any transactions, because it is the only site where I could be seriously compromised.

  15. BiG has it right. One master password stub that is complex and decorate it.
    For email add an E on the front and an M on the end, facebook an F and a B and so on.

  16. Been using 1Password at home for years but use lastpass at work. Never had problems with 1Password but lastpass seems to have problems picking up and storing changed passwords so I have to update manually.

    It maybe that being a work environment the urls are very similar.

    1Password not only works on web sites on Mac windows and iOS devices but now allows apps on my iPhone to get the password. I don’t have the subscription model as I bought a lifetime licence before that started.

    I prefer 1Password

  17. Well, there’s this https://www.theregister.co.uk/2018/07/09/conran_amazon_password_notebooks.

    Ignoring that, out of all the UID/PWD combinations that I have, very few are actually important, and I can easily remember those, particularly given the trick up above – old car registration numbers, phone numbers and the like.

    Everything else (those passwords are generally very strong, if not actually insane anyway) gets reset if I actually need to use that account again.

  18. Thanks everyone!

    My current setup is I use a very strong password for almost all sites, otherwise I have no chance of remembering them. I keep them written down in a password-protected file, but I can’t access that every time I want to login to somewhere, and damn near everywhere wants a password and username these days.

    This system worked fine until there was a databreach in one of the sites I use, and now someone has my password. Obviously each site needs its own password to protect against this, but the only way I can feasibly manage this is with a password manager.

    Thanks again, folks: 1 password is looking good, I’ll check it out.

    Incidentally, someone posted this link on Twitter which is pretty handy.

  19. I use Lastpass happily over PCs, Android tablets, Android phone, iPhone and an iPad.
    A core password itemized with a prefix or suffix using the +1 rule (‘timmy’ becomes ‘yo,,u’ t+1 is the character to the right of t, or y).
    I am however considering using John Podesta’s system, (he was head of the Hilary Clinton campaign when the DNC server was hacked), and just using ‘password’. And they blame the Russians…

  20. Have a look at Dashlane.com.

    Handles passwords, logs you in automatically and lots more. I have been using it for over two years.

  21. I’m surprised no one suggested KeyPass or SplashID

    I’ve used SplashID for years, over many computers and devices. It’s always worked well.

  22. Oh bloody hell.

    Any password generation scheme you can keep in your head is one serious password crackers already know about and have incorporated into their tools. Bit-shifting, using old VIN numbers – anyone who actually wants your password will get those, trivially. Reducing the search space makes all the difference in the world, and the second you posted the scheme you use, every criminal org with a tech arm added it to their filters.

    Multi-factor auth and long strong unique pseudorandom passwords are your best bet until smartcards become ubiquitous.

Comments are closed.